David London is a Managing Director at The Chertoff Group, where he helps companies address their most pressing cybersecurity risks.
David works with clients to strengthen cyber governance, apply threat-informed defense and prioritize security investments. He assists operational personnel and senior decision-makers to effectively mitigate and manage cyber threats. David also helps organizations address software supply chain risk exposure and associated regulatory expectations. He leads cybersecurity engagements in financial services, retail, energy, technology and other critical infrastructure sectors. Prior to joining The Chertoff Group, David spent nine years at Booz Allen Hamilton where he strengthened cyber resilience capabilities for the U.S. government and commercial clients. He led the design and development of some of the highest-profile cyber exercises in the world including the Department of Homeland Security’s Cyber Storm and NERC’s Grid Security Exercise. David has delivered dozens of cyber exercises and preparedness engagements over his career. In November 2022, David was appointed as a cybersecurity expert to the Advisory Board of NowNow, a digital banking platform founded in Nigeria.Engagement Highlights
- Designed and implemented a cybersecurity risk management taxonomy and program for a major financial institution in close coordination with the entity’s enterprise risk management
- Conducted application security lifecycle review for a major software provider, piloting NIST’s Secure Software Development Framework (SSDF) to assess software security practices and navigate national security risks and perceptions.
- Directed cybersecurity program resourcing and benchmarking assessment of one of the world’s largest online travel companies to baseline existing spend and optimize future security investments across portfolio companies.
- Led C-suite cyber exercises that stress-test enterprise response and resilience to a disruptive cyber event for major financial institutions, manufacturers, and other critical infrastructure.
- Conducted board briefing for Fortune 500 company to communicate cyber threat landscape, effective risk measurement and board-level oversight expectations
Expertise
- Cybersecurity Maturity, and Effectiveness Measurement and Reporting
- Threat-informed Defense Program Design and Implementation
- C-suite and Operational Cybersecurity Exercises and Training
- Cyber Governance, Resource Prioritization, and Risk Management Architecture
- Software Supply Chain Security, Transparency and Regulatory Alignment
Certifications
- Certified Information Systems Security Professional (CISSP)
- Project Management Professional (PMP)
Education
- M.B.A., George Washington University
- B.A., Emory University
Recent Publications
- U.S. Agencies Lean into Cybersecurity Enforcement, but Is It the Right Approach to Reduce Risk? HS Today, March 4, 2024
- “New Government Directives and Persistent Threats Reinforce Urgency of Securing Software”, October 25, 2022
- The Cyberwire Podcast, June 17, 2022
- “Software Lifecycle Security: Increased Scrutiny Offers Opportunity for Differentiation”, Chertoff Group Security Bulletin, July 2020
- “How Cyber Criminals Use Coronavirus Scams to Target Victims,” Security Management Magazine, June 1, 2020
- Boston University Law School Guest Lecturer, “Securing the Financial Sector Against Cyber Attacks” March 19, 2020
- More listed below
More Publications, Interviews and Panels
- “Lessons Learned from the Microsoft Outlook Breach,” Virtru Webinar, July 20, 2023
- “Closing the Security Gap in OT/IT convergence,” CSO Magazine, January 27, 2020
- “Cybersecurity Illusion—Enterprise Security Remains Reactive” Webinar Speaker, October 2019
- “Electric Grid Security Unites Public and Private Sectors,” GovTech, June 11, 2019
- “Four Ways to Protect your Device from Botnets,” The Parallax, October 26, 2018
- David has also been frequently interviewed and appeared on Chertoff Group podcasts
