Partner in EY Cyber Practice Esther Lee is a partner in EY cyber practice with 16 years of experience leading cyber consulting practices, security departments, and IT operations. She has significant experience in delivering projects in the areas of cybersecurity, regulatory compliance, legal discovery, computer forensics, and incident response. Her background in IT operations as well as serving as a CISO for a cloud marketing company gives her a unique perspective as a cybersecurity consultant. During her time as a CISO, she built a security program, hired/trained teams in various competencies and managed multi-million dollar budget to maintain security in a cloud infrastructure. Sample Engagement Experience: Interim CISO - Served as interim CISO in retail and health industries. She originated governance structures and cadence, created and executed risk security strategy roadmaps to increase security posture as part of incident remediation and general security operations. Technology Implementation - Implemented security operational optimization solutions for several companies, specifically in health and retail. This included Identity management solutions to reduce risk due to inappropriate access and long SLA’s associated with on-boarding new employees to organizations. Security Program Build - Implemented security program management function at a large private company with complex IT infrastructure, decentralized IT operations and complex regulatory control environment due to PCI. She managed $10+ million annual budget as part of this engagement. eDiscovery and Forensics - Led and executed large scale FTC remediation efforts for a large retailer chain after the brand suffered a significant public cyber breach. She executed several work streams involving complex data analysis, re-engineering of key processes, server and mainframe baseline configurations/remediation and creation of enterprise wide IT policies/procedures and governance structure. Breach Remediation - Having been breached with compromised consumer payment card information, a large retailer was facing potential enforcement of a consent decree. Leveraging ISO 27002 standards, led efforts to assess current state and design remediation project plans to meet compliance requirements from the FTC. This assessment required deep understanding of various OS platforms, network devices, detective/preventive technologies, and IT governance.
