Helping Organizations Build Trust in Data, Security, and Change

I help organizations build the capabilities, controls, data practices, and shared services needed to operate with confidence in complex, regulated environments.

I’m Terry Baresh, a certified business analysis professional with deep experience across cybersecurity analysis, data management, data governance, change management, project leadership, and enterprise capability development.

Throughout my career, I have worked at the intersection of people, information, technology, and organizational change. From military service and human services to technology leadership, cybersecurity, business analysis, and data governance, a common thread has remained constant: helping organizations make better decisions through trust, clarity, accountability, and shared understanding.

Today, that journey continues through my work in cybersecurity, data management, governance, analytics readiness, and professional community leadership.

---

Where Cybersecurity, Data, and Business Change Meet

Modern organizations do not solve cybersecurity, data governance, or AI readiness challenges in isolation. Success depends upon trusted information, clear accountability, effective controls, strong business analysis practices, and leadership capable of connecting technology decisions to business outcomes.

My work focuses on bringing those disciplines together to help organizations reduce risk, improve decision-making, and build sustainable capabilities that support long-term success.

---

Core Areas of Focus

My work spans multiple disciplines, but all are connected by a common objective: helping organizations build trust, reduce risk, improve decision-making, and create sustainable capabilities that support long-term success.

Cybersecurity Business Analysis

Cybersecurity is often perceived as a technical discipline focused on tools, controls, compliance requirements, and defending systems from attack. While technology plays an important role, effective cybersecurity begins with understanding what the organization values, the risks it faces, and the capabilities necessary to protect critical assets while enabling the business to achieve its mission.

My work focuses on helping organizations move beyond technology-centric security programs toward risk-informed, capability-driven approaches that align cybersecurity investments with business objectives. Rather than beginning with security tools or technical controls, I help leaders identify what must be protected, understand how value is created, assess threats and vulnerabilities, and establish the governance, operating models, and capabilities required to manage risk responsibly.

Drawing upon business analysis, governance, organizational change, risk management, and cybersecurity disciplines, I help organizations integrate security into strategy, architecture, solution delivery, operations, and decision-making processes. This includes supporting security transformation initiatives, Zero Trust programs, governance development, risk assessments, security requirements analysis, and efforts to embed security into organizational culture.

At its core, cybersecurity is not simply about preventing bad things from happening. It is about building trust, resilience, accountability, and confidence in an increasingly connected and complex world.

Core Capability Areas

Cybersecurity Strategy & Capability Development

Cybersecurity programs are most effective when they are aligned with business objectives and supported by clearly defined capabilities. This includes understanding current-state maturity, identifying capability gaps, establishing priorities, and developing roadmaps that support long-term organizational resilience.

Why it matters:

Organizations often invest heavily in technology without fully understanding whether the capabilities needed to manage risk effectively have been established.

Risk Management & Risk-Informed Decision Making

Cybersecurity ultimately exists to support informed decisions about risk. Effective programs help leaders understand threats, vulnerabilities, consequences, likelihood, and risk tolerance so that resources can be allocated appropriately.

Why it matters:

Organizations cannot eliminate risk, but they can make better decisions when risks are understood, communicated, and managed consistently.

Security Governance & Accountability

Governance establishes decision rights, accountability structures, oversight mechanisms, policies, and standards that guide cybersecurity activities across the organization.

Why it matters:

Without governance, cybersecurity efforts become fragmented, inconsistent, and difficult to sustain.

Zero Trust Architecture & Planning

Zero Trust shifts security thinking away from assumptions of trust and toward continuous verification, least privilege, segmentation, monitoring, and adaptive controls.

Why it matters:

Modern organizations operate in environments where traditional network boundaries no longer provide sufficient protection for critical assets and information.

Security Requirements & Business Architecture

Effective security begins long before technology is implemented. Security requirements analysis helps organizations identify and communicate expectations regarding confidentiality, integrity, availability, privacy, resilience, and regulatory compliance.

Why it matters:

Security that is incorporated during planning and design is generally more effective and less costly than security added after implementation.

Threat Modeling & Risk Scenario Analysis

Threat modeling helps organizations understand how systems, processes, data, and business capabilities may be attacked, disrupted, misused, or compromised.

Why it matters:

Understanding potential threats enables organizations to prioritize controls and mitigation strategies based on actual risk rather than assumptions.

Secure Solution Delivery & Shifting Security Left

Shifting security left integrates security considerations into planning, requirements, design, development, testing, and deployment activities.

Why it matters:

Identifying and addressing security concerns earlier in the lifecycle reduces risk, lowers costs, and improves solution quality.

Regulatory Compliance & Control Frameworks

Organizations often operate within regulatory environments requiring adherence to industry standards, laws, and control frameworks.

Why it matters:

Compliance alone does not guarantee security, but understanding regulatory obligations is essential for managing legal, operational, and reputational risk.

Security Culture, Awareness & Human Factors

Technology alone cannot protect an organization. Effective cybersecurity depends upon people understanding their responsibilities, recognizing risks, and making informed decisions.

Why it matters:

Human behavior remains one of the most significant factors influencing both organizational resilience and cybersecurity outcomes.

Resilience, Recovery & Business Continuity

Organizations must be prepared not only to prevent incidents but also to respond, recover, adapt, and continue operating when disruptions occur.

Why it matters:

Resilience determines how effectively an organization can sustain operations, protect stakeholders, and recover from adverse events.

Data Management & Governance

Organizations increasingly depend on data to support operations, regulatory obligations, analytics, artificial intelligence, and strategic decision-making. Yet many struggle to answer fundamental questions about the data they rely upon: Where did it originate? Can it be trusted? Who is accountable for it? Is it fit for its intended purpose?

My work focuses on helping organizations develop the capabilities necessary to manage data as a strategic business asset. Rather than treating governance, quality, metadata, stewardship, architecture, and analytics readiness as independent initiatives, I help organizations understand how these disciplines work together to create trust, accountability, and confidence in data.

Effective data management is not simply about policies, tools, or compliance. It is about establishing the organizational structures, processes, roles, technologies, and behaviors that enable data to be understood, governed, protected, shared, and used responsibly across the enterprise.

Drawing upon industry frameworks such as the DAMA-DMBOK®, FAIR principles, data governance practices, and practical experience leading enterprise initiatives, I help organizations assess current capabilities, establish improvement roadmaps, and mature the disciplines required to support trusted decision-making and responsible use of data.

The ultimate objective is not simply better governance. It is building an environment where business leaders, analysts, technologists, and AI systems can rely upon data with confidence.

Core Capability Areas

Data Governance

Data governance establishes decision rights, accountability, policies, and oversight mechanisms for managing data as an enterprise asset. Mature governance creates clarity regarding ownership, stewardship, standards, priorities, and acceptable use while ensuring that business and technology teams work toward common objectives.

Why it matters:

Organizations cannot effectively manage data when accountability is unclear. Governance provides the foundation upon which all other data management capabilities are built.

Data Quality

Data quality focuses on understanding, measuring, monitoring, and improving the fitness of data for business use. Effective quality management extends beyond correcting errors to understanding the causes of defects and establishing processes that prevent them from recurring.

Why it matters:

Poor data quality erodes trust, increases risk, undermines analytics, and limits the value organizations can derive from their information assets.

Metadata Management

Metadata provides the context necessary to understand data. It describes what data means, where it originates, how it flows through systems, who uses it, and how it should be governed.

Why it matters:

Without metadata, organizations possess data but lack understanding. Metadata transforms data into information that can be discovered, trusted, and reused.

Data Stewardship

Data stewardship establishes accountability for the day-to-day management, quality, definition, and usage of data. Stewards serve as the bridge between business operations, governance, and technology teams.

Why it matters:

Data governance succeeds or fails through stewardship. Policies and standards become operational realities only when clear stewardship responsibilities exist.

Master & Reference Data Management

Master and reference data management create consistent, authoritative views of critical business entities such as customers, products, suppliers, accounts, locations, and business classifications.

Why it matters:

Organizations cannot achieve reliable reporting, integration, analytics, or AI outcomes when fundamental business concepts are defined differently across systems.

Data Architecture & Information Modeling

Data architecture and modeling provide the structural foundation for organizing, integrating, and managing enterprise information assets. These disciplines help align data resources with business objectives and future-state capabilities.

Why it matters:

Well-designed architectures improve scalability, interoperability, reuse, and long-term sustainability while reducing complexity and technical debt.

Data Readiness for Analytics & AI

Data readiness evaluates whether data is sufficiently understood, governed, trustworthy, and fit for purpose to support analytics, machine learning, artificial intelligence, and critical decision-making processes.

Why it matters:

Advanced analytics and AI amplify both strengths and weaknesses in data. Organizations that assess readiness before implementation are better positioned to achieve reliable, explainable, and trustworthy outcomes.

Data Literacy & Organizational Adoption

Data literacy enables individuals throughout the organization to understand, interpret, communicate, and responsibly use data in support of decision-making.

Why it matters:

Even the most sophisticated governance programs fail when people lack the knowledge and confidence necessary to engage with data effectively.

---

Enterprise Transformation, Change & Capability Development

Organizations do not change because a new technology is implemented, a new policy is published, or a project reaches completion. Sustainable change occurs when people adopt new ways of working, leaders align around shared objectives, capabilities mature, and organizational structures evolve to support desired outcomes.

Throughout my career, I have worked across a diverse range of industries and disciplines including military service, human services, mental health, manufacturing, technology operations, cybersecurity, data governance, financial services, and professional associations. While these environments differ significantly, they share a common challenge: helping people navigate uncertainty and work together toward meaningful change.

My work focuses on helping organizations understand the relationships between strategy, capabilities, governance, processes, technology, risk, and culture. Rather than viewing change as a discrete project or event, I help leaders think about change as an ongoing capability that must be developed, nurtured, and sustained over time.

Effective transformation begins with understanding why change is necessary, how it supports the mission and values of the organization, what capabilities must be developed or strengthened, and how success will be measured. It requires clear leadership, stakeholder engagement, shared accountability, and practical approaches for managing both organizational and human impacts.

Drawing upon business analysis, governance, organizational design, change management, facilitation, and strategic planning disciplines, I help organizations align people, processes, information, and technology around common objectives while reducing friction, uncertainty, and resistance.

The goal is not simply implementing change.

The goal is helping organizations build the capabilities necessary to adapt, learn, and thrive in a constantly evolving environment.

Core Capability Areas

Organizational Change Management

Helping leaders and stakeholders understand the impacts of change, prepare for transition, address resistance, and create conditions that support adoption and long-term success.

Why it matters:

Even the best-designed solutions fail when people are not prepared, supported, or motivated to adopt new ways of working.

Business Analysis & Strategic Alignment

Facilitating conversations that connect organizational strategy, business needs, stakeholder expectations, risks, and implementation activities.

Why it matters:

Organizations often struggle not because they lack solutions, but because they lack shared understanding of the problems they are trying to solve.

Capability Development & Maturity

Assessing current-state capabilities, identifying improvement opportunities, and establishing roadmaps that support sustainable organizational growth.

Why it matters:

Long-term success depends upon developing organizational capabilities rather than relying upon individual projects or isolated initiatives.

Governance & Decision-Making Structures

Designing governance models that clarify accountability, decision rights, escalation paths, and organizational oversight.

Why it matters:

Effective governance enables organizations to make decisions consistently, manage risk responsibly, and sustain improvements over time.

Shared Services & Operating Models

Helping organizations establish scalable service models that improve consistency, efficiency, collaboration, and customer experience across business functions.

Why it matters:

Shared services enable organizations to leverage expertise, reduce duplication, and create repeatable processes that support enterprise objectives.

Facilitation, Stakeholder Engagement & Consensus Building

Creating environments where diverse stakeholders can collaborate, communicate effectively, and work toward common goals.

Why it matters:

Complex organizational challenges are rarely solved by individuals. Sustainable solutions emerge when people build trust, understanding, and shared commitment.

Culture, Trust & Organizational Learning

Supporting initiatives that strengthen trust, accountability, transparency, and continuous improvement across teams and organizations.

Why it matters:

Culture often determines whether change succeeds or fails. Organizations that invest in trust and learning are better positioned to adapt to future challenges.

---

Introducing the Matheson Data Readiness Framework™

Organizations frequently ask whether their data is “good enough” for analytics, reporting, machine learning, artificial intelligence, or critical business decisions. The more important question is whether the data is truly ready for its intended purpose.

The Matheson Data Readiness Framework™ evolved from years of practical experience in data governance, data quality, metadata management, analytics, and business analysis. The framework provides a structured approach for evaluating the readiness, trustworthiness, and fitness of data before it is used to support important decisions or AI-enabled solutions.

At its core, the framework seeks to answer a simple but powerful question:

“Is our data ready for this use?”

---

Credentials, Leadership & Community Service

---