Skip to main content
Currently on loravaughn.com → visit Vaughn Cyber Group
Lora Vaughn

// PROFESSIONAL EXPERIENCE

Experience.

Lora Vaughn, CISSP. Fractional CISO and cybersecurity consultant with 20+ years securing digital payments, banking platforms, and financial products at scale. Available for part-time and project-based consulting engagements. Proven track record transforming security programs through pragmatic risk management while accelerating growth and protecting customer trust.

// KEY ACCOMPLISHMENTS

  • Prevented ransomware deployment through rapid network segmentation and threat containment during targeted cyberattack
  • Achieved PCI DSS 4.0 compliance across 200+ global markets for multi-channel payments ecosystem processing billions annually
  • Delivered security program transformations within 90-180 days across organizations ranging from regional banks to global enterprises through rapid risk assessment and pragmatic execution
  • Reduced critical production vulnerabilities by 30% by architecting security controls and partnering with cross-functional engineering teams

// TECHNICAL EXPERTISE

  • Compliance & Frameworks: ISO 27001, SOC 2, NIST CSF, PCI DSS 4.0, GDPR, HIPAA, GLBA, SOX, NYDFS, DORA
  • Technical Security: AWS/GCP/Azure, Kubernetes, CrowdStrike, Splunk, encryption, Zero Trust, network segmentation
  • Security Programs: Secure SDLC, vulnerability management, penetration testing, bug bounty, incident response, SOC operations
  • Consulting: Fractional CISO, rapid assessments, security roadmaps, board advisory, regulatory readiness

// EXPERIENCE

May 2025 – Present | Remote

Founder & Principal at Vaughn Cyber Group

Building practical security programs for businesses and community banks.
  • Fractional CISO services
  • Post-incident stabilization and post-incident review (remediation guidance, customer communications, strategic planning, interim CISO)
  • SOC 2 readiness
  • Application security
  • Incident response planning
  • Risk management
  • Compliance frameworks (NIST CSF, PCI, ISO 27001, SLSA)

Jun 2023 – May 2025 | Remote

Chief Information Security Officer at MoneyGram

Ran security for a 30-person global team protecting payments infrastructure for 150M+ customers. MoneyGram does digital wallets, payments, bill pay, checks, and remittances.
  • Digital Payments Security: Built security for real-time money transfers. Got PCI DSS 4.0 compliant across markets including India, Indonesia, Singapore, and Turkey
  • Product Security: Integrated security into SDLC for B2B and mobile apps. Cut critical vulnerabilities by 30% without slowing down releases
  • Incident Response: Stopped a cyberattack in progress. Coordinated teams, briefed executives, prevented ransomware
  • Customer Trust: Made security reviews faster for enterprise sales without cutting corners on transparency or disclosure
  • Board Reporting: Reported security metrics and risk to board and PE firm (Madison Dearborn Partners)

Oct 2020 – Jun 2023 | Remote

Senior Director Security Operations at Fastly, Inc.

Led 14-person global security team for edge computing platform that handled 10% of global internet traffic. Customers included regulated financial services companies.
  • Platform Trust: Launched bug bounty program that found critical vulnerabilities before customers did
  • Incident Response: Built 24/7/365 response capability using mix of internal and external teams
  • Vulnerability Management: Rebuilt vuln management program. Cut open vulnerabilities by 30% in 3 months using risk-based prioritization
  • Portfolio Management: Cleaned up $12M in security tools, optimized vendor relationships
  • Risk-Based Security: Created asset classification to prioritize security work based on business impact

Sep 2018 – Oct 2020 | Little Rock, AR

SVP, Chief Information Security Officer at Simmons Bank

Ran security for a 25-person team during rapid bank growth from under $10B to $20B+. Shifted security from reactive to risk-based while the bank went digital.
  • Digital Banking Security: Led security for digital banking transformation. Implemented Zero Trust for cloud-first strategy
  • Regulatory Compliance: Got the security program ready for GLBA, SOX, SOC 2, and HIPAA using NIST CSF
  • SOC Development: Built 24/7/365 SOC with MSSP partner for threat detection and incident response
  • Vendor Risk: Created third-party risk program for 200+ vendors

Nov 2017 – Sep 2018 | Birmingham, AL

VP Cybersecurity Operations Center at Regions Bank

Ran 24/7 security operations for one of the largest U.S. banks.
  • Built incident response playbooks and processes for banking operations
  • Trained and mentored SOC analysts

Nov 2015 – Oct 2017 | Birmingham, AL

VP, Vulnerability Management & Security Tools at Regions Bank

Jun 2012 – Nov 2015 | Birmingham, AL

VP, Vulnerability Management at Regions Bank

May 2010 – Jun 2012 | Birmingham, AL

Senior Security Engineering Analyst at Blue Cross Blue Shield of Alabama

May 2007 – May 2010 | Birmingham, AL

Information Security Engineer at Regions Bank

Oct 2006 – Apr 2007 | Baltimore, MD

Senior Security Analyst at Constellation Energy (TEKsystems)

Jul 2004 – Oct 2006 | Ft. Meade, MD

Global Network Exploitation & Vulnerability Analyst at National Security Agency

// EDUCATION AND CERTIFICATIONS

  • Birmingham-Southern College – B.S. Computer Science, cum laude
  • ISC2 – Certified Information Systems Security Professional (CISSP)

// PROGRAMS AND TECHNOLOGIES

  • Application Security: Secure SDLC, DevSecOps pipelines, SAST/DAST/RASP platforms, container scanning, dependency management, threat modeling, code review automation
  • Fintech Product Security: Real-time payments APIs, mobile banking applications, digital wallet architecture, OAuth 2.0/OpenID Connect, API gateways, fraud detection systems, PCI-compliant applications
  • Development Integration: CI/CD security automation, GitHub/GitLab security scanning, Docker/Kubernetes security, Infrastructure as Code security, automated compliance testing
  • Cloud-Native Security: Multi-cloud application security (AWS, GCP, Azure), serverless security, container orchestration security, cloud-native SIEM integration
  • Regulatory Compliance: PCI DSS 4.0, NYDFS, DORA, SOC 2, GDPR
  • Security Testing: Bug bounty platforms, vulnerability disclosure programs, penetration testing, security champions programs, developer security training
CISSP FRACTIONAL CISO EX-NSA PCI DSS 4.0 NIST CSF ISO 27001 SOC 2 GLBA SOX HIPAA NYDFS DORA AWS GCP AZURE KUBERNETES ZERO TRUST INCIDENT RESPONSE VULNERABILITY MGMT BUG BOUNTY

// THOUGHT LEADERSHIP & PUBLIC ENGAGEMENT

  • Speaker: ISC2 Security Congress, WiCyS Conference, Southeast Cybersecurity Summit, Rapid7 UNITED
  • LinkedIn Learning Instructor: Vulnerability Management: Assessing the Risks with CVSS, CISA KEV, EPSS, and SSVC, Vulnerability Management in Cybersecurity: The Basics
  • Volunteer Leadership: WiCyS Central Alabama, Central Alabama ISSA, Girls of Promise, Kids Code Club, 100 Girls of Code
  • Awards and Recognition: CISOs Connect A100 – 2024, 2025