Matt Flora

Matt Flora specializes in cybersecurity and operational risk management, bringing close to 15 years of experience. Mr. Flora serves as a strategic partner to executive leadership teams, helping them to improve cybersecurity maturity and reduce risk within their organizations.

Prior to joining FTI Consulting, Mr. Flora was a Managing Director in the Technology & Cybersecurity Risk Advisory practice at a global consulting firm, where he focused on helping clients identify operational security weaknesses and develop robust procedures to mitigate enterprise-level risk. In this role, he focused on building out and managing cybersecurity strategy, risk and compliance programs for clients, including framework and risk assessments, policy development, employee training, compliance audits and third-party risk management.

Throughout his career, Mr. Flora has developed a deep proficiency in implementing and auditing against leading security frameworks such as the NIST Cybersecurity Framework and the CIS Critical Security Controls. He is particularly recognized for his work within the healthcare sector, where he assists enterprises in securing Protected Health Information (“PHI”). By conducting detailed HIPAA Risk Assessments and overseeing technical remediation, he helps organizations navigate the strict regulatory requirements of the New York State Department of Financial Services (“NYDFS”) and the Department of Health and Human Services.

Mr. Flora also works extensively with the education sectors, from K–12 schools to higher education. Understanding the unique challenges of safeguarding student, parent and donor data, he works diligently with clients to identify risks to critical assets and implement mitigation strategies that fall within organizations’ risk thresholds and resource restraints.

Mr. Flora holds a B.S. in marketing and psychology from the University of Delaware. He is Certified in Risk and Information Systems Control (“CRISC”) and holds the Information Systems Audit and Control Association (“ISACA”) Cybersecurity Nexus Fundamentals (“CSXF”) designation. His unique educational background in behavioral psychology provides him with a specialized perspective on risk management and the behavioral drivers of cybersecurity vulnerabilities.