Skip to main content
Currently on loravaughn.com → visit Vaughn Cyber Group
Lora Vaughn

// SPEAKER · CISO · WRITER · COMMUNITY

Lora
Vaughn.

Cybersecurity leader who's protected billions in assets. Now helping organizations get security right through speaking and fractional CISO work.

EX-NSA · 2X CISO · F500 EXPERIENCE · CISSP

Book me to speak → vaughncybergroup.com
SPEAKER 2X CISO EX-NSA CISSP LINKEDIN LEARNING

// 01 / SPEAKING

Book Lora for your next event

Engaging keynotes with actionable insights. No vendor pitches. No buzzwords.

"Best presenter all day."

ISC2 Security Congress 2025

"Best talk so far in clarity and content value."

ISC2 Security Congress 2024

"Amazing speaker, actionable content."

ISC2 Security Congress 2025
For Security Teams

Plan for Chaos: Why Most IR Plans Fail Big

Real stories from incident response failures: what actually breaks and how to build muscle memory before you need it.

For General Audiences

The Spy in Your Pocket: Mobile Security for Everyone

Your smartphone knows more about you than your closest friends. Here's what to do about it, no jargon required.

Request speaking info → download speaker kit

// 02 / FRACTIONAL CISO

Need a Fractional CISO?

Not ready for a full-time hire? I help startups, SMBs, and community banks build security programs that actually work, without the enterprise price tag or consultant-speak.

  • Fractional CISO services: Part-time security leadership
  • SOC 2 & compliance readiness: Audit prep without the panic
  • Incident response planning: Build the playbook before you need it
  • Post-incident stabilization: Just had a breach? Let's fix it.
→ explore consulting at vaughncybergroup.com

// 03 / RECENT WRITING

How I think about security

No buzzwords. No vendor pitches. Just real talk.

Featured image for "We Have an AI Policy" Is the New "We Passed the Audit"

"We Have an AI Policy" Is the New "We Passed the Audit"

OpenAI just admitted prompt injection isn't getting solved, and companies are wiring AI agents into production anyway. A policy document is not a control.
Featured image for Your no-code MVP can't legally hold the data it was built for

Your no-code MVP can't legally hold the data it was built for

No-code and AI app builders are great for prototypes, but they won't sign the agreement that lets you legally handle regulated data. Here's the line every founder needs to know before real data shows up.
Featured image for Your Ransomware Negotiator Might Be Playing Both Sides

Your Ransomware Negotiator Might Be Playing Both Sides

The DigitalMint conviction proves your IR vendor pre-vetting is part of your security program, not an afterthought. Here is what to ask before the next incident, not during it.
→ view all posts

// 04 / TRACK RECORD

By the numbers

150M+
customers protected
$20B+
in assets secured
10%
of internet traffic defended
200+
global markets
20+
years experience

// Speaking

  • ISC2 Security Congress (2024, 2025)
  • WiCyS Conference
  • Southeast Cybersecurity Summit
  • Rapid7 UNITED

// Recognition

  • CISOs Connect A100, 2024 and 2025
  • LinkedIn Learning Instructor
  • CISSP Certified

// SPEAK

Book a Keynote

Bring real security insights to your next event.

→ request info

// HIRE

Hire Fractional CISO

Security leadership without the full-time commitment.

→ explore VCG

// CONNECT

Stay Connected

Security insights and career advice.

→ on linkedin