Raymond M. Tefft
Ray Tefft is a Security Analyst at GBQ, where he provides security consulting services to clients to help find, fix and prevent security vulnerabilities in organization systems and networks. Ray manages the Cybersecurity and Forensics practices teams, participating and leading the delivery of infrastructure and cloud assessments, enterprise risk management, third-party risk management, digital footprint management, left of the breach analysis, application testing, PEN testing, infrastructure and cloud architecture engineering, along with incident and forensics response. He also serves clients as a fractional CIO and CISO.
Prior to joining GBQ, Ray worked as the IT Manager of Operations and Security at Commercial Vehicle Group, Inc., where he managed the infrastructure, operations and security for corporate, R&D, and more than seventeen plants globally. Ray led the creation of the cybersecurity practice that supported the global network and systems for the business.
At GBQ, Ray has managed over sixty engagements consisting of technical, cloud and framework assessments, IT staff assessments, incident response, forensics, fractional CISO/CIO and risk management. He has worked with NIST, CIS 20, HIPAA, and ITIL V4 frameworks.
Raymond’s most notable accomplishments at GBQ include:
- Rescuing a nonprofit family healthcare provider in the Columbus, OH area due to a security, infrastructure and risk assessment engagement. He helped remove risk in their IT management, network, and systems infrastructure and provided them with a road map of improvements. The organization then used the report from the engagement for a capital campaign to inject new life and raise money for the organization so they could complete the road map and digitally transform the nonprofit.
- During an IT staff assessment, Ray identified potential security and management risks within an international manufacturing company. Working with their IT management on a three-month fractional CIO engagement resulted in a five-year road map, improved security practices, improved service desk KPIs, and enhanced strategic and tactical planning by IT management.
- During an incident response investigation for a local Columbus, OH manufacturing company, Ray identified vital information that traced the cyber attack to an incident that occurred three months prior due to a spear phishing attack that resulted in a ransomware attack. The company resolved the cause of the initial breach and strengthened the systems and network security infrastructure due to Ray’s recommendations.
- During a business email compromise forensics investigation for an aviation company in California, Ray identified a man-in-the-middle compromise and where it originated with limited data and information. The aviation company’s reputation was secured because the investigation revealed that one of their partners had a credential compromise which resulted in an email compromise that ultimately resulted in a man-in-the-middle attack from Singapore.
- During the COVID-19 pandemic, GBQ was tasked with designing and managing the security risk for a cloud environment and web application. Ray collected information from the client, third-party web developers and MSP, and designed a secure Azure environment for the client’s web application. The design included secure intake of ePHI with MFA, separate environments for (dev, test, and prod), and air gapping of systems to protect the movement of ePHI. The design and the environment were stood up in a two-week period.
- Forensic Toolkit (FTK)
- Vulnerability Management
- PCI Compliance
- Policy Compliance
- Web Application Scanning
- Vulnerability Scan
- Audit Cloud Scan
- PCI Scan
- Security Scorecard
- Ping Castle
- Devry University – B.S., Computer Information Systems
- Columbus Cyber Security for Control Systems
- Information Systems Security Association (ISSA)
- Central Ohio ISSA
- (ISC)2 Central Ohio Chapter
- ASIS Columbus
- OWASP Foundation