Credit Union Cyber Security Solutions

LEO helps you build a cyber security program unique to your business and your customers.

LEO is dedicated to helping credit unions build custom, effective and cost-efficient Cyber Security programs. Just as each person is unique, so is each organization, which means that the challenges and priorities vary. From compliance to threat hunting and all steps in between, our work starts at the point of greatest impact.

Governance, Risk & Compliance (GRC)

NCUA Rules and Regulations, Part 748 define specific requirements that are challenging to implement and maintain. LEO professionals have extensive experience in testing and measuring GRC, ensuring that credit unions are protected from legal liability.

  • Compliance Audits

  • Strategic Risk Assessments

  • Business Impact Analysis

Chief Information Security Officer (CISO) Services

LEO provides seasoned, world-class, Cyber Security consultants, engineers, and practitioners to assist credit unions in some or all aspects of their Cyber Security programs, at a fraction of the cost.

  • Operational Cyber Security and CISO On-Demand

  • Strategic Planning and Secure Architecture

  • Report to the Board of Directors

  • Security Metrics


LEO’s Cyber Security Operations Stack easily and quickly helps Credit Unions meet multiple NCUA Automated Cybersecurity Examination Tool (ACET) security control domains including:

  • Threat Intelligence & Collaboration

  • Cybersecurity Controls

  • External Dependency Management

  • Cyber-incident Management and Resilience

“The Stack” provides Credit Unions with the ability to detect malicious behavior, track the events associated with the malicious behavior detection, and coordinate a response. The deployment and operation of “The Stack” requires no technical expertise from the Credit Union.

LEO offers Credit Unions free deployment and use of The LEO Cyber Security Operations Stack for a 90 day period. Please email if you are interested in the learning more.

Incident Response & Crisis Management

While it may not seem obvious, incident response is a function of many domains including legal, business, public affairs, security, and IT. Anticipation and preparation is critical to ensuring responsibilities are understood and coordinated effort is implemented. LEO borrows the methods employed by NASA to ensure the quickest and most effective incident response.

  • Simulations – From Tabletops to Full Scale Exercises

  • Incident Response Plans and Procedures

  • Threat Assessment with Predetermined Decision Matrix

Penetration Testing

LEO works to design custom pen tests, discerning all of the variables that will positively or negatively influence the results. Just as important, we assist the CU in applying the results to permanently lower risk, not just patch holes.

  • Network, Application, Physical Penetration Tests

  • Audit Finding Validation and Quantification

  • Various Models for Blue Team Interaction

Security Education & Training

Strengthen security education and training for your whole organization to make it harder for attackers to infiltrate your CU. They will move onto easier targets.

  • Leadership Briefs

  • Role Specific Training

  • Organizational Security IQ

Third Party Risk

In many cases, adversaries target our supply chain to reach us. LEO has a process for managing third-party partners that will mitigate the risks associated with provisioning them access to your data networks. LEO focuses specifically on operational security and contractual components to these engagements, ensuring legally enforceable requirements, as well as, sound security practices to protect you from risky partners.

Compromise Assessment

LEO’s Compromise Assessment is designed to identify signs of active, dormant, or past security breach. We gather telemetry from our proprietary security platform and apply advanced threat hunting analytics to investigate for signs of attacker recon, unauthorized network access, pivot signaling, and identification of persistence mechanisms used by attackers to remain hidden within a target network.


Charles Roberts

Charles “Charlie” Roberts is a seasoned senior executive with broad experience in all aspects of Operations, Management, Business Development, Insurance, and Marketing with over 30 years of experience in the credit union industry. Prior to joining LEO, he held various roles at American Share Insurance, Open Lending, Auto Financial Group, Austin Telco FCU, The Texas Credit Union League, Members Insurance and CUNA Mutual Insurance Group. Charlie also served as the CEO of Credit Union Loanstar Resources, providing creative lending solutions to Credit Unions that helped them expand their auto lending landscape.

Charlie understands the uniqueness of credit unions and how important it is to protect their member’s assets, from compliance to threat hunting and all points in between. With the help of LEO’s World Class Cyber Security Engineers and Practitioners, Charlie plans to help credit unions across the country build, strengthen and manage their Cyber Security operations.

Heath Renfrow

While the word “expert” is not one we at LEO use lightly, our Chief Information Security Officer, Heath Renfrow, is one. Mr. Renfrow has 19 years of global cybersecurity professional experience and is considered one of the leading cyber experts in the world. He has served as the CISO for multiple global organizations, most recently for United States Army Medicine where he was awarded the 2017 Global CISO of the year by EC-Council, the largest cyber-training body in the world. Mr. Renfrow holds a Bachelor of Science in Information Technology and a Master of Science in Cyber Studies. He also serves on the following boards: National CyberWatch Center Foundation, Association for Executives in Healthcare Information Security, University of Indiana Cyber Advisory Council, and Cyber Patriot Program Advisory Council. Like we said, Mr. Heath Renfrow is a cyber expert.

Rod Holmes

In Cyber Security, experience and passion for protecting information are crucial. Rod Holmes, one of our senior Chief Information Security Officers, has both. For nearly 30 years, Rod has worked in some form of Cyber Security. He started his career at Johnson Space Center, and he rose through the ranks to become a leading security leader at Marathon Oil. Rod has designed and managed many corporate information security programs, including multiple initiatives to integrate operational technology security in the industrial control systems (ICS) world with corporate IT security. Certifications? He has those, too. Rod is a Certified Information Systems Security Professional (CISSP) and has advanced degrees from Texas A&M University. We know our information is in good hands with Rod Holmes on our team.

David Tompkins

David is our mountaineer and growth-master. He’s been to the summit and back multiple times holding leadership and founding roles in some of the industry’s most respected cyber advisory and technology providers. His last trek was with FireEye-Mandiant as an original member of the founding team resulting in one of the biggest IPOs in InfoSec history. Following the acquisition of Mandiant, David jumped into the real fight going behind enemy lines helping companies and governments battle through some of the greatest breaches in history.

Toby Mattson

A newer face to the LEO Family, Toby Mattson has already proven to be a valuable addition to the team. It may be because of his more than 25 years of experience working for or selling in the credit union space, including being the Director of Sales and Marketing at American Share Insurance, which has given him a profound understanding of the industry. It could also be Toby’s list of hobbies that include playing basketball at 5:30 a.m. while many of us are still sleeping, crafting the perfect bowl of mac ‘n cheese, and Pilates (his newest endeavor). No matter what, we’re excited to have him as an integral part of our team.


Justin Silbert brings a wealth of knowledge and experience from DOD and Civilian world. As CISO of what is now the Walter Reed National Military Medical Center, he managed cyber security as the hospital transitioned into the nation’s most important Joint Military Medical Facility. His expertise focuses on applying sound security practices across a spectrum of systems and environments, from certified medical devices to shared research systems. Through his work, his goal is to improve the health of organizational leaders, by providing a cyber security program that allows them to sleep better and worry less.