TESTIMONIALS

Overall Assessment Dr. Stephen Inocencio has been an invaluable strategic partner to CrossCountry Mortgage. His deep experience, steady guidance, and collaborative leadership have strengthened CCM’s overall cybersecurity maturity and our readiness for regulatory scrutiny. Beyond technical depth, Stephen has brought exceptional value as a coach and mentor, helping elevate the professional approach and leadership acumen of those he works with, including myself. He consistently models how to communicate risk with clarity, influence senior leaders, and align security objectives with business outcomes. Strengths 1. Strategic Leadership and Vision Stephen has guided CCM’s cybersecurity and compliance programs toward maturity aligned with GLBA, NYDFS 500, and FFIEC frameworks. He balances regulatory rigor with operational practicality, ensuring the program serves both compliance and business needs. 2. Trusted Executive Partner Stephen operates comfortably at the executive level, providing clear, concise, and evidence- based recommendations that resonate with both business and technical leaders. He has helped shape how I communicate risk to senior stakeholders and how to position IT Security as a trusted business enabler. 3. Coaching and Professional Development Stephen’s willingness to mentor and provide constructive feedback has had a direct, positive impact on my own leadership approach. He has been instrumental in helping me refine how I manage up, present to the C-suite, and drive alignment with compliance and operational leaders. His guidance blends diplomacy with decisiveness, reinforcing how to build trust while advancing complex initiatives. 4. Expert Guidance Through Regulatory Reviews Stephen has been central to our FFIEC Cybersecurity Assessment, Enterprise Risk Assessment, and other external reviews. His foresight in anticipating examiner priorities and aligning documentation has substantially elevated our preparedness and credibility. 5. Pragmatic, Risk-Based Approach Stephen’s focus on achievable maturity improvements, rather than theoretical ideals, keeps CCM efficient and effective. He prioritizes actions that directly reduce exposure, making compliance efforts meaningful rather than perfunctory. 6. Calm, Credible Presence Whether engaging with auditors, board members, or technical teams, Stephen brings composure and gravitas. His communication style earns trust and diffuses tension, enabling complex issues to be addressed constructively. Impact Areas • Guided CCM through multiple high-impact audits and assessments, including FFIEC, NYDFS, and enterprise-wide risk reviews. • Strengthened Information Security Governance, vendor oversight, and data protection controls across IT and compliance. • Provided mentorship and executive coaching, particularly in leadership communication, influence, and strategic framing. • Reinforced CCM’s reputation as a credible, examiner-ready organization through disciplined preparation and executive alignment. Summary Dr. Inocencio has been an extraordinary asset to CCM, advancing our cybersecurity and compliance maturity while simultaneously elevating leadership capability within our IT organization. His combination of technical insight, strategic composure, and willingness to mentor others has left a lasting imprint. He not only improved the program, he improved the people behind it.

I’ve worked with a number of security leaders over the years, and Dr. Stephen Inocencio stands out as one of the best. During his time as our vCISO at CrossCountry Mortgage, he brought a level of leadership, clarity, and strategic thinking that made a real impact. This positive impact was not limited to our security program, but extended to the people behind it as well. Stephen has a gift for translating technical needs into business language that resonates with senior leadership. He consistently advocated for our team, helping us secure support for critical initiatives and making sure our priorities were understood at the highest levels. His ability to guide us through audits, identify and socialize security gaps, and build momentum around closing them was invaluable. What really sets Stephen apart is how he leads people. He mentors junior staff with patience and insight, while also challenging seasoned professionals to think differently and grow. I’ve seen firsthand how he builds trust across teams and creates space for collaboration and accountability. Having worked directly with many C-level executives, I can say Stephen ranks among the top when it comes to effectiveness, communication, and overall understanding of the security landscape. Any organization looking for a strategic partner who can lead, advocate, and elevate their security posture would be lucky to work with him. John Turner Manager, Information Security CrossCountry Mortgage

Core Insights helped us integrate and automate various policy applications in our enterprise environment. They took the time to understand our system architecture and requirements and came back with BPO (business process optimization) that leveraged automation and our existing tool (Tufin). We were successfully able to reduce 64% of our manual efforts, keep up with compliance requirements and tender evidence that we met compliance using automation and on-demand reporting. Core Insights took us to a new level and saved our team, who was stretched very thin, a lot of manual work that prevented us from keep up with client and business demands (integration and on-boarding). This also created a positive impact on CX for our clients. Tufin: Automate security policy management Tufin reduces the complexity of managing network enforcement points on your internal networks and in the cloud, letting your network security team move faster and safer to deliver network access, perform troubleshooting, and respond to audits.

I’m pleased to offer my strong recommendation for the vCISO services provided by Core Insights. Their expertise, professionalism, and proactive approach to cybersecurity have made a meaningful difference in our organization. From the start, Core Insights has shown a deep understanding of our business needs and the unique challenges of today’s evolving threat landscape. Their guidance has strengthened our security posture and helped us achieve regulatory compliance with confidence. I highly recommend Dr. Stephen and the Core Insights team to any organization seeking experienced, strategic, and dependable cybersecurity leadership. Their dedication and expertise have been invaluable, and I look forward to our continued partnership. Shawn Hawthorne IT Security Team Lead CrossCountry Mortgage