Curtis Haugen
Maple Grove,US
Summary
Senior Information Security Leader with over 15 years of expertise managing cybersecurity, IT risk, and internal control programs. Specialized in IT audit, cybersecurity risk advisory, and compliance assessments aligned with NIST, COBIT5, ISO 27001, and regulatory requirements. Proven success advising executive teams on risk mitigation strategies, implementing security governance frameworks, and optimizing vulnerability management programs. CISSP certified with a strong background supporting audit readiness, SOC reporting, ITGC reviews, and cybersecurity risk initiatives. Adept at bridging technical solutions with business goals to protect critical assets and ensure regulatory compliance.
Overview
25
25
years of professional experience
9
9
Certificates
Work History
Consultant
Secure Ascent, LLC
Maple Grove, US
08.2023 - Current
- Crafted effective solutions customized for clients' individual requirements.
- Demonstrated exceptional communication skills through verbal and written interactions with clients and colleagues.
- Established cybersecurity controls aligned with NIST, Cobit5, and ISO 27001 frameworks.
- Conducted thorough vulnerability assessments to identify potential risks.
- Developed strategies to mitigate risks and vulnerabilities.
Information Security Manager
Bobcat
Fargo
07.2020 - 08.2023
- Oversaw development and implementation of improvements to support cybersecurity initiatives across both Bobcat and Doosan on a global level.
- Implemented and maintained technology and software budget.
- Analyzed network security and current infrastructure, assessing areas in need of improvement.
- Performed Red and Blue team testing exercises
- Created cybersecurity awareness and training for employees
- Integral part of the Dev/SecOps team as well as quarterly planning sessions and reporting
Information Security Risk and Controls Manager
Allianz
Minneapolis
01.2018 - 07.2020
- Collaborated with IT, business groups and project teams to conduct security risk analysis for applications.
- Collaborated with technology leadership to address risks and recommend changes in security policies.
- Advised senior management on security best practices and emerging threats.
- Coordinated with management to assess potential threats and implement preventative measures.
- Implemented endpoint security solutions such as antivirus, patch management, content filtering to protect against malware and other threats.
IS Security Analyst
PeopleNet
Minnetonka
02.2017 - 01.2018
- Maintained a comprehensive inventory of all IT assets across the organization's network infrastructure.
- Executed risk assessment and data processing system performance tests to verify and configure security settings for data processing and network access.
- Evaluated evidence of violations in company security policies to identify violators and investigate incidents, instructing employees on correct procedures.
- Reviewed security bulletins and vulnerability patch releases.
- Monitored alerts generated by intrusion detection systems to identify potential attacks against corporate networks.
- Learned about latest security threats from blogs and online publications.
- Analyzed web traffic logs to detect anomalies or malicious activities.
Sr. Security Consultant
Wipfli LLP
Edina
04.2016 - 02.2017
- Facilitated vulnerability assessments, penetration tests, and social engineering exercises for clients.
- Researched the latest threats and vulnerabilities to enhance vulnerability assessment services.
- Facilitated and executed plans within Information Risk Management.
- Remediated critical security vulnerabilities impacting data confidentiality, integrity and availability.
Sr. IT Security Engineer
Northwrite
Minneapolis
04.2008 - 04.2016
- Responsibilities of this one-man team include Windows/Mac administration, network operating center (NOC) administration, LAN/WAN/VPN administration, VMware conversion and administration, intrusion detection and prevention, securing firewalls, and endpoint security management.
- Handled FTP servers, AD/DNS, wireless access points and server farms.
- Designed and deployed HA and DR solutions to ensure operational continuity.
- Conduct penetration tests on both applications and infrastructure.
Security Analyst
Target Corporation
Brooklyn Park
08.2015 - 02.2016
- Spearheaded development, analysis, and execution of strategies in Information Risk Management.
- Managed remediation of critical security vulnerabilities impacting data confidentiality, integrity, and availability.
Systems Administrator & Security Analyst
Data Recognition Corp
Maple Grove
05.2014 - 08.2015
- Managed over 800 Windows servers utilizing SCCM 2012 R2 and PowerShell.
- Supported Desktop team in configuring and deploying Windows operating systems across 3,000 devices.
- Collaborated with security team to identify and remediate vulnerabilities.
Sr. Systems Administrator
Open Access Technology International
Plymouth, US
01.2005 - 04.2008
- Constructed and repaired clustered server environments.
- Collaborated effectively with development teams to ensure timely project completion.
- Facilitated distribution and oversight of building access security.
- Conducted environment testing utilizing VMware and Microsoft platforms.
- Configured Active Directory and DNS for improved efficiency.
Field Service Representative
Qualxserv
Bloomington
04.2003 - 01.2005
- Completed on-site warranty services and installations for multiple leading brands including Dell, IBM, Sony, Philips, Apple, Hughes, Direcway and Canon.
- Managed inventory, supported customers, and maintained personal computing equipment.
- Installed and configured servers, workstations, and laptops for LAN connections.
- Completed service calls for organizations such as the FBI, IRS, Mall of America, and 3M.
Customer Engineer
Vaske Computer Solutions
Edina, US
01.2000 - 04.2003
- Performed on-site service for multiple Hewlett-Packard clients.
- Performed installations, upgrades, repairs, and troubleshooting of HP 9000 and 3000 mainframe environments.
Education
Bachelor of Science - Information Assurance And CyberSecurity
Capella University
MN12-2013
Skills
- Qualys Expertise
- Nessus Vulnerability Scanning
- Microsoft SCCM
- WDS
- Intrusion Prevention
- Intrusion Detection
- Patch Management
- Vulnerability Management
- Microsoft Baseline Security Analyzer
- Microsoft PowerShell
- Python
- Malware Analysis
- Burp Suite
- Wireshark
- Nmap
- Forensics using SIFT
- Active Directory
- VMWare
- Hyper-V
- STIG Viewer
- Log Rhythm
- Splunk
- Microsoft Automated Deployment Services
- DNS
- Cisco IOS
- Cisco ASA
- Microsoft SQL
- FedRAMP
- SIEM
- Disaster Recovery
- Employee training
- Project Management
Certification
- CISSP
- MCP
- MCTS
- MCSA
- MCSE
- MCITP
- CEH v8
- CHFI v8
- ECSA
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Consultant
Secure Ascent, LLC
08.2023 - Current
Information Security Manager
Bobcat
07.2020 - 08.2023
Information Security Risk and Controls Manager
Allianz
01.2018 - 07.2020
IS Security Analyst
PeopleNet
02.2017 - 01.2018
Sr. Security Consultant
Wipfli LLP
04.2016 - 02.2017
Security Analyst
Target Corporation
08.2015 - 02.2016
Systems Administrator & Security Analyst
Data Recognition Corp
05.2014 - 08.2015
Sr. IT Security Engineer
Northwrite
04.2008 - 04.2016
Sr. Systems Administrator
Open Access Technology International
01.2005 - 04.2008
Field Service Representative
Qualxserv
04.2003 - 01.2005
Customer Engineer
Vaske Computer Solutions
01.2000 - 04.2003
Bachelor of Science - Information Assurance And CyberSecurity
Capella University
Training
- EC-Council Certified Security Analyst (ECSA), 2014
- Certified Ethical Hacker Version 8 (CEHv8), 2013
- Computer Hacking Forensics Investigator (CHFIv8), 2013
- MCITP: Enterprise Administrator on Windows Server 2008, 2009