Privacy & Security program development and testing


If you're a small/medium-sized company seeking to develop a credible and effective privacy/security program ... If you're a CISO of a large company seeking expert cloud penetration testing services or better communications with your Board ... 

You've come to the right place! 

Our staff hold key certifications and have years of privacy and security experience in operational, facilitation, and consulting capacities within Fortune 500 companies.   

Founded in 2014, MyDataOnly, Inc. is dedicated to improving the confidentiality and integrity of personal and private information.  We do this by implementing effective security measures that are thoroughly tested from the perspectives of an ethical hacker.  And we're developing a patent to boot.  Literally.

Please contact us below.  We'd like to share our years of experience with you!

About MyDataOnly, Inc.

Founder and CEO, Thomas M. Scurrah

FOUNDER and ceo, Thomas M. Scurrah

  • For over 20 years, Tom has practiced as a cyber security professional in the following capacities: (1) an executive director of information security for  Verizon Corporation; (2) a consultant in two cyber security consulting firms, which he co-founded and managed; and (3)  a facilitator of teams of CISOs and security professionals from over 200 Fortune 2000 companies. 

  • As Chief Content Officer and Lead Facilitator of the Gartner CISO Coalition for over  four years, Tom significantly contributed to the development of its key products and supported the growth of new clients.  Tom facilitated teams of security professionals from multiple companies, in the following subject areas: Security Metrics, Cloud Computing, IoT, ICS-SCADA, GDPR, International Privacy Law, China Data Protection Law, Information Governance, Insider Threat, Role of the CISO, Mergers-Acquisition Security, Orchestration, Office 365, Malware/Ransomware, Incident Management, Threat Intelligence, Endpoint/Mobile, Cross-Border Data Transfer, Defensible Disposition, Identity and Access Management, Risk Assessment Methodologies, Point of Sale Systems, Law Enforcement, Security Operations Center (SOC), Third Party Security, Applications Security, Unstructured Data, Vulnerability Management, and White-Hat Hacking.

  • Tom is a Marine Corps veteran, a graduate of MIT's Sloan School, and holder of the following certifications: CISSP, CISM, CIPP/US, and PCIP.


MH Milton, Chief Penetration Tester

Over 10 years of experience in network engineering and penetration testing 


Joe Wholley, Program Support Specialist

Over 30 years of experience in network design, support and engineering at Verizon Corporation

ISO 27001 program support expert

TC Hobbins, Application Testing Specialist

Over 10 years of experience in software engineering and penetration testing

Proficient in multiple software languages


Asgard Managed Services

Business Continuity and Disaster Recovery Services

CyberEnsure LLC

PCI-DSS Support Services 

Qualified Security Assessor for the Payment Card Industry



board and executive advisory

Understanding Your Security Program 

  • Security 101: Fundamentals for Executives
  • Privacy & Security: Historical and futuristic perspectives
  • Your company’s privacy and security profile
  • Your fiduciary and transformational roles

Developing Program Insights for Effective Decision Making 

  • Questions to ask your security team
  • Interpreting the answers to those questions
  • Current industry breach and security developments
  • Techniques for effective program guidance


Measuring Program Effectiveness and Improvement

  • Setting the Boardroom security agenda
  • The top 10 security metrics you must continuously monitor
  • Measuring your Program against the industry
  • Baselining your Program for continuous improvement

Engaging a Virtual CISO / Cyber Security Professional

  • Advisory member of the Board
  • Security Program leadership
  • Fully outsourced security services
  • Staff augmentation

privacy & security program FOUNDATIONAL SERVICES

  • Policy and procedures development
  • Risk and compliance assessments
  • User and security staff education
  • Security architecture and technology implementation

governance, RISK and compliance

  • ISO 27001 ISMS development
  • Establishment of and support to your Governance Committee
  • Complying with privacy laws and regulations
  • PCI-DSS assessment preparation
  • Third Party security
  • Security metrics


  • Applications and infrastructure vulnerabilities scanning
  • Security controls testing
  • Internal and external penetration testing (Cloud and On-Prem environments)
  • Remediation guidance and support

incident & business continuity management & support

  • Creating an effective incident management plan
  • Developing a business continuity capability
  • Developing third party notification procedures
  • Breach reporting assistance and support

Contact Us

for more information and A complimentary security evaluation questionnaire


3 Allied Drive, Suite 303, Dedham, MA 02026

(781) 742-7290 (617) 548-3044 (Mobile)


Monday - Friday: 9am - 5pm

Saturday - Sunday: Closed