David White is President and co-founder at Axio —a company with an innovative methodology and software that provides companies visibility to their cyber risk and enables them to prioritize investments to protect their business and employees. David leads Axio’s innovation team and federal team and is actively involved with clients deploying the Axio360 solution. He is responsible for Axio’s risk modeling, threat analysis, and insurance analysis activities.
David co-developed Axio’s cyber risk management process and continues to refine the assessment, risk modeling, threat analysis, and insurance analysis activities that comprise that process. He has deployed the Axio360 solution with customers within the energy, utilities, financial, manufacturing, pharma, medical device, professional sports, and entertainment sectors.
Cybersecurity planning and management in Axio360 is based on the Cybersecurity Capability Maturity Model (C2M2), the NIST Cyber Security Framework (CSF), The Center for Internet Security Critical Security Controls for Effective Cyber Defense (CIS), Cybersecurity Maturity Model Certification (CMMC), and several proprietary models. David has led assessments—the initial planning step—for more than100 companies. He partners closely with Axio’s product development team to guide the evolution of the Axio360 software that supports the companies in cybersecurity program planning and management.
David remains involved in critical infrastructure cybersecurity thought leadership. He served in a leadership role in the development of C2M2 version 2 in support of the US Department of Energy and is actively engaged in the version 2.1 activity. He is a frequent speaker at board meetings, conferences, webinars, and other events.
Axio provides a number of cyber risk services to the commercial insurance industry. David consults on cyber underwriting methods and claims analysis methods, develops and delivers cyber training, and supports cyber underwriting efforts related to energy, manufacturing, and other clients seeking coverage for cyber-predicated property damage and bodily injury.
Prior to Axio, David worked in the CERT Program at the Software Engineering Institute at Carnegie Mellon University, a cybersecurity research program primarily funded by the US Department of Defense and Department of Homeland Security. He provided technical leadership for a portfolio of cybersecurity maturity models, diagnostic methods, research, and training.
David served as chief architect for the Cybersecurity Capability Maturity Model (C2M2) version 1.0. David co-authored the CERT Resilience Management Model (CERT-RMM)and was the chief architect for the Smart Grid Maturity Model (SGMM).