Risk is a four-letter word—Providing Information Assurance for the Enterprise Network.
About Tim Weil
Tim Weil is an ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 27032 auditor, trainer, and implementer with over thirty years of experience in data processing, communications engineering, and information assurance. Mr. Weil’s areas of expertise include enterprise risk management (ISO/IEC 27001 and ISO/IEC 27002) for commercial clients; FedRAMP/FISMA compliance for federal agencies and cloud service providers; IT service management; and cloud security architecture. In project and program management, Mr. Weil has directed professional IA program teams in both the commercial and federal sectors. A particular career highlight includes working as the cybersecurity manager for the US Antarctic Program under contract to the US National Science Foundation (2012).
Throughout his career, Tim has been an active volunteer for the Institute of Electrical and Electronic Engineers (IEEE). He is a senior member of the IEEE and holds leadership positions in the IEEE Computer Society and the IEEE Communications Society. He is a published author and serves on the editorial board for IEEE IT Professional Magazine. Having served as conference chair for IEEE GREENTECH and patron chair for IEEE GLOBECOM conferences in 2015, Tim was awarded the IEEE-USA National Service Award for the conference and program development. He is also the past chair of the IEEE Washington, DC, and Denver sections. Most recently, he was recognized in 2020 as an outstanding individual contributor in the IEEE Region 5 program for his work as general co-chair of the ICC 2024 conference (Denver, CO).
He holds current certifications in CISSP, PMP, ISO/IEC 27001, ISO/IEC 27701 (CMSA/Trainer/Auditor), and Cloud Security (ISC2 CCSP, CSA CCSK).
About the experience in auditing
Over a long career for US Government clients, I have managed and delivered close to 100 FISMA (NIST) reviews using the SP 800-37 Risk Management Framework and SP 800-53 Control Catalogs.
Working with commercial clients, I have several years of recent audit and training experience in various frameworks, including ISO/IEC 27001 and ISO/IEC 27701. In these audit engagements, I have enjoyed taking a 360-degree look at cybersecurity and privacy programs implemented by companies using the relevant standards. This has provided interactions from management, non-technical, engineering, and corporate stakeholders who all have unique views on the protection of Enterprise ICT programs.
With our industry pivoting to cloud services, mobile and wireless networks, social media, big data, AI, hyperscale data centers, and data protection standards (e.g., GDPR, ISO/IEC 27701), my work as a cybersecurity auditor has kept me engaged with the strategic investments of an organization managing the complexity of ICT systems. The job of an IT auditor is to help clients align their business for risk management methods and cybersecurity and data protection best practices, providing decision-making support at an executive level and operational support to the stakeholders of an Information Management System (ISMS) or Privacy Information Management System (PIMS). At the end of the day, it is all about the confidentiality, integrity, and availability of information assets used to manage and measure risk in support of the overarching business objectives.
A key challenge of auditing is translating complex information (e.g., ISO standards) into simple language that a wide variety of interested parties can understand. Using the audit methods such as ISO 19011 and ISO/IEC 17021 and completing the CMSA training program have helped in this regard.
Tim's experience with MSECB
Over a long career and many IT certification programs, I have found great value in working with MSECB to use my audit credentials, which provide competencies in Information Security (ISO/IEC 27001:2022), Privacy (ISO/IEC 27701), Risk Management (ISO/IEC 27005), Cloud Security and Privacy (ISO/IEC 27017 and ISO/IEC 27018), Cybersecurity (ISO/IEC 27032), and Certified Management System Auditor (ISO 19011, ISO/IEC 17021). These qualifications have made me a professional auditor.
MSECB staff and resources are recognized as industry leaders in information security and privacy. The recognition is well deserved. MSECB provides various services to the independent auditor, including well-informed professional staff, online resources, complimentary CMSA training, and state-of-the-art tools for conducting relevant ISO audits.
On any given audit engagement, MSECB has provided guidance and support in the planning, reporting, and certification activities for an ISO audit. Their staff of experts will typically provide quality assurance support in reviewing reports, adhering to the relevant standards, and discussing issues regarding non-conformance and certification. Beyond these activities, MSECB offers a network of auditors to connect with using social media resources. This has helped me establish a ‘web of information’ supporting the current and emerging standards (ISO/IEC 27001:2022). As our business moves to an updated set of ISO standards, MSECB continues to look ‘beyond the horizon’ by supporting existing clients and providing new audit opportunities for professionals like me.
MSECB Auditor Profile
Tim Weil has been part of MSECB since 2020 and has conducted numerous ISO/IEC 27001 audits. Mr. Weil is highly respectful and trustworthy. He is committed to upstanding ideals and does an honest job. Apart from other qualities that he has as a good auditor, his effective and collaborative communication skills are to be mentioned.
We are honored to have him as part of the MSECB Auditors Network!
Become an Auditor
Build endless connections and professional networks by joining our team of over 500 MSECB Auditors.
We welcome you on board!