Lucas Rice
Education:
Master’s Degree
Technology, Commercialization, and Entrepreneurship
Rensselaer Polytechnic Institute
2014 : 2015
Bachelor of Science
Mechanical Engineering
Rensselaer Polytechnic Institute
2010 : 2014
Experience:
2022 : Present
Volkswagen Group of America
Senior Manager of Cybersecurity
• A Process Solutions Leader for Deloitte’s Product Safety and Security practice responsible for securing connected products at leading manufacturing organizations across various industries, including Medical Devices, Automotive, Consumer Products, and Industrial Products.
• Assisted in the development of Secure Supply Chain methodologies.
• Led the development of secure product procurement processes and secure supply chain white papers for global product manufacturing organizations, including the pilot of the process where evaluations of suppliers were conducted.
• Developed and led VP & CISO labs on security and / or privacy topics in order to develop roadmaps for future tactical and strategic planning.
• Managed SDL / SDLC maturity assessments for multiple global product manufacturers in life sciences, consumer product, and industrial product industries.
• Performed product security and privacy program maturity assessments for multiple global product manufacturers, including connected medical device manufacturers, connected industrial product manufacturers, and consumer connected product manufacturers.
• Worked with organizations to identify strengths and weaknesses in current state cyber security practices and developed associated strategy for enhancements to align with industry leading cyber practices.
• Led the design and development of global organizations’ product security and privacy programs to enable the better management the product cyber and privacy risks, including developing security and privacy frameworks, governance models, policies, standards (e.g., security-by-design standard, privacy-by-design standard), and procedures (e.g., security risk assessment procedure, secure procurement procedure, CCPA privacy requirements).
• Managed the development and delivery of product security and privacy strategies, roadmaps, and playbooks for multiple global product manufacturers.
2019 : 2022
Deloitte
Manager
• Process Lead for Deloitte’s Product Safety and Security practice responsible for securing connected products across various industries.
• Managed small teams in assisting global product manufacturers and healthcare providers in the securing of connected products through the design, development, and implementation of product security programs, which align with industry leading practices, regulations, and standards.
• Led the discovery and interview process for identifying cybersecurity gaps as they pertained to connected products designed, developed, or managed by manufacturers with the goal of enabling ongoing, secure, safe, and reliable operations across the development lifecycle.
• Developed secure procurement and secure supply chain frameworks and associated processes for global product organizations.
• Assisted SDL / SDLC maturity assessments for multiple global product manufacturers.
• Performed product security program maturity assessments for multiple global product manufacturers, including connected medical device manufacturers and consumer connected product manufacturers.
• Led the design and development of global manufacturers’ product security programs to enable the better management the product cyber risks, including developing security and privacy frameworks, governance models, policies, standards (e.g., security-by-design standard, privacy-by-design standard), and procedures (e.g., security risk assessment procedure, secure procurement procedure).
• Developed product security and privacy strategies, roadmaps, and playbooks for multiple global product manufacturers.
2017 : 2019
Deloitte
Senior Consultant
Almost everyday news surfaces about how an organization has been hacked or consumer information has been stolen, yet few people realized that the many of the healthcare systems and medical devices are susceptible to the same types of attacks. More and more medical devices are being connected to various networks, increasing the risk that they are hacked into, which could lead to the loss of patient information, an error that causes patient harm, or even the destruction of the machine. Being a part of the Medical Device Security and Safety (MeDSS) team at Deloitte, we work with major medical device manufactures and healthcare providers to help assess and mitigate risks that might cause those types of situations. I am also the PMO lead for the MeDSS team, providing logistical, organizational and strategic support of the team to make sure that each clients need are served. Additional accomplishments include :
• Assisted global medical device manufacturers and healthcare providers in the securing of networked medical devices through the design, development, and implementation of product security programs, which align with industry leading practices, regulations, and standards.
• Identified cybersecurity gaps as they pertained to devices designed, developed, or managed by device manufacturers and healthcare providers with the goal of enabling ongoing, secure, safe, and reliable operations across the enterprise through the performance of security risk assessments.
• Prepared organizations for certifications relevant to the securing of devices designed, developed, and managed by the organization, as well as the data which is stored or transmitted by those devices.
• Responsible for knowledge of risk management tools, client related regulatory requirements, risk and control frameworks, tailoring of required assessment practice statements, and creating assessment reports and recommendations.
2015 : 2017
Deloitte
Cyber Risk Consultant
Working with various professors on advanced automation and control systems research projects.
2012 : 2015
Rensselaer Polytechnic Institute
Research Assistant
Company: Volkswagen Group of America
Years of Experience: 11
Spoken Language: English, French
Specialties: Product cybersecurity, Mechanical Engineering, Cybersecurity, Project Management, Human Factors Psychology, Design & Business Implication of Emerging Technology.
Please note, the views expressed here are mine alone and do not necessarily reflect the view of my current, former, or future employers.