Modern CISO Network: Board Book
A directory of board-ready security leaders
location
AMER
areas of expertise
- Risk management and strategy
- Cloud security
- Compliance, controls, and audit
- Recruit and retain top talent
- Security operations
- Cybersecurity program development
- NIST and FedRamp
- Incident Response
Andrew Scharlott
Vice President of Information Security
Sylvan Road Capital
Andrew is an experienced and knowledgeable Information Technology and Cybersecurity leader with expertise in building and maturing security programs, leading cross-functional teams, and developing and implementing innovative budget-conscious solutions to address complex business and technology challenges. He has more than 17 years of professional experience across IT operations, risk management, and cybersecurity functions. This includes enterprise-scale project management, incident response, system architecture, policy and standards development and implementation, and audit, compliance, regulatory, privacy, and continuous monitoring.
As the Vice President of Information Security for a remote-first and cloud-native vertically integrated real estate investment firm. Andrew built the cybersecurity program from the ground up, including authoring core policies and deploying key technologies. Immediately prior to that he led a large cybersecurity operations team for the U.S. Department of the Interior responsible for functions including: SIEM and related logging, dashboards, and reporting; Network Access Control (NAC); system and web (DAST) vulnerability scanning; advanced malware and intrusion detection; asset and inventory management and reporting; Data Loss Prevention (DLP); and EDR.
Andrew also taught several Cybersecurity Boot Camps at the University of Denver, covering topics such as incident response, offensive security and penetration testing, web application architecture and security, networking and firewalls, system administration and hardening, Wireshark and packet analysis, forensics, cryptography, SIEMs, network monitoring, cloud architecture and security, Bash shell and scripting, threat modeling and vulnerability assessments, governance and compliance, and risk management.
Andrew’s education background includes a Master of Science in Computer Science from Purdue University, and Bachelor of Science degrees in both Computer Engineering and Computer Science from the University of Missouri. He maintains numerous active cybersecurity certifications (including CISSP and CISM) and has previously been cleared at a Top-Secret level.