Raymond M. Tefft
Ray joined GBQ in 2018 and provides security consulting services to assist clients in discovering, managing and preventing security vulnerabilities in organization systems and networks. He also manages the Cybersecurity and Forensics Services teams and leads the delivery of infrastructure and cloud assessments, Enterprise Risk Management (ERM), third-party risk management, digital footprint management, application testing, PEN testing, infrastructure and cloud architecture engineering, and incident and forensics response. Ray also serves clients as a virtual CIO and virtual CISO.
Before joining GBQ, Ray worked as the IT Manager of Operations and Security for a manufacturing company in New Albany, OH, where he managed the infrastructure, operations and security for corporate, R&D, and over seventeen plants globally. Ray led the creation of the cybersecurity practice that supported the global network and systems for the business.
While at GBQ, Ray has managed over 120 engagements consisting of technical, cloud, framework assessments, IT staff assessments, incident response, forensics, fractional CISO/CIO and risk management. Additionally, he has worked with NIST, CIS CSC, HIPAA, and ITIL V4 frameworks.
Notable accomplishments include:
- Rescued a nonprofit family health care provider in the Columbus, OH, area due to a security, infrastructure, and risk assessment engagement. Ray helped remove risk in their IT management, network, and systems infrastructure and provided them with a roadmap of improvements. The organization used the report from the engagement for a capital campaign to inject new life and raise money to complete the roadmap and digitally transform the nonprofit.
- Identified potential security and management risks within an international manufacturing company during an IT staff assessment. Working with their IT management on a three-month fractional CIO engagement resulted in a five-year roadmap, improved security practices, service desk KPIs, and strategic and tactical planning by IT management.
- Discovered key information that traced a ransomware attack to an incident that occurred three months prior due to a spear phishing attack. The Columbus, OH, manufacturing company resolved the cause of the initial breach and strengthened its systems and network security infrastructure due to Ray’s recommendations.
- Identified a man-in-the-middle compromise and its origination with limited data and information during a business email compromise forensics investigation. The California-based aviation company’s reputation was secured because the investigation revealed that a partner had a credential compromise that resulted in a man-in-the-middle attack from Singapore.
- Tasked with designing and managing the security risk for a cloud environment and web application during the pandemic. Ray collected information from the client, third-party web developers and MSP, and designed a secure Azure environment for the client’s web application. The design included secure intake of ePHI with MFA, separate environments for development, testing and production, and air gapping of systems to protect the movement of ePHI. The design and the environment were established in a two-week period.
- Performed an assessment of network and security infrastructure for a Columbus, OH, tire manufacturer. Upon completion, Ray continued to work with the client in a virtual CISO role to roadmap the future IT infrastructure, review ongoing remediation efforts and assist with hiring an IT director and service desk manager.
- Continuing work as a virtual CISO for a Kansas-based Managed Service Provider (MSP), providing guidance and working with executive management to determine acceptable levels of risk for the organization. Additional responsibilities include working directly with the business units to facilitate risk assessment and risk management processes, providing leadership to the organization’s information security infrastructure, partnering with business stakeholders across the organization to raise awareness of risk management concerns, assisting with the overall business technology planning, and providing a current knowledge and future vision of technology and systems for the organization.
- Operations Support Analyst
- Software Developer
- LAN Administrator
- Senior LAN Administrator
- Information Security Analyst
- Senior Systems Administrator
- IT Help Desk Supervisor
- Supervisor of Client Services
- Infrastructure Manager
- Security, Operations, and ERP Manager
- IT Manager Operations and Security
- Manager/Cybersecurity Analyst
- Devry University – B.S., Computer Information Systems
ITIL V4 Certification
- Columbus Cyber Security for Control Systems
- Information Systems Security Association (ISSA)
- Central Ohio ISSA
- (ISC)2 Central Ohio Chapter
- American Society for Industrial Security (ASIS) Columbus
- Ohio Web Application Security Project (OWASP) Foundation
- Forensic Toolkit (FTK)
- Vulnerability Management
- PCI Compliance
- Web Application Scanning
- Tenable Nessus
- Vulnerability Scanning
- IaaS Scanning
- SaaS Scanning
- PCI Scan
- Security Scorecard
- Ping Castle
- MS Dynamics
- Visual Studio
- Lotus Notes Programming