Heather is the Founder and CEO of
Drip7 and Stronger International, and a
thought-leader in the IT Training and
Cybersecurity field.
Heather keynotes at conferences,
universities, and for enterprise clients.
She writes on cybersecurity and has
been featured and written for global
organizations including the 2018 G7
Summit held in Canada, FORBES,
Washington Examiner, Security
Magazine, and Authority Magazine.
Heather regularly speaks about
Cybersecurity, Women in Technology,
creating a Cybersecurity Culture,
Privacy, the shifting regulations, and
how to manage cybersecurity risks. Past
customers she has worked with include
General Motors, SABIC (Saudia Arabian
Oil), Stanford University, and Morgan



Reach out to info@drip7.com for pricing
and availability.


Sample topics to be discussed during presentation:

  • A high-level overview of different threat actors
  • Risks to your cybersecurity environment (i.e., the things you’re IT team is concerned
  • The type of data that is most critical or sensitive
  • The types of critical operations that could be impacted by a cyber incident
  • Examples of cyber incidents that have occurred in other financial organizations
  • How you think the Board members should be involved and where the Board comes
    into play
  • The programs you have in place for cybersecurity from a strategy and technology
  • How you train employees on cybersecurity.
  • The cybersecurity policies you have in place today and those you’d still like to
  • Privacy issues as they relate to cybersecurity.


Accountability Questions – To be discussed with Board of Directors:

  1. “Are we ISO-27001-compliant?” 
  2. “Do we have a vendor risk management program?”
  3. “Do we have any outstanding high-risk findings open from our last audit or
  4. “What percentage of the NIST framework are we implementing?”
  5. “How quickly can we remove employee network access?”
  6. “How quickly can we (or our vendors) identify and respond to incidents?”
  7. “What percentage of our employees click on spear-phishing training emails?”
  8. “Is our employee training consistent and reinforced at least monthly?”
  9. “How did we compare to our peers across certain time spans?”
  10. “How often are we running penetration testing, and a vulnerability assessment?”