About Ken Peterson
Kenneth Peterson is a seasoned cybersecurity risk management expert with extensive global experience. Beginning in 1997, Ken has advised and consulted to federal government agencies, Department of Defense contractors, organizations whose infrastructure is Designated as “Critical,” Systemically Important Financial Market Utilities, Systemically Important Banks, industry regulators, governing bodies, global public/private partnerships, industry trade associations, global Fortune 100 multinationals; and enterprise, midmarket, and SMB clients of all levels of cybersecurity maturity.
Churchill & Harriman (C&H), the firm Ken founded and leads today, is privileged to provide clients with 28 consecutive years of demonstrated institutional competency in architecting increasingly remote-based methodologies, processes, risk assessment criteria, and end-to-end enterprise risk assessment plans. Through this, critical security due diligence artifacts, proof points, evidence, and earned outward facing attestations are produced to successfully satisfy specific formal requirements including, but not limited to, all levels of CMMC, the SEC, FFIEC, NIST Cybersecurity Framework and NIST 800 Series, ISO Standards, Cyber Risk Institute (CRI) Profile, the Shared Assessments Program SCA and SIG, and StateRAMP/FedRAMP. These and additional critical security due diligence artifacts, evidence, and related audit and assessment outputs are produced with whole efficacy and efficiency — and all in alignment with the required standard of care.
C&H is entrusted to develop and execute highly discreet and tailored risk assessments for businesses and public entities executing government and commercial contracts. Having employed the NIST Standards since their inception, Ken and C&H promote the necessity of CMMC certification to protect national security and as a formal program to fortify organizational cybersecurity posture throughout government and industry.
In complement to his work, Ken is a fervent advocate for respectful conversations and believes in embracing the diversity of opinion and promoting empathy and happiness. In the spirit of community building and constructiveness, he is a supporter of social media sites that promote positivism and civil conversations.
We delve into Ken’s expertise and perspectives on risk assessment techniques, cybersecurity, and his dedication to encouraging positive relationships in the digital sphere. Explore the intricate character of Ken Peterson and his goals of enhancing cybersecurity along with the commitment to building a calm and holistic online community.
Blue Ocean: Please tell a bit about yourself, your professional life, and why you chose to work in this industry.
Ken Peterson: I had two opportunities, to either become an investment advisor or a career advisor. I decided to be a career advisor as I felt the professional elements of an individual’s life were so important, and I would have the opportunity to contribute in a way that was most meaningful to me. That’s how I began my career in Information Technology (IT) career counseling and built my career in that discipline for several years. Through my work, I was exposed to the IT consulting industry, as my customers were IT executives for some of the world’s most respected corporations. Together with my clients, I discussed their current consulting engagements, and that spurred my interest in consulting. I realized that as fulfilling as it was to make a difference in an individual’s careers, I also wanted the opportunity to contribute to lasting change at a broader level. I approached some of my best clients and asked them if they would afford me the opportunity to compete for their business if I and Churchill & Harriman (C&H) were to move into the consulting industry. They said “yes,” but there was always a caveat. They expected me to bring the same level of discipline, quality, and customer care to my consulting work as I had provided them on the full-time recruiting side. I readily agreed. So, the bar for me was set very high right at the outset, as my customers were predominantly IT leaders within Fortune 500 corporations with operations in the U.S. That’s how I started in the consulting business.
Blue Ocean: What does your typical day look like?
Ken Peterson: My day begins with focused thinking on the established chief goals I aim to accomplish in a given business day. I start working on these goals as soon as the day starts. It’s very gratifying to accomplish the major objectives that I set out at the beginning of a given day, and concurrently keep space for something unexpected that is both time sensitive and critical. I always leave time to ensure that if the need arises to address something with my team or with our clients that falls in the upper right-hand quadrant, that is both time sensitive and critical, I will have the opportunity to do that. The balance of my workday is invested on strategic initiatives and addressing tactical time-sensitive items. I ensure progress on priority projects before I put the proverbial pen down at the end of the workday.
Blue Ocean: What is one trend in your industry that excites you?
Ken Peterson: Unquestionably, it’s the ascent of artificial intelligence and how its application impacts our customers and industries at large. This trend is heightened owing to the great privilege that I and C&H have of serving organizations across global industry and government. The opportunities AI presents to public entities and industry alike are ever growing. The impact of AI on cybersecurity risk management and how individual commercial and public entities will govern their own use of AI, and how they will respectively govern their business partners’ use of AI is highly complex. That excites me.
Blue Ocean: How have you differentiated yourself and what do you think underpins your success?
Ken Peterson: We differentiate ourselves through the perspective, best practices, and lessons learned we offer that is gained from 28 consecutive years of successfully practicing cybersecurity risk management at the very epicenter of Fortune 100-level global industry and government and the resultant level of trust we have been privileged to earn from our clients and continue to earn every day. Our differentiator additionally includes the practical benefit of the intellectual capital we possess, the practical advice we provide our clients, and our flawless and timely execution when implementing solutions. The quality of our deliverables and the ease of working with C&H are differentiators our customers constantly underscore when they refer us to others. What a privilege that is! We not only address our clients’ current needs, we constantly partner with our clients and look out on the horizon for how a specific project may impact how they are formally being measured, their overall remit, and the business objectives of their employer. This differentiator is proudly depicted and memorialized on the Churchill & Harriman website www.chus.com through client recommendations and endorsements we have been privileged to earn.
Blue Ocean: How has your experience as a business leader shaped you personally and professionally?
Ken Peterson: It has made me more present in my professional and personal relationships. Some of our clients operate at the epicenter of various global industries, whether it is healthcare, transportation, or technology, where lives are on the line when we provide advice or perform services. As a practicing CEO, I have the opportunity to produce work products and deliverables, having delivered projects that required as many as 80 cybersecurity practitioners working on a specific objective. In my dealings with clients, business stakeholders, a board of director member, a CFO or CEO, the level of focus I need to have when I am listening to them, and the level of precision that I need to have when I am presenting to them or conducting a discussion with them is of paramount importance. I focus on enhancing that quality every month. This provides me energy that feeds into all of my relationships.
Blue Ocean: What is something unique you offer to your clients?
Ken Peterson: We offer the body of institutional knowledge we possess in our area of expertise and from the lessons we’ve learned from operating at the epicenter of the industry and government for decades. Again, whether it’s healthcare, where lives are on the line, global financial services, or in government, the weakest link is where the hackers normally aim to penetrate an organization. So, midmarket organizations and very small organizations will look to me and C&H to analyze their requirements, and then identify and implement what is most appropriate for them in alignment with their business objectives.
Blue Ocean: Why are risk assessments crucial for businesses, especially in government contracting, and what is the future of this discipline given your extensive experience?
Ken Peterson: In today’s competitive landscape, every business and public entity requires current, formal evidence of their foundational cybersecurity practices — at minimum— to stay relevant and secure contracts in any industry or government. To enjoy these benefits, Step one is executing a Risk Assessment. Through the execution of a properly scoped risk assessment, gaps in one’s environment are revealed. This information can then be leveraged for organizations to make prioritized, data-driven decisions on security investments. As for the future of this discipline, C&H has been entrusted to develop and implement risk assessment criteria, and end-to-end risk assessment execution strategies for entire industries. We are privileged to execute such responsibilities today on a global basis. With the continued expected advancement of technology and continuous monitoring functionality, the future of the risk assessment discipline will be foundationally informed by data provenance and data governance. Additionally, I expect that the benefit of earned attestations may increase over time.
Blue Ocean: What are the benefits of CMMC certification for companies, and what security and compliance benefits can one expect?
Ken Peterson: My answer here is predicated on C&H’s 4-year track record of helping clients prepare for Cybersecurity Maturity Model Certification (CMMC). Every U.S. Department of Defense (DoD) contractor has a fiduciary responsibility to meet their own company’s formal CMMC requirements.
The bottom line is that the benefits of CMMC certification include ensuring the eligibility for companies to continue performing services for the DoD. This includes certain current contracts where a company is either a Prime Contractor to the DoD or a Sub-Contractor. CMMC Certification will also be required for companies to be awarded new contracts by the DoD. FY2025 is expected to be a seminally important year for the continued formal implementation of CMMC. Therefore, every company that performs services for the DoD or is planning to perform services for the DoD must validate their CMMC certification requirements with their designated DoD point of contact to completely understand and fulfill their CMMC certification requirements. C&H is expert on preparing companies for their CMMC audits by a C3PAO. Additional security and compliance benefits of CMMC certification include the production of formal evidence of one’s security posture that can be leveraged with internal and external stakeholders. This evidence is based on accepted best practice from the National Institute of Standards and Technology (NIST); security artifacts that can be leveraged when responding to RFPs and RFIs, material maturation of one’s security posture leading to top and bottom line growth in serving public entities and commercial entities alike, and preparing to fully leverage the benefits of Artificial Intelligence. The government is auditing these reported outputs. Organizations must be certain to formally fulfill their respective CMMC requirements.
Blue Ocean: What are you grateful for?
Ken Peterson: I am grateful for the incredible people I am blessed to have in my life. They are truly my greatest treasures, especially my wife, my family, and my friends. Their love and care constantly remind me how fortunate I am. I am additionally grateful for my C&H colleagues for their commitment to our clients and to me, and to our clients for their demonstrated confidence and trust in me and C&H. To be embraced by such remarkable individuals is a gift beyond measure.
Blue Ocean: What is your favorite quote, saying, or anecdote?
Ken Peterson: I find resonance in Teddy Roosevelt’s quote: “The credit belongs to the man who is actually in the arena, whose face is marred by dust, sweat, and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does strive to do the deeds; who knows great enthusiasms, the great devotions.”
We have it framed and prominently displayed in our home. Being in the arena, at least in certain contexts, I like to often reread and internalize this quote.
Blue Ocean: What valuable advice would you offer your younger self?
Ken Peterson: The most valuable advice I could offer my younger self is to know your value.
Do you have a personal or professional story that can inspire other people into becoming the best version of themselves?
You are welcome to share your journey with our audience.
