SUMMARY:

• Security programs have entered a new world.
• Constant attacks against all types and sizes of companies are underway.
• I’ve managed international teams of as many as 40, controlled budgets up to $30M and managed four international information security offices.
• Working in information security management for a major financial services firm and a growing health and wellness ecommerce web company, I’ve had the opportunity to work on a variety of projects all enhancing my skills as a security practitioner.
• Recently, I have been working as the Chief Information Security Officer of a city owned health insurance company that needs to adhere to the new Confidential Cybersecurity Act.
• Below are just a few of the major accomplishments of late:
• Chief Information Security Officer for a city owned health insurance company
• Protecting several law firms as their Chief Information Security Officer amid the growing requirements from clients like banking customers and other regulated entities
• Executive Director of information security for a health and wellness ecommerce company that went public in 2015
• Confidential ’s Global Incident Response Center creator and the division’s first VP
• Designed advanced threat prevention and threat handling processes
• Universal Security Procedures, Standards and Policies across Confidential
• Hands on CISSP certified Chief Information Security Officer
• Built a complete security program that will satisfy PCI and HIPAA compliance
• Created a virtual CISO (vCISO) program to provide high level security services to the underserved SMB space
• Use of Department of Energy’s C2M2 to test organization’s cybersecurity preparedness
• Virtual CISO for small and midsized enterprise clients
• Security programs built around ISO 27001 / 27002 standards
• Use of ISO27799 as the CISO of a hospital system
• Implementation of the Cloud Control Matrix before selecting a cloud vendor (Amazon AWS, Microsoft Azure, et. al.)
• Implementing NY State’s new Cybersecurity Act for Financial Services (23 NYCRR 500)
• Use of COBIT 5 and ISO 27001 and 27002 standards as a foundation for compliance
• Implemented advanced persistent threat (APT) management procedures
• Architect of the Confidential Incident Response Center using ISO 27035 and NIST 800 - 61 standards
• Extensive vendor management program (healthcare vendors as well and POS reviews)
• Planned Business Continuity exercises and plans in the event of business interruption at client offices
• Initiated GRC (global risk and compliance) processes.
• Lead Confidential ’s Incident Response and Strike Team
• Designed, created and activated BCP and DRP to have 7 major clients 100% operational within 36 hours of the 9/11 World Trade Center Attacks.
• Coordinated security assessments of our internal systems with our banking customers to review our security policies, procedures and controls
• Budgeting and fiduciary responsibility for the department
• Designed business recovery plans
• CTO of 500-person international startup during Web 1.0

WORK EXPERIENCE:

Chief Information Security Officer

Confidential, New York, NY

Responsibilities:

• Designed incident response processes for several clients and maintains a SOC for smaller clients to use for their operations.
• Creation of several security programs covering PCI and HIPAA compliance
• Built a robust APT (advanced persistent threat) strategy and have deployed it for multiple clients
• Executive Director of Information Security for a health and wellness ecommerce company
• Vendor management and risk assessments
• Member of CHIME
• Built policies, procedures and standards in line with ISO 27001/2 & 27799 frameworks
• Researched, planned, and authorized several security tools for monitoring environment
• Training staff on incident handling procedures
• Led creating and management of application security testing and monitoring processes
• Research, architect and implementation of new technologies like SIEM (LogRhythm, AlienVault, LogLogic and SPLUNK) and DLP (Symantec and Intel/McAfee)
• Compiled a list of preferred vendors for security products and services
• Quarterly report to executives on the state of security
• Initiate internal security vulnerability scans then schedule remediation
• Introduced Unified Security and Threat Management to small and midsized clients.
• Created policy to require all physical infrastructure (servers, storage, perimeter security, etc.) go through a security risk review

Confidential, Jersey City, NJ

VP, Information Security

Responsibilities:

• Director and creator of Confidential ’s Incident Response and Strike Team (F.I.R.S.T.)
• F.I.R.S.T. began leading global incident response initiatives for all of Confidential in January 2012
• Designed a 24/7 Confidential Incident Response Center (FIRC) using the ISO27035 framework
• Created and maintaining Confidential ’s incident response policies and threat scoring matrix
• Managed four global incident response centers (main center outside of Atlanta, GA, second in Portland, Or, one in India and one outside of London)
• Held monthly Threat and Response conference call for all Confidential divisions to allow them to see the threats we’ve averted or addressed.
• Managed forensic investigations as required through the FIRC
• Worked with Director of ITIL compliance to ensure that security operations adhered to the ITIL frameworks set before us.
• Lead the Investment Services Incidents Response team for security related matters (logical and physical security related)
• Handled day to day security operations for the Investment Services division
• Was the lead on the Confidential team (in conjunction with external vendor, Verizon Business Services) to align Confidential ’s environment with ISO 27000 / 27001 / 27002 standards.
• Point person for all bank and financial institution audits of the Investment Services Division
• Built security initiatives around an aging (25 years+) legacy UNIX application driving the Investment Services division’s revenues.
• Worked with the Confidential Security Strategy team to insure PCI compliance across all of Confidential ’s Business Units

Confidential, New York, NY

Chief Security Consultant

Responsibilities:

• Outsourced CISO to smaller clients needing experienced security management.
• Reviewed security procedures currently in place and make recommended changes
• Perform day to day systems management for contracted clients
• Created CISO-On-Demand for small to medium sized businesses ( Confidential )
• Project manager for large scale roll-out for the Confidential Security Implementation
• Architect of several Business Continuity (BCP) and Disaster Recovery Plans (DRP)
• Used ISO 17799 as the baseline for all security implementation
• Perform system audits and secure network environments
• Create Disaster Recovery and Business Continuity drills to verify backup data as well as viability of staff to react in an emergency
• Quarterly review of corporate IT security measures

Confidential, New York, NY

Advanced Technical Trainer

Responsibilities:

• Trained clients in how to administer Lotus Notes networks and users.
• Supervised end user trainers and mentored their progress
• Designed a complex Lotus Notes infrastructure for the Confidential
• Technical Trainer and advisor to several of Confidential ’s largest Lotus Notes/Domino customers
• Instructed Catapult instructors in new and advanced courses, such as Lotus Notes