Michael J. Schenck

Senior Cybersecurity Engineer

CBIZ Inc. (acquired Marcum LLP), Deerfield, IL

September 2022 –  June 2025

Duties and Accomplishments:

• Took ownership of projects to modernize all GRC processes with a new management platform and increase efficiency through automation, including overhauling the third-party risk management processes.

• Deployed a new XDR solution to over five thousand systems to replace expensive and outdated endpoint protection agents.

• Implemented and expanded 802.1x security protocols to include the wired connections.

• Took charge over the Vulnerability Management program to ensure patching is more complete.

• Participated in periodic policy reviews, helping refine through addition and subtraction of policy controls and reducing redundancies.

Management and Leadership

• Collaboration across different teams and interested parties on critical projects like replacing the antimalware solution, implementing Network Access Controls, and running Risk and Vulnerability Management review board meetings.

• After learning and implementing a solution, I provided documentation, and training for team members inside and outside of the Information Security teams.

• As an advisor to the business and the information security team, I am actively involved in vendor reviews beyond GRC concerns including assessing total value, total cost of ownership, and documenting the use case for the business – setting expectations for costs and benefits.

• Established and implemented Key Performance metrics, and Key reporting metrics, utilizing automation to make reporting easier and easily repeatable.

 
Senior Cybersecurity Consultant

Friedman-Cyzen (acquired by Marcum), New York City, New York

September 2020 – September 2022

Duties and Accomplishments:

• Complete overhaul of the Advisory and Compliance practice, introducing new tools and products to improve efficiency through automation.

• Expanded the Managed Security Services portfolio to include vCISO activities.

• Expanded the use of collaboration tools such as SharePoint, Teams, Planner, and OneNote

• Was a leader for small but growing teams of analysts, business development engagements, and ongoing client services. These services include security health assessments, security infrastructure assessments, full security risk assessments, Policy writing, vulnerability assessment and management, third party risk management, and acting as CISO for clients and reporting to their leadership boards.

• Cultivated client relationships to produce long-term recurring revenue and expanding services.

• Assist in providing content as a subject matter expert to media platforms, in webinars, and company blogs.

​​

Director of Security Services

Kaytuso, a division of Manhattan Tech Support (now HomefieldIT), New York City, New York

July 2018 – June 2020

Duties and Accomplishments:

• In the first 3 months, I developed and implemented a new security baseline based on NIST CSF and CIS-CSC-20 and met compliance requirements for PCI-DSS, HIPAA, and NYS-DFS, and completed two internal risk assessments.

• Engineered and oversaw cross-functional teams to manage implementation projects for enhanced security, including all on-premises and Cloud Services. Projects for both internal and for all clients. Impacted Cloud Services include Microsoft 365, Office 365, Azure, Active Directory, InTune, Cisco Meraki, Google Cloud Services, G-Suite, and Exchange Online.

• As a startup division, I created the full suite of solutions and packaged to be offered to clients, including Vendor Management reviews and selection of preferred vendor partnerships, focusing on NIST CSF, CIS-CSC 20, and GRC requirements based on HIPAA, PCI-DSS, NYS-DFS 500, GDPR, FINRA, CCPA, Sarbanes-Oxley, and GLBA.

• Managed a team with members from every department and division to deliver superior managed security services in collaboration with third party vendors, partnering with client executives and stakeholders to ensure everyone was working towards the same goals.

• Multiple articles, blogs, and white papers on current affairs and topics such as IoT, Ransomware, and the unique threats that MSP’s and MSSP’s face were published in reputable platforms. I also interviewed and quoted for a Vox Recode article on Ring Doorbell.

 

Sr. Cybersecurity Consultant

Agio, LLC, New York City, New York.

February 2020 – May 2020
Duties and Accomplishments

• While still in training and onboarding, I developed a new training video on the updated NIST guidance on Passwords, with a practical approach.

• I provided monthly or quarterly Global Threat briefings to client C-Level executives and stakeholders in the Private Equity space, especially on activities in response to COVID-19 and work-from-home requirements.

• Assisted in performing SEC/OCIE based risk assessments including simulated phishing, penetration testing, and dark web reports.

• Created and improved on routine reports by taking a manual process and automating it with VBA macros, saving 2 hours per client per month.

 

Sr. Systems and Security Administrator

Comtech PST, Melville, New York

March 2014 – June 2018

Duties and Accomplishments

• I volunteered and took charge of the projects both for the division and corporate-wide to meet or exceed compliance with NIST SP 800-171 as revised. This project included a full map and gap risk assessment, vendor selection and management for SIEM, Endpoint Encryption, and Multi-Factor Authentication, endpoint, and network threat hunting solution deployment, templating the written security policy, plans, and procedure, and configuring default domain policies.

• Collaboration with other corporate divisions and chosen vendors improved company internal collaboration and saved 1.5mm over 5 years plus hundreds of hours to fully comply with NIST SP 800-171.

• On Day 1, I was put in charge of a rollout of a Virtual Desktop Infrastructure (VDI), working alongside of the vendor to deploy the solution using Citrix, VMWare ESX, NetScaler, and Microsoft App-V

• Overhauled division network infrastructure, managing a competitive bid for wired network, wireless network, and storage network. This project ensured continued security and resolved concurrent and compounding problems that impacted on the performance of all employees.

• Managed and oversaw multiple endpoint and server operating systems upgrade and replacement projects, virtualizing over forty servers across two locations and saving thousands in hardware expenses. Also reduced annual operational expenses by reconfiguring the network so that both offices routed through the same security appliance stack.

• Received Multiple internal “You Make a Difference” commendations for going beyond expectations and a “Quality Improvement Award” for making suggestions on operation improvements which lead to action taken by the company.

 

Computer Systems Security Officer 3/Information Systems Security Manager  

Exelis Inc (Now L3/Harris., North Amityville, New York
August 2009 – February 2014

Duties and Accomplishments

• Implemented, Managed, and Maintained Approval to Operate accreditation for over one hundred classified computers across a dozen standalone networks, and received authorization to self-approve additional systems with the same specifications.

• Keynote Presenter for a local defense and aerospace industry group on cyber security matters, with an audience of technical and non-technical security officers.

• Wrote a script in Visual Basic to perform baseline configuration tasks addressing over 400 security controls as registry settings, reducing configuration time by over 12 hours, then further refined the script by migrating it into a VB.Net compiled program which completed all configurations in less the 15 minutes, saving over 16 hours per computer.

• Managed and directed an internal investigation of a major physical security breach that included my supervisor with daily reporting to the division security director. Also provided debrief special agents from the FBI, NCIS, Defense Security Service, and an undisclosed agency.

• I went back to college and finished my bachelor’s in business information systems, I also received my ISC2 Certified Information Systems Security Professional certification.

 

PC/Network Support Technician III/II

Northrop Grumman, Wright-Patterson Air Force Base, Ohio

April 2007 – June 2009

Duties and Accomplishments

• Developed and assisted in the implementation project to reimage and deploy over 8000 unclassified PCs for the 88th Air Base Wing and the Air Force Material Command Headquarters, directing peers and Air Force Non-Commissioned Officers to complete the initial six thousand new computers in 3 weeks.

• Utilized Windows Deployment Services to modernize the maintenance and deployment for the endpoint golden image, reducing the new system imaging to 30 minutes for fully patched system ready for use, saving 16 hours per batch. Subsequently, the commanding Lt General authorized the golden image for use base-wide for over 24,000 unclassified PCs.

• Maintained 98% client satisfaction and was a top three performer in tickets closed.

 

Facility Support Technician

New Horizons Computer Learning Centers, Fairborn, Ohio

October 2006 – April 2007

Duties and Accomplishments

• Create, maintain, and deploy classroom environments for the hundreds of classes offered by New Horizons.

• Maintain computer labs after hours in preparation for the next scheduled class.

 

Owner/Self Employment/Consultant

Sigma Energy IT Consulting/Michael J Schenck

September 1999 – Current

Duties and Accomplishments

• Provide enterprise level support to small businesses and home offices.

• Solution Engineering and system design tailored for the environment, automating routine tasks to minimize system down time.

• Provide evaluations of job requirements and estimation of cost during face-to-face client consultations.