Michael Figueroa

Michael A. Figueroa is an expert and global leader in cybersecurity. He is the Senior Director of Strategy and Information Security Services at Toptal, a global network company of top talent in business, design, and technology that helps companies scale their teams on demand. 

He has also served as the Cyber Innovations and Services Lead at Draper Labs in Cambridge, MA. In this role, he primarily focussed on transitioning an advanced secure processor based on the open RISC-V ISA to market. 

Michael has also served as the program manager for advanced research in reverse engineering tools and applying non-security emerging technologies such as deep machine learning and human analytics to security problems, designs secure solutions based on those research technologies and others from outside Draper, and managed service delivery for integrating those technologies into existing IT environments. 

He previously focused on large­ scale system integration with mobile and cloud technologies as a research and software development manager for an innovative secure network and communications platform. 

Michael has also served as a CISO at a late-stage financial services startup, business executive for a security consulting startup, and managed security integration for several Government and commercial large-scale systems integration efforts. 

Michael is a certified youth soccer coach, world traveller, and philosopher. He holds a B.S. in Brain and Cognitive Sciences from MIT and an M.F.S. in High Tech Crime Investigations from George Washington University. 

Some of his notable publications include “Reduced Realistic Attack Plan Surface for Identification of Prioritized Attack Goals” and “A SOUND Approach to Security in Mobile and Cloud-­Oriented Environments.”

Michael Figueroa began his professional journey at American Management Systems (now CGI-AMS) as Security Architect and Data Warehouse Engineer. He, then, took up the role of a Co-Lecturer for Commerce Security (Graduate-Level) at George Washington University. 

At the University of Virginia, as the Adjunct Professor, he taught Information Security Policy, and Threat Assessment and Security Measures.

As a Principal Investigator and Mobile/Cloud Security Research Lead at BAE Systems, Michael conducted advanced research projects focused on information security integration and network communications. His work involved developing innovative approaches to enhance cybersecurity in mobile and cloud environments.

After his tenure at BAE Systems, Michael joined Draper Laboratory as the Cyber Innovations and Services Lead. Here, he continued to explore new frontiers in cybersecurity by developing a human-oriented approach to protect digital assets. He also managed several research initiatives aimed at advancing the field of information security.

Michael's career then took him to the role of President & Executive Director of the Advanced Cyber Security Center (ACSC), an independent nonprofit organization. During his time at the ACSC, he led the revitalization of the organization, fostering its growth and stability. One of his notable accomplishments was the successful execution of the Collaborative Defense program, which brought together public and private sector executives for strategic decision-making exercises in incident response.

With his extensive experience and expertise, Michael went on to become an independent consultant, offering strategic planning, product/program management, and cybersecurity advice to various organizations. He focused on raising the cybersecurity baseline and making security solutions more accessible to businesses of all sizes. His consultancy work also included serving as a Special Advisor to a state government cybersecurity initiative and being a member of the Cyber Advisory Board for Rep. Langevin of Rhode Island.

Later in his career, Michael became Senior Advisor of MassCyberCenter at the Mass Tech Collaborative. In this role, he provided valuable insights and guidance to US government officials, helping them enhance their cyber defence policies and procedures. He played a crucial role in developing cyberattack scenarios, facilitating tabletop exercises, and contributing to the development of cybersecurity toolkits aimed at supporting under-resourced municipalities.

Currently, Michael holds the position of Senior Director of Strategy, Information Security Services at Toptal. In this role, he leads a global information security services practice, where he focuses on matching top experts with high-quality security jobs and companies. He serves as a trusted advisor to executives, collaborates with business operations and sales teams, nurtures a global community of freelance security professionals, and develops marketing and communications strategies.

Throughout his career, Michael Figueroa has been actively involved in the cybersecurity community, sharing his knowledge and insights through speaking engagements and writing. His contributions have been recognized, and he has been designated as a Top Writer for Business, Technology, and Satire on Medium. He has also presented at conferences such as the ISC(2) Security Congress, further solidifying his reputation as a thought leader in the field.

Published Work

Michael Figueroa has made significant contributions to the field of cybersecurity through his published work. One of his notable papers, "A SOUND Approach to Security in Mobile and Cloud-Oriented Environments" (2015), co-authored with Karen Uttecht and Jothy Rosenberg, addresses the shortcomings of traditional trust systems in protecting information security and privacy in modern IT environments. The paper introduces the Safety on Untrusted Network Devices (SOUND) platform as a case study, which aims to safeguard mobile and cloud network communications against persistent adversaries. Figueroa and his team extend existing technologies to develop a more practical and powerful implementation of SOUND, incorporating Accountable Virtual Machines, Quantitative Trust Management, and Introduction-Based Routing. This research showcases his expertise in distributed and adaptive trust frameworks and highlights the need for innovative approaches to counter contemporary security threats.

In another published work, "Reduced Realistic Attack Plan Surface for Identification of Prioritized Attack Goals" (2013), co-authored with Jeffrey Smith, Figueroa focuses on proactive device security in the context of homeland cybersecurity. The paper proposes an efficient approach to securing devices using an Attack Plan Generator, which transforms vulnerability and defect databases into representations of attack surfaces. This enables a more effective understanding of how attackers could compromise specific devices and facilitates the prioritization of attack goals. Figueroa's research emphasizes the importance of targeted security strategies and incident detection, going beyond a broad collection of potential threats to a more focused and actionable security approach.

Michael Figueroa envisions a world where cybersecurity is not merely a reactive measure but an integral part of every organization's DNA. He believes in raising the cybersecurity baseline and making it accessible to businesses of all sizes, ensuring that no entity is left vulnerable to cyber threats. Michael's vision revolves around a human-oriented approach to cybersecurity, where the focus is not only on technological solutions but also on empowering individuals and fostering a culture of security awareness.

In his vision, Michael sees a collaborative cybersecurity ecosystem where public and private sectors work hand in hand to address the ever-evolving threat landscape. He advocates for strategic partnerships, information sharing, and coordinated incident response efforts to build a stronger defense against cyberattacks. His vision encompasses the development of effective policies, guidelines, and frameworks that support organizations in protecting their digital assets and customer data.