Michael Gregg

Michael Gregg is an American computer security expert, author, and educator known for his leadership in public- and private-sector cybersecurity initiatives. He has written or co-authored more than twenty books on information security, including Inside Network Security Assessment and Build Your Own Security Lab. ^[1]Gregg is the CEO of Superior Solutions, Inc. and was appointed Chief Information Security Officer for the state of North Dakota. He has also testified before the United States Congress on cybersecurity and identity theft.^[2][3]

Michael Gregg
Nationality	American
Education	LeTourneau University (MBA) Cornell University (Technology Leadership) Villanova University (Certificate, IT Project Management)
Occupation(s)	Computer security specialist, author, educator
Employer(s)	Palo Alto Networks; North Dakota Information Technology; Superior Solutions, Inc.; Villanova University
Known for	Cybersecurity leadership, public testimony
Notable work	Inside Network Security Assessment, Build Your Own Security Lab

Education

According to his LinkedIn profile and congressional biography, Gregg holds two associate degrees, a bachelor's degree, and a master's degree.^[4][5] His education includes:

• An MBA in Business from LeTourneau University^[5]
• Technology Leadership studies at Cornell University^[5]
• A Certification in Project Management (Information Technology Project Management) from Villanova University^[5]

Gregg has served as lead faculty for the online cybersecurity program at Villanova University, where he developed and taught courses in penetration testing, digital forensics, and secure design.^[5] He is also listed as a cybersecurity program advisor for DeVry University in Houston.^[5][4]

Professional certifications

Certification	Abbreviation	Description	Citation
Certified Information Systems Security Professional	CISSP	Senior-level cybersecurity credential	[4]
Certified Information Security Manager	CISM	Governance and management-level cybersecurity credential	[1]
Certified Information Systems Auditor	CISA	Auditing, control, and assurance for information systems	[4]
Certified in the Governance of Enterprise IT	CGEIT	Enterprise IT governance credential	[1]
Systems Security Certified Practitioner	SSCP	Intermediate-level cybersecurity operations credential	[1]
GIAC Security Essentials	GSEC	Real-world cybersecurity skills credential	[1]
CompTIA Advanced Security Practitioner	CASP	Advanced enterprise security certification	[1]
Microsoft Certified Systems Engineer	MCSE	Microsoft server and infrastructure architecture	[6]
Cisco Certified Network Associate	CCNA	Routing and switching certification	[1]
Certified Novell Administrator	CNA	Novell systems administration	[1]
CIW Security Analyst	CIW	Web and network security fundamentals	[1]
CompTIA Network+	Network+	Foundational networking and infrastructure	[1]
CompTIA A+	A+	Entry-level IT support and troubleshooting	[1]
Certified Ethical Hacker	CEH	Penetration testing and offensive security	[1]
Computer Hacking Forensic Investigator	CHFI	Digital forensics and cybercrime analysis	[1]
Microsoft Certified Trainer	MCT	Authorized Microsoft instructor credential	[6]
Certified Technical Trainer	CTT+	Instructor performance and delivery credential	[6]
TruSecure ICSA Certified Security Associate	TICSA	Entry-level vendor-neutral security cert (retired)	[1]

Career

As of March 2025, Gregg serves as Chief Information Officer and Director of Field Strategy for Palo Alto Networks, where he leads strategic cybersecurity initiatives for public-sector and enterprise clients.^[5]

From 2020 to early 2025, Gregg held several leadership roles within North Dakota Information Technology (NDIT). He was appointed Chief Information Security Officer (CISO) in June 2021 and previously served as Director of Cybersecurity Operations. As CISO, he built a 65-member team, established the state's first Cyber Fusion Center, and expanded endpoint protection from 20,000 to 250,000 devices. He implemented agile methodologies, including SIPOC diagrams and Scrum, to improve workflow velocity, and launched a third-party risk management framework that reduced remediation costs by 80 percent.^[7][8]

Prior to joining North Dakota state government, Gregg was Global Chief Information Security Director for International Container Terminal Services from 2017 to 2020. He led the development of a global cybersecurity program across operations on five continents, deploying vulnerability management tools, a security operations center (SOC), mobile device management, multi-factor authentication, and global security awareness campaigns. He also oversaw incident response, technical controls for IT/OT environments, and created CAPEX/OPEX security budgets.^[5]

From 2007 to 2017, Gregg was CISO at Superior Solutions, Inc., a Houston-based consulting firm serving Fortune 500 companies and public agencies. His work included security assessments, incident response planning, and compliance strategies for health care, telecommunications, financial services, and property management clients. He helped secure government systems following cyberattacks and implemented HIPAA-compliant mobile access solutions.^[9]

Concurrently, from 2004 to 2017, Gregg served as Lead of the Cybersecurity Program at Villanova University. He designed a multi-course professional certification curriculum, selected subject matter experts, and taught advanced cybersecurity topics as an adjunct professor.^[5]

Gregg is a frequent keynote speaker at national and international cybersecurity conferences, including the (ISC)² Security Leadership Conference, Hacker Halted, and GovWare.

Media coverage

Michael Gregg has been featured as a cybersecurity expert across numerous national media outlets. He has appeared on television segments for Fox News, CBS News, ABC News, NBC News, CNN, CNBC, and ESPN, discussing topics such as webcam hacking, cell phone security, browser hijacking, and cyber fraud. In addition to television and radio appearances, Gregg has contributed articles and expert commentary to publications including The New York Times, HuffPost, Kiplinger, and TechTarget. His expertise has also been highlighted in online profiles, podcasts, and congressional briefings, establishing him as a recognized authority in cybersecurity.^[10]

Appearances and print

Media outlet	Title/topic	Type	Citation
The New York Times	“Phone hacking threat is low but it does exist”	Article	[11]
HuffPost	“5 Ways HealthCare.gov Could Get Hacked”	Article	[12]
Kiplinger	“5 Tips for Safe Online Shopping”	Article	[13]
Fox News	“Webcam Hacking – Michael Gregg”	TV segment	[14]
CBS News	“Cell phone hacking”	TV segment	[15]
CNBC	“Cyber threats facing US companies”	TV segment	[16]
SecureWorld	“Spotlight on Cybersecurity Leaders: Michael Gregg”	Online profile	[17]

Podcasts

Gregg has been featured as a guest on several cybersecurity-focused podcasts, where he has discussed risk management, workforce development, and public-sector innovation.

• "Michael Gregg, CISSP, Chief Information Security Officer, North Dakota" – The CISO Diaries (April 4, 2022)

Gregg discusses his career path, leadership style, and cyber priorities as a state-level CISO.

Listen on Apple Podcasts

• "The Security 'Onion' with Michael Gregg of Catalyst Network Solutions" – The MSP Stack Podcast (January 25, 2022)

A conversation on layered cybersecurity strategies, endpoint management, and defense in depth.

Listen on Apple Podcasts

• "EP 171: Getting Buy‑In for Cybersecurity" – Cyber Risk Management Podcast (November 19, 2024)

Gregg explores strategies to secure executive support for cybersecurity initiatives in large organizations.

Listen on Cyber Risk Management

• "Michael Gregg on Advanced Persistent Threats and the Growing Threat of Cybercrime" – YouTube interview (~2012)

Gregg explains the evolution of APTs and how organizations can prepare for advanced cyber threats.

Watch on YouTube

Congressional testimony

On January 16, 2014, Gregg testified before the United States House Committee on Science, Space, and Technology during the hearing HealthCare.gov: Consequences of Stolen Identity.^[18] Appearing alongside cybersecurity professionals David Kennedy and Waylon Krush, he explained how breaches could compromise personal health records.

According to SecuritySift, Gregg explained that a successful breach could allow unauthorized access to personal data, with the worst consequences occurring after the initial compromise.^[19]

He warned that linking federal and state exchanges created a broad attack surface, recommending encrypted data storage, multi-factor authentication, continuous vulnerability assessments, and targeted incident response planning.^[20] The Houston Chronicle reported that Gregg cautioned about the potential “real-world damage” if security flaws were left unresolved.^[21]

Awards and honors

• Named one of North America’s Top 100 CISOs (2023) by Cybersecurity Ventures and SecureWorld.^[22]
• Received the CISO Visionary Leadership Award (2024); invited to speak at cybersecurity briefings at the White House in 2023 and 2024.^[23]
• Listed in Government Technology magazine’s “Top 25 Doers, Dreamers & Drivers” (2024), recognizing public-sector innovation and leadership.^[24]

Professional memberships

• Member of the Ponemon Institute, serving as a fellow and contributing to privacy and security research initiatives.^[25]
• Member of the Independent Computer Consulting Association (ICCA), a professional organization for IT consultants. ^[26]
• Member of the Texas Association for Educational Technology (TxAET), reflecting involvement in technology education within the state. ^[26]

Publications

Title	Publisher	ISBN
CISSP Exam Cram Questions (2nd ed.)	Que Publishing	978‑0‑7897‑3807‑3
CISSP Exam Cram (2nd ed.)	Que Publishing	978‑0‑7897‑3806‑6
CISSP Exam Cram (1st ed.)	Que Publishing	978‑0‑7897‑3446‑4
Inside Network Security Assessment	Sams Publishing	978‑0‑672‑32809‑1
Certified Ethical Hacker Exam Prep	Que Publishing	978‑0‑7897‑3531‑7
Hack the Stack	Syngress Publishing	978‑1‑59749‑109‑9
Syngress Force 2006 Emerging Threat Analysis	Syngress	978‑1‑59749‑056‑6
Security Administrator Street Smarts (2nd ed.)	Sybex	978‑0‑470‑40485‑0
Security+ Study Guide	Syngress	978‑1‑59749‑153‑2
CHFI Study Guide	Syngress	978‑1‑59749‑197‑6
InfoSecurity 2008 Threat Analysis	Syngress	978‑1‑59749‑224‑9
CompTIA Security+ Certification Kit	Wiley	978‑0‑470‑40486‑7
CISA Exam Prep	Que Publishing	978‑0‑7897‑3573‑7
Build Your Own Security Lab	Wiley	978‑0‑470‑17986‑4

Legacy and impact

Gregg has contributed to state-level cybersecurity efforts through the development of the Joint‑Cybersecurity Operations Command (J‑CSOC), an initiative that originated in North Dakota and expanded into a multi-state cyber threat intelligence network. The program facilitates information sharing and coordination among state governments on cybersecurity matters.^[27][28]

In 2024, Gregg was recognized by Government Technology magazine as part of its Doers, Dreamers & Drivers list, which cited his work incorporating artificial intelligence into cybersecurity operations and supporting the creation of cybersecurity apprenticeship programs focused on workforce development.^[29]

His work has been referenced in discussions on public-sector approaches to digital infrastructure, emphasizing intergovernmental collaboration and strategies to address workforce shortages in cybersecurity.