Matt Flora

Matt Flora specializes in cybersecurity and operational risk management and governance, with more than 12 years of experience. Mr. Flora serves as a strategic partner to executive leadership teams, helping them to improve cybersecurity maturity and reduce risk within their organizations.

Mr. Flora has a deep proficiency in implementing and auditing against leading security frameworks, including the NIST Cybersecurity Framework (“NIST CSF”), the Center for Internet Security’s Critical Security Controls (“CIS 18”), the HIPAA Security Rule and the New York State Department of Financial Services (“NYDFS”) Part 500. While his clients range across industries and sizes, Mr. Flora has a deep understanding of organizations in the healthcare, finance and education sectors.

In the healthcare sector, Mr. Flora assists enterprises in securing Protected Health Information (“PHI”). By conducting detailed HIPAA Risk Assessments and overseeing technical remediation, he helps organizations navigate the strict regulatory requirements of the Department of Health and Human Services and safeguard critical assets. He also has a deep understanding of the unique challenges faced by financial service organizations. Mr. Flora works with private equity, wealth management, family offices and fintech to understand their specific cybersecurity requirements, identify critical assets and build security programs that address top risks. Additionally, Mr. Flora works extensively with the education sector, from K–12 schools to higher education. Understanding the unique challenges of safeguarding student, parent and donor data, he works diligently with clients to identify risks to critical assets and implement mitigation strategies that align with organizations’ risk thresholds and resource restraints.

Prior to joining FTI Consulting, Mr. Flora was a Managing Director in the Technology & Cybersecurity Risk Advisory practice at a global consulting firm, where he focused on helping clients identify operational security weaknesses and develop robust procedures to mitigate enterprise-level risk. In this role, he focused on building out and managing cybersecurity strategy, risk and compliance programs for clients, including framework and risk assessments, policy development, employee training, compliance audits and third-party risk management.

Mr. Flora holds a B.S. in Marketing and Psychology from the University of Delaware. He is Certified in Risk and Information Systems Control (“CRISC”) and holds the Information Systems Audit and Control Association (“ISACA”) Cybersecurity Nexus Fundamentals (“CSXF”) designation. His unique educational background in behavioral psychology provides him with a specialized perspective on risk management and the behavioral drivers of cybersecurity vulnerabilities.