Tavo Duran

Transformational cybersecurity executive with a proven track record of building and leading enterprise security programs across public and private sectors, including IPO readiness and post-IPO governance environments. Experienced in guiding organizations through multiple CMMC certifications, ensuring protection of Controlled Unclassified Information (CUI) and alignment with federal requirements. Expert in aligning cybersecurity strategy with business objectives to enable secure growth, reduce enterprise risk, and support regulatory compliance. Trusted advisor to executive leadership and boards with deep expertise in SOX, NIST, CMMC, IP, 21 CFR Part 11, GxP / cGMP and ISO frameworks.

VP of Information Security at StandardAero, Inc (2024-05 – Present)

Lead enterprise-wide cybersecurity strategy supporting a complex, regulated environment, including IPO execution and transition to public company governance.

• Led cybersecurity program through IPO readiness, aligning controls, risk disclosures, and governance with SEC and SOX requirements
• Established enterprise Information Security Program, including governance, policies, risk lifecycle, and metrics-driven reporting
• Directed protection of CUI, intellectual property, and sensitive data across global operations
• Implemented enterprise risk management and third-party risk programs
• Directed secure adoption of cloud, SaaS, and AI technologies
• Built scalable multi-cloud and hybrid security architecture
• Delivered board-level reporting and executive risk visibility

Chief Information Security Officer at City of Plano (2021-01 – 2024-05)

Provided executive leadership for city-wide cybersecurity strategy and operations across critical public infrastructure.

• Built and led enterprise Information Security Program and governance framework
• Developed and executed cybersecurity strategic plan aligned with business objectives
• Established incident response, business continuity, and disaster recovery programs
• Led cyber risk, intelligence, and fraud prevention initiatives
• Managed cybersecurity budget, prioritization, and program execution
• Delivered executive and board-level communication on cyber risk posture

Cybersecurity Principal / Lead Manager at DynCorp International (2016-11 – 2021-01)

Led cybersecurity operations and compliance initiatives supporting government and defense contracts, including successful execution of multiple CMMC-aligned programs and certification readiness efforts.

• Led implementation of NIST 800-53, NIST 800-171, and CMMC controls across multiple contracts
• Supported organizations through multiple CMMC certification and audit readiness efforts
• Directed vulnerability management, incident response, and security operations
• Led third-party risk assessments and SOC 2 alignment efforts
• Provided technical leadership across security architecture and toolsets
• Delivered cybersecurity consulting aligned to federal and regulatory requirements

Network Security Assistant Manager / Infrastructure Analysis Expert at NCR Corporation (2006-11 – 2016-11)

Managed large-scale network security operations supporting over 10,000 global sites.

• Led network security operations and incident escalation management
• Directed breach investigations and forensic analysis
• Managed firewall services and enterprise security infrastructure
• Delivered vulnerability assessments and penetration testing initiatives
• Supported development and deployment of enterprise security products
• Led log management, analytics, and threat detection initiatives

Master of Science in Computer Science (Cybersecurity Concentration)

Bachelor's in Economics & International Business