David London

Managing Director, Cybersecurity

David London is a Managing Director at The Chertoff Group, where he helps companies address their most pressing cybersecurity risks.

David works with clients to strengthen cyber governance, apply threat-informed defense and prioritize security investments. He assists operational personnel and senior decision-makers to effectively mitigate and manage cyber threats. David also helps organizations address software supply chain risk exposure and associated regulatory expectations. He leads cybersecurity engagements in financial services, retail, energy, technology and other critical infrastructure sectors. Prior to joining The Chertoff Group, David spent nine years at Booz Allen Hamilton where he strengthened cyber resilience capabilities for the U.S. government and commercial clients. He led the design and development of some of the highest-profile cyber exercises in the world including the Department of Homeland Security’s Cyber Storm and NERC’s Grid Security Exercise. David has delivered dozens of cyber exercises and preparedness engagements over his career. In November 2022, David was appointed as a cybersecurity expert to the Advisory Board of NowNow, a digital banking platform founded in Nigeria.

Engagement Highlights

  • Designed and implemented a cybersecurity risk management taxonomy and program for a major financial institution in close coordination with the entity’s enterprise risk management
  • Conducted application security lifecycle review for a major software provider, piloting NIST’s Secure Software Development Framework (SSDF) to assess software security practices and navigate national security risks and perceptions.
  • Directed cybersecurity program resourcing and benchmarking assessment of one of the world’s largest online travel companies to baseline existing spend and optimize future security investments across portfolio companies.
  • Led C-suite cyber exercises that stress-test enterprise response and resilience to a disruptive cyber event for major financial institutions, manufacturers, and other critical infrastructure.
  • Conducted board briefing for Fortune 500 company to communicate cyber threat landscape, effective risk measurement and board-level oversight expectations


  • Cybersecurity Maturity, and Effectiveness Measurement and Reporting
  • Threat-informed Defense Program Design and Implementation 
  • C-suite and Operational Cybersecurity Exercises and Training 
  • Cyber Governance, Resource Prioritization, and Risk Management Architecture 
  • Software Supply Chain Security, Transparency and Regulatory Alignment 


  • Certified Information Systems Security Professional (CISSP)
  • Project Management Professional (PMP)


  • M.B.A., George Washington University
  • B.A., Emory University

Recent Publications

More Publications, Interviews and Panels

Let's Talk.

Let's explore ways we can help you manage risk or position for strategic growth.

202.552.5280 | Mon. – Fri. 8:00 AM – 5:00 PM EDT