Dr. Thomas Graham, Ph.D., serves as the VP and Chief Information Security Officer (CISO) at Redspin, a top cybersecurity, and privacy consulting firm, the first authorized C3PAO, and one of the first organizations to conduct a DIBCAC High assessment under
the Joint Surveillance Program. Dr. Graham is the architect of Redspin becoming the first authorized C3PAO, performing numerous Joint Surveillance Voluntary Assessment Program (JSVAP) assessments, speaking on CMMC and NIST requirements, and Chairing
the MIS Advisory Board at East Carolina University.
He is responsible for all internal security items for Redspin and its affiliates. Before Redspin, he served as the CISO for CynergisTek, a publicly traded company, supporting
numerous Hospitals and Medical Facilities. He also as supported varous branches of the DoD to include being an ISSO for DISA.
Dr. Graham has supported the Defense Health Agency (DHA), where his team received a FedHealthIT award for
Innovation, presented to them at the National Press Club in Washington, DC. He has also received official
Naval Commendations, and the Captain Joan Dooling Award for operational excellence.
Dr. Graham has troubleshot almost every natural disaster possible while travelling internationally over his
career. In his downtime, Dr. Graham enjoys collecting comics and helping advise numerous cybersecurity
students.