Edwin Waleh is the Principal, Security Consultant, & Chief Information Security Officer (CISO). Before starting Heartland Cybersecurity Consulting, he was a Security Product Manager for Avtec, Inc. He was responsible for determining and interpreting applicable security guidelines and controls for Avtec products and services and managed third-party vendors and customer relationships related to security compliance, testing, and auditing. Edwin brings over 12 years of Information Technology experience, focusing on verification, analyzing, and implementing cybersecurity solutions to safeguard critical assets and mitigate security vulnerabilities.
Before Avtec, he worked for Duke Energy and South Carolina Electric & Gas (SCE&G) in various IT functions. He has expertise mapping NERC-CIP and NIST standards. He has a strong background in policy and procedure implementations, business and IT process improvements, and physical and logical security controls.
Edwin has an undergraduate degree in Management Information Systems from The University of North Carolina at Charlotte, he holds a Masters of Business Administration (MBA), and is a Certified Information Systems Auditor (CISA).
Heartland Cybersecurity Consulting (HCC) helps guide and manage organizations to identify security weaknesses, strategize and prepare a plan of actions and milestone, and assist in the continuous implementation of appropriate solutions. Our mission is driven from a tailored risk-based approach, leveraging approved governance directions or industry best practices, and validating security controls, countermeasures, and mitigation plans.
HCC delivers expertise and consulting in achieving various industry standards including the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP), National Institute of Standards and Technology (NIST), Federal Information Processing Standard (FIPS), Payment Card Industry Data Security Standard (PCI DSS), and International Organization for Standardization (ISO). We assist organizations to develop and implement Cyber Vulnerability Assessments (CVA) to pinpoint security gaps such as security patch management, change control management, ports and services management, malicious code prevention management, systems and events logging management, vendor and supply chain management, backup/recovery and incident response management, and personnel and security awareness training.