Shay Colson is a Principal and Managing Partner at Coastal Cyber Risk Advisors, LLC, where he leads the firm’s Cyber Due Diligence service line. He has deep experience working with privately held financial services, healthcare, technology, and consumer products companies, and has conducted diligence work on more than $50B worth of private capital transactions. He works regularly with Private Equity clients and their portfolio companies to identify cyber risk, develop strategic risk management capabilities, and use cybersecurity to support business growth and target valuations.

Prior to CCRA, Shay led the North American Cyber Due Diligence practice for Kroll, a leading global consulting firm. In this role, he focused on buy-side support for deal sizes from $100 Million – $5+ Billion. Targets ranged from strategic acquisitions to large take-privates. He was responsible for ensuring that cyber risk was properly identified and accounted for during the transaction, with mitigations planned for post-transaction, and partnered closely with Transaction Advisory Services, Valuation Advisory Services, Internal and External Technical Due Diligence teams, and Outside Counsel. Before building the Cyber Due Diligence practice, Shay served as Product and Security Lead for Kroll’s Clarity platform, a cloud-native assessment platform purpose built to help Fortune 100 clients understand and navigate complex cyber risk decisions at scale. He worked directly with clients and engineering teams to achieve alignment and deliver value.

Prior to joining Kroll, Shay led vulnerability identification and technical security efforts at the U.S. Department of the Treasury as a Senior Security Engineer. He was responsible for security architecture and security control reviews for deployments of new technology platforms (COTS, SaaS, and custom developed) on AWS GovCloud.

Previously, Shay served as the Chief Information Security Officer at Medical Information Network – North Sound, a regional health information exchange supporting multiple hospital systems and Department of Defense / Veterans Affairs installations. In this role, he led strategic risk assessment and remediation activities, coordinated daily security operations and created a sustainable security taxonomy designed to scale.

He has held numerous other information assurance and exponential impact positions, including with the United States Senate, the Cloud Security Alliance, as a consultant to critical infrastructure and private aviation firms and has co-founded and worked for several startups in both San Francisco and New York.

He earned a BA from the University of Washington, where he was a member of the crew team, and holds an MS from Syracuse University.

He is a Certified Information Systems Security Professional (CISSP).