Credit Union Cybersecurity Solutions

LEO helps you build a cyber security program unique to your business and your customers.

LEO is dedicated to helping clients build custom, effective and cost-efficient cyber security programs. Just as each person is unique, so is each organization, which means that the challenges and priorities vary. From compliance to threat hunting and all steps in between, our work starts at the point of greatest impact.

Governance, Risk & Compliance (GRC)

NCUA Rules and Regulations, Part 748 define specific requirements that are challenging to implement and maintain. LEO professionals have extensive experience in testing and measuring GRC, ensuring that credit unions are protected from legal liability.

  • Compliance Audits

  • Strategic Risk Assessments

  • Business Impact Analysis

Chief Information Security Officer (CISO) Services

LEO provides seasoned, world-class, cyber security consultants, engineers, and practitioners to assist credit unions in some or all aspects of their Cyber Security programs, at a fraction of the cost.

  • Operational Cyber Security and CISO On-Demand

  • Strategic Planning and Secure Architecture

  • Report to the Board of Directors

  • Security Metrics

Security Monitoring & Threat Hunting

LEO’s Security Monitoring platform incorporates comprehensive visibility through analyzing network traffic as well as endpoint activity, painting a contextualized picture of the network. Our analysts take a proactive approach, hunting for attackers before they can inflict damage.

  • Detect, Contain, and Eradicate Adversaries Targeting Your Organization

  • Network and Host Forensics

  • Insider Threat Detection

Incident Response & Crisis Management

While it may not seem obvious, incident response is a function of many domains including legal, business, public affairs, security, and IT. Anticipation and preparation is critical to ensuring responsibilities are understood and coordinated effort is implemented. LEO borrows the methods employed by NASA to ensure the quickest and most effective incident response.

  • Simulations – From Tabletops to Full Scale Exercises

  • Incident Response Plans and Procedures

  • Threat Assessment with Predetermined Decision Matrix

Penetration Testing

LEO works to design custom pen tests, discerning all of the variables that will positively or negatively influence the results. Just as important, we assist the CU in applying the results to permanently lower risk, not just patch holes.

  • Network, Application, Physical Penetration Tests

  • Audit Finding Validation and Quantification

  • Various Models for Blue Team Interaction

Security Education & Training

Strengthen security education and training for your whole organization to make it harder for attackers to infiltrate your CU. They will move onto easier targets.

  • Leadership Briefs

  • Role Specific Training

  • Organizational Security IQ

Third Party Risk

In many cases, adversaries target our supply chain to reach us. LEO has a process for managing third-party partners that will mitigate the risks associated with provisioning them access to your data networks. LEO focuses specifically on operational security and contractual components to these engagements, ensuring legally enforceable requirements, as well as, sound security practices to protect you from risky partners.

Compromise Assessment

LEO’s Compromise Assessment is designed to identify signs of active, dormant, or past security breach. We gather telemetry from our proprietary security platform and apply advanced threat hunting analytics to investigate for signs of attacker recon, unauthorized network access, pivot signaling, and identification of persistence mechanisms used by attackers to remain hidden within a target network.


LEOs are legends. They accumulate years of experience filled with noteworthy ideas. Take Andrew Hay for example, with 20 years in the field he held important roles in a number of internationally recognized companies – including having worked in the information security office (ISO) of Capital G Bank, Ltd. (now Clarien Bank Bermuda) in Hamilton, Bermuda. He is a Co-Founder of LEO and currently serves as the Chief Technology Officer (CTO). The sparks trailblazers leave grab the attention of major media stories and Andrew has been the lead of most. Featured in periodicals like Forbes, Bloomberg, USA Today and several others.

Charles Roberts

Charles “Charlie” Roberts is a seasoned senior executive with broad experience in all aspects of Operations, Management, Business Development, Insurance, and Marketing with over 30 years of experience in the credit union industry. Prior to joining LEO, he held various roles at American Share Insurance, Open Lending, Auto Financial Group, Austin Telco FCU, The Texas Credit Union League, Members Insurance and CUNA Mutual Insurance Group. Charlie also served as the CEO of Credit Union Loanstar Resources, providing creative lending solutions to Credit Unions that helped them expand their auto lending landscape.

Charlie understands the uniqueness of credit unions and how important it is to protect their member’s assets, from compliance to threat hunting and all points in between. With the help of LEO’s World Class Cybersecurity Engineers and Practitioners, Charlie plans to help credit unions across the country build, strengthen and manage their cybersecurity operations.

Heath Renfrow

Mr. Heath Renfrow has served the Chief Information Security Officer for multiple global organizations, and most recently as the CISO for United States Army Medicine, where he was awarded the 2017 Global CISO of the year by EC-COUNCIL, the largest cyber training body in the world. Mr. Renfrow has 19 years of global cyber security professional experience, and is considered one of the leading cyber experts in the world. He holds Bachelors in Science in Information Technology and a Master’s of Science in Cyber Studies. He also serves on the following boards: National Cyberwatch Center Foundation, Association for Executives in Healthcare Information Security, University of Indiana Cyber Advisory Council, and Cyber Patriot Program Advisory Council.

Rod Holmes

Rod Holmes has worked in some form of cybersecurity for nearly 30 years and has a healthy passion for protecting information. Beginning his career at Johnson Space Center, Rod rose through the ranks to become a leading security leader at Marathon Oil. Rod has designed and managed corporate information security programs, including multiple initiatives to integrate operational technology security in the industrial control systems (ICS) world with corporate IT security. Rod is a Certified Information Systems Security Professional (CISSP) and has advanced degrees from Texas A&M University.

David Tompkins

David is our mountaineer and growth-master. He’s been to the summit and back multiple times holding leadership and founding roles in some of the industry’s most respected cyber advisory and technology providers. His last trek was with FireEye-Mandiant as an original member of the founding team resulting in one of the biggest IPOs in InfoSec history. Following the acquisition of Mandiant, David jumped in to the real fight going behind enemy lines helping companies and governments battle through some of the greatest breaches in history.