Who i am



Paul Love

Strategic, Results-Oriented Chief Information Security and Privacy Officer

Paul Love has earned a reputation as a strategic, results-oriented Chief Information Security & Privacy Officer (CISPO) with expertise in strategically orchestrating enterprise-wide security efforts. A thought leader with multiple publications and presentations to his name, he has achieved resounding success with industry leaders like Microsoft, E&Y, and Freddie Mac. Easily able to solve complex problems in simple, sustainable ways while building information security (IS) as a business capability, Paul ensures that companies and clients alike enjoy the best possible results.

Since 2017, Paul has committed himself to establishing a best-in-class Information Security and Privacy function as the CISPO with Co-Op Financial. Focusing on optimal budget utilization and effective integration of cutting-edge techniques and technologies, he built IS policies, metrics, and programs to deliver on lofty organizational goals. As an expert in speaking in clear business terms to drive coordination with executive leadership and board members, he has fostered continuous business growth while effectively and consistently mitigating risk.

A proud USMC veteran, Paul is known for his work ethic and dedication, as demonstrated by his extensive training and academic qualifications. He possesses a Master of Science in Network Security from Capitol College, and recently undertook “Cyber security: Managing Risk in the Information Age” with the Harvard Extension School. In his free time, he enjoys running, reading about marketing and process improvement as well as anything related to computers.

Some facts

Years Experience

My bio


Chief Information Security & Privacy Officer

  • Strategy
  • Information Security
  • Leadership

  • Spearheaded origination of strategy and vision, including staffing plan, execution activities, IS standards, board development, and success metrics, ensuring optimal use for a budget and perfect alignment of the team under a heavy workload.
  • Built heavily researched IS policies and standards to meet and continuously exceed regulatory and strategic requirements.
  • Established and regularly enhance leadership metrics using a tiered approach, championing a multi-level approach adaptable for multiple levels of leadership from the Board of Directors, to technical, in-depth audiences.
  • Headed the development of a best-in-class IS Incident program that led to highly responsive and collaborative response capabilities companywide.

Senior Director, Governance, Risk & Compliance (GRC)

  • Policies and Standards
  • Metrics
  • Process Improvement

  • Identified critical services, developed relevant documentation, created controls/documentation portal, and integrated optimization initiatives that improved scores surrounding service delivery.
  • Selected to oversee the creation of IS policies/standards program to meet best practices; maintained clear lines of communication with business units, IT, and other key groups to build top-tier training plans, communications plans, and processes that drastically reduced risk.
  • Constructed bespoke processes to identify control thresholds, testing procedures, and reporting for IS controls; oversaw the generation of a related handbook to convey lessons learned.
  • Revamped all IS metrics reported to emphasize actionable, executive-level information that directly led to more informed risk decisions, with efforts cited as crucial to a reduction in overall exposure despite significant operational challenges.

Senior Manager

  • IT Patching
  • Metrics
  • Audit and Compliance

  • Showcased executive leadership capacity in the implementation of companywide patching across action-oriented metrics, scalable/repeatable reporting/validation, and team support, increasing productivity across multiple clients.
  • Provided subject matter expertise for client audit meetings, excelling as a primary liaison and building productive, professional relationships to foster improved client service.

Senior Director, Threat Assessment and Protection Services

  • Security Operations
  • Policies and Standards
  • Security Technology

  • Initiated the creation of the threat intelligence program as well as a significant improvement in the security incident response program, cutting down on tracking of remediation as well as security vulnerability response times by 100%.
  • Hired 90% of team post-reorg within nine months with no disruption of service. Designed a unique program to manage better services, processes, and technologies which boosted operational efficiency against logistical challenges.
  • Led formation of Web Application Security program to elevate coverage, incorporating a wide array of training and web application security tools while improving organizational security.
  • Overhauled IS metrics to improve short- and long-term planning for a company generating $12B in annual revenue.
  • Acted as an evangelist regarding the revamped approach to partnering with IT organization in vulnerability remediation, paring down unpatched/under patched systems, addressing numerous systemic risks, and significantly decreasing vulnerability assessment findings; sought as an internal advisor to executive leadership with cybersecurity concepts and emerging technologies.

Information Security Officer

  • Risk Management
  • Control Development
  • Security Operations

  • Created IS risk management program using SharePoint to resolve previously-unknown security risks representing significant risk exposure; program eventually used as a template for other Information Security efforts.
  • Implemented multiple controls while dramatically enhancing existing controls and management of external managed security vendors, improving mean-time-to-detect by 100% and mean-time-to-resolve by 100%.

Director, Compliance and Audit

  • ISO 27001
  • Cloud

  • Administered team of multiple employees and contractors driving Microsoft Cloud services (BPOS-F and Office 365) to achieve FISMA accreditation in <1 year with reduced staff, opening up multi-billion-government cloud services environment; expanded professional expertise at every opportunity to incorporate the use of new software and systems surrounding compliance and auditing.
  • Managed team that achieved initial ISO 27001 recertification for Microsoft online services to improve positioning among the competition and secure significant new year-over-year sales.

Director of Information Security and Business Continuity

  • Business Continuity
  • Security Operations
  • Information Security

Master of Science - Network Security


    • Security
    • Privacy
    • Audit

    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Privacy Professional/United States (CIPP/US)
    • Certified Cloud Security Professional (CCSP)
    • GIAC Network Forensic Analyst (GNFA)
    • GIAC Certified Forensic Examiner (GCFE)
    • GIAC Battlefield Forensics and Acquisition (GBFA)
    • Fellow of Information Privacy (FIP)
    • Certified Information Security Manager (CISM)
    • Certified Information Privacy Professional/Europe (CIPP/E)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Privacy Professional/Canada (CIPP/C)
    • Certified Information Privacy Manager (CIPM)
    • Certified Information Privacy Technologist (CIPT)
    • Payment Card Industry Professional (PCIP)
    • Microsoft Certified: Azure Fundamentals
    • Security+