Security that scales from a startup to a Fortune 100.
I’m Rob Fuller. For 25+ years I’ve built, fixed, and scaled security, from a first hire to 1.5M+ endpoints at a $300B+ healthcare leader. The same hands-on judgment works whether you’re thirty people or a global enterprise.
The same operator, at both ends of the spectrum.
Most leaders fit one size of company. The record below makes the case that I fit yours, at either end.
At enterprise scale
From zero
Whether the budget is a rounding error or nine figures, the job is the same: find the root cause, engineer it out, and make security something the business runs on, not around.
“It’s not the forklift driver’s job to spot a phishing email. It’s mine to make sure they never have to.” I don’t accept “it’s not if, but when.” I build programs that find root causes and engineer whole classes of risk out of the business.Operating principle
A business leader who never stopped being an operator.
Take users out of the threat model
I engineer protection into the fabric, so your business never hinges on one person catching one bad click. People are the mission, not the last line of defense.
Separate signal from hype
AI and quantum, judged on evidence instead of headlines. I have the technical depth to tell what’s real and the governance to deploy it responsibly.
Fix the root cause
Risk-based prioritization and architecture-level controls that remove whole classes of problems, instead of triaging the same alerts forever.
Speak the board’s language
I translate cyber risk into business terms a board can act on, with the credentials to back it.
A quarter-century of build, fix, and scale.
Every chapter built the next. Together they prove the range a top-tier CISO is hired for.
United States Marine Corps
A combat engineer who retrained into cyber and defended some of the most targeted military networks on earth.
More
The Marines taught two things no certification can: how to decide under pressure with incomplete information, and how to build teams where accountability is non-negotiable. Combat engineers think in both construction and destruction, a mental model that maps directly onto security architecture.
Moving from MOS 1371 to a tactical data-network gateway role wasn’t a career change; it was the same mindset applied to a new domain: building and defending infrastructure against adversaries with nation-state patience.
The Capitol & the Pentagon
Defended one of government’s most significant networks at the Senate, then red-teamed the Pentagon. Defender and attacker, back to back.
More
At the Senate, every alert was real and every decision carried national-security weight. At the Pentagon the role flipped to finding the gaps real threat actors would exploit. Holding both sides at once is the dual perspective that still shapes how I lead.
Elite consulting & red team
Eight years and hundreds of engagements across every industry and attack surface, learning what “good” looks like everywhere.
More
Consulting forces a breadth in-house roles can’t: every kind of environment, every kind of failure, every kind of organizational dysfunction. You learn what works and what’s theater. At GE (2011–2015), as Senior Red Team Analyst and then Senior Security Architect, I helped architect the migration of roughly 500 applications to AWS and re-architect them as cloud-native, well ahead of the trend. In parallel, as CTO of the National CyberWatch Center, I built a cybersecurity team from zero and developed GRC frameworks for a national education initiative.
Big tech & autonomous systems
Security engineering where software failures are measured in lives. Built SOAR automation, identity architecture, and a 30-assessment purple-team program.
More
At Uber I architected the SOAR detection and attack-emulation platform (later open-sourced) and led Red/Purple Team work across AD, IAM, and PAM, including the Azure AD migration. At Cruise, the stakes shifted from data to physics: securing software that drives cars on public roads. At Black Hills I built and led a purple-team program of roughly thirty assessments while mentoring the next generation.
Enterprise security leadership
From a $25M identity program protecting a global airline to owning security strategy for a $300B+ healthcare leader that delivers roughly one-third of the pharmaceuticals used in North America.
More
At McKesson I own security strategy across Red Team, Vulnerability Management, EDR Engineering, and Endpoint Strategy, protecting 1.5M+ endpoints. I built a 25-person organization from scratch, cut the critical/high backlog 40% in nine months through risk-based prioritization, and turned the vulnerability disclosure program into a strategic asset feeding the EASM effort.
At United Airlines I directed Red Team, Cyber Threat Intelligence, and IAM across a 100,000+ employee operation: driving a $25M IAM program, operationalizing 60M+ monthly threat signals, partnering with TSA, FBI, and ISACs on nation-state response, and cutting audit findings 60% year over year across SOX, SOC 2, PCI 4.0, ISO 27001, and NIST.
Known for the craft and for shaping the field.
A public track record that brings credibility, network, and recruiting pull to whatever I lead.
From Metasploit Mastery to Abilities Driven Red Teaming. On the Training Review Board since 2026.
The Jasager/KARMA research on Fonera routers that became Hak5’s WiFi Pineapple. Host of Metasploit Minute.
Seasons 2–6, making technical concepts accurate and compelling.
Briefed DHS on AI-driven national-security threats, from model poisoning to prompt injection.
Reviewed the Foundation for Defense of Democracies’ quantum-readiness roadmap.
Built a SolarWinds Orion audit tool in 2015, years before the 2020 supply-chain breach made it matter.
NoVA Hackers · VMRG Chair · SecurityTitles.com · USMC Cyber Auxiliary founding member.
National CCDC and ISTS: red-teaming the student teams who become the next defenders.
Honoring the people who built and defended the information-security industry.
A voice the industry already knows.
Beyond the stage, a decade as DEF CON staff (a “Goon”) helping run the world’s largest security conference.
The homework behind the judgment.
Education
All three degrees from Western Governors University.
Executive
Chief Information Security Officer Certificate Program, Carnegie Mellon University (Heinz College). Completed 2026.
Clearance & networks
See what a CISO who’s operated at every scale can do for you.
A full-time CISO seat, a fractional or interim engagement, a board or advisory role, or the stage. The first step is a 30-minute conversation.