John Mbuthia, M.Sc., CISSP
Verified Expert in Engineering
vCISO and IT Developer
John has 17+ years of experience managing all aspects of IT and cybersecurity for Fortune 500 organizations and small operations. His expertise includes risk mitigation through balanced processes and controls, BCM, GRC, IAM, security operations, third-party risk, social media brand protection, training and awareness, physical security controls, incident response table-top exercises, and vulnerability management. John has consistently created compliant environments safe from emerging threats.
The most amazing...
...processes I've been involved in are standing up cybersecurity functions from the ground up, developing strategies and roadmaps, and maturing them.
Chief Information Security Officer
- Established the cybersecurity function and staffed it from 3 to 17 employees.
- Implemented NIST as the risk and control framework, setting an industry-recognized reference for the cybersecurity program.
- Built a 24/7 all-year vSOC, ensuring efficient real-time identification of threats against the organization.
- Advanced threat mitigation by introducing technologies like CrowdStrike, AppGuard, and Nexthop for quicker threat handling.
- Modernized and improved the end-user awareness and education program and extended awareness sessions for executives, helping set the tone from the top and support the cybersecurity program.
- Incorporated physical security into the enterprise security portfolio and performed assessments to establish gaps.
Chief Technology Officer
- Built IT infrastructure for the new company in preparation for its divestiture from the US parent organization.
- Led and managed an infrastructure reengineering project to support a countrywide business transformation initiative consisting of 61 locations, 5.5 time zones, and 6,000+ employees, ensuring day-1 readiness of all systems.
- Managed the implementation of the SAP ERP system as a new global solution.
- Partnered with providers on a complete overhaul of communication infrastructure, ensuring 100% connectivity.
- Established a data center in Canada and an Office 365 environment, supporting new business operations.
- Created a new local IT organization and support structure consisting of ten associates and third-party providers.
Global Directior Information Security
The Coca-Cola Company
- Held full P&L responsibility for 20 direct reports and a security budget of over $5 million.
- Guided geographically diverse security teams locally and across 20 bottling operations in 19 countries.
- Partnered with local bottler leadership to establish a sustainable IT security program for operations and plants.
- Facilitated and oversaw security awareness training for all employees, contractors, and third parties, reducing the risk of phishing.
Cybersecurity Strategy for a Canadian Medium-sized Financial Institution
In this context, the leadership team has determined that an over-arching cybersecurity strategy is required, with digitization being at the forefront of the transformation and strict regulations such as Guidance B13 coming into play in 2024. The proposal will highlight the approach needed to implement this strategy.
Cybersecurity, IT Security, Security
Certified Information Systems Security Professional, CISSP, CISO, Information Security, AS400, SAP Identity Management (IDM), CrowdStrike, AppGuard, ZeroFox, Microsoft Defender, Business Continuity Planning (BCP), Fusion, vCISO, GRC
SAP GRC, SailPoint
Master's Degree in Information Security Management
University of Fairfax - Salem, VA, USA
Certified Information Systems Security Professional (CISSP)