about
Our efforts are discreet, our methods are scientific, and our conclusions are evidence-based.
We always function as a trusted advisor and source of ground truth for boards of directors and senior executives.
Our mission is to help clients secure their critical information assets, and to facilitate effective security governance.
Consilience 360 (C360) is an owner-operated, closely held, security risk consulting firm based in New York City. Co-founded in 2021 by Ed Stroz and Carl Young, we provide trusted and sophisticated security risk management and governance advice to boards of directors and corporate risk committees.
Our clients include global telecommunication firms, publicly traded software companies, and prominent international law firms.
A key element of our practice is helping organizations navigate increasingly challenging legal and regulatory landscapes. To that end, we have been engaged as expert witnesses in some of the highest profile cybersecurity litigation matters and government enforcement actions in U.S. history
Significant technical, analytical, and business expertise coupled with decades of experience addressing complex and/or high-risk security scenarios are the foundational elements of our unique advisory capability.
operational principles
We also conduct rigorous cyber and physical security risk assessments as part of our core practice. In addition to evaluating the effectiveness of security technology, we also examine the security implications of operational issues and the potential business impact of security controls.
Importantly, we consider both technical and organizational risk factors, which yields a more fulsome and contextualized view of risk.
Where possible, we perform quantitative analyses by leveraging principles of physical science and/or standard statistical methods. Such capabilities are frequently necessary when evaluating scenarios affected by natural phenomena or processes that are inherently probabilistic.
This scientific approach helps substantiate governance decisions and potentially limits legal and regulatory exposure in the event of a data breach.
Effective security governance ensures the organizational culture, business operations and cybersecurity risk management are in sync and aligned with the tolerance for risk.
Identifying technical vulnerabilities is necessary but not sufficient to effectively manage cybersecurity risk. Processes, workflows and culture contribute significantly to the magnitude of risk.
Cybersecurity risk is scale-dependent and therefore requires both macroscopic and microscopic assessments to address root causes and individual vulnerabilities, respectively.
experience
Although our work is strictly confidential, we are often asked to comment on topical issues as acknowledged security experts. Our articles have appeared in leading publications such as The Harvard Business Review and The Financial Times. In addition, our multiple reference books and technical papers in peer-reviewed journals are regularly cited by security professionals.
We are experienced former FBI agents who have worked in academia, government and business. Our experience includes:
Founder and Co-President of digital forensics and cyber consultancy Stroz Friedberg LLC. Acquired by Aon in 2016
Global Head of Security Technology for Goldman Sachs in New York and London
FBI senior executive who was awarded one of the highest civilian awards for technical contributions to counterintelligence and counterterrorism investigations
FBI Supervisory Special Agent who was in charge of the first cybercrime squad in New York
Advisors to the US government, major institutions and blue ribbon commissions
Dozens of complex security engagements in support of high-profile cybersecurity matters
Numerous books, peer-reviewed journal articles, public presentations and expert testimony
Member of the Fordham University Board of Trustees and consultant to the JASON Defense Advisory Group
CIO and CTO for The Juilliard School
Finally, our demonstrated success helping organizations address difficult security risk management and governance challenges explains why in a world where cyberattacks persist, formulaic security is the norm, and board members are being held personally liable for data breaches, C360 is increasingly in demand as a trusted security advisor.
Selected Publications and Presentations
E. Stroz -Panelist
"Cyber from the Perspective of the Board"
Panel discussion hosted by The Journal of Law and Cyber Warfare, November 10, 2020
E. Stroz - Author
"Ensuring Your Board is on the Same Page Regarding Cyber Response. Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers"
Palo Alto Networks, United Kingdom, January 2017
C. Young - Author
"The Enemies of Data Security: Convenience and Collaboration"
Harvard Business Review, February 11, 2015
D. Chang and C. Young - Authors
"Probabilistic Estimates of the Vulnerability to Explosive Over-pressures and Impulses"
The Journal of Physical Security," Vol. 4, Issue 2, 10-29, 2010
D. Chang and C. Young - Authors
"Infection Dynamics on the Internet"
Computers and Security, Vol. 24, No. 4, 280-286, 2005