Cost-Effective Security Leadership

Interim or long-term leadership for your security program at a fraction of the cost of a full-time CISO.

Strategic Security Solutions

Whether constructing a program from the ground up, rejuvenating a struggling one, or aligning it with your company’s business and culture, Newbridge Cyber & Risk aims to reduce your unique cyber security risks to the satisfaction of your owners, investors, and customers.

We serve diverse industries, including:

  • Private Equity
  • Bio-Tech
  • Commercial Multi-Family Housing
  • Robotics
  • Charitable Non-Profit
Compliance Rules Law Regulation Policy Business Technology concept.

Fractional CISO

Establish governance and management of your security program to mitigate your unique cyber risks. 

Compliance with Newbridge Cyber and Risk

Regulatory Compliance

Recover from failed audit or prepare compliance program, aligning with NIST Cyber Security Framework and other standards.

Project Manager and Computer Science Engineer Talk while Using Big Screen Display and a Laptop, Showing Infrastructure Infographics Data. Telecommunications Company System Control and Monitoring Room.

Incident Response Development

Prepare for major incidents, tailor response, engage cross-functional teams, ensure cohesive and efficient response.

Streamline Defense with Newbridge Cyber and Risk

Streamline Defense

Develop attack defense program: reduce risk, optimize processes, tech, and staff within constraints.

Third-Party Risk Management - Make it a Service Not a Roadblock

Third-Party Risk Management

Enhance vendor risk management process to reduce your supply chain risk. 

Consulting CISO: Stephen E. Lipka, Ph.D., CISSP, CRISC

Dr. Stephen E. Lipka brings a wealth of experience gained during a career spanning over 15 years in information security following decades of IT leadership and consulting experience. His expertise lies in creating and revitalizing tailored information security and risk management programs that align with each client's unique business strategy, culture, assets, risks, and compliance requirements. Stephen values common sense, trust, the importance of process over technology, learning and growth for security staff, and communication with executives and staff.

Download Dr. Stephen Lipka's Resume

As a trusted virtual Chief Information Security Officer (vCISO), Stephen has demonstrated his commitment to increasing shareholder value by reducing information security risk in organizations of varying size in multiple industries. He served as a virtual CISO for a cloud-first clinical-stage biotech company, where he orchestrated the implementation of an information security program aligned with NIST Cyber Security Framework and CIS Critical Security Controls designed to protect their intellectual property. He has also worked with private equity firms, guiding one towards SEC compliance, improved security governance, reduced third-party risk, improved security awareness of their personnel, and much-improved incident detection and response processes and technologies. In another, he led their program to assess and improve the security postures of their portfolio companies in the interest of preserving and building the portfolio companies’ – and investment funds’ – value. A national affordable housing development and management firm has engaged Stephen to guide the development of a security program that seeks to reduce the risks of operational disruption and tenant data loss, all with a limited budget.

Notably, Stephen's career includes his tenure as the Chief Information Security Officer at a $5 billion commercial real estate services firm operating in 60 countries, where he established an international, enterprise-wide security function. Designed to establish credibility with the company’s clients and enable long-term property management contracts, he created a program with a robust risk governance structure, strong incident detection and response technologies and processes, strong vendor risk management, security-aware employees, and a well-used process for engaging with prospective and renewing clients to negotiate security practices to the benefit of business.

Stephen's commitment to information security drives his continued participation in professional development activities of InfraGard, ISC2, ISACA, and other professional societies and peer groups. His CISSP and CRISC certifications signify his commitment to maintaining professional standards for the benefit of his clients.

Articles

Create an Incident Response Plan and Test It

May 20, 2024
Posted in

All airline flight crews have aircraft evacuation plans for emergency landings, and they test them as part of training. Office buildings of any substantial size plan fire drills and test … Read more

Third-Party Risk Management - Make it a Service Not a Roadblock

Third-Party Risk Management – Make it a Service, Not a Roadblock

March 20, 2024
Posted in

Since I started working in information security 16 years ago, I’ve never run across a company that doesn’t outsource some IT services. Many young companies I come in contact with … Read more

10 Commandments for Operating Security Programs

10 Commandments for Operating Security Programs

February 21, 2024
Posted in

I was recently invited to present to security and IT leaders at a vendor’s gathering of small early-stage biotechs. I packaged up a deck with the anatomy of an attack, … Read more

Contact Us

Please enable JavaScript in your browser to complete this form.
Name