Decades into a career in cybersecurity, Sean Finnegan knows one thing for sure: In this field, complacency may be the biggest threat of all.
“You can never get too comfortable,” said Finnegan, vice president of delivery at Coalfire Federal. “It’s a dynamic field, and what’s true today may not be true tomorrow. You must be vigilant, continuously improve, be able to adapt and anticipate tools and techniques used by adversaries.”
With over two decades of experience in cybersecurity, Finnegan spent his career helping organizations navigate an increasingly complex digital landscape. At Coalfire Federal, he oversees teams dedicated to strengthening cyber strategies for cabinet-level and independent agencies. He ensures Coalfire Federal cybersecurity professionals protect the customer mission and meet contract and quality objectives.
But Finnegan’s path into cybersecurity wasn’t the traditional route. A psychology major at George Mason University, Finnegan was initially unsure of his next steps after graduation.
“I was always interested in technology and started taking courses toward a Microsoft certification,” he said. “One thing led to another, and I got a job with a small Army contractor supporting the Department of Defense.”
He started as an information assurance analyst — a title he admitted he wasn’t even familiar with at the time. But his ability to adapt and continuously learn propelled him forward. The rise of mobile applications, cloud security and artificial intelligence added new dimensions to the ever-evolving threat landscape.
“The pace of change has picked up significantly,” Finnegan said. “That means there’s a need to get security services to market more quickly.”
Building a Strong Foundation
Before joining a company later acquired by Coalfire, Finnegan worked at Booz Allen Hamilton, where he provided cybersecurity solutions to federal customers. His transition to Coalfire Federal in 2014 brought on a welcome shift to gain experience across the full lifecycle of contracts.
“I liked the idea of working with a smaller company,” he said. “It was an opportunity to get more experience across business development, marketing, proposal support and delivery services.”
That transition allowed him to work closely with organizations aiming to mature their information security programs, particularly those audited under the Federal Information Security Modernization Act.
“It’s been fulfilling to help those organizations shape their overall programs, define and mature their processes and get them consistently implemented,” he said. “It’s rewarding to see them become more effective and efficient cybersecurity organizations and able to understand and prioritize risk to their mission.”
Beyond his technical expertise, Finnegan credits his early experiences in customer service for shaping his approach to leadership. As a teenager, he worked at a shoe store in Fair Oaks Mall near his home in northern Virginia.
“That was my first introduction to customer service,” he said. “To this day, I maintain that much of what I learned when I was a teenager working in a shoe store applies to the work we do today.”
From learning to manage up and down to working with different personalities, Finnegan found the fundamental principles of strong customer service translated well into cybersecurity consulting. He also had a mentor in that first job who instilled in him the importance of professionalism, a lesson that stayed with him throughout his career.
Creating a Solid Cyber Plan
Finnegan’s expertise lies in compliance, particularly with FISMA, which mandates cybersecurity standards across the federal government. However, he stresses that compliance alone is not enough to create a secure IT environment.
“Compliance is the bare minimum,” he said. “A solid plan includes identifying priorities, key assets and making risk-based decisions around those priorities. Risk management is a central theme in every organization.”
Finnegan noted organizations today are challenged with resource and budget constraints.
“There is a lot of uncertainty in those areas,” he said. “But the need to protect the confidentiality, integrity and availability of government information systems remains. Our community needs to bring innovation and identify more efficient ways to achieve desired outcomes.”
He encourages agencies to develop a clear risk profile of their assets and understand their supply chain to determine what’s most critical to their mission and prioritize accordingly.
“The key is doing what you can and making the most of the resources and support you have with teams like Coalfire Federal,” he said.
At Coalfire Federal, that focus on cybersecurity is sharp and unwavering, he said.
“That’s all Coalfire Federal has ever focused on,” Finnegan said. “We ensure organizations understand their risks and provide assessment and advisory support to fortify their security posture.”
While the threat landscape continues to evolve, so, too, must cybersecurity professionals. Flexibility and adaptability, Finnegan stressed, are critical to success.
“To be successful as a consultant in cybersecurity or as a consultant in general, you have to be flexible and adaptable,” he said. “Things are always changing, and you have to be able to evolve with the times.”
Beyond his work at Coalfire Federal, Finnegan is an active member of WashingtonExec, where he enjoys opportunities to engage with peers across the industry.
“It’s an opportunity for me to interact with people I might not necessarily have had the chance to meet otherwise,” he said.
In his personal life, Finnegan enjoys winter sports, playing pickleball and spending time with his Goldendoodle, Harper. He and his wife are also proud parents of two college-age children.