SUMMARY:

• Established Senior Security Visionary in the role of CISO and Virtual CISO, with 30+ years of Information Risk Management, IT Governance, IT Process Transformation and Security Architecture. Have a proven track record for successfully developing and implementing strategic security programs and frameworks to meet business objectives, and compliance including HIPAA, PCI, SOX, ISO 27001:2013 framework,
• Securities Industry and Financial Markets Association (SIFMA), and others. Successful demonstration on continuous improvement impacting organizations to develop a “culture of security,” facilitating steering governance committees, building security operations and engineering teams, with a focus on the three main security pillars: people, process and technology. Unique ability to combine cyber security expertise, technical knowledge and business experience across many verticals including: Health Care, Finance, Retail, Legal, Manufacturing, Insurance, Technology, and others to cost effectively bridge tactical controls into strategic plans, and identify how best to leverage current security investments and obtain the best ROI for security spend.
• Cybersecurity Program Design, Development and Implementation
• Compliances/Standards and Governance
• ISO27001:2013
• Effective Risk and Threat Management
• Information Privacy and Data protection
• Evaluation of the design and effectiveness of security controls
• Security Tools, Process & Policies
• Security Awareness Campaigns
• Process Management and Enhancement
• Project Lifecycle Management
• Vendor Management

PROFESSIONAL EXPERIENCE:

Chief Information Security Officer

Confidential, New York, NY

Responsibilities:

• Senior member of internal Technical Steering and IT Governance committees.
• Developed the Align “Six Pillars of Security,” a holistic approach to security encompassing: Core Infrastructure Network, Endpoint Control, Identity and Access Management, Data Protection, Application Security and Threat and Vulnerability Management. All six pillars are under the umbrella of Cybersecurity Program and Governance. I identified first, second and third tier solution partners and manage the partner and vendor governance and relationships. Solutions for internal and cloud security include: DDoS, Next Gen Firewalls, Data Protection (Classification, Encryption, DLP), Application Security, Web Protection, Endpoint Solution, Identity Management, Privilege User Management, Insider Threat, Analytics, and others.
• Adding Security Offerings into company’s Managed Service offerings (e.g. OpenDNS, Endpoint behavior analytics, etc). Managing partnership with SOC company in Dublin, Ireland to develop SOC Services offering in the Americas (e.g. IPS, Firewall, SIEM using SPLUNK and others).
• Evaluate client cybersecurity design and effectiveness of cybersecurity controls from a risk, compliance and assurance perspective. In addition, identifying opportunities for improvement with development of administrative and technical controls.
• Some key projects include:
• Virtual CISO for international telecommunications firm, bridging tactical security solutions to a central security program, prioritizing efforts to obtain more ROI from security initiatives, bridging network, business and security, and creating a “Security Awareness Culture.”
• Hands on development and implementation of 18 - month, PCI DSS 3.2 compliance program for a financial business being divested from a major bank, including policy development, process and controls, SDLC/Application Security, data protection, endpoint protection, access controls (IAM/PAM), Monitoring, Change Management, and required testing.
• Security Assessment and program based on SIFMA cyber security guidelines.
• Analysis and remediation of Ransomware attack
• Firewall Assessments to meet FDA compliance
• Vulnerability assessments with remediation plans across various clients

Regional Senior Security Solutions Architect

Confidential, Parsippany, NJ

Responsibilities:

• Advising client management and technical staff on security program development and roadmaps. Consulting on security programs and posture, including mapping policy, standards and practices ISO27002, HIPAA, PCI and other compliance and standards.
• Providing technical guidance regarding security controls, and the level of efforts to implement, support and manage those controls.
• Advising and assuring client security and IT management about emerging threat vectors, industry trends, and provide agnostic thought leadership on new emerging security vendors and technologies.
• Establishing and enhancing processes for the execution and delivery methodologies: Governance, network security controls, identity management, data management/protection, malware protection, endpoint security, and others.
• Regional vendor management, in addition to oversight of regional subcontractor relationships.
• Development and execution of Security Sales to Account Managers, other pursuit teams.
• Mentoring of additional Security Solutions Architect in the Northeast Region.
• Featured speaker at various conferences and events, presenting on topics such as: Threat Modeling, Risk Management, Adapting Security to Meet Changing Business Practices, The Changing Threat Landscape, and others.
• Received the Northeast Regional “Unsung Hero” first year at company.

Regional Security Architect

Confidential, New York, NY

Responsibilities:

• Security Practice Lead for New York Region. In first six months, grew active pipeline to over $1 million for region.
• Development of Security offerings for company nationally. Tailored these solutions to meet customer requirements for the New York region.
• Architect client solutions and security programs and scoping of projects. Consulting with clients (C-level, engineering, operations) on security program development, and security posture. Developed and oversaw implementation of security controls to meet client’s tactical and strategic requirements.
• Established standardized processes to support the project execution and delivery methodologies.
• Developed and ran Security Sales to Account Managers, and Sales Engineers.
• Facilitated outsourcing partner network to expand company’s delivery service capabilities.
• Oversaw regional relationships of security vendors.
• Featured speaker at customer events.

Security Practice Lead - Senior Security Technology Consultant

Confidential, Teterboro, NJ

Responsibilities:

• Strategic planning and internal of sales/marketing - department - consistent growth - within the first 6 months of practice, generating about $500Kr pipeline in security product and services and closing over $200K in professional services. Adapting sales process for security from product driven to consultative services driven.
• Working with senior IT and business mangers of large financial, law firms, hospitals, healthcare, and retail, at times as a supplemental CISO, develop and implement successful security programs and initiatives to meet client business goals and compliance.
• Developed framework for Security Assessments (Governance, Policies & Procedures, Infrastructure, Windows AD, Vulnerability, and BYOD). Performed and delivered client security assessments.
• Assisted clients in developing standards for Support Processes, Data Classification and Leakage, BYOD initiatives, and Incident Response.
• Work with clients at all levels (helpdesk, engineering, administration, C-level) to design, engineer and manage security solutions.
• Developed offerings, build and manage security vendor relationships (RSA, McAfee, Cisco, Varonis, Websense, and others). Presented by RSA CAM to RSA internal as one of the best RSA SAs & SEs in the Tristate area.
• Featured panel speaker at health care security round tables. Develop and present of security webinars. Authoring of company’s security white papers, web content and blogs.

Senior Project Manager & Network Engineer

Confidential, New York, NY

Responsibilities:

• Increased profitability for the company by over 50% in first year by developing the security engineering team from the ground up:
• Defined offerings and best practices
• Brought in new technologies and developed standards for implementation
• Developed client facing presentations on security solutions
• Implemented standards for presales proposal process and engineering review process. Developed sales materials including website content.
• Increase POC success rate by over 50%.
• Increased project success rate to over 90% of all projects ending within time and budget.
• Developed and implemented security programs to allow clients to meet compliance requirements, to pass both internal and external audits, and be properly prepared to move forward with business relationships.
• Designed and implemented security technology solutions including Host IPS, network IPS, Firewalls, VPNs, DLP, SIEM, Encryption, IM Protection, Web Gateways, AV, Malware protection, etc.
• Performed Security Assessments - Risk Analyses, Vulnerability Assessments and Security Posture Assessments (Network Design, Servers, End Points, Data Leakage, and Compliance). Prioritized risks and documented mitigation recommendations. Assisting Health Care clients with preparation to participate in RHIOs including GAP Analysis.
• Assisted clients in passing security audits - the IT group I worked with in a global publishing firm received highest scores after my work with them.
• Designed and managed Disaster Preparedness plans for clients using data replication to fail-over servers and Citrix for remote access.

Principal and Technical Consultant

Confidential, Aberdeen, NJ

Responsibilities:

• Evaluated current technical processes and proposed / implemented significant improvements including IP schemas, network security policies, new support procedures, and change management controls.
• Managed Novell to Windows migrations and GroupWise to Exchange migrations.