Olivia Phillips

• Provides strategic, CISO-aligned leadership across enterprise cybersecurity domains as the head of Amtrak’s Business Information Security Officer (BISO) program. Leads the development and execution of enterprise-wide security strategies, aligning cyber risk management with business objectives and executive priorities. Acts as a trusted advisor to the C-suite and business unit leaders, embedding cybersecurity insights into operational decision-making and long-term strategic planning. Oversees the integration of security into mergers and acquisitions, digital modernization initiatives, and enterprise resilience efforts. Collaborates closely with legal, audit, and compliance teams to ensure adherence to evolving regulatory frameworks, including TSA Security Directives and PCI-DSS requirements. Spearheaded the implementation of a cybersecurity risk framework and executive-level reporting model to enhance visibility, accountability, and informed risk-based decision-making.

• Led the creation and maturation of Amtrak’s cybersecurity risk and assessment program, aligning cyber capabilities with mission-critical operations and federal regulatory requirements. Directed a multi-disciplinary team responsible for vulnerability management, red and blue team exercises, insider threat analysis, and enterprise risk assessments. Successfully reduced organizational cyber risk by 30% through data-driven initiatives and stakeholder alignment. Established governance models to integrate security into enterprise architecture, procurement, and product development lifecycles. Frequently briefed executive leadership and board-level stakeholders on cybersecurity posture, investment priorities, and evolving threat landscapes. Championed a culture of accountability and resilience by embedding risk-informed decision-making across business and technology teams.

• Led federal cybersecurity operations in support of the U.S. Department of Defense, defending against advanced nation-state adversaries across classified, high-security environments. Oversaw key mission areas including incident response, insider threat detection, and data protection. Closed over 2,000 security tickets monthly by streamlining triage processes, eliminating false positives, and enhancing SIEM rule sets—improving analyst efficiency and reducing alert fatigue. Provided strategic threat intelligence and KPIs to senior Pentagon officials, guiding remediation efforts and policy decisions. Coordinated cross-functionally with legal, compliance, and federal law enforcement agencies to ensure cohesive, protocol-aligned responses to national security threats.

Designed, built, and managed an industry leading Insider Threat Program, orchestrating cross-functional collaboration to align strategic objectives with regulatory demands and business imperatives. Conducted comprehensive threat assessments to identify and profile potential insider risks, leading to the design and implementation of tailored policies, procedures, and incident response protocols. Integrated leading security technologies to proactively monitor and detect abnormal insider activities. Presented program progress and accomplishments to executive leadership and external auditors, receiving accolades for exceptional program efficacy.