Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master of Science degree in Information Security at the University of Buenos Aires (Class rank 1st).
Trained by FBI, INTERPOL, OAS, CERT, and ISO, he has openly shared his knowledge training +700 professionals across several countries. Lucas has delivered lectures and participated as a speaker in several renowned conferences, seminars, and courses. Lucas has extensive knowledge and experience in performing security audits, cyber maturity assessments, cyber risk assessments, eGRC tools implementation, security awareness training, cyber security research, and cyber ISO standards development.
He also represents Argentina as an expert in ISO's Information Security, Cybersecurity, and Privacy Protection subcommittee (ISO/IEC JTC 1/SC 27) and as the Secretary of Argentina's ISO mirror subcommittee. Lucas has created 4 cyber ISO national standards.
Professionally, he has taught, worked, and contributed to several private, government, and NGOs organizations in the US, Europe, and Latin America for more than 8 years. Currently, he is a Manager within the Cybersecurity & Privacy Advisory team at PwC Malta. Learn more.
Partnering with the Software Engineering Institute at Carnegie Mellon University, we devised a novel Cyber Risk method combining FAIR, MITRE, OCTAVE, CMMC, NIST CSF, and NIST SP 800-53 frameworks.
The main objective is to provide CISOs with a concise and express control impact prioritization strategy for Cyber Risks. CISOs will optimize their security strategy based on their custom main constraints (e.g. budget, risks, compliance requirements, threat environment). CISOs will also be able to quickly justify their budget and investments to executives.
Working with Prof. Alessandro Acquisti we researched how data breaches affect users' and organizations' security and privacy. Our main objective was to verify the existence of the gap and gauge it by analyzing subjects' privacy awareness, behavior, and attitude discrepancies.
The project goal is to improve the usability of well-known information risk frameworks. Focusing on how to build security management systems based on a maturity model that centralizes the requirements and guidelines of risk frameworks. During the 2020 fall semester, I worked with a CMU advisor within an independent study to devise a Unified Cyber Risk Maturity Model.