As a nationally recognized Cyber Security Leader with over 20 years of IT management and Cyber Security experience I am looking for a senior Information Security/Assurance position.
I am a Senior Manager of Global Information Security for this fortune 143 consumer appliances company. I am responsible and accountable for the security of all global systems and infrastructure, identity access management, incident response management, incident monitoring and the management oversight of our IBM and Accenture outsourced support providers. Leading a team of Cyber Investigation and Cyber Incident Response experts I have 2 Cyber Security managers, 5 Cyber Security analysts and over 50 IBM and Metmox security analyst who report to me. In my current role I am also the Global Incident Commander for the Whirlpool Cyber Security Incident Response Team CIRT .
- In my 2 years at Whirlpool my team and I have:
- Designed, built and implemented our QRadar SIEM and its' associated process
- Designed, built and implemented our SPLUNK log aggregator and big data analytics service
- Designed, built and implemented Symantec's Certificate Management tool
- Developed process and procedures for McAfee end point encryption and Data Loss Prevention DLP
- Designed, built, implemented and trained a Global Security Operations Center SOC in Hyderabad India and created the work-flow and processes to integrate that with our IBM Global SOC
- Created and implemented Global Security Operation Center standard operating procedures
- Developed relevant global security incident and security infrastructure metrics
- Drove large scale improvements in identity access management support across our IBM support partner
- Drove large scale enhancements into our Global identity management user interface
- Implemented Bit9 to protect 8000 XP systems as an emergency security solution when our windows 7 migration hit a roadblock
- Got my direct report managers accepted into the Leading People at Whirlpool corporate training program
- Built very strong relationships across the IT operations group, from the VP on down
- Built very strong relationships with my IBM SDMs and their senior managers
Due to the security infrastructure and process improvements I made over the past 24 months both the recent Heartbleed and IE vulnerabilities were a non-event for Whirlpool.
Information Security for the University of Cincinnati UC , I lead the Information Assurance efforts for one of America's premier urban research universities, serving 43,000 students and staffing 16,000 employees. By earning more than 350 million annually in outside research contracts, the University of Cincinnati is ranked among the nation's top 20 public research universities and is the largest employer in the Cincinnati region. I reported to the Chief Information Officer CIO and the Senior VP for Public Safety Chief of Police . In this role I designed and deployed the initial Information Security program for the university. My primary responsibilities included the design, integration, implementation and ongoing management of Information Security process methodologies. I was responsible for all aspects of Information Security work including the design and implementation of Security Awareness and training programs, HIPAA compliance, disaster and pandemic planning and writing and vetting Security Policies, Incident Response, Guidelines and Standards. I was the program leader for all external and internal IT audits. I also had the role of Senior Security Architect responsible for building a layered and robust Security infrastructure that is designed to protect the University's data.
- identifying remediating and tracking unit risk programs and helping the business units make smart risk decisions
- Some of the other work associated with my role included:
- conducting Facilitated Risk management meetings
- Pandemic and Disaster Recovery Coordination
- leading Cyber Forensic investigations for the Information Security department and the University Police Department
- leading our organization wide Identity Management IDM
- leading our Public Key Infrastructure PKI projects
- investigative liaison between the University and the Federal Bureau of Investigations FBI
- conducting security awareness training and Senior management briefings
- coordination of UC's Red Flag compliance program
- Chair of UC's Export Controls Committee
- Leading incident detection and response efforts
I have a solid understanding of regulations that impacted UC's business HIPAA, FERPA, GLB, PCI, etc. and I have the experience to help diverse business units work towards compliance with these regulations. To improve our overall Information Security and quality of IT posture I created and implemented ITIL foundations training for all members of UC's central IT department. I was in charge of Vendor relations for our security organization and have a solid network of contacts across the vendor community as well as a solid understanding of the security software that is available in the marketplace. I was and still am heavily involved with the Cincinnati CISO roundtable and involved with multiple professional Information Security associations.
- Of special interest was that the CIO gave me the title of AVP for Special Projects. This title was given to me by the CIO as he frequently handed off IT projects that were struggling over to me and my team with the request that we take over the project management duties and get the project back on the success track, which we always did.
- Lastly, I teach an Information Security and Privacy course as well as an Information Assurance course for UC's IT College.
I was the Assistant Vice President of the Systems Operations group for the University of Cincinnati UC . At UC this was viewed as our Chief Technology Officer CTO position. With a budget of over 12 million dollars and 210 employees, this is the largest of UC's central IT groups. I was placed into this role temporarily at the Chief Information Officer's CIO request, with directions to re-organize the unit, establish a central and integrated Service Desk, establish an effective IT costing structure, energize the team to look for and bring in additional revenue streams, create IT process improvements and assist in hiring the next AVP to lead this group. The reorganization and other goals that I was tasked with doing in this role were successfully accomplished prior to me hiring my replacement.
Senior Information Security Manager
- I was a Senior Manager and Global Cyber Security Leader for a fortune 35 seventy three Billion dollar consumer goods company. In this role I was the Cyber Security Manager for Global IT Security Solutions services. My primary responsibilities included the design, integration, implementation and ongoing management of ITIL process methodologies and Security tools and controls. I was the internal Sarbanes Oxley compliance expert and liaison between our business units and Internal Controls group. This work included designing security controls and solutions for audit control work, Sarbanes Oxley and FDA regulatory compliance work. In 2005 I lead P G in passing our external SOX Attestation with zero significant deficiencies or material weaknesses reported, only 15 of the companies who underwent attestation audits did as well.
- I was responsible for security consulting and designing security architecture for P G business units.
- I was the Project Manager for 30 Million dollar Global Defense in Depth Cyber Security initiative and lead the effort to drive out over 7000 reported vulnerabilities from our business systems. This Defense in Depth project had not missed one milestone date and had not had any budget increase. When I left we were 2.5 years into this 3 year project. I was the primary architect and designer for our global Defense in Depth solution. Proof of my success in that role can be shown by stating that during the Zotob worm attack we suffered zero outages across our business critical systems. I created P G's first Cyber Security Incident Response Team CSIRT and when I left I was the chief security professional and team leader of that team. Further, I was responsible for P G's Risk Management work globally which included identifying, remediating, tracking, and helping the business make smart risk decisions as well as conducting Facilitated Risk management meetings. Lastly, I was in charge of Vendor relations for our security organization and have a solid network of contacts across the vendor community as well as a solid understanding of the security software that is available in the marketplace.
Senior IT Manager
In this assignment I was the Global IT Project Manager, Senior Engineer, Service Support and Security Manager for our Global Enterprise Application Integration EAI implementation project. This 12 million dollar project used TIBCO middle-ware technology to transport data from non-SAP Unix, NT, OS390, Solaris systems to SAP systems and vice-versa in real time and to tie heterogeneous systems into a single network. This was part of our corporate ERP initiative and while I was in the role my team never missed a single implementation date or support Service Level Agreement SLA target for both QA and Production systems. During this rollout I optimized Service Delivery and support by fully implementing the ITIL best practice framework/ modules. During this project I managed a project team of 45 members managers, IT resources and contractors . Further, I was solely responsible for designing and managing the entire back-end and physical and systems security infrastructure and requirements for this transport technology. Additionally I created project savings by establishing an offshore facility of experts in Mumbai India. The creation of an offshore team resulted in a project savings of over 1.2M dollars. In the first five months of production we experienced no production outages, across 2200 interfaces. The Mumbai team I created and managed 22 people went on to win a very prestigious Global Service Award as best in class and this would not have been possible without proper integration of the ITIL and CISSP processes and domains. During the establishment of this team I designed the physical security environment and the System architecture security environment for the India resources and their equipment/ software.
Senior IT Support and ITIL Lead Manager
In the role of IT Support Manager for Messaging and E-Commerce I re-tooled the support organization so that it fully utilized the ITIL best practices. Further, I did away with our NA centric support desk and created a Follow the Sun support model, which had a dramatic impact on improving my teams quality of life. This effort included the design and creation of a Global Service Desk, incident, problem, configuration, change and service management solution in other words the ITIL support modules. My creation of this Follow The Sun team also resulted in bottom line annual savings in excess of 600K dollars. Also during this timeframe I was the Global Project implementer, trainer and consultant for the implementation of ITIL across P Gs global E-Business/ E-Commerce organization. This role entailed the design of end-to-end integrated ITIL solutions, training of P G in-house resources on ITIL Support and Service Delivery methodologies Service Desk, Incident, Problem, Change, Configuration, Availability, Capacity, Service Level, Financial, and Reliability , and ongoing consulting for individual workgroups that were integrating the ITIL processes into their business process flows.
President and Owner
I sold and implemented LAN-WAN and Internet turn-key solutions from inception to ongoing support. design, implementation, and ongoing Service Management/support for k-12 public and private schools throughout the state of Florida. These solutions included meeting the security needs of my clients. I was the recognized expert in Educational technologies for the state. My work as the owner of the company consisted of the up-front consulting, sales, and contract bidding and proposal submission. I also did all of the up-front architecture and solution design work, inclusive of technical, delivery and support processes. In this role I reported directly to the Superintendent of the Diocese of Orlando and was the Chief Information Officer CIO for the Diocese and their 36 schools. My other major customer was the Osceola County School district. In addition to the main contracts, I consulted for additional seven or eight clients of varying sizes and complexity. My staff size varied but the average amount of employees I had working for me was six.
Director of Education and Technology
- I was the second in charge of this non-profit organization. My annual budget was in excess of 4 million per year and I reported directly to the President and the Chairman of the board.
- My teams' primary responsibilities were to provide technology training for NASA engineers, school technology specialists, and school superintendents. My team and I also provided LAN, WAN, Information Security and Internet consulting for k-12 public and private schools across the state of Florida.
Part Time Adjunct Professor
In this role I teach and design Undergraduate courses in CISSP and CISM methodologies, computer networking and Relational Database Design and Management. I previously held the same role at Xavier University where I taught Graduate MBA and Undergraduate courses in Networking and Telecommunications.
Part Time Associate Professor
in this role I teach and design online undergraduate courses in Cyber Investigations, Information Security, the NSA IAM and IEM security methodology, Windows Scripting, Disaster Recovery and Cyber Forensic methodologies.