About Us
The CAP Group was founded in 2017 to serve the unique needs of directors and officers. Our name – Critical Asset Protection (CAP) Group – reflects our laser-like focus on helping clients to defend their assets in the cyber domain. In 2020 we expanded our services to formally include artificial intelligence (AI) given the exploding impact it was having in the battle to defend critical assets.
We believe that AI has crossed a ‘strategic Rubicon’ in that cybersecurity and AI are forever and inextricably linked. Adversaries are able to attack at machine-speed using sophisticated AI capabilities and it is required that we be able to anticipate and prevent attacks at machine-speed. And in those unfortunate situations where adversaries compromise client defenses, machine-speed resiliency is mandatory.
Seasoned board directors & operating executives
CAP advisors bring decades of senior-level expertise to our engagements. We have no junior staff, instead our team consists solely of practitioners who have firsthand experience as directors and officers. We currently serve on boards of directors and have spent years in and around the boardroom. We have held global leadership roles – both in line P&L leadership positions as well as in global technology leadership positions. We bring a trifecta of perspectives when advising clients – speaking from a position of firsthand experience and expertise.
Our role as advisors
We play an integral role in combining and synchronizing the expertise that surrounds the board and executive team. We provide the strategic ‘glue’ that can only be provided by deep domain experts with strategic skills in governance and strategy. In a perfect world, this role would be provided by an internal resource, but the occurrence of such capabilities in an operating business is vanishingly small. It isn’t economical to retain such talent full time and it isn’t a full time role in any case. This is a need we recognize when we are serving on boards today and one we wished for when we were operating executives.
As we advise the board and executive teams we interface closely with key roles to provide integration and alignment on critical matters surrounding cybersecurity and/or AI. Some of the more common interactions can be summarized as shown below.
Chairman
Committee Chair
Key Committees
The board is ultimately accountable for delivering shareholder value, so this group is vital in establishing the priorities and criteria involved in allocating resources and attention on behalf of the organization.
We collaborate closely with a sponsoring director – often the Committee Chair of the committee responsible for cyber and/or AI. Working with that sponsor, we provide advice and expertise on a bespoke basis, driven by the unique needs of that client’s situation.
CEO / CFO / GC
Chief Risk
Chief Technology
The development of an executable and measurable strategy begins with the CEO and their direct reports. It is important that the vision and direction align with the broader strategy and priorities, so we start with the CEO and the subset of their directs who are most directly involved in formulating and managing strategy.
We also work closely with the GC and external counsel. While we aren’t lawyers, we rely on their expertise and authority in key areas, especially in governance. Similarly, we collaborate closely with the CFO and team in the development of credible and durable business cases that align to established standards and norms.
And of course we collaborate very closely with the technology leadership. Depending on the client and the situation, the specific executive and their title may vary, so we align with domain-specific activities with the appropriate combination of the CIO, CTO, and CISO in most situations.
Our operating principles
We have made the strategic choice to remain a boutique advisory firm, focusing on the unique needs of a very narrow market. We aim to be the best, not the biggest. And our decades of experience as consumers of outside advice gives us the benefit of understanding what is most important to clients. Given that, we have adopted a simple set of guiding principles for our work. The CAP Group is:
Focused
We engage quickly, partner to address specific matters, then depart.
Fact-Based
We rely on empirical evidence in the context of each unique client situation and formulate recommendations that are explainable and defensible.
Discreet
We recognize the sensitivity of information shared with us and the materiality of the decisions that result from our advice and treat all communication as confidential.
Independent
We have a single focus – advising directors and officers. We have no other products or services – or partners – with any conflicting commercial interests that affect our recommendations. We provide advice that is solely in the best interest of the client.
Candid
Our clients are busy and time is precious. Therefore, our communication style is intentionally clear and concise, and delivered in a direct, thoughtful manner.
Our team
Brian is an experienced director, board advisor, and technology executive specializing in managing cybersecurity risk. His primary focus is on ensuring transparency and alignment between corporate boards and executive teams with complex geographic, economic, and regulatory situations.
Walker leverages his 35 years of technology expertise as both a director and board advisor. In addition to being the CEO of The CAP Group, he is also the chairman of Rubicon X, a venture capital fund focused on artificial intelligence and cybersecurity.
His expertise is informed by his executive leadership roles with premier firms as CIO and senior partner. Prior to founding CAP, Walker was Accenture’s global managing director responsible for cybersecurity strategy, focused on clients with critical infrastructure portfolios. He was also a managing director (partner) with KPMG, focused on technology risk identification and mitigation.
Brian’s consulting clients have included Charles Schwab, Advisor Group, Osaic, John Hancock, Exxon Mobil, ContourGlobal, Constellation Energy, Tenaga.
Previously, he was the senior technology executive responsible for all technology of Marathon Oil with operations in North America, Africa, and Europe.
Brian is a member of the faculty for NACD and is a frequent speaker at NACD and PDA events. He writes for the Forbes Technology Council, and is routinely quoted by the Wall Street Journal, Bloomberg, and other major publications.
Michael is a cyber risk executive with experience in senior management and consultant roles for Fortune 50 to 500 companies. As a senior advisor with The CAP Group, he specializes in the utility and energy sectors, supporting clients in the development and implementation of strategies to protect critical infrastructure, including both information technology (IT) and operational technology (OT) and assets.
He led the development of cybersecurity capabilities for Emirates Nuclear Energy Corporation as they launch a fleet of nuclear power stations – leveraging his decades of expertise in similar roles in the US.
As a managing director (partner) at Accenture, Michael led CxO strategy formulation efforts with some of the largest utilities, including Tenaga – the primary power utility of Malaysia.
He also held senior cybersecurity roles with Constellation Energy, where he was responsible for all corporate security across the fleet of energy assets.
In addition, Michael has directed cybersecurity, risk management, systems engineering, systems development and operations consulting efforts for financial and other commercial sectors as well as for U.S. Intelligence (NSA) and Defense (DoD) agencies.
Paul is an experienced business executive specializing in enterprise IT and cybersecurity. He specializes in the creation, deployment, and operation of enterprise-wide technology strategies for global entities with complex regulatory requirements.
As the CIO of Optiv, he led the overall technology organization, including cybersecurity. He was the senior executive responsible for technology strategy, operations, including executive committee roles and supporting the board of directors.
Previously the CIO of Experian GTS, he had global responsibility for all aspects of technology – from strategy to operations and including cybersecurity operations.
His global experience with ACS (Affiliated Computer Systems) included both a role as the CIO for a global business unit and as a global P&L leader for a go-to-market business unit.
Paul is on multiple advisory boards, providing guidance and expertise to sophisticated technology firms. Examples include ZapCom Group and CTO Forum.
Randy brings a wealth of diverse experience in helping executive teams increase their effectiveness. His experiences as both a corporate executive and as a military officer combine to give him a unique perspective on team performance.
As a CAP Group Senior Advisor, Randy guides senior executives in establishing clearly-defined objectives and communications for all aspects of the cybersecurity organizations protecting large financial services firms.
As a Senior Partner with Korn-Ferry, he provided advisory services to boards of directors and executive teams focused on improving team effectiveness and cohesion, especially in the face of extreme competition and high levels of uncertainty.
Randy’s consulting clients include: Charles Schwab, Walmart, USAA, DuPont, Standard & Poor’s, and Southwest Gas.
He is a combat-decorated Major General (2-star), retired from the US Army. In this position, he led the Defense Threat Reduction Agency (DTRA), charged with identifying and mitigating risks to US military assets in all dimensions – air, land, sea, space, and cyber. He led full-spectrum red-team penetrations of the most sensitive US installations on a global basis.
As a combat Major General, he led the demobilization of all US forces following the conclusion of the Iraq War, the second-largest movement of men and materiel since World War II.
Previously at AMS, Randy was the senior executive responsible for a large commercial business sector, after having been the global CIO responsible for all strategy and operations to support the organization and its clients.
Claude focuses on protecting sensitive data in industries with highly-regulated data requirements including financial services, health care, and technology services.
As a Gartner analyst, he specialized in improving modern cybersecurity capabilities by providing strategic insights emphasizing workforce capabilities and technology architecture.
Previously, Claude was a global CISO with QBE, with responsibilities across Asia, Australia, New Zealand, UK, Europe, Latin America and North America.
While a senior leader at Commonwealth Bank of Australia, he had global responsibility for data management and governance.
He has deep firsthand expertise in complying with some of the most challenging regulators, including SEC, NYDFS, OCC, APRA, MAS and with compliance certifications such as PCI, SOC2 and HIPAA.
Claude has led or participated in 25+ Industry research publications, including multiple Gartner Hype Cycles, Market Guides, Magic Quadrants and Critical Capabilities publications, along with frequent industry speaking events and participation with major publications.