Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Generic

Kate Stafford

Dexter,MI

Summary

More than 25 years' experience as an Information Security professional with strong expertise in IT security management, security architecture, security operations, incident response, and risk and compliance functions. Demonstrated expertise in establishing and implementing large information security programs. Designed and implemented automated vulnerability management framework that continuously monitors and detects Cybersecurity threats and vulnerabilities. Performed governance, risk, and compliance management that has resulted in PCI, SOC2, ISO 27001, FedRAMP, HIPPA, and HiTRUST certifications. Highly skilled, dedicated and enthusiastic team player with excellent leadership and communication skills.

Overview

26
26
years of professional experience

Work History

Vice President, Information Security

Socure
10.2022 - 02.2024
  • Responsible for GRC, Security Operations, Incident Response, Security Architecture, and Cloud Security Operations for Socure.
  • Managed certifications and reports including SOC2, ISO27001, and FedRAMP Moderate.
  • Design of FedRAMP System Security Plan (SSP) in preparation of obtaining FedRAMP Moderate status.
  • Design of secure AWS architecture within AWS govcloud region to manage FedRAMP related workloads.
  • Architected shift from VPN to Zero Trust Authentication (ZTA) for managing access to sensitive and critical resources.
  • Uplifted security policies to provide appropriate oversight and controls aligned with security program requirements.
  • Developed and implemented web-based Cybersecurity Awareness Training Program for all employees.
  • Developed and implemented automated tool-based vulnerability management framework.
  • Performed external security testing on production environments and applications to determine risks to the company and customers.
  • Drove security assessment, gap analysis, remediation, and integration of an acquisition into the company.
  • Led evaluation, selection and implementation of the following tools: automated governance, risk & compliance (GRC) platform , application security and orchestration (ASOC) tooling, Zero Trust Authentication (ZTA) data access brokers, web browser security controls, data loss prevention (DLP), intrusion detection system/intrusion prevention system (IDS/IPS), web filtering, and malware defense systems for endpoints and network perimeter.
  • Managed security budget at a flat growth year over year.

Vice President, Information Security

Vonage
09.2021 - 10.2022
  • Senior leader of the CISO organization, providing oversight for all security activities for Vonage's API offerings.
  • Managed globally distributed team responsible for security operations, application security, penetration testing, infrastructure security and compliance functions against a security strategy and framework based on strategically integrated elements of NIST CSF and ISO27001 Controls.
  • Drove enterprise-wide, cross functional taskforce to identify and address gaps in DDOS prevention, detection, and protection, including funding, deployment and operationalizing all response activities to attacks.
  • Coordinated incident response activities surrounding security events.
  • Migration of legacy SaaS and API services from data centers in AWS and GCP cloud environments, including architecting robust security technology stacks to improve security posture and privacy of customer data.
  • Managed compliance program driven by market requirements and designed to increase sales and revenue opportunities, resulting in the achievement of PCI, HIPAA, SOC2, and ISO27001 certifications for multiple product offerings.
  • Designed and developed an enterprise focused business continuity program and drove line of business specific business continuity and disaster recovery plans.
  • Matured Software Development Lifecycle (SDLC) security by integration of penetration testing at gates while integrating pen testing feedback from security team to dev ops teams.
  • Developed KPIs, metrics, and scorecards to partner with line of business executives to grow security to enhance product offerings.
  • Published executive and board level presentation on security posture, events, and initiatives.

Director, Information Security

RevSpring
03.2019 - 09.2021
  • Functioned as the senior ranked Security Officer for the company
  • Oversaw Information Security and Physical Security for 13 offices across the United States, as well as virtualized cloud-based installations in AWS and Azure.
  • Developed and implemented comprehensive company-wide enterprise security strategy based on standardized NIST 800-53 framework, including security policies and procedures, regulatory compliance, network, hardware, and endpoint security, incident response, disaster recovery, and operational risk management.
  • Created and executed organization's security policies and procedures for all employees. Ensured training occurs formally and informally at multiple points during the year to drive employee awareness and accountability to security policies and procedures.
  • Implemented a robust security awareness training program, driving a reduction of known phishing failures down to 0%.
  • Developed risked based approach to security governance, aligned with strategic business objectives and accounting for regulatory environment, corporate risk profile, and rapidly evolving threat landscape.
  • Successfully led multiple initiatives to unify and update security controls across several mergers and acquisitions, including network segmentation, offsite network backups, updated perimeter controls, reduced business email compromise, centralized logging and event management, host based EDR protection, anti-phishing controls, and multi-factor authentication.
  • Implemented and ran a vulnerability management program, including frequent and predictable scanning intervals, aggressive patch management and annual penetration testing.
  • Placed security focus into Software Development Lifecycle (SDLC) via static and dynamic code analysis testing.
  • Incident commander for identification, containment, and remediation of all security related incidents impacting the organization.
  • Created centralized business continuity and disaster recovery program to ensure ability to recover various points of the business in the event of loss of service.
  • Pivoted security controls and policies when pandemic turned in-person workforce to remote workforce.
  • Managed all regulatory and industry compliance audits, including PCI-DSS, SOC2, HIPAA, and HITRUST. Coordinated with Chief Compliance Officer on all new compliance requirements as defined by industry, marketplace, and customer requests.
  • Performed security reviews and audits as part of RFPs and normal customer lifecycle. Acted as point of contact for all customer vendor management reviews, positioning our security posture as a point of strength and a differentiator from our competitors.
  • Responsible for annual security and risk assessments on critical third-party vendors, onsite audits as necessary, and full reviews and audits on new vendors as part of selection and onboarding process.
  • Chaired recurring Security Steering Committee to provide security insight and security metrics to executives of company and board.
  • Managed multi-million dollar annual budget at a 5-10% cost savings year over year.

Director, Cloud Security Operations

Netscout
09.2013 - 02.2019
  • Responsible for development and service delivery operations for a Managed Security Service Provider (MSSP) focusing on offering mitigation services of Distributed Denial of Security (DDOS) attacks to global customers.
  • Developed business and operational model from scratch to create a brand new business offering for company to reposition as a managed service provider
  • Created a globally distributed Security Operations Center (SOC) to support product offering.
  • Managed a global staff covering 24x7 shifts while providing incident response to hundreds of customers.
  • Led the team through the startup phase of a new business unit, requiring rapid growth, agility, and entrepreneurial leadership to meet the demands of the market.
  • Worked laterally across the organization with product management, marketing, sales, software development, and security threat research to continue to improve and grow the product offering.
  • Maintained a global environment of 13 data centers used to create cloud environment that delivered the security service offering. Managed a complex infrastructure partnership relationship to ensure bandwidth, connectivity, and data centers met aggressive contractual SLAs for customers.
  • Escalation point for customer issues. Established strong relationships with key customers to ensure satisfaction during lifecycle of the contract and drove renewals of the service.
  • Mitigated and resolved hundreds of customer security incidents on an annual basis before events became business impacting or public facing.
  • Dotted line management of software development team responsible for creating and improving security tools utilized by SOC. Oversaw Agile methodology and sprint planning.

Director, Information Security

Sears Holdings Company
05.2011 - 09.2013
  • Functioned as the senior most Information Security Officer for the company. Responsible for the implementation of the security program and vision across the enterprise, as well as over 2500 Sears and Kmart retail locations.
  • Managed a staff of 25 employees and an annual budget in excess of $10 million.
  • Created cohesive security policy, standards, and baselines for enterprise to drive awareness and adherence to information security for all business units and technology architectures and platforms.
  • Managed annual audits for PCI-DSS, Sarbanes Oxley, and HIPAA. Remediated issues that were discovered as part of those assessments.
  • Created and ran a vulnerability management program to identify risks and rank those risks accordingly to enterprise business objectives.
  • Reduced costs by 25% by replacing an outsourced MSSP relationship with a more effective partner to provide 24x7x365 security services.
  • Deployed several new controls to further protect the enterprise, including application whitelisting, Data Leakage Protection (DLP), updated IDS/IPS, and Security Information and Event Management (SIEM) logging.
  • Implemented Identity Access Management and introduced Role Based Access Control (RBAC)
  • Oversaw corporate risk management and penetration testing

SVP - Sr. Technical Manager/Security

Bank Of America
07.2001 - 05.2011
  • Managed globally distributed team of security analysts and engineers responsible for preventing, responding, containing, and analyzing over 150 million security events on a daily basis.
  • Managed Distributed Denial of Service (DDOS) detection and mitigation.
  • Integrated security systems from high profile and complex mergers and acquisitions, including companies such as Countrywide Financial, Fleet Bank, and Merrill Lynch.

Consultant

Accenture
10.1998 - 07.2001
  • Provided management consulting focusing on data centers, security, and architecture. Firm was under the name of Andersen Consulting during my tenure.

Systems Integration Consultant

Information Technologies, Intl
01.1998 - 10.1998
  • Provided variety of technical consulting services focusing on financial clients.

Education

MBA -

Loyola University of Chicago
Chicago, IL
05.2006

Master of Science - Management Information Systems

Loyola University of Chicago
Chicago, IL
05.2005

Bachelor of Arts - Communications

Western Illinois University
Macomb, IL
12.1997

Skills

  • Malware/Ransomware
  • Encryption
  • Endpoint Protection
  • Network Security
  • AWS Security
  • Security Incident Response
  • Vulnerability Management
  • Disaster Recovery Planning
  • Security Operations
  • Risk assessment & compliance
  • Policy and Procedure Creation
  • Leadership and Team Building

Accomplishments

    Leadership

  • Developed and implemented enterprise security strategy and framework that consists of strategically integrated elements of NIST 800-53 Cybersecurity framework, SANS Critical Controls, and ISO/IEC 27001/27002.

    • Strategy and Planning

  • Developed and communicated security policies for HITRUST, FedRAMP, and other security policies and standards to all users in multiple organizations.
  • Designed security architectures for replatforming from data center to cloud based architectures.
  • Created and staffed a MSSP SOC with > 100 customers.

    • Team Collaboration

  • Collaborated with large departments to establish enterprise security framework to accomplish common IT security objectives and leverage common tools to reduce costs.
  • Coordinated the activities of security engineers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.
  • Improved sales cycle response by streamlining GRC go to market activities.
  • Developed Security Champions programs to educate and empower security minded design across engineering teams.

    • Project Management

  • Managed creation of dedicated environment in AWS govcloud region with certification to "FedRAMP in Process".
  • Managed programs for discovery of vulnerabilities, remediation within contracted SLAs, and reporting to public sector and private customers.
  • Managed modernization of physical security systems in highly regulated office and manufacturing spaces.
  • Managed the reduction of friction on employees caused by several security controls while maintaining highest levels of security.

Timeline

Vice President, Information Security

Socure
10.2022 - 02.2024

Vice President, Information Security

Vonage
09.2021 - 10.2022

Director, Information Security

RevSpring
03.2019 - 09.2021

Director, Cloud Security Operations

Netscout
09.2013 - 02.2019

Director, Information Security

Sears Holdings Company
05.2011 - 09.2013

SVP - Sr. Technical Manager/Security

Bank Of America
07.2001 - 05.2011

Consultant

Accenture
10.1998 - 07.2001

Systems Integration Consultant

Information Technologies, Intl
01.1998 - 10.1998

MBA -

Loyola University of Chicago

Master of Science - Management Information Systems

Loyola University of Chicago

Bachelor of Arts - Communications

Western Illinois University

Similar Profiles

CREATE PROFILE
Kate Stafford