megan mcmicking

Bachelor's

Industrial Engineering

Cyber Security Systems

KPMG

Senior Associate- Trusted AI

- AI Security Governance Program Review and Training - Led a team in enhancing a medical device company's AI governance program. This involved reviewing and refining their AI Policy, AI intake - Key contributions included - Developed a detailed template for AI Use Guidelines - Created an AI risk matrix with criteria for assessing risk categories - Established metrics to track compliance with controls within the AI Governance framework - Designed a template for sourcing and sales to respond to customer requests around the client's AI posture - Conducted an analysis of GitHub Co-Pilot and internally developed models, comparing them against industry standards - NIST, OWASP, CISA). This resulted in remediation recommendations to identify and address control gaps - Led training sessions on how to conduct risk assessments for AI models and implementing and utilizing controls within the AI framework - AI Security Governance Program Development - Sit as an advisor on government agency's AI SteerCo to advise the client on responsible development and management of AI initiatives within their - Led a team to develop an AI security governance program to securely adopt AI. Working directly with their CISO, CIO, CTO, CDO and CPO to create a comprehensive 3-year roadmap aimed at enhancing existing security practices to effectively address the intricate threat landscape posed by - AI, while prioritizing ethical and responsible AI implementation - Pioneered the establishment of core principles and tenets for Responsible AI governance, laying the groundwork for informed decision-making and fostering a culture of responsible AI integration within the organization - Developed a customized AI security framework based off of NIST AI RMF, NIST 800-53, MITRE ATT&K, and MITRE ATLAS. This framework - Created an acceptable use policy delineating the permissible scope of AI utilization within the organization, emphasizing responsible AI practices, and delineating strict guidelines on data usage within AI models - Developed an AI intake form to create a standardized pathway for approving AI use cases and establish minimum security criteria that a use case - Established an AI risk assessment process and program to strengthen governance throughout the development and acquisition lifecycle of AI systems to document risks and establish mitigating controls to establish security guardrails - Created a data provenance template tailored for AI models, designed to enhance transparency regarding data ingestion, privacy protocols, lineage - Life Sciences Product Security Maturity Uplift - Led a team of three staff members to execute a comprehensive product security maturity assessment - Orchestrated stakeholder interviews and conducted thorough document reviews to conduct a gap analysis, evaluating the organization's medical - Developed a tailored framework by leveraging ISO 27001, NIST 800-53, and global medical device standards and regulations - The assessment focused on four key areas: Organization, Lifecycle, Risk Management, and Detection & Response. Collaborated closely with the Global Product Information Security Officer on a daily basis to craft a roadmap, identify essential milestones, and determine the critical path - Hospital Operational Technology and Medical Device CMA - Owned a work stream comprising two junior staff members to assess the effectiveness of the Operational Technology (OT) and Medical Device - MD) cyber program - Created a tailored OT and MD control framework based on NIST, ISO 27001, and security vulnerabilities within the hospital that directly impacted - The analysis included the identification of security gaps, recommendations for remediation, and proposed projects aligned with the hospital's security - Life Sciences OT Cyber Awareness Training - Lead a ransomware awareness training program for Fortune 500 Life Science Company's OT Employees - Developed a comprehensive strategy encompassing a pre and post-phishing campaign strategy, specifically tailored to the nuances of OT site team - Led the ideation and creation of the branding, communications, and key themes for ransomware campaign materials specific to the client's OT - Facilities - Produced OT Cyber Security training videos, digital and print media guides, and customized posters designed for OT employees. As a result of these