Jeffrey Hedlund
Hastings
Summary
Dynamic cybersecurity leader with extensive experience at GSK, driving OT security architecture and engineering initiatives. Expert in IT governance and strategic planning, I successfully enhanced security posture and operational efficiency, while mentoring cross-functional teams. Proven ability in risk management and process optimization, delivering significant cost savings and robust security solutions across global networks.
Overview
24
24
years of professional experience
1
1
Certification
Work History
Director, Security Architecture and Engineering
GSK
03.2022 - Current
- Lead global OT security architecture and engineering program, including design and deployment of an OT Network (OTN) at all manufacturing sites based on the Purdue Model and ISA/IEC 62443 principles, improving segmentation, visibility, and control.
- Created and operationalized an OT secure remote access solution leveraging Zscaler and an in-house web portal integrated with ServiceNow and CyberArk approvals, enabling tightly governed partner access to OT assets.
- Defined strategy, tooling, and governance for OT vulnerability and threat management; deployed Tenable.ot sensors to all manufacturing sites and Tenable Identity Manager for OT Active Directory monitoring; currently leading evaluation of an OT posture assessment tool.
- Chairs the Cyber Security Review Board (CSRB), driving risk-informed decisions, policy, and standards for OT; led a multi-year enterprise OT cybersecurity program delivering tooling, controls, processes, policies, standards, and procedures across the manufacturing footprint.
- Directed design and implementation of key security platforms, including an automated firewall policy audit capability (identifying unused, overly permissive, and non-compliant rules), an OT secure file transfer solution for data in/out of OT networks, and deployment of Elisity for identity-aware segmentation in OT.
- Owned OT cloud and IIoT security strategy, directing migration of hundreds of OT-related systems to cloud-based solutions and overseeing adoption of WSUS, CrowdStrike, Trellix ePO, and Cribl to harden and monitor OT endpoints and data flows.
- Led and mentored a cross-functional OT security architecture and engineering team responsible for the company’s Factory integration layer security, ensuring secure integration between OT and enterprise systems while aligning with emerging OT cybersecurity best practices.
Security Architect
PM Technologies (on assignment at GSK)
07.2020 - 03.2022
- Supporting the Security Architecture of the global OT network.
- Responsible for the global deployment of StealthWatch, enhancing security by gaining visibility to flow traffic and verifying security policy compliance.
- Responsible for the architecture, design, and deployment of Claroty in GSK’s global OT environments.
- Created and stood up the Service Offerings for the OT Infrastructure Security organization within ServiceNow.
- Assisted in the architect and deployment of a Geo-Segmentation design used to secure and provide visibility at sites globally. This security control has proven to provide the capabilities to, identify, contain, and mitigate cyber threats.
IT Network Engineering Director – Enterprise Network Engineering
CIGNA
Eden Prairie
01.2016 - 07.2020
- Promoted to oversee the design, architecture, and security of this Fortune 20 insurance company’s global IP network.
- Responsible for data centers, WAN, network DevOps, and technology upgrades and implementations in the US (43 states), UK, and Hong Kong.
- Supervise 6 direct and 55 indirect reports, including managers, network and security engineers, and automation developers.
- Accountability for a 30M+ annual budget.
- Accountable for all data connectivity and in line infrastructure security products and services.
- Increased security by implemented the latest hardware and software, including DDOS, WAF, and user identity solutions, during the migration of critical applications to public and private cloud environments.
- Saved more than $6M by negotiating lower pricing with service providers.
- Delivered $2.5M in annual savings and increased reliability by rolling out a software defined wide area network (SD-WAN) that automated quality and reliability functions.
- Enhanced security by spearheading the design and deployment of a performance and security hub for internet access, remote connectivity, and SaaS provider connectivity.
- Established and managed a team that achieved major cost savings by implementing virtualization and system consolidation solutions to facilitate the merger and integration of an acquired company.
- Lowered resource costs $1M per year by establishing an offshore network DevOps team.
- Planned and led a large complex data center migration project between 2 states.
- Reduced system downtimes by instituting a software and hardware refresh program.
- Fortune 20 insurance company
IT Network Engineering Manager – Enterprise Network Engineering
CIGNA
Eden Prairie
08.2011 - 01.2016
- Directed data center network engineering operations, including network design and development, standards, project execution, and support.
- Supervised and mentored a team of 12 engineers.
- Enhanced the security posture and eliminated critical security audit violations by engineering and deploying a new infrastructure design for all 6 of the company’s data centers worldwide.
- Minimized performance and scalability issues by eliminating tiers and places of failure through the design and implementation of a new network infrastructure topology.
- Managed the design and implementation of data center infrastructure and disaster recovery solutions.
- Dramatically improved productivity by developing a work-at-home solution to provide voice, video, and data remote connectivity for more than 20,000 employees.
- Increased efficiency by delivering a program to identify and map thousands of key applications to network and security infrastructures for proper maintenance notification.
- Led the migration of 150-plus remote offices to a dual MPLS service provider solution.
- Achieved major improvements in staff performance by implementing a peer mentoring program.
- Fortune 20 insurance company
Senior Network Engineer
FICO
Arden Hills
01.2006 - 01.2011
- Configured and supported network equipment for this data analytics company specializing in consumer credit risk ratings.
- Maintained routers, switches, load balancers, firewalls, and more.
- Designed, updated, and managed a network comprising 3 data centers and more than 5,000 servers.
- Improved productivity by migrating the company from PBX to an internally designed VoIP solution.
- Increased efficiency by developing a work-from-home remote connectivity solution.
- Enhanced security by introducing proxies for external applications and internet web browsing.
- Maximized security by deploying a 3-tiered firewall network security model.
- Data analytics company specializing in consumer credit risk ratings
IP Network Engineer
ONVOY
Plymouth
01.2004 - 01.2006
- Planned, designed, installed, and maintained customer premise equipment for this company’s converged IP network.
- Also maintained the core network, including routers and switches.
- Provided Tier 2 network support.
Lead Technical Support Engineer & Network Manager
QWEST COMMUNICATIONS
Minneapolis
01.2002 - 01.2004
- Promoted to oversee the design, installation, security, and maintenance of a nationwide internal network.
- Carried out Tier 3 technical support for multiple products and services.
Education
Graduate - Cryptography System Repair emphasis
US Navy Electronics Technical C-School
Graduate -
US Navy Electronics Technical A-School
Skills
- IT governance and strategic planning
- IT infrastructure and cloud architecture
- DevOps and agile methodologies
- Cybersecurity and digital security
- Security engineering and risk management
- Process optimization and budget control
- Network engineering and data center operations
- Kanban and Scrum practices
Certification
Certified Information Systems Security Professional (CISSP), #781387, CCSP, CCDP, CCDA, CCNP, CCNA, CCSE, CCSA, Cisco Security Specialist 1
Training
- GSK: ISA 62443 IC32 Standards to Secure Your Control Systems; ISA 62443 IC33 Assessing the Cybersecurity of IACS Systems; ISA 62443 IC34 IACS Cybersecurity Design & implementation; ISA 62443 IC37 IACS Cybersecurity Operations & Maintenance
- Cigna: The Way We Lead, Leading for the Future, Business Acumen, Agile/SAFe, Agile Fundamentals (including Scrum and Kanban), Agile Tasks, User Stories & Epics, Agile Story Writing, Product Owner Workshop, Scrum Master Workshop
- Speakeasy: Talk So People Listen, Develop Your Speaking Style, Advance Your Communication Impact, Plan Presentations That Work
- Other: Advanced Communication, extensive network and security engineering technology training
Additional Information
(ISC)2, American Legion Post #483, MS Office, Visio, AWS, Azure, routers, switches, servers, firewalls, DDoS (cloud and on-premise), web gateways, web application firewalls, Intrusion Prevention Systems (IPSs), WAN/LAN, VoIP, QOS, IP telephony, UNIX, Windows, VPN, secure intrusion detection systems, OSPF, BGP, others
Military Experience
Electronics Technician (E-6), UNITED STATES NAVY
Timeline
Director, Security Architecture and Engineering
GSK
03.2022 - Current
Security Architect
PM Technologies (on assignment at GSK)
07.2020 - 03.2022
IT Network Engineering Director – Enterprise Network Engineering
CIGNA
01.2016 - 07.2020
IT Network Engineering Manager – Enterprise Network Engineering
CIGNA
08.2011 - 01.2016
Senior Network Engineer
FICO
01.2006 - 01.2011
IP Network Engineer
ONVOY
01.2004 - 01.2006
Lead Technical Support Engineer & Network Manager
QWEST COMMUNICATIONS
01.2002 - 01.2004
Graduate - Cryptography System Repair emphasis
US Navy Electronics Technical C-School
Graduate -
US Navy Electronics Technical A-School