Karen Worstell, MS, CISM

Co-founder, Managing Principal, W Risk Group

Greater Seattle Area

Current
  • Co-founder, Managing Principal at W Risk Group, LLC
Past

see less...

9 more...

Education
  • Fuller Theological Seminary
  • Pacific Lutheran University
  • University of Washington
  • University of Washington

see less...

1 more...

Recommended
Karen has 8 recommendations 8 people have recommended Karen
Connections
314 connections
Industry
Computer & Network Security

Karen Worstell, MS, CISM’s Summary

W Risk Group
Managing Principal

Complex risk management decisions must be addressed through integrated frameworks that incorporate comprehensive risk assessment and governance processes. The broad view for today's executive assimilates legal and regulatory, technology and financial risk management systems. This practice has been dubbed "GRC" Governance, Risk and Compliance. We bring integrated governance, risk and compliance methods, techniques and processes to executives and their Boards.

Recent Publications:

Ritter, Jeffrey, and Karen Worstell. Evaluating the E-Discovery Capabilities of Outside Law Firms, A Model Request for Information and Analysis. Silver Spring: Pike & Fischer, 2006.

Contributor, Kabay, Mich., ed. Computer Security Handbook, 5th ed. (Pending Publication)

Microsoft
CISO
Feb 2005 - April 2006
Lead Microsoft's internal Information Security program: identity and access management, policy, governance, compliance strategy and monitoring, security engineering, IDS, technical investigations and forensics.

AT&T Wireless
VP, IT Risk Management and CISO August 2003 - January 2005

• Oversee 300+ senior directors, managers, analysts, project managers and consultants for delivery of improvements in company-wide security and risk management program
• Developed comprehensive program for third party vendor risk management, vulnerability management, access management and general operations control environment with a first year budget over $28 million
• Led compliance effort for Sarbanes-Oxley General Computer Controls and Application Controls

Karen Worstell, MS, CISM’s Specialties:

Governance, Risk and Compliance Integrated Frameworks, Risk Assessment, Security Program Development, ISO 27001 Pre Certification, Security Architecture and Secure Data Management/Records Management. Specializing in consulting to Fortune 500 Clients.

Karen Worstell, MS, CISM’s Experience

  • CISO

    Microsoft

    (Public Company; 10,001 or more employees; MSFT; Computer Software industry)

    February 2005April 2006 (1 year 3 months)

    Responsible for protection of all Microsoft internal computing assets - infrastructure, applications, data. Security policy and regulatory compliance, network security, investigations, strategy and architecture, education and awareness, customer interface, Identity and Access Management, Application Security and Performance Testing.

  • VP, IT Security and CISE

    Cingular

    (Public Company; 10,001 or more employees; Wireless industry)

    November 2004January 2005 (3 months)

    Responsible for SOX compliance, Information Security, Business Continuity, Emergency Response, Disaster Recovery and Risk Management for IT organization of largest wireless company post-merger (Cingular and AT&T Wireless). Led merger organization change for security, business continuity and disaster recovery functions.

  • CISO/VP IT Risk Management

    AT&T Wireless / Cingular

    (Public Company; Computer & Network Security industry)

    20032005 (2 years)

  • VP and CISO

    Cingular Wireless

    (Public Company; Computer & Network Security industry)

    20042004 (less than a year)

  • VP, IT Risk Management, CISO

    AT&T Wireless

    (Public Company; Computer Software industry)

    20032004 (1 year)

  • SVP

    Bank Of America

    (Public Company; Computer & Network Security industry)

    20022003 (1 year)

  • CEO, CTO

    AtomicTangerine

    (Computer & Network Security industry)

    19992001 (2 years)

  • VP, CTP, CEO (In series)

    Atomic Tangerine

    (Computer & Network Security industry)

    19992001 (2 years)

  • Principal

    SRI Consulting

    (Computer & Network Security industry)

    19981999 (1 year)

  • Program Director

    I4

    (Computer & Network Security industry)

    19981999 (1 year)

  • Program Manager

    Boeing

    (Public Company; Computer & Network Security industry)

    19871997 (10 years)

  • Director, Information Security

    Union Carbide Corporation

    (Computer & Network Security industry)

    19961997 (1 year)

Karen Worstell, MS, CISM’s Education

  • Fuller Theological Seminary

    MA, Hebrew scriptures, Biblical studies, 20022010 (expected)

    Northwest Campus Extension, Seattle, WA

  • Pacific Lutheran University

    MS, Computer Science, 19851987

  • University of Washington

    Chemistry, Biochemistry, Molecular Biology, 19761978

    Activities and Societies:
    Iota Sigma Pi - Women's Chemistry Honorary

  • University of Washington

    Biology, Music, 19721976

Additional Information

Karen Worstell, MS, CISM’s Groups:

ISSA, ISACA, ASIS International,AIIM, ARMA, The IIA, BSI, I-4, IT Compliance Institute, Agora, Executive Women's Forum (EWF), Women2Women

  •    CSORoundtable
  •    Information Security Expert Center
  •    Information Security Community
  •    ISACA Professionals
  •    ISSA Puget Sound Chapter Networking
  •    SRI Connections
  •    HISP
  •    Microsoft Former Employee Network
  •    Women in Information Security
  •    Associate Consultant Program

Karen Worstell, MS, CISM’s Contact Settings

Interested In:

  • job inquiries
  • expertise requests
  • reference requests
  • getting back in touch

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View Karen’s full profile:

  • See who you and Karen Worstell, MS, CISM know in common
  • Get introduced to Karen Worstell, MS, CISM
  • Contact Karen Worstell, MS, CISM directly

View Full Profile