Patrick Bass
Fort Smith,AR
Reputation is what people THINK you will do. Character is what you will ACTUALLY do.
Patrick Bass
Summary
With over 28 years of leadership in cybersecurity, operational risk management, and corporate governance, I am a seasoned executive specializing in enterprise security, regulatory compliance, and high-impact strategic initiatives. My expertise spans cybersecurity, operational resilience, risk governance, and special projects, making me a trusted advisor to executive leadership and board members.
My ability to bridge cybersecurity, operational risk, and corporate governance with a strategic business mindset makes me an invaluable asset to any executive leadership team. I excel in aligning security and risk initiatives with business growth, regulatory requirements, and digital transformation strategies, ensuring organizations remain resilient, compliant, and ahead of emerging threats.
- CISSP, ISSAP, ISSMP, CISA, CGEIT, CEH, CHFI, and multiple industry-recognized certifications in risk, cybersecurity, and IT governance.
- Master’s in Information Security & Assurance, MBA in Management & Strategy, and Doctor of Business Administration (ABD Status).
Overview
28
28
years of professional experience
18
18
Certificates
2
2
Master's Degrees
Work History
VP, Security, Operational Risk/Governance
Company Confidential
05.2023 - Current
- Developed, implemented, and oversaw enterprise-wide comprehensive security strategy encompassing cybersecurity, data protection, physical security, and threat management.
- Led threat intelligence, incident response, vulnerability management, and risk mitigation strategies. Efforts resulted in lowering of liability insurance premiums, SOC2 attainment year over year.
- Ensured compliance with ISO27001, GDPR, SOC2,PCI DSS, and other regulatory and statutory security frameworks.
- Acted as the primary executive liaison with regulatory bodies, law enforcement, and government agencies on matters of cybersecurity, compliance, and incident reporting.
- Design and implement an Operational Risk Management (ORM) framework to identify, assess, and mitigate risks that impact the organization’s operations, reputation, and bottom line.
- Establish Key Risk Indicators (KRIs), Risk Control Self-Assessments (RCSAs), and business impact analyses (BIA) to ensure proactive risk management.
- Oversee enterprise risk assessments, scenario planning, and stress testing to evaluate the organization’s resilience to operational disruptions.
- Develop and execute business continuity (BCP) and disaster recovery (DR) plans to ensure uninterrupted operations during crises.
- Monitor regulatory, geopolitical, economic, and emerging risks that could impact business operations and provide strategic recommendations to mitigate potential threats.
- Establish, enforce, and enhance corporate governance policies and risk frameworks to align with industry best practices.
- Partner with legal, compliance, and finance teams to maintain transparency, board reporting, and regulatory filings.
- Serve as the executive risk liaison to senior management, the board of directors, and external stakeholders on governance, compliance, and risk strategy.
- Take on high-impact, highly specialized projects assigned by the CEO, COO, or Board of Directors that fall outside traditional responsibilities, leveraging a broad and unique skill set to execute mission-critical initiatives.
- Act as a high-level troubleshooter, solving organizational inefficiencies, process breakdowns, and operational challenges as requested by senior leadership.
Instructor
Western Governors University
02.2023 - Current
- Designed and delivered an advanced cyber defense curriculum, focusing on key areas such as network security, ethical hacking, and cryptography, achieving an average student satisfaction rating of 9/10.
- Mentored and supported over 400 students per cohort, leading to a 30% increase in engagement and certification success rates.
- Led a team to regularly update course content, ensuring alignment with the latest industry standards and best practices.
- Presented on emerging cyber threats at national conferences, contributing to the broader information security community and enhancing institutional reputation.
- Developed and implemented data-driven instructional strategies, improving course completion rates by 20% through targeted interventions and personalized support.
Principal Consultant
Conformance Cybersecurity
04.2014 - 10.2022
- Reduced vulnerabilities by 40% through effective mitigation strategies, significantly strengthening organizational resilience against cyber threats.
- Developed and managed a cyber education platform for 10,000 staff, enhancing security awareness across hundreds of organizations nationwide.
- Led over 200 penetration tests and vulnerability assessments, fortifying networks and payment systems against cyber threats.
- Authored and implemented 50+ security policies and procedures, ensuring compliance with industry standards and enhancing operational security.
- Directed 200+ forensic investigations and red/blue team operations, identifying and mitigating advanced cybersecurity threats.
- Implemented security architectures and incident response plans, achieving a 40% improvement in data security and reducing incident detection time by 30%.
- Conducted 200+ security audits (PCI DSS, HIPAA, NIST), ensuring compliance and reducing credit card security incidents by 25%.
Director of Security (CISO)
Vulcan, Inc
06.2014 - 12.2015
- Directed and executed information security operations across Paul Allen’s organization, Vulcan, Inc., delivering cybersecurity leadership across multiple ventures and fostering a unified strategic vision for the entire portfolio.
- Spearheaded the design and deployment of a comprehensive, enterprise-wide cybersecurity program, achieving a 99% success rate in safeguarding critical information assets and technologies.
- Developed and implemented an information security framework that led to a 30% reduction in security incidents and concerns, enhancing the organization's overall security posture.
- Established and monitored key performance indicators (KPIs) and success metrics to assess the effectiveness and efficiency of security controls, driving continuous improvement in the organization’s information security measures.
- Led the creation of robust cybersecurity programs, achieving a 30% decrease in security incidents within the first year, demonstrating the program’s immediate impact on risk mitigation.
- Implemented a comprehensive cybersecurity strategy that reduced the organization’s exposure to cyber threats by 40% in the first year, aligning with industry standards and regulatory compliance requirements.
Vice President of Security Solutions
Terra Verde Risk Services
02.2011 - 06.2014
- Fostered strong relationships with key stakeholders, including customers, vendors, and regulators, driving collaboration and long-term success.
- Led cross-functional teams to complete major projects, improving efficiency and boosting client satisfaction.
- Collaborated with senior leadership to develop strategic initiatives, driving long-term organizational growth.
- Streamlined processes, reducing incident response times by 30% and improving mean time to resolution (MTTR).
- Implemented advanced threat intelligence platforms and automated workflows, minimizing manual intervention in low-priority incidents.
- Drove 35% revenue growth by launching new managed security services for an expanded client base.
- Built and led a high-performing team, increasing employee satisfaction and engagement while enhancing SOC performance.
- Ensured compliance with industry standards (ISO 27001, NIST, GDPR), positioning the organization as a trusted partner in regulated industries.
Information Security Officer (CISO)
Element Payment Services
05.2008 - 02.2011
- Led the development and implementation of a comprehensive cybersecurity program, achieving a 40% reduction in cyber threats and a 25% improvement in incident response time.
- Directed a team of 15 to implement advanced security measures, reducing cybersecurity incidents by 25% and safeguarding critical company assets.
- Established key performance indicators (KPIs) and metrics, boosting threat detection efficiency by 30% within the first year.
- Aligned security programs with PCI-DSS and other compliance mandates, improving overall system security posture by 20%.
- Enforced proactive security measures, driving a significant decrease in incidents and enhancing organizational resilience.
Cybersecurity Engagement Manager
British Telecom INS
08.2004 - 05.2008
- Managed client expectations and resolved conflicts proactively, maintaining high customer satisfaction throughout engagements.
- Identified and mitigated risks early, preventing potential issues from impacting project outcomes.
- Built strong relationships with key stakeholders, fostering long-term partnerships and driving revenue growth.
- Collaborated with clients to understand their needs, delivering tailored, proactive solutions to exceed expectations.
Technical Manager
IBM
10.1999 - 08.2004
- Managed over 50,000 devices across four secure, globally distributed data centers, ensuring 99.9% uptime for mission-critical systems.
- Led a team of 15 network engineers and system administrators, improving team efficiency and reducing incident resolution times by 30% through mentorship and a culture of continuous improvement.
- Implemented advanced Tivoli solutions, automating routine tasks and reducing manual workload by 20%, while improving system response times by 15%.
- Designed scalable infrastructure strategies, enabling a 25% increase in managed devices without compromising performance, supporting rapid growth.
- Established robust risk management protocols and ensured compliance with industry standards, maintaining a strong security posture and audit readiness.
Education
Bachelor of Science in Cloud Computing -
05-2026
Doctor of Business Administration - ABD Status
06.2014
Master of Science in Information Security and Assurance -
06.2012
MBA in Management & Strategy -
05.2008
Bachelor of Science in Computer Security -
03.2006
Skills
- Vulnerability Assessment
- Threat Intelligence Analysis
- Mobile Device Security
- Disaster Recovery Strategies
- Intrusion Detection Systems
- Security Awareness Training
- Cloud Security Management
- Regulatory Compliance Knowledge
- Security Architecture Design
- Incident Response Planning
- Data Privacy Compliance
- Vendor Risk Management
- Penetration Testing
- Network Security Implementation
- Secure Software Development
- Application Security Oversight
- Security Policy Creation
- IoT Security Management
- Physical Security Integration
- Cybersecurity Strategy Development
- Information Governance
- Compliance Management
- Application security
- Incident Response
- Network Security
- Patch management
- Intrusion Detection
- Disaster Recovery Planning
- Risk Assessment
- Developing security plans
- Security Needs Assessment
- Data Security
- Data Encryption
- Disaster Recovery
- Identity and Access Management
- Team Leadership
- Verbal and written communication
- Complex Problem-Solving
- Staff Training and Development
- Staff Management
- Strategic Planning
- Operations Management
- Project Management
- Cross-Functional Teamwork
- Digital Transformation
- Data Analytics
- IT Governance
Certification
- Certified Information Systems Security Professional (CISSP), #22819, (ISC)2, 02/01/25
- Information Systems Security Architecture Professional (ISSAP), #22819, (ISC)2, 02/01/25
- Information Systems Security Management Professional (ISSMP), #22819, (ISC)2, 08/01/26
- Certified in the Governance of Enterprise IT (CGEIT), #CGEIT-0800152, ISACA, 01/01/27
- Certified Information Systems Auditor (CISA), #CISA-0541231, ISACA, 01/01/27
- GIAC Certified G2700 Professional
- Certified Ethical Hacker (CEH)
- Certified Hacking Forensic Investigator (CHFI)
- Payment Card Industry Qualified Security Assessor (QSA)
- CompTIA A+
- CompTIA Security+
- CompTIA Network+
- Microsoft Certified Systems Engineer (MCSE)
- Cisco Certified Entry Networking Technician
- Cisco Certified Network Professional Security Specialist
- Cisco Certified Network Associate
- Cisco Certified Design Professional
Languages
Python
PERL
PHP
Timeline
VP, Security, Operational Risk/Governance - Company Confidential
05.2023 - Current
Instructor - Western Governors University
02.2023 - Current
Director of Security (CISO) - Vulcan, Inc
06.2014 - 12.2015
Principal Consultant - Conformance Cybersecurity
04.2014 - 10.2022
Vice President of Security Solutions - Terra Verde Risk Services
02.2011 - 06.2014
Information Security Officer (CISO) - Element Payment Services
05.2008 - 02.2011
Cybersecurity Engagement Manager - British Telecom INS
08.2004 - 05.2008
Technical Manager - IBM
10.1999 - 08.2004
WGU - Bachelor of Science in Cloud Computing,
NCU - Doctor of Business Administration, ABD Status
WGU - Master of Science in Information Security and Assurance,
WGU - MBA in Management & Strategy,
WGU - Bachelor of Science in Computer Security,
Volunteer Experience
Vice Chief, Tripanick-Nansemond Family Indian Nation, 03/21 - 6/24
Availability
Open to Remote
Volunteer Experience
Vice Chief, Tripanick-Nansemond Family Indian Nation, 03/21 - 06/2024
Software
PHP
PERL
Python
Availability
Open to Remote
Work Preference
Work Type
Full TimeWork Location
RemoteImportant To Me
Career advancementCompany CultureVolunteer Experience
Vice Chief, Tripanick-Nansemond Family Indian Nation, 03/21 - 06/2024
Affiliations
- InfraGard
Similar Profiles
Amy DanielAmy Daniel
Senior Commercial Lines Account Executive/Manager at Company ConfidentialSenior Commercial Lines Account Executive/Manager at Company Confidential
Emem UdobongEmem Udobong
Cybersecurity Consultant at Company ConfidentialCybersecurity Consultant at Company Confidential
Patrícia DuartePatrícia Duarte
Intern at Company ConfidentialIntern at Company Confidential