Kevin Stallard
aka "Uncle Grimmy" — CISO • CTO • Founder
38 years breaking systems, fixing organizations, and telling executives things they didn't want to hear.
Still going. Still not sugarcoating it.
The Man Behind the Tape
About Uncle Grimmy
"I started in this industry when the biggest threat was someone calling your help desk and sweet-talking them into a password. We've added a few zeros to the damage numbers since then, but the root cause is still the same: humans doing dumb things because nobody told them better. That's where I come in." — Kevin Stallard, every onboarding call ever
Look, here's the short version: Kevin Stallard has been doing information security since 1988 — which means he was writing security policies while most of today's "cybersecurity influencers" were still in diapers. He's the kind of CISO who actually shows up in the server room at 2 AM, not just the board room at 2 PM.
He built ThreatTape because after 38 years of watching organizations make the same preventable mistakes over and over again, he got tired of watching the industry sell snake oil instead of solutions. No buzzword bingo. No vendor-sponsored FUD. Just real security delivered by someone who's seen every flavor of breach, every type of executive denial, and every compliance theater production imaginable.
You want credentials? He's got 'em. CISSP. CISM. Certified Blockchain Professional. A B.S. in Information and Computer Science from Kennesaw State / Georgia Tech. Three approved patents and thirteen pending across fintech, gaming, and information security — because when you can't find the right tool, you build it. He's served as an expert witness in patent litigation proceedings, which means he's sat across the table from some very expensive lawyers and held his own.
He's also the guy who briefed Christie Golden on hacking so Assassin's Creed: Heresy would get the details right. And he ran the Dragon Con Video Gaming Track for twenty straight years. Because being one of the most decorated security executives in the Southeast doesn't mean you have to stop being a human.
"Security isn't about perfection. It's about not being the slowest gazelle. We don't sell silver bullets. We give you the blunt truth and the actual battle plan."
Right now he's doing what he always does: solving problems that shouldn't exist but do. At ThreatTape, the product bench includes EDD-i (AI-driven compliance across eight major frameworks — because nobody should suffer through compliance spreadsheets in 2026), CGAP (governance scoring for private equity firms that finally tells PE operators what their portfolio risk actually looks like), and ThreatTape Recon (automated recon and OSINT platform for pentesters who are tired of cobbling together five different tools). He's founded Ostraq, an election security platform built on zero-knowledge cryptography, blockchain audit trails, and post-quantum encryption — because democracy deserves better infrastructure than the lowest bidder provides. He secured an international government contract with Zambia requiring Azure infrastructure and data protection compliance. And he's actively pestering Georgia legislators about Safe Harbor legislation, because CISOs who do the right thing shouldn't face personal liability for it.
He's not here to make you feel good about your security posture. He's here to make your security posture actually good. There's a difference, and most vendors are counting on you not noticing.
Career History
38 Years in the Trenches
From dial-up abuse engineering to post-quantum election security. The hits — and the war stories.
- Founded ThreatTape LLC — cybersecurity consulting and product development firm
- Built EDD-i: AI-driven compliance platform covering 8 major frameworks (CIS, ISO, FedRAMP, CMMC, SOC 2, HIPAA, NIST CSF, PCI DSS)
- Built CGAP: Cyber Governance Assurance Platform for private equity governance scoring and portfolio monitoring
- Built ThreatTape Recon: automated penetration testing and OSINT platform with TOR-anonymous scanning
- Founded Ostraq — election security platform with zero-knowledge cryptography, blockchain audit trails, and post-quantum encryption (ML-KEM-1024); secured Zambia government contract
- Expanding into sports tech (eCombine, ETrax, ConManagement) and gaming (Drifter, Roc, Trench Defense, d20 Craps)
- Active advocacy for Georgia cybersecurity Safe Harbor legislation with state legislators
- Led enterprise security strategy for major gaming franchises (Call of Duty, World of Warcraft, Diablo) during Microsoft's $69B acquisition
- Managed security operations across 100,000+ endpoints on 5 cloud platforms (AWS, Azure, GCP, Oracle, OpenStack) with $20M annual budget
- Directed team of 6 senior architects; orchestrated IAM and network integration across 35 game studios during post-merger unification
- Reduced Mean Time to Resolution (MTTR) 40% through standardized Zero Trust implementation and automated incident response
- Built enterprise threat intelligence and AI-powered threat hunting programs spanning 12 international offices
- Chaired Security Control Review Board overseeing risk governance for 1,500+ business applications
- Reduced regulatory audit preparation time 40% across OCC, FDIC, and international examinations
- Cut critical vulnerabilities 35% through SaaS hardening (Salesforce, Workday, ServiceNow) and DevSecOps integration
- Directed CDC's global cybersecurity response during Ebola outbreak, coordinating secure communications across 75+ countries
- Partnered with CIA, FBI, DIA, and Scotland Yard on incident response, threat mitigation, and intelligence sharing
- Achieved 85% reduction in security incidents and 99.92% vulnerability decrease for healthcare clients
- Served as expert witness in patent litigation; prepared organization for DIACAP audit from zero baseline in 18 months
- Managed CDC Secure Data Network IAM systems; FISMA/HIPAA compliance using NIST 800-53
- Prevented $45M in fraud losses; achieved 90% spam reduction; secured federal CAN-SPAM convictions
- Reduced StealthWatch build time 90%; supported Common Criteria certification
- RealSecure platform — Network Magazine Product of the Year (1999 and 2000)
- Started in IT infrastructure and network operations at Georgia Tech OIT (1991–1994)
- Internet Systems of Atlanta (1994–1996) — back when the internet was still figuring itself out
- AirTouch Cellular (1996–1998) — because even cell networks needed someone paying attention to security
Credentials & Expertise
The Paperwork (and the Real Stuff)
Kennesaw State University / Georgia Institute of Technology
CISM — Certified Information Security Manager
Certified Blockchain Professional
Domains: fintech, gaming, and information security technologies
Dragon Con Video Gaming Track Director, 20 years (2003–2022)
Core Competencies
The Philosophy
Why ThreatTape Exists
"The cybersecurity industry has a bullshit problem. Everyone's selling fear and complexity because fear and complexity are profitable. I'm here to sell competence instead. Turns out that's a harder pitch, but the results are a lot better."
ThreatTape was built on one premise: most organizations aren't failing at security because of lack of budget or lack of technology. They're failing because nobody's giving them straight answers. Vendor pitches are engineered to create fear. Consultants bill by the hour and have no incentive to actually fix things. Compliance frameworks are written by committee and optimized for checkbox-checking, not actual risk reduction.
After 38 years of watching this play out — at IBM, EarthLink, Northrop Grumman, U.S. Bank, Microsoft/Activision — Kevin Stallard decided to do something about it. ThreatTape delivers the kind of blunt, experience-backed security guidance that most organizations only get after a very expensive breach.
We build tools that work in the real world. On the security side: EDD-i for compliance without the spreadsheet hell, CGAP so PE firms can actually see governance risk across their portfolio, ThreatTape Recon for automated recon that pentesters can trust, and Ostraq for elections that cryptographers can actually trust. On the software side: ConManagement for events that don't fall apart under load, eCombine and ETrax for sports scouting and athlete management, and a gaming division because sometimes you build what you love. Real products solving real problems. No demo-ware. No roadmap vapor.
The tagline "Security with Attitude" isn't just marketing copy. It's a commitment to saying what needs to be said, building what needs to be built, and not pretending everything is fine when it clearly isn't.
Ready for Some Honest Security Advice?
No pitch decks. No BS. Just an experienced CISO who will tell you what's actually broken and help you fix it.