Wells Larsen

Risk-First Business Enablement: I build security programs that deliver frictionless enterprise growth while embedding risk, compliance, and resilience.

Translation Mastery: I convert complex technical risk into compelling business narratives that drive C-suite action and board confidence.

Cultural Architecture: I design and embed self-sustaining cultures of security awareness and shared accountability, turning compliance into a source of organizational pride.

Servant-Strategic Leadership: I multiply talent and scale enterprise resilience by insourcing key roles, hiring expert leaders, and empowering teams to own outcomes.

Executive Alignment: I present regularly to ELT, translating technical risk into business and financial terms that drive informed, risk-aligned decisions.

Post-Breach Recovery: I partnered with counsel on OCR response and litigation preparation, closed breach-related gaps, implemented bi-annual audits, and established CMMI-based maturity assessments to rebuild executive and regulatory trust.

Organizational Redesign & Delivery Gains: I restructured the program into Security Engineering, SOC, and Service Delivery, insourced 38 roles and hired senior leaders, increasing project delivery 132% and reducing MTTR 67%.

Executive Governance & Operating Model: I formalized an executive charter defining shared accountability between the CISO Office and ELT, unified HIPAA, NIST, and ISO 27001 under one operating model, and launched councils for technology, security, and emerging tech governance.

Program Architecture & Elevation: I transformed four core security domains into structured sub-programs with appointed leaders, defined maturity roadmaps, and embedded continuous improvement cycles that sustain progress long after initial transformation.

TVM: The program cleared a backlog of 100K+ CVEs in seven months, expanded coverage to OT and medical devices, and implemented a maturity roadmap to sustain reduced exposure.

IAM: I rescued a failed SailPoint deployment, reduced onboarding incidents 78%, eliminated social engineering, and modernized password management with Azure SSPR.

Security Awareness: I hired a program lead and launched the “Security is Everyone’s Responsibility” campaign, embedding shared accountability and measurable culture KPIs.

Cyber Fusion Center: I recruited a former FBI incident response leader and evolved the SOC into a Cyber Fusion Center integrating threat hunting, intelligence, and response, with defined capability-maturity metrics.

Risk Transparency for Decisions: I centralized the enterprise risk register, standardized scoring, and instituted ELT-level financial impact reporting to align security investments with measurable risk reduction.

Zero Trust Architecture Modernization: I initiated and am leading the organization's shift from a legacy castle-and-moat model to a modern Zero Trust architecture that enables the business to adopt cloud services with confidence. I developed a three-year roadmap and sequenced foundational initiatives — CMDB overhaul, RBAC redesign with least privilege, and network segmentation — establishing the core framework for scalable, identity-driven Zero Trust adoption.

AI Governance & Enablement: I established an enterprise AI Governance Council and built the organization's first AI governance framework — incorporating AI-specific controls from NIST, ISO 27001, and GDPR, securing M365 and Azure data foundations, and extending the TPRM vendor questionnaire to address emerging AI risk before most organizations had a framework for it.

GRC Program Transformation: I rebuilt a limited GRC function into a mature, enterprise-wide governance program — overhauling TPRM, consolidating change governance, launching an executive Information Security Council, and hiring a dedicated GRC Lead to own it long-term.

Executive Clarity: I built a fully automated Power BI dashboard as a single source of truth for KPIs, risk and incident flow, project status, intake, and high-risk approvals — translating complexity into board-level clarity.

Resilience & Continuity: After years of dormancy, I drove enterprise-wide BCP renewal — coordinating business units across 20 hospitals and 184 clinics to rebuild plans from the ground up and establishing a structured quarterly presentation cadence to achieve full coverage within a single year.

Recognition: Personally recognized as DC100 Top 100 Deputy CISO (2025). The INTEGRIS security program was named to Becker's Hospital Review ‘53 CISOs & CPOs to Know’ (2025) — one year after a significant breach — reflecting the measurable transformation in program maturity and enterprise resilience.

MSP Security Architecture: I designed the shared security operating model — including SOC-as-a-Service and policy-driven cloud guardrails — that enabled seven healthcare systems to achieve and sustain compliance across HIPAA, NIST, and regulatory frameworks at scale.

Policy-Driven Cloud Guardrail System: I conceived and led the policy-as-code guardrail system powering Fully Managed Cloud-as-a-Service on Azure and AWS, enforcing security and compliance by default through CI/CD automation, policy baselines, and integrated SAST/DAST testing — reducing provisioning and compliance cycles from months to days.

Epic-on-Azure Security Architecture: I served as the cross-vendor security bridge between Epic and Microsoft Azure, refining early cloud design patterns for one of healthcare's most sensitive clinical platforms — contributing to architectural approaches later reflected in Microsoft's formalized guidance for enterprise healthcare deployments.

Executive Security Partnership (vCISO & vCIO): I served as virtual CISO/CIO across seven healthcare systems, advising executives on sequencing security investments, aligning roadmaps to regulatory expectations, and translating risk into business and financial terms.

Strong Ground Leadership: I built high-performing security teams by prioritizing psychological safety, clear decision rights, and a coaching culture — developing leaders who carried security standards and ownership forward through change.

Platform Innovation Legacy: The cloud guardrail platform I built became the catalyst for Optum's broader enterprise cloud transformation, driving adoption of automation-first, as-code architectures across the organization.

Expanded a security operations engineering team from 8 to 25 members within a year, overseeing the management of 22 enterprise security platforms.

Collaborated with cross-functional teams to enhance security and stability across Target.com and retail stores, achieving greater organizational resilience and efficiency in a post-breach environment.

Led the comprehensive overhaul of Target's Root Cause Analysis (RCA) and problem management program, resulting in over $500,000 in savings in 2015 compared to the previous year.

Developed and deployed automation services to streamline workloads, achieving $200,000 in savings in 2013.

Identified and resolved a critical flaw in the SSL renewal process, designing automation to prevent downtime on Target.com, which avoided millions of dollars in potential lost revenue and eliminated the need for a costly third-party solution.

Led Tier 2 (T2) troubleshooting, diagnosing defects, data issues, and integration failures impacting patient monitoring workflows.

Built Linux and Bash automation for log analysis and triage, reducing time to resolution and improving repeatability of root cause analysis.

Developed interim middleware fixes and software workarounds designed to remain stable for 12+ months, enabling safe operation while remediations progressed through Food and Drug Administration (FDA) review cycles.

Partnered with engineering, quality, and clinical stakeholders to ensure mitigations met safety, privacy, and regulatory expectations.

Added network security engineering and infrastructure hardening responsibilities (firewalls, load balancers, platform stability), improving resilience and availability for a global patient-care platform.

Directed engineers and vendors to deliver capacity and reliability upgrades, including Business Continuity and Disaster Recovery (BCDR) procedures and major storage expansion.

FuturistCISO Award 2025: CXO Inc.: A peer-recognized honor presented at CXO Inc.’s CISOMeet events to CISOs who articulate and lead a forward-looking security vision—often highlighting AI, business enablement, and readiness for emerging threats. Winners are typically selected by fellow CISOs at the event.

DC100 - Top Deputy CISO 2025: CISOs Connect: Recognized among the 2025 DC100 Top 100 Deputy CISOs by CISOs Connect, highlighting leadership and impact in building and advancing modern security programs.

Program recognition: CISO (Stacy Stika) named to Becker's Hospital Review '53 CISOs & CPOs to Know (2025): Stacy Stika (CISO) was recognized for leading an 18-month transformation of the security program following a breach, strengthening resilience, governance, and organizational trust.

Turning complexity into clarity: My signature contribution is translating complexity — technical, organizational, or strategic — into clear narratives that help leaders decide and teams act. I use storytelling and analogy as tools, not decoration. The goal is never to transfer information. It is to change how someone sees the problem.

Building systems that outlast me: I design operating models, governance structures, and decision frameworks with one question in mind: will this still work when I am no longer in the middle of it? Succession is not an afterthought. It is the measure of whether the work was real.

Trust-building as a leadership practice: I build trust slowly and authentically — through consistency, follow-through, and genuine curiosity about the people I work with. I am not performing interest. When people sense that, they open up quickly, and the foundation forms early.

Elasticity under pressure: I read what an organization needs and orient to it — post-breach stabilization, program maturity, cultural transformation, or executive alignment. I shift shape to fit the moment without losing the underlying principles. That adaptability is rarer than any single specialized skill, and it is what has made me effective across environments that looked nothing like each other.

Developing leaders, not dependencies: I invest in people's growth intentionally — coaching through real decisions, not just giving answers. The measure of success is not what someone can do with me in the room. It is what they can do when I am not.

Frictionless visibility by design: I design metrics, dashboards, and documentation that provide continuous, decision-ready insight without manual overhead. Visibility should be automatic, not a tax on the team.

Influencing without authority: Some of my most consequential work has happened across organizational lines where I had no direct authority — aligning competing stakeholders, building shared direction, and earning trust in environments where my only leverage was credibility and clarity.

Board Member - CyberRisk Collaborative - Twin Cities Chapter: The Twin Cities Leadership Board is a group of local leaders committed to the idea that national security and critical infrastructure resiliency is strengthened through peer-to-peer knowledge sharing, diversity, and leadership development.

Advisory Board Member - Halcyon's Healthcare Advisory Board: The Halcyon Healthcare Advisory Board brings together experienced healthcare and technology leaders to help shape Halcyon’s approach to innovation in complex, high-trust healthcare environments. The board provides strategic guidance on responsible adoption, risk, trust, and governance, ensuring that healthcare-focused initiatives and founders are supported with the right guardrails to scale safely and effectively.

Mentor - Irvine Technology Corporation (ITC) - Women in Technology Leadership Program: This program is designed to empower women pursuing technology leadership roles by providing them with a rigorous 13-week curriculum tailored to advance their careers toward CIO, CISO, and executive positions.

Member - Private Directors Association: Member of the Private Directors Association (PDA), a national organization dedicated to helping private companies build high-performing boards. PDA focuses on the unique governance needs of private, family-owned, employee-owned, and private equity-backed companies and connects executive leaders who are current and aspiring board members. Currently seeking private board certification.

Member - Gartner C-Level Communities: Gartner C-Level Communities fosters leadership development and collaborative exchange among North America's top executives. We bring together thousands of c-suite executives each year to create unmatched opportunities for leaders of the best companies to network, share, and learn.

Member - SANS CISO Network: An exclusive networking group for CISOs and senior security professionals. The SANS CISO Network provides its members with a platform to influence our digital future and make the world a safer place.

Member - InfraGard: InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

Member - Team8 CISO Village: The Team8 CISO Village is a global community of cyber security senior executives, CISOs and thought leaders from leading enterprises. The Village is an avenue for exchanging ideas, collaborating as an industry, and promoting innovation in cyber security.

Member - The CISO Society: The CISO Society is a private community of CISOs collaborating on everything from security strategy, industry challenges, project roadmaps, technology partners, talent acquisition, leadership and investments. They promotes trusted, peer-reviewed decision-making and strategic collaboration, facilitate vendor due diligence backed by actual CISO feedback, supports leadership development—transforming technical roles into strategic business enablers and help members stay ahead on hot topics like AI risk governance, third-party resilience, and team well-being.

Advocate - KDIGO (Kidney Disease: Improving Global Outcomes): An independent, global nonprofit organization that develops and publishes evidence-based clinical practice guidelines for kidney disease. KDIGO's mission is to improve the care and outcomes of people with kidney disease worldwide by promoting coordination, collaboration, and consensus in the development and implementation of high-quality, evidence-based clinical guidelines across the full spectrum of kidney health.

Where to Hear the Most Thoughtful Warnings About Artificial General Intelligence (AGI) Risk: A Podcast Listening Guide

Why Are Health Systems Pushing Back on HHS?

Empathy Is the Strategy: Why Inclusion Is a Prerequisite for Culture Transformation

Practical Security Is Empathy in Action

Thoughts on Security Awareness: Why Phishing Training Alone Falls Short

Enough Talk: Let’s Move the AI Conversation Forward

A Generation Got Told Their Brains Were Defective. The Research Just Said “Our Bad." - Ross Grossman

Psychological Safety in the Workplace: I believe teams do their best work when it is safe to ask questions, surface risk early, and disagree respectfully. Psychological safety creates the conditions for accountability, learning, and speed without blame.

Responsible & Ethical AI Adoption: I support narrow-focus Artificial Intelligence that advances innovation in practical, measurable ways. At the same time, I am cautious about Artificial General Intelligence (AGI), where capability may outpace governance and control could be lost. I advocate for transparent, well-governed use of Artificial Intelligence with clear guardrails, accountable stewardship, and a bias toward preventing harm.

Transplant Awareness: Organ donation and transplant programs save lives and restore families. I support efforts that increase awareness, access, and empathy for the long path patients and caregivers walk before and after transplant.

Innovative Healthcare: Healthcare should be both high-trust and high-velocity. I support innovation that improves care delivery, reduces clinician burden, and strengthens patient safety without adding unnecessary complexity.

Animal Protection: I have a deep love for dogs, and that love extends into a broader commitment to humane treatment and reducing animal suffering. I support responsible stewardship, rescue and adoption efforts, and practical policies that protect vulnerable animals.

Environmental Protection: Healthy environments are foundational to human health and long-term stability. I support practical, responsible action that preserves natural spaces and reduces harm for future generations.

Neurodiversity & ADHD Inclusion: Human cognition is not one-size-fits-all. I support environments that recognize and value neurodivergent ways of thinking, including Attention-Deficit/Hyperactivity Disorder (ADHD). When organizations design work around clarity, flexibility, and trust—rather than rigid norms—they unlock creativity, pattern recognition, deep focus, and innovation that might otherwise be lost. I advocate for practical accommodations, reduced stigma, and leadership approaches that see neurodivergence not as a deficit to be managed, but as a capability to be understood and supported. Ground Breaking Research: When all you’ve got is a tree-climb test, every fish looks like a failure.”

People Skills for a Virtual World Collection By: Harvard Business Review

Harvard Business Review Emotional Intelligence Collection By: Harvard Business Review

Being Your Best Collection By: Harvard Business Review

Captivate By: Vanessa Van Edwards

Cues By: Vanessa Van Edwards

Things My Son Needs to Know about the World By: Fredrik Backman

A Man Called Ove By: Fredrik Backman

Any Dumb-Ass Can Do It By: Garry Ridge

The Grand Philosophy Collection By: Marcus Aurelius

Late Bloomers By: Rich Karlgaard

Falling Upward By: Richard Rohr

Trust and Inspire By: Stephen M.R. Covey

Daring Greatly By: Brené Brown

Read Your Mind By: Oz Pearlman

Atlas of the Heart By: Brené Brown

Rising Strong By: Brené Brown

Strong Ground By: Brené Brown

The Next Conversation By: Jefferson Fisher

Alchemy By: Rory Sutherland

Feb 16, 2026: The Diary Of A CEO - Jonathan Haidt and Harvard physician Dr Aditi Nerurkar: Brain Rot Emergency: These Internal Documents Prove They’re Controlling You!

Jan 19, 2026: The Diary Of A CEO - John Kiriakou: CIA Whistleblower: They Can See All Your Messages!

Dec 22, 2025: The Diary Of A CEO - Jefferson Fisher: The Gaslighting Expert: If They Do This, You're Being Manipulated!

Dec 18, 2025: The Diary Of A CEO - Yoshua Bengio: Godfather of AI: We Have 2 Years Before Everything Changes!

Dec 15, 2025: The Diary Of A CEO - Alison Wood Brooks: Top Harvard Professor: The Psychology Of Why People Don't Like You!

Dec 04, 2025: The Diary Of A CEO - Professor Stuart Russell O.B.E.: An AI Expert Warning: 6 People Are (Quietly) Deciding Humanity’s Future!

Nov 27, 2025: The Diary Of A CEO - Tristan Harris: AI Expert: Here Is What The World Looks Like In 2 Years! Tristan Harris

Nov 13, 2025: The Diary Of A CEO - Tim Ferriss: Tim Ferriss: The Hidden Nerve That Controls Trauma, Mood & Emotional Pain!

Nov 03, 2025: The Diary Of A CEO - Brené Brown: The Algorithms Have Forced Us Into A Hidden Epidemic, This Is The Only Way Out!

Oct 30, 2025: The Diary Of A CEO - Kamala Harris: America Is At Breaking Point & I'm Deeply Concerned About The State Of The Country!

Oct 23, 2025: The Diary Of A CEO - Oz Pearlman: This Small Mistake Makes People Dislike You! They Do This, They’re Lying!

Oct 16, 2025: The Diary Of A CEO - Panel: Hormone & Fertility Experts: We've Been Lied To About Women's Health! If This Happens, Call A Doctor

Sep 18, 2025: The Diary Of A CEO - Matthew McConaughey: The Silent Crisis No One Is Talking About! I Sabotaged My Own Career!

Sep 15, 2025: The Diary Of A CEO - Panel: No.1 Money Saving Experts: Do Not Buy A House! Putting Money In A Bank Makes You Poorer!

Sep 04, 2025: The Diary Of A CEO - Dr. Roman Yampolskiy: The AI Safety Expert: These Are The Only 5 Jobs That Will Remain In 2030!

Aug 21, 2025: The Diary Of A CEO - Mohnish Pabrai: FASTEST Way To Financial Freedom! Proven Playbook For Quitting Your 9-5 In 9 Months!

Jun 16, 2025: The Diary Of A CEO - Geoffrey Hinton: Godfather of AI: They Keep Silencing Me But I’m Trying to Warn Them!

Jun 02, 2025: The Diary Of A CEO - Jimmy Fallon: I Didn't Expect It To Be This Brutal! The Hate Was Something I Wasn’t Prepared For!

May 26, 2025: The Diary Of A CEO - Simon Sinek: You're Being Lied To About AI's Real Purpose! We're Teaching Our Kids To Not Be Human!

Mar 17, 2025: The Diary Of A CEO - Jefferson Fisher: The One Word All Liars Use! Stop Saying This Word, It's Making You Sound Weak!

Dec 09, 2024: The Diary Of A CEO - Vanessa Van Edwards: Body Language Expert: Stop Using This, It’s Making People Dislike You, So Are These Subtle Mistakes!

Aug 29, 2024: The Diary Of A CEO - Andrew Huberman: You Must Control Your Dopamine! The Shocking Truth Behind Cold Showers!

Jul 11, 2024: The Diary Of A CEO - Scott Galloway: "We’re Raising The Most Unhappy Generation In History! Hard Work Doesn't Build Wealth

Jun 17, 2024: The Diary Of A CEO - Simon Sinek: "Strong Thigh Muscles = More friends", This Is Why You Can't Make Friends!

Apr 15, 2024: The Diary Of A CEO - Jimmy Carr: There's A Crisis Going On With Men!