Principal, Cybersecurity Consulting
Ernst & Young
Patrick Hynes is a Principal in the Consulting Services practice of Ernst & Young LLP. Patrick leads Ernst & Young’s Cyber Threat Management (CTM) services for the west region of the US and is the national Cyber lead for the technology sector. The CTM team is dedicated to providing attack and penetration, incident response and threat detection and response services for EY clients. In his role Patrick is responsible for scoping and delivery of CTM services.
With more than 20 years of information security and forensic investigation experience, Patrick is a frequent speaker at industry and professional conferences and events and is widely consulted and quoted in media (Orange County Register, Chicago Tribune, Chicago Sun-Times, Irish Times, NPR, etc.). He has been integral in the development of EY’s proactive APT assessment methodology which has been successful at multiple clients in identifying command and control malware not previously detected by company’s anti-virus and DLP technologies. Patrick also helped co-develop and teach EY’s popular “eXtreme Hacking – Defending your Site” class and was a contributing author to the joint EY / ISACA book “Responding to Targeted Cyberattacks”.
Patrick also co-developed EY’s Forensic Imaging methodology program which was successfully used to image over 2,000 computers in less than 6 days in response to an FDA off label marketing compliance investigation. Patrick is a member of the University of Southern California Information Technology Program Forensics Advisory Board and holds memberships in the High Technology Crime Investigation Association, Information Systems Security Association, Association of Certified Fraud Examiners and Information Systems Audit and Control Association.
Engagement experience
- Managed and delivered attack and penetration assessments for gaming, technology, manufacturing, healthcare, energy, and financial service clients. This includes social engineering (physical and email phishing), internal network, remote access trojan (RAT) deployment, wireless, Internet and blackbox assessments.
- Assisted multiple retailers, technology companies, financial services, defense contractors, pharmaceutical, hospital, higher education, media and entertainment and global manufacturing clients in responding to cyber attacks directed by nation states (including the Advanced Persistent Threat or “APT”), Eastern European organized crime and international activist groups. Designed and implemented plans to reorganize and transform client environments to better complicate, detect and respond to current threats and organized attacks.
- Conducted computer forensics and eDiscovery in support of oil and gas, pharmaceutical, technology, internal company investigations into financial fraud, bribery (FCPA violations) and asset misappropriation.