About Our Team

Leviathan was formed by the principals of @stake, Guardent, Symantec, and Foundstone when they decided to collaborate and combine the expertise from their decades of information security experience. Over the years, we have added research, education, and security strategy experts to expand our client offerings, training programs, and business structure.

The members of Leviathan Security Group are dedicated to integrated Risk Management and Information Security solutions that are not just patches, point fixes, or checking off little boxes with red ink pens. Rather, our methodology helps our clients/governments to understand and mitigate their business and technology risks. We help them take the next steps in their evolution and help them maintain their stellar reputations.



Frank Heidt leads Leviathan’s executive management team as Chief Executive Officer.  As the creator of Leviathan's innovative business structure, Frank Heidt is responsible for designing Leviathan and bringing together security professionals with diverse backgrounds from premier consultancies, industries, and government agencies.

Frank is a recognized expert in the fields of information assurance, network security, and systems penetration. Prior to forming Leviathan, Frank was a Managing Security Architect for @stake and headed up their Pacific Northwest practice. He also engaged in various computer security related work for the Department of Defense. In his capacity as one of the DOD's civilian Information Systems Security Officers (ISSO), he was responsible for securing several large networks for the Department of the Navy.

Frank has been a Visiting Lecturer at the United States Army War College, the United States Navy War College, and the Naval Post Graduate School on the subject of defensive information warfare and military computer systems security. 

Chad Thunberg is Leviathan's Chief Operating Officer, responsible for managing the Professional Services Organization and maintaining Leviathan's reputation for industry leading research and high quality consultative services. His responsibilities also include assisting Leviathan's fortune 100 customers with development of security strategies, implementation of large scale security initiatives, and integrating security into the development lifecycle.

Chad specialized in Information Security for more than a decade before joining Leviathan as a founding member. He came from Washington Mutual where he was responsible for translating regulatory and business requirements into enterprise security solutions. Chad also leads the team responsible for the proactive identification of process and technology vulnerabilities as part of the enterprise secure development lifecycle.

Previously, Chad was a Security Consultant with Guardent, where he was responsible for developing and improving Guardent's security methodologies and managed services platform. In addition, he acted as a mentor and leader for the west coast security practice. He also assisted Fortune 100 customers with innovative solutions for reducing their overall technology risk through the maturation of process and technology.

James Arlen is Leviathan's Director of Risk and Advisory Services. He is responsible for the development and delivery of Leviathan's professional services, assisting executive clients to develop and implement their information security policies and strategic plans.

Over the past twenty years, James has delivered information security solutions to Fortune 500, TSE 100, and major public-sector organizations. In both a consultant and staff member role, James has led business and technical teams of professionals in both tactical short-term projects and multi-year organizational change initiatives. James has held key contributor roles, including both being the CISO of a publicly traded financial institution and being the Information Security Coordinator at a large-scale power utility. Among other major technical accomplishments, James has architected and built multi-million dollar security infrastructure, handled incident response and event containment, written multiple policy and standards suites, and completed penetration testing activities as both a leader and as a team member. 

James is involved in information security policy, process, and procedure improvements for internationally-known manufacturing and financial organizations. James is also a frequent speaker at industry conferences, and his commentary can often be found in trade publications. James is a prolific contributor to standards bodies, having been an author for the Cloud Security Alliance's CloudAudit, Guidance for Critical Areas of Focus in Cloud Computing, and Certificate of Cloud Security Knowledge (CCSK) training and testing material; he also serves as one of the CCSK instructor trainers. He was also a contributor to the ISACA-published whitepaper "Guiding Principles for Cloud Computing Adoption and Use."

In addition to being a Certified Information Systems Auditor (CISA), James has been Certified in Risk and Information Systems Control (CRISC) by ISACA. James also holds the Certified Information Systems Security Professional (CISSP) credential.

GPG: 4096R/F52ACCC4 2013-07-04 [expires: 2017-07-03] A85A 0B43 AE60 CF3C 2A43  DB1A 0420 981E F52A CCC4

Chad Larsen is Leviathan's Director of Technical Services. He has more than 18 years of experience in information security. He has extensive experience in program management, security architecture, security best practices, security assessments, and professional auditing. He has honed his skill sets through years of engineering, architecting, designing, and deployment of operating systems, software, and networks of all variations.

Chad holds multiple technology patents in security and application development. Mr. Larsen has also been certified in the past as a Qualified Security Assessor (QSA) and Payment Application - Qualified Security Assessor (PA-QSA) by the PCI Security Standards Council. 

Chad possesses advanced knowledge in attack methodologies, penetration testing, threat modeling, black box analysis, packet inspection, active intrusion detection, covert channels, source code auditing, and forensics. His former clients range from world leaders in financial transactions to independent business owners.  Chad has consulted in almost every conceivable industry, including banking, payment providers, food and beverage, hospitality, travel, lodging, entertainment, communications, commercial development, software development, automotive, medical, and non-profit. 

Before joining Leviathan, Chad was the Lead TPM in Global Payments Security at Amazon.com. He built the two main pillars of the Payments Security team, those being the External Party Review and Payment Application and System Security programs. 

GPG: 2048R/44AF180E 2013-09-04 [expires: 2017-09-04] 96D2 AE72 35F7 F772 39FE  655B 1555 0905 44AF 180E

Join our team. Check out our careers page.