Fred Hazan — Founder & Principal vCISO

Who Fred Hazan Is

Fred Hazan is a CISSP-certified cybersecurity executive and the founder of Globally Secure IT, LLC. His career spans every layer of the technology and security stack — from application development and global infrastructure to federal government operations and CISO-level advisory — at organizations including PricewaterhouseCoopers, the Internal Revenue Service, TÜV Rheinland, and Optiv.

What distinguishes Fred from most security consultants is an uncommon combination: a dual undergraduate degree in Computer Systems and Finance from American University. That pairing — deep technical fluency and genuine financial acumen — is why Fred can walk into a board meeting, quantify risk in dollar terms, build the business case for a security investment, and then personally architect the solution. Most security practitioners can do one or the other. Fred does both.

Fred founded Globally Secure IT in 2012 and has since served as a trusted vCISO and strategic advisor to mid-market companies, financial institutions, defense contractors, and healthcare organizations. He partners with TPG Consulting and SilverSky on co-sell engagements, and is a verified expert through Toptal's management consulting network.

Core Areas of Expertise

Fred's practice is built around seven areas where he delivers measurable outcomes, not advisory reports that collect dust:

vCISO Advisory & Security Program Leadership — Board reporting, security strategy, program governance, and a structured First 90 Days engagement that builds the baseline, assesses gaps, creates the roadmap, and begins execution — turning a reactive posture into a managed program.

Compliance Frameworks — NIST CSF 2.0, NIST SP 800-53, CMMC 2.0, HIPAA, PCI DSS, ISO 27001, CRI Profile, COBIT, and OWASP — including crosswalk work for organizations that must satisfy multiple frameworks simultaneously.

Policy, SOP & Program Development — Creation of full policy libraries, standard operating procedures, control catalogs, and audit-ready documentation programs — built to the client's brand, regulatory requirements, and operational reality.

Identity & Access Management (IAM) — Enterprise IAM strategy, Zero Trust architecture, Privileged Access Management (PAM), Identity Governance & Administration (IGA), MFA, and SSO across complex hybrid environments.

Cloud & Hybrid Architecture — Cloud security architecture, infrastructure optimization, and cloud cost reduction. Architected the target-state hybrid cloud infrastructure for a global pharmaceutical company following a comprehensive infrastructure analysis.

Incident Response & Resilience — IR planning, BCDR (NIST SP 800-34), tabletop exercise design, and ransomware defense strategy.

AI-Driven Security — Secure AI integration, AI governance frameworks, AI-enhanced threat detection, and the security implications of enterprise AI adoption including Microsoft Copilot deployments.

Globally Secure IT 2012 – Present

Founder & Principal vCISO Advisor. Founded and operates a vCISO advisory practice serving mid-market and regulated industry clients. Delivers enterprise-wide security transformations, hybrid cloud architectures, AI-enabled security programs, and C-suite business cases. Operationalizes NIST, CMMC, CRI, OWASP, ISO, COBIT, and HIPAA frameworks. Partners with TPG Consulting and SilverSky on co-sell engagements.

Optiv 2022 – 2025

Senior Client Solutions Advisor & Architect. Trusted technical and strategic advisor in enterprise pre-sales cycles at one of North America's largest cybersecurity solutions providers. Translated complex security requirements into actionable strategies for Fortune 500 clients. Led IAM-focused sales enablement and guided clients through security stack rationalization using AI-enhanced defense architectures.

TÜV Rheinland / OpenSky 2015 – 2022

Senior Principal Consultant & Practice Leader. Advanced from Senior Associate to Senior Principal over 7 years, ultimately leading three practices: Advanced Cyber Defense, Governance Risk & Compliance (GRC), and Cloud. Built and delivered Zero Trust architecture, identity governance, and enterprise risk management programs for major clients. Delivered $1.5M in savings through tool rationalization and reduced a university's breach risk by $830K through advanced threat analytics. Served as vCISO for multiple organizations simultaneously.

U.S. Department of the Treasury — IRS 2013

Executive Director, Infrastructure Services. Directed three organizational branches with 225 employees and a $30M budget. Delivered the secure infrastructure — enterprise identity management, electronic messaging, mobile accessibility, virtualization, and ITIL service management — that supported all IRS filing season applications. Operated at the intersection of federal security requirements, mission-critical uptime, and large-scale government IT.

PricewaterhouseCoopers LLP 1997 – 2012

Global Network IT Director & Architect. 15-year career advancing from Senior Technical Architect to Global IT Director. Drove strategic IT and cybersecurity architecture initiatives across 152 international PwC member firms. Designed secure identity management (SAML SSO, two-factor authentication), global remote access architecture, and Business Continuity/DR programs. Delivered $22M in savings through a global VPN initiative and $1M+ annually through remote access strategy.

BNY Mellon 1985 – 1996

Assistant Vice President. 12-year career managing application development for four critical bank custody systems including UIT, Clearance, Trading, and overnight repurchase agreements. Led a team of 40 staff and consultants to deliver the bank's first web application. Managed systems consolidation through three mergers and acquisitions — the foundation of Fred's understanding of M&A security risk from the inside.