Larry Kiger
Cybersecurity And Compliance Leader
Warrenton,VA
Summary
Talented Cybersecurity, Risk Management, and Compliance Leader with over 25 years of experience planning, developing, overseeing, and implementing technical solutions to improve system security, risk, and productivity. Former Marine Corps platoon sergeant turned results-oriented leader with experience coaching and leading technical and non-technical staff.
Overview
28
28
years of professional experience
3
3
years of post-secondary education
3
3
Certificates
Work History
Technology Manager, Cybersecurity and Compliance
MarineMax
Clearwater, FL
02.2023 - Current
- Manages a team of highly-motivated security and compliance professionals who support MarineMax and its affiliates.
- Collaborated with cross-functional teams to address compliance concerns, fostering a culture of shared responsibility.
- Responsible for the oversight of a security budget of two million dollars, which includes the management of security portfolios and managed services.
- Collaborated with both internal and external audit teams to design a process that optimizes SOX IT and application controls by developing new data collection techniques. These techniques use automated collection processes and eliminate the long turnaround time that is normally associated with evidence retrieval.
- Designed and implemented security protocols to safeguard data, including encryption, isolation, and detection, in addition to a hands-off approach and a zero-trust methodology implemented via technological platforms such as Okta and CyberArk.
- Enforced NIST SP 800-171 controls to enhance security and ensure compliance with the GLBA's Safeguard Act.
- Developed patch and vulnerability management strategies for the organization that streamlined all subsidiaries and contract services into one integrated platform, resulting in faster patching and remediation processes.
- Managed implementation of new technological improvements resulting in increased efficiency.
- Implemented successful remediation efforts following audit findings, minimizing adverse consequences for the organization.
Regional Lead, America’s, Information Security and Compliance, WORLDWIDE Public Sector
Amazon Web Services (AWS)
Arlington, Virginia
08.2018 - 01.2023
- Provided internal AWS Solution Architects with solid security fundamentals based on scans, processes, and best practices for architecting a secure solution in Amazon Web Services Cloud Platform.
- Managed application security, risk, vulnerability management, and safe design methodologies; and served as a single-threaded security leader for the Federal, DoD, and DoD Contractors.
- Managed a team of five direct report Executive Security Advisors that provided one-on-one and one-to-many strategic security and compliance discussions to C-level executives from the Partners team and foreign public sector enterprises.
- Owned the process and service for providing strategic security architecture and compliance guidance to AWS's internal public sales teams, partners and customers regionally, for North America, South America, and Canada.
- Collaborated with the US government and various agencies to develop advanced plans for forensics, incident response, and security analytics. These plans were designed to be compatible with both on-premises and multi-cloud infrastructure.
- Authored and delivered innovative insights at significant conferences on a range of topics, such as data security, zero trust, the Cyber Security Executive Order, protection of student data, and contributing to internal discussions on security strategy.
- Responsible for the creation and delivery of AWS Public Sector's Insider Threat initiative. Led a team that created white papers, blogs, and internal training to educate internal sales and technical teams, customers, and other stakeholders on insider threat mitigation and detection techniques.
SR. Manager, Cybersecurity and Compliance
First American Payment Systems
Fort Worth, TX
12.2017 - 08.2019
- Developed IT Security Governance structure to reduce risks in business processes, enhance information security, and comply with regulatory requirements.
- Managed a team of security experts who maintain the continuous protection of six intricate and critical payment gateways, processing millions of financial payment card transactions every minute.
- Architected and deployed a security awareness program, Computer Incident Response Team, and Disaster Recovery / Business Continuity Plans to safeguard the company.
- Developed methodologies to perform risk assessment, business impact analysis, and security assurance to improve systems and operational security.
- Implemented an aggressive anti-phishing program that resulted in a reduced number of occurrences from dozens per month to single digits.
- Architected and managed several high-profile Palo Alto hardware and Pan OS upgrades to production with no unnecessary outages.
- Developed an application security strategy that encompassed detection techniques such as Dynamic Application Scanning Tools (DAST) and Penetration Testing, as well as preventive measures like Static Application Scanning Tools (SAST) and Threat Modeling. This strategy successfully minimized the vulnerability of internally developed applications to potential attacks.
- Expanded the security team at the company from 3 individuals to 8 individuals, comprising of two Security Architects, two Network Security Engineers, and four Security Analysts.
- Designed and implemented a full security matrix dashboard in Microsoft PowerBi that was highly praised by the company’s executives.
- Architected a team education program that allowed the team to keep current with security skills and maintain certification.
- Lead strategy discussions with executives in the General Data Protection Regulation (GDPR), The Personal Information Protection and Electronic Documents Act (PIPEDA), PCI DSS, as well as other regulatory compliance frameworks.
- Assisted clients during mergers and acquisitions by evaluating potential target companies'' cybersecurity defenses for any potential vulnerabilities or weaknesses prior to finalizing deals.
- Prepared and presented comprehensive reports to upper management and audit team, covering issues and recommendations.
- Delivered subject matter expertise for internal and external customers on compliance best practices and quality control.
- Drove optimization of regulatory risks management, control testing and process improvements.
Associate Director, Information Technology Risk and Governance
Novartis
Fort Worth, TX
10.2013 - 12.2017
- Managed stakeholder’s expectations to deliver comprehensive company policies, technical procedures, and standards for preserving the integrity and security of data, reports, and access.
- Created and closely managed processes for exception management, leading to the establishment of an exceptions management committee and a streamlined tracking process.
- Worked closely with business and application owners to establish a thorough cybersecurity incident response process and procedure, eliminating the reliance on third-party services and saving the company a significant amount of money.
- Designed a cyber-security threat intelligence process, which delivered actionable intelligence to the Novartis Security Community and resulted in the discovery of a counterfeit drug manufacturing ring.
- Lead risk management activities, including authoring, and reviewing risk management policy and plans.
- Develops testing strategies and plans for internal security audits.
- Leads mitigation, and remediation activities for all audit findings.
- Streamlined SOX Security testing by developing new testing methodologies.
Global Lead, IT Security
ALCON
Fort Worth, TX
10.2012 - 10.2013
- Spearheaded the deployment of large-scale projects, coordinating with stakeholders across multiple departments to ensure successful implementation and adoption rates.
- Reported directly to the Chief Information Officer and was responsible for overseeing the company's cybersecurity initiatives worldwide. Managed security operations across 72 global locations, ensuring the protection of more than 265,000 servers, workstations, and peripheral devices.
- Led a successful initiative to address numerous audit and security findings across various business and manufacturing divisions worldwide. This effort led to the implementation of new patching policies, enhanced security controls based on NIST SP 800-53, and the patching of over 265,000 servers, workstations, and peripherals.
- Championed a culture of continuous improvement within Global Network Services Lead role, consistently seeking out innovative solutions to enhance overall network efficiency and resiliency.
- Responsible for the direct management of two managers and four engineers with the overall organization consisting of 30 people globally.
Deputy Chief Information Security Officer / Privacy Officer
US Department of Interior, OSMRE
Washington, DC
08.2008 - 10.2012
- Evaluated vendor solutions for improved security capabilities, ensuring alignment with business objectives.
- Increased threat visibility by deploying advanced monitoring systems and threat intelligence feeds across the enterprise network, such as, Network Access Controllers (NAC), Intrusion Detection/Prevention, Data Loss Prevention (DLP) tools and Firewalls.
- Spearheaded the development of disaster recovery plans that enabled rapid system restoration following disruptive events.
- Led Continuity of Operations Planning for the bureau's information technology team, actively participating in multiple national security real-world and training exercises.
- Created dashboards to showcase critical security metrics, resulting in acknowledgement from the Inspector General's Auditing team and senior Department of Interior Leadership.
- Received accolade for demonstrating exceptional leadership skills during a Department of Home Security red team exercise by successfully identifying and preventing an attack. Additionally, effectively collaborating with the larger DOI team resulted in minimizing potential errors that could have occurred if they had not been informed.
- Established strong relationships with cross-functional teams to promote a culture of information security awareness.
- Coordinated with executive leadership on strategic initiatives relating to member information, privacy protections and alignment among data privacy and security activities.
- Cultivated a network of external partners such as legal counsel and industry peers to share best practices and stay abreast of emerging trends in the field of privacy.
- Rewrote and updated comprehensive department policies and procedures.
Education
Some College (No Degree) - IT Security, Psychology
The University of Maryland, University College
College Park, MD 06.2006 - 11.2008
Skills
Implementing security programs
Certification
AWS Certified Solutions Architect – Associate
Timeline
Technology Manager, Cybersecurity and Compliance
MarineMax
02.2023 - Current
Regional Lead, America’s, Information Security and Compliance, WORLDWIDE Public Sector
Amazon Web Services (AWS)
08.2018 - 01.2023
SR. Manager, Cybersecurity and Compliance
First American Payment Systems
12.2017 - 08.2019
Associate Director, Information Technology Risk and Governance
Novartis
10.2013 - 12.2017
Global Lead, IT Security
ALCON
10.2012 - 10.2013
Deputy Chief Information Security Officer / Privacy Officer
US Department of Interior, OSMRE
08.2008 - 10.2012
Some College (No Degree) - IT Security, Psychology
The University of Maryland, University College
06.2006 - 11.2008
Technology Portfolio
- Palo Alto
- Cisco
- Juniper
- CyberArk
- Imperva Incapsula
- Tripwire
- Firemon
- LogRhythm
- Sumo Logic
- Proof Point
- Mimecast
- Fore scout's CounterAct
- Symantec Vontu Data Loss Prevention (DLP)
- McAfee Vulnerability Manager
- Qualys
- Rapid 7
- Tenable One
- RSA Archer
- Symantec
- Gemalto
- AWS
- Azure
- Workiva
- LINUX
- Windows Server
Proficiency
Privacy Compliance, GDPR, CCPA, PIPEDA, Project Management, Network & Systems Security, Staff Training & Development , Team Leadership, Proposal Development, Data Integrity & Recovery, Cyber Threat Intelligence, Security Incident Response, Technical and Business Risk Assessment, Vulnerability Analysis, Cost Benefit Analysis, Forensic Analysis, NIST SP 800-53, NIST 800-171, GxP, 21 CFR Part 11, GLBA , SARBANES Oxley, PCI DSS, CMMC