Dr. Thomas Graham, Ph.D., serves as VP and Chief Information Security Officer (CISO) at Redspin, a top cybersecurity and privacy consulting firm, the first authorized C3PAO, and one of the first organizations to conduct a DIBCAC High CMMC (Cybersecurity Manual Model Certificate) assessment under the joint surveillance program (JSVAP).
Dr. Graham is a skilled Cybersecurity Maturity Model Certification (CMMC) professional, holding Certified Assessor (CCA), CMMC Certified Professional (CCP), and CMMC Provisional Instructor certifications. Dr. Graham served as the lead architect in Redspin achieving the first C3PAO status, leads CMMC-certified training courses, and has helped numerous organizations obtain certification under the JSVAP.
Dr. Graham is responsible for all internal security items for Redspin and its affiliates. Before Redspin, Dr. Graham supported the Defense Health Agency (DHA), where his team received a FedHealthIT award, presented to them at the National Press Club in Washington, DC. Dr. Graham holds a Ph.D. in Information Assurance and Security, an MBA, and a Master of Science degree in Technology Systems. He also serves as the Chair of the MIS Advisory Board for East Carolina University and has been a member of the HIMSS Cybersecurity, Privacy, and Security Committee. Dr. Graham has previously spoken at other industry events including the National Cyber Summit and ISC2 Security Congress.