Eric Rockwell, Virtual Chief Information Security Officer (vCISO)

Eric Rockwell, Virtual Chief Information Security Officer (vCISO)

Eric Rockwell has demonstrated both a technical and entrepreneurial leadership approach to previously growing a successful and award-winning Information Security and Managed Security Services Provider (MSSP). He holds numerous industry certifications including CISSP, MCSE, CCNP. With more than 17 years of leadership experience in the industry helping clients identify, protect, harden, and optimize their IT environments while aligning with business objectives in life sciences, health care, financial services, legal, defense, and manufacturing industries.

Eric successfully founded and grew an IT MSP to $10M in annual revenue, and sold his MSP interest to focus 100% on Cybersecurity. Eric now works directory with solution providers to apply unique and innovative techniques to take their business to the next level of profitable growth. Eric has first-hand experience participating in auditing and assurance, including ISO 9001, ISO 27001, AICPA SSAE 19 and 18 SOC2 Type2, HIPPA and HITRUST, CMMC, and implementing frameworks such as ISO 27001, NIST 800-53, NIST 800-171, and the CIS Controls.

Eric has extensive experience in IT risk management, incident response, infrastructure protection, business continuity, and disaster recovery. With strong experience within the fields of Managed Security, Private Cloud, and developing vCIO and vCISO as a service. Eric has become a thought leader in pioneering new ideas to improve information security and business efficiency for small to medium-sized businesses.

Practice Focus
Information Security Audit and Qualification Services
Internal Information Security Control and Security Policy and Procedure Consulting Services
Information Security and Technology Strategic Planning Services
Budgeting for Information Security and Technology Programs
Information Security Program Management

Client Specialization
Small to Middle-Market Companies including  health care, professional services, and defense contractors.
The National Institute of Standards and Technology (NIST) Cyber Security Framework
CIS Controls v8.0
NIST-based Information Technology and Security Regulations, including DFARS, ITAR, SOX, HIPAA, PCI-DSS, CCPA, CRR-500

Professional Membership
Center for Information Security (CIS)
International Standards Organization (ISO)
International Information Systems Security Certification Consortium (ISC2)
American Bar Association

Advanced Certifications in Information Security
Registered Consultant and Member of the Center for Internet Security SecureSuite
Author, American Bar Association Publications


Company: Inovo InfoSec, Inc.
Headquarters: 1017 N. La Cienega Blvd. Suite 320, Los Angeles, CA 90068
East Coast: 8250 NW 52nd Terrace Suite 410, Doral, Florida 33166
European Union: 7/9 North Saint David Street, Edinburgh, England EH21AW
Asia Pacific: 135, Level 06, Dutugemunu Street 6th Floor, Kohuwala, Sri Lanka
Australia: No. 9 George Street, North Strathfield, Sydney, Australia NSW 2137

Phone: (800) 598-4008 x501

Eric Rockwell’s FAQs

The main objective of Cybersecurity is to identify and protect sensitive digital information assets and ensure they aren’t accessed or breached by unauthorized persons.
A risk results from a threat acting on a vulnerability expressed as a product of likelihood (probability) and severity (of impact.) A risk assessment is the determination of the quantitative or qualitative value of risk related to a concrete situation and a recognized threat or hazard. The result of a risk assessment is typically a report that shows assets, vulnerabilities, the likelihood of damage, estimates of the costs of recovery, summaries of possible defensive measures and their costs, and estimated probable savings from better protection. Residual risk remains after control is applied to an identified risk, and that control does not eliminate the risk. A threat is any person, object, or event that, if realized, could potentially cause damage to an information resource or the data processed on those resources. This includes damage to the availability, integrity, and/or confidentiality of resources or information. A vulnerability is a weakness in an information resource that can be exploited by a threat.
A written and tested Cybersecurity Incident Response Plan (IRP) is an organization’s plan to respond to potential information security incidents such as a data breach, a system outage, or a security breach. These risks can cause lasting financial and reputational damage, so an ability to respond quickly and skillfully can be crucial to your company’s bottom line. An IRP should be tested at least annually, and must require the organization to conduct a forensic investigation of a potential incident to determine if the incident is real or just perceived, determine the root cause, document the corrective actions that remediated the incident, and the preventative actions the organization must implement to prevent the incident from reoccurring.
Email intrusion attempts and breaches Ransomware attacks Successful exfiltration of information over email phishing Lost or stolen unencrypted assets Denial of Service attacks

Eric’s Articles

Why Cybersecurity is Important to Businesses - a major reason why cybersecurity is so important to businesses is that, 26% of American law firms have experienced a data breach…

Sign In


Reset Password

Please enter your username or email address, you will receive a link to create a new password via email.