Thirty years at the intersection of cybersecurity, civic leadership, and operational discipline.
Thirty years of experience building cybersecurity operations bespoke to each organization's uniqueness, not best practices applied uniformly.
Public-sector forensics, election jurisdiction work, board leadership, and DHS advisory service, rooted in the conviction that cybersecurity is a civic responsibility.
Featured on CNN, Bloomberg, Forbes, ABC, NBC, CBS, and other outlets, speaking to mayors, city managers, executives, and nonprofit leaders about what it costs when organizations are vulnerable to cybercrime.
When a hospital is shuttered by ransomware, when a municipality's systems are compromised, the people who bear the cost are the residents, the patients, the families those institutions exist to serve. It's not a technology story. It's a civic one.
Where Cyrus is speaking, releasing, and appearing next.
Cybersecurity is not a technology problem. It’s a problem that happens to real people — residents who lose access to city services, patients who can't receive medical care, families whose institutions stop functioning because someone decided their data was worth stealing.
I've spent thirty years making sure this doesn't happen — to people and to organizations. I'm not a vendor. I'm a practitioner with deep experience and I know that protecting an organization's ability to serve its community is a civic act, not a commercial transaction.
I did not invent the strategy of civic engagement. Rather, it was the world I grew up in. My family was always oriented to community and service — across generations we were pastors, city government workers, entrepreneurs, and board members. When I built my own company, civic engagement came naturally, like an inherited trait.
Like so many others, I fell victim to the .com collapse in the early 2000's. I was laid off, recently married, and the tech market was in absolute freefall. But I didn't wait for recovery to come; I started my own business. My wife didn't wait for recovery, either. She saw an opportunity for me to teach what I knew and helped me take a leap to start a computer security program at the City Colleges of Chicago.
Cook County reached out when its new voting system had malfunctioned. I spent two months on the analysis and I kept going — pro bono — for two more elections with the County. What followed was a 12-year forensic contract. The opportunity followed the commitment — not the other way around. This is now my principle.
Over six years, I trained more than 5,000 federal, state, and local law enforcement professionals, including the NSA, FBI, U.S. Secret Service, NYPD, and the military, at the very moment cybersecurity was becoming a national concern. I was not advising from the outside. I was building from the inside.
Data Defenders started with a conversation in a library, 21 years ago. A colleague pointed to a URL I'd registered and said, "Data Defenders — that has a nice ring to it." My colleague eventually decided he was too risk-averse to follow that ring, so I drove Data Defenders forward alone, but not for long.
Early on, I saw that organizations were spending millions on cybersecurity and still getting breached, not because the technology failed but because the model was structurally designed to leave them vulnerable. So, I built the solution. The cybersecurity lifecycle model is governance, process and procedure, and technical infrastructure management all working seamlessly together.
I did not invent the strategy of civic engagement. Rather, it was the world I grew up in. My family was always oriented to community and service — across generations we were pastors, city government workers, entrepreneurs, and board members. When I built my own company, civic engagement came naturally, like an inherited trait.
Like so many others, I fell victim to the .com collapse in the early 2000’s. I was laid off, recently married, and the tech market was in absolute freefall. But I didn’t wait for recovery to come; I started my own business. My wife didn’t wait for recovery, either. She saw an opportunity for me to teach what I knew and helped me take a leap to start a computer security program at the City Colleges of Chicago.
Over six years, I trained more than 5,000 federal, state, and local law enforcement professionals, including the NSA, FBI, U.S. Secret Service, NYPD, and the military, at the very moment cybersecurity was becoming a national concern. I was not advising from the outside. I was building from the inside.
Cook County reached out when its new voting system had malfunctioned. I spent two months on the analysis and I kept going — pro bono — for two more elections with the County. What followed was a 12-year forensic contract. The opportunity followed the commitment — not the other way around. This is now my principle.
Data Defenders started with a conversation in a library, 21 years ago. A colleague pointed to a URL I'd registered and said, "Data Defenders — that has a nice ring to it." My colleague eventually decided he was too risk-averse to follow that ring, so I drove Data Defenders forward alone, but not for long.
Early on, I saw that organizations were spending millions on cybersecurity and still getting breached, not because the technology failed but because the model was structurally designed to leave them vulnerable. So, I built the solution. The cybersecurity lifecycle model is governance, process and procedure, and technical infrastructure management all working seamlessly together.
For me, leadership manifests in action. I didn't set out to be a leader. I just set out to get some things done.
The business is the expression of who I am, not the other way around. I am motivated to stop harm from occurring; protecting people and organizations from cybercrime is a natural outlet.
When a hospital is shuttered by ransomware, when a municipality's systems are compromised, the people who bear the cost are the residents, the patients, the families those institutions exist to serve. It's not a technology story. It's a civic one.
Every organization is unique. The right cybersecurity program should embrace and design for this uniqueness. It should not be force-fit or cobbled together from the latest and greatest industry products.
Organizations know who they are and what they need to protect. You bring this knowledge and we bring the expertise, the infrastructure, and the daily execution. With alternative models, the customer is passive, and the model keeps the organization vulnerable.
I serve on boards because the organizations are doing work that matters and governance is the foundation for how that work is protected.
In December 2025, I was accepted into the Leadership Greater Chicago Daniel Burnham Fellowship, not as a cybersecurity expert, but as a civic leader whose record of board service, community engagement, and institutional work demonstrated a needed way of thinking about what it takes to sustain community.
Child and family welfare agency serving greater Chicagoland.
2017 to present: Board Member · Risk Committee Chair · Nomination Committee
Serving individuals with disabilities in metropolitan Chicago.
2023 to present: Board Member · Operations and Risk Committee
Founded in 1879, the Club is a catalyst for action on important social issues of the day.
2024 to present: Board Member
Emmy Award-nominated professional chorus and orchestra that provides educational outreach to hundreds of Chicago high school students.
2024 to present: Board Member
International spiritual organization serving 56 countries across six continents.
2025 to present: Board Member
Civic engagement as practice, not credential: ongoing mentorship, committee leadership, and direct community investment.
America’s premier nonprofit resource partner of the U.S. Small Business Administration, providing free, confidential business mentoring to entrepreneurs and small business owners.
2018 to present: Volunteer and Mentor · Economic Empowerment
Since 1927, connecting Chicago’s top business and civic leaders with a mission to identify current and next-generation leaders.
2024 to present: Membership Committee
B.S., Electrical Engineering and Computer Science (Minor: Mathematics), University of Illinois Chicago
Certificate: Smart Cities: Emerging Design and Technology, MIT Media Lab
Certified Computer Forensics Examiner (CCFE), Information Assurance Certification Review Board
Certified Corporate Director (in progress) from the National Association of Corporate Directors
U.S. DHS CIPAC, Election Infrastructure Subsector Coordinating Council Member (2023 to present)
Leadership Greater Chicago, Daniel Burnham Fellow (2026 to present)
Named one of the "20 Most Promising Enterprise Security Solutions Providers for 2023" by CIOReview
Recognized by President Bill Clinton for leading the engineering team that built the first coast-to-coast broadband network.
I speak to public servants, nonprofit executives, corporate boards, and professional associations about the one thing most organizations aren't ready for until it's too late: what happens to the people they serve when their systems are compromised?
My talks are not technology briefings. They are civic arguments, grounded in 30 years of operational practice, 20 years in the election jurisdiction space, a seat on the DHS election security advisory council, and many years of cyberterrorism training for law enforcement professionals.
Most civic leaders encounter cybersecurity through three lenses: regulatory compliance, breach response, or budget pressure. There's a fourth lens most haven't looked through: duty. This talk reframes the cybersecurity conversation as a civic obligation. It’s not what you have to do, but what you owe the people who depend on your organization.
Boards govern culture, strategy, and risk. Cybersecurity sits at the intersection of all three, but most boards approach it as a technology question delegated to IT. This talk addresses the governance gap directly. What do boards need to understand? What questions should they be asking? What does it look like when risk governance is done right?
Three decades working in cybersecurity operations produced one consistent observation: organizations that are breached don't fail because they lack tools. They fail because they lack a cybersecurity operations lifecycle. This talk examines the difference between a patchwork security program and bespoke operational discipline, and what it takes to build a robust one.
What does a municipality with a $40,000 IT budget have in common with a county that spends 20 times as much on cybersecurity? Both are trying to protect the same thing. This talk makes the case for cybersecurity as community infrastructure. What can shared-cost, shared-intelligence security operations do for organizations that can't afford to go it alone?
Most organizations aren't failing because they lack cybersecurity spending. They're failing because the model in which they operate was designed to keep them dependent, not defended. The traditional MSSP framework is asymmetrical by design: the vendor alerts, the customer responds, and the burden of building an actual operation falls on the organization least equipped to do so. It's a symmetrical model where the customer governs and the provider operates, each in the role they were built for. What does it look like when an organization stops patching the model and starts replacing it all together? Drawn from 30 years of operational practice and proven at scale with the City of Aurora, Illinois, where we mitigated more than 35,000 threats, with zero major incidents declared.
Cyrus is a dynamic and multi-modal facilitator, from large conference stages to intimate board-level conversations. Every talk is uniquely adapted to the audience and the argument the room needs to hear.
A full-length address for conferences, association meetings, and civic leadership convenings. Keynotes deliver the civic argument at scale, built around Cyrus's understanding that cybersecurity is a community infrastructure problem, not a technology one.
A moderated conversation designed to surface the practitioner behind the argument. Fireside chats are ideal for leadership forums, fellowship programs, and executive audiences who want depth over polish; it's Cyrus's most candid format.
Structured peer dialogue with executive, civic, or practitioner audiences. Cyrus serves as anchor voice, grounding the conversation in operational reality and redirecting it when it drifts toward abstraction.
A focused session for nonprofit or corporate boards on cybersecurity governance. Cyrus elicits insights on what the board is responsible for, what questions to ask leadership, and what risk committee maturity actually looks like in practice.
Workshops draw on experiences from more than six years of curriculum development and training 5,000+ professionals under DHS funding, across professional associations, municipal leadership cohorts, and law enforcement audiences.
Long-form conversation for civic, executive, and cybersecurity-focused podcasts. Cyrus speaks from operational experience, not talking points, which produces the kind of candid, specific insight that podcast audiences return for.
Live and recorded segments for broadcast news, cable networks, and digital media. Cyrus has served as a recurring cybersecurity commentator with CNN, Bloomberg, ABC, CBS, FOX, and regional outlets. He thrives and performs well under pressure.
Available to submit for speaking opportunities at conferences, symposia, and civic leadership convenings. Topic abstracts and speaker materials available on request.
Available as a featured guest for organizational town halls, leadership development programs, civic engagement series, and university or college forums. Guest speaker topics and formats are fit to the unique audience and objectives of the host organization.
A full-length address for conferences, association meetings, and civic leadership convenings. Keynotes deliver the civic argument at scale, built around Cyrus's understanding that cybersecurity is a community infrastructure problem, not a technology one.
A moderated conversation designed to surface the practitioner behind the argument. Fireside chats are ideal for leadership forums, fellowship programs, and executive audiences who want depth over polish.
Structured peer dialogue with executive, civic, or practitioner audiences. Cyrus serves as anchor voice, grounding the conversation in operational reality.
A focused session for nonprofit or corporate boards on cybersecurity governance. Cyrus elicits insights on what the board is responsible for, what questions to ask leadership, and what risk committee maturity actually looks like in practice.
Workshops draw on experiences from more than six years of curriculum development and training 5,000+ professionals under DHS funding, across professional associations, municipal leadership cohorts, and law enforcement audiences.
Long-form conversation for civic, executive, and cybersecurity-focused podcasts. Cyrus speaks from operational experience, not talking points.
Live and recorded segments for broadcast news, cable networks, and digital media. Cyrus has served as a recurring cybersecurity commentator with CNN, Bloomberg, ABC, CBS, FOX, and regional outlets.
Available to submit for speaking opportunities at conferences, symposia, and civic leadership convenings. Topic abstracts and speaker materials available on request.
Available as a featured guest for organizational town halls, leadership development programs, civic engagement series, and university or college forums.
Cyrus J. Walker III is the Founder and CEO of Data Defenders, LLC®, a Chicago-based cybersecurity firm serving state and local governments, nonprofits, and SMBs. He brings 30 years of experience in federal law enforcement training, election security, and C-suite operations leadership.
Cyrus trained more than 5,000 federal, state, and local law enforcement professionals under U.S. Department of Homeland Security funding, pioneered Applied Computer Forensics™ for election system protection, and has served on the U.S. DHS Critical Infrastructure Partnership Advisory Council's Election Infrastructure Subsector Coordinating Council since 2023. He is a 2026 Daniel Burnham Fellow with Leadership Greater Chicago and an active board member across five civic and nonprofit organizations, including serving as Risk Committee Chair at Kaleidoscope.
Cyrus has been featured on CNN, Bloomberg, Forbes, ABC, CBS, FOX, and the Chicago Tribune. He speaks to civic leaders, executive boards, and professional associations about cybersecurity as a civic obligation — not a technology problem.
Fill out the form and someone will follow up within 48 hours.
A stage-by-stage framework for small businesses, nonprofits, and municipalities, built from 30 years of operational experience and success at the intersection of cybersecurity and civic leadership.
Select a layer of the pyramid to explore
Every effective cybersecurity operation is built on three interdependent components. When they operate in balance, your organization is defended. When they fall out of alignment, vulnerabilities emerge, regardless of budget or headcount.
Select a component to explore
A robust cybersecurity assessment is your first step. We identify where you are, we map what you need, and we build from there.
From election security forensics to national cybersecurity commentary to civic leadership — an archive of media appearances, publications, and features.
CIOReview’s Enterprise Security Edition featured Data Defenders among the 20 Most Promising Enterprise Security Solutions Providers for 2023. The feature profiles the DataShield® MSS CyOps model and Cyrus Walker’s core conviction: that cybersecurity program existence does not equal cybersecurity operational effectiveness. DataShield Analytics® converts raw security telemetry into actionable intelligence — shifting the human element from data aggregation to decision-making and action.
Forbes feature on the insider threat as the primary cybersecurity vulnerability for small businesses. Cyrus Walker is the featured expert, arguing that the top cybersecurity threat to small businesses is not external hackers — it is employees who, through lack of training and awareness, unwittingly let attackers in. The piece draws on data showing 58% of cyber attack victims are small businesses and that ransomware forced nearly a quarter of SMBs to halt operations entirely in 2017.
Chicago Tribune feature on Data Defenders' election security forensics work with Cook County. The article profiles how the firm's real-time monitoring and digital forensic methodology helped protect the county's voting infrastructure across multiple election cycles — providing the kind of continuous operational security posture that static IT audits cannot deliver.
CNN Money feature examining what was truly at stake in the FBI's legal battle to compel Apple to unlock the San Bernardino shooter's iPhone. Cyrus Walker is featured as a cybersecurity expert, providing analysis of the national security implications, the precedent that a forced unlock would set, and why the outcome of the case would define the relationship between law enforcement and encrypted consumer technology for years to come.
The Daily Caller feature on the FBI vs. Apple encryption standoff, with Cyrus Walker offering a digital forensics perspective on why the technical argument for compliance was more nuanced than Apple's public position suggested. Walker examines the specific capabilities Apple was being asked to create, the forensic investigative value of device access, and the distinction between backdoor encryption and a one-time court-ordered capability.
The Guardian feature on cybersecurity threats facing small businesses, published against the backdrop of the Obama-Cameron summit on digital security cooperation. Cyrus Walker provides expert commentary on why small businesses are disproportionately targeted by cybercriminals, what the most common attack vectors are, and why a lack of basic cyber hygiene — not sophisticated nation-state actors — is the primary cause of small business breaches.
CIOReview’s Enterprise Security Edition featured Data Defenders among the 20 Most Promising Enterprise Security Solutions Providers for 2023 (June 2023, page 24). Profiles the DataShield® MSS CyOps model and Walker’s core conviction: that a cybersecurity program’s mere existence does not guarantee protection. The primary cause of persistent vulnerability is ineffective cybersecurity operations — teams overwhelmed by data they cannot convert into actionable intelligence.
Walker: “We achieve operational effectiveness by understanding that cybersecurity operations are based on analytics, quickly turning cybersecurity data into actionable intelligence that enables the human element to simply decide and act.” The recognition also highlighted DataShield Analytics® — the AI-powered platform that aggregates cybersecurity data streams into a single correlated intelligence layer.
Read the full magazine feature — June 2023, page 24 ↗Retained as expert witness in election integrity litigation concerning alleged electronic tampering of iVotronic voting systems in Hidalgo County, Texas. Provided forensic analysis and expert testimony on the technical feasibility of the alleged tampering, the integrity of the electronic voting record, and the evidentiary standards applicable to digital forensics in election law proceedings.
White papers, research, and articles from the intersection of cybersecurity operations, civic leadership, and institutional resilience.
Most cybersecurity breaches don't begin with sophisticated hacking — they begin with a human being making a decision. This piece examines why the insider threat is the primary attack vector for organizations of every size, how social engineering exploits human psychology rather than technical vulnerabilities, and what leadership-driven security culture looks like in practice.
Read ↗Ransomware has become the defining cybersecurity threat of the decade, and organizations that treat it as an IT problem rather than a business continuity problem are the ones paying ransoms. This article walks through the operational reality of a ransomware attack, the decisions leadership must make in real time, and what a defensible response posture actually requires.
Read ↗Data shows that more than half of all cyberattacks target small businesses — not because small businesses have more valuable data, but because they have weaker defenses. This piece explains the attacker's calculus, why small businesses consistently underestimate their exposure, and what a proportionate, practical security posture looks like without an enterprise budget.
Read ↗Insider threats are the most underdiscussed category in cybersecurity — not because they're rare, but because they're uncomfortable. This article draws a clear distinction between malicious insiders, negligent employees, and compromised credentials, and outlines the monitoring, access control, and training strategies that address each category without turning an organization into a surveillance state.
Read ↗The 2024 ransomware attack on Lurie Children's Hospital was not just a technology failure — it was a patient care failure. This piece uses the Lurie incident as a lens for examining the specific vulnerabilities of healthcare IT environments, the regulatory pressures that create security tradeoffs, and what healthcare organizations must prioritize to protect both operations and patient data.
Read ↗The dominant framing of cybersecurity as a technology challenge has consistently produced technology solutions to what is fundamentally a leadership and governance problem. This piece argues that municipal leaders, nonprofit executives, and healthcare administrators carry a civic obligation to defend the institutions their communities depend on — and that fulfilling that obligation begins with treating cybersecurity as a strategic priority rather than an IT expense.
Read ↗Most organizations can confirm they have a cybersecurity program. Far fewer can confirm it is operationally effective. This article examines the gap between program existence and program performance — why compliance-driven security creates a false sense of protection, what operational effectiveness actually looks like, and how organizations can assess whether their defenses would hold under real adversarial pressure.
Read ↗Documents the City of Aurora's journey from a reactive posture to a lifecycle-driven cybersecurity operation — proving the MCOP model at scale. Aurora's in-house program left critical infrastructure severely exposed. Data Defenders deployed DataShield Cybersecurity 360°® and DataShield Analytics® at approximately one-fifth the cost of an in-house SOC. Results: 35,331 threats mitigated, 351 high-severity threats eliminated, zero major incidents declared.
Download Case Study ↗A practitioner's guide to building and executing an effective cybersecurity incident response capability. Covers the full incident response lifecycle — preparation, detection, containment, eradication, recovery, and post-incident analysis — with emphasis on the organizational and operational decisions that determine whether a response succeeds or fails. Written for leadership and operations teams who need to move from having an incident response plan to having an incident response capability.
Download White Paper ↗A practical consumer guide to understanding and reducing cybersecurity risk in everyday life. Introduces the concept of "digital life etiquette" — behavior-based practices for managing mobile devices, online accounts, and software. Covers account compartmentalization, credential management, and multifactor authentication as accessible strategies for locking down a digital footprint without disrupting daily habits.
Download White Paper ↗An operational guide addressing the unique cybersecurity vulnerabilities of small businesses operating in an increasingly connected environment. Covers behavior and awareness, technology strategies, event monitoring, incident response planning, and the distinction between internal and external threats. Designed to help non-technical business owners build a defensible security posture without enterprise-level resources.
Download White Paper ↗Presented at the Fifth International Conference on Electronic Voting, this paper makes the case that any Internet voting deployment must be supported by continuous security auditing from the development stage through active field use. Draws on real-time election forensics methodology to demonstrate how the same approach mitigates risk and detects intrusions in Internet-based voting solutions. Co-authored with Edwin B. Smith III, Michelle M. Shafer, and L. Jay Aceto.
Read Publication ↗A practitioner's examination of how digital forensics can be applied in real time to maintain the integrity of electronic voting systems throughout an election cycle — not just after the fact. Covers vote capture devices, Election Management System software, and how forensic monitoring enables jurisdictions to detect anomalies and respond to system threats before they affect outcomes. Co-authored with Edwin B. Smith III and Michelle M. Shafer.
Download Case Study ↗Documents Data Defenders' pioneering application of Applied Computer Forensics™ to Cook County's electronic voting system, from the 2006 General Election through the 2008 Presidential cycle. Details the Election Integrity Forensics Analysis (EIFA™) process and demonstrates how real-time monitoring of over six million files produced verified assurance that no evidence of malicious code or tampering was found. Endorsed by Cook County Clerk David Orr.
Download Case Study ↗Published in the IEEE journal at the Fifth International Workshop on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS'97). Presents the ATM Network Design System developed to support the architecture and design of high-speed broadband networks — foundational work in a career that led Cyrus Walker to build the nation's first coast-to-coast broadband network, recognized by President Bill Clinton. Co-authored with Charles Brooks, Hong Li, and Shuyue Wei.
View on IEEE Xplore ↗These series bring the conversation to mayors, city managers, nonprofit executives, and business owners who are managing real operations — and need to understand what's at stake.
A flagship series examining the threats shaping cybersecurity for municipalities, nonprofits, and the institutions communities depend on — and what comprehensive operations make possible.
“Municipalities and units of government are not designed to provide cybersecurity services. They’re designed to provide traffic management… law enforcement, shovel sidewalks… [The MCOP model] frees them up to do what they do best, while the vendor… does what it does best, which is hunt threats, kill threats, build operations, and manage those operations on a 24/7 basis.”
“One of the unspoken benefits of a shared services model is the shared intelligence that comes along with that.”
“There has to be balance. There has to be alignment and there has to be comprehension across each of those three components — governance, process and procedure, and technical infrastructure management.”
Breaking down what the Managed Cybersecurity Operations Provider (MCOP) model is, why it matters, and how it moves beyond the limits of traditional MSSPs. For municipal leaders, nonprofit executives, and business decision-makers.
A free, jargon-free educational series built specifically for non-technical small business owners — produced in partnership with SCORE Chicago. Topics include Incident Response Planning, Cyber Insurance, Ransomware, Phishing, and a foundational framework for getting started.
