Jennifer Bayuk

Jennifer L. Bayuk is a Cybersecurity due diligence expert. She has been a Global Financial Services Technology Risk Management Officer, a Wall Street Chief Information Security Officer, a Big 4 Information Risk Management Consultant, a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering, a Private Cybersecurity Investigator and Expert Witness. Bayuk has been a cybersecurity risk management consultant since 2008 as well as an industry professor at Stevens Institute of Technology and adjunct Professor at Quinnipiac University. She is now CEO of Decision Framework Systems, a software and services company providing enterprise solutions for Cybersecurity Risk Management.

Bayuk has numerous publications on information security management, information technology risk management, information security tools and techniques, cybersecurity forensics, technology-related privacy issues, audit of physical and information systems, security awareness education, and systems security metrics. These include 3 solely authored books, and 4 books that she edited or coauthored. Her direct technology experience spans enterprise architecture, telecommunications networks, operating systems, database management systems, network management systems, application development and support, technology forensics, business continuity, and operations process. She has Masters Degrees in Computer Science and Philosophy, and a PhD in Systems Engineering. Her certifications include CISSP, CISA, CISM, CGEIT, and a NJ State Private Investigator's License.

Bayuk is as experienced in security metrics as the field itself, starting with the first NIST conference on Security Metrics in June of 2000, followed by a multitude of publications on metrics and related risk management and governance topics (see Bayuk’s Systems Engineering Ph.D. thesis, Security as a Theoretical Attribute Construct, included a history of security metrics and a recommendation for security metrics framework supported by surveys of metrics practitioners. She is a frequent member of the Metricon program committee ( and has taught created learning modules on Security Metrics for Computer Security Institute, the Information Systems Audit and Control Association (ISACA), Stevens Institute of Technology School of Engineering, and Quinnipiac University’s Cybersecurity Program. At Decision Framework Systems, she has developed software for managing security metrics meta-data that is integrated with industry standard risk and control frameworks.