Mark Thacker
Information Security And IT Executive
Clarksville,IN
Summary
Proven Information Security and Technology Executive with two decades of professional experience. Skilled in maximizing technical capabilities with disciplined expense management, inspiring people, and deriving coherent technical roadmaps from business strategy. Strong background in complex mergers, acquisitions, and divestitures and managing the risks thereof.
Overview
15
15
years of professional experience
1
1
Certification
Work History
EVP, Chief Technology Officer and Chief Information Security Officer
Get Beyond, Inc.
11.2022 - 6 2024
- Promoted to CTO and CISO after years of successful leadership as CISO
- Leading and representing all technology organizations at Get Beyond, reporting to the CEO and independent board of directors while retaining all previous responsibilities listed below as CISO
- Forged a new organizational model, bringing DevOps and an ITIL-based IT Infrastructure/Service Desk team under one umbrella, bringing new alignment, efficiency, and capitalizing on the strengths of all former teams while breaking down barriers
- Ingratiated the Delivery organization to the Executive team in ways not previously realized, building trust between organizations
- Advocated for critical resources while weathering reductions in force without material impact to service offerings, earning the respect of my subordinates, peers, and superiors during challenging circumstances
- Managing to a $10M budget with monthly reporting presentations and accountability to the CFO and CEO
- Identified 10% annualized budget savings since stepping into the new role
- Remained under budget all years as a member of the executive team (CTO/CISO and CISO roles)
- Drove capex wages ratio higher as a proportion of overall wages while ensuring appropriate focus on technical debt reduction
- Maintained a flexible and cost-effective technical landscape while standing up to the rigors of constant attack by malicious actors and annual PCI-DSS assessments by third-party auditors
- Key member of the management presentation team for potential acquiring organizations
- Presented material technical aspects of the company for consideration, answering myriad questions with poise and preparedness
- Organized and managed all due diligence artifacts and virtual data room
- Conceived, led, and executed on a divisional divestiture while broader M&A initiative underway, improving our books, and leading to successful acquisition.
SVP, Chief Information Security Officer
Get Beyond, Inc.
05.2018 - 11.2022
- Led a department of professionals responsible for Information Security, Enterprise Compliance (PCI-DSS), and IT Internal Audit
- Established a comprehensive security program as the company rapidly grew from startup (2018) to $75M company today with 400+ employees (600+ pre-pandemic)
- Designed and implemented multiple enterprise-grade programs, including: Enterprise Risk Management, Enterprise Compliance and IT Audit, Business Continuity Planning and Disaster Recovery, DevSecOps Program and Secure SDLC with Security Champions, 24/7 Security Operations, Security Architecture and Engineering Programs, Incident Management (NIST SP 800-61), Custom Control Frameworks (based on NIST, AICPA SSAE-18, and PCI-DSS), Third Party Risk Management, Training and Awareness Programs, Physical Security Monitoring and Operations, Legal Support
- Delivered financials consistently to 10% or less of IT Spend, under projections, while increasing capabilities
- Responsible for six years of PCI assessments by external Qualified Security Assessors with no findings or compensating controls
- Led the organization though the COVID-19 pandemic: Rapidly enabled a remote workforce, redesigning our technical architecture for secure and compliant remote operations
- Set policy and implemented best practices for employee safety, coordinating across multiple Federal, State, and Municipal regulations.
Director, Information Security
Software Information Systems, LLC
05.2017 - 05.2018
- Information Security Owner for a boutique cloud/managed service provider
- Corporate Security Owner
- Performed all functions of a corporate security program, including risk management, policy management, capability design, engineering, and operation, incident response, physical security, and consultation on secure implementation of internal technologies
- Responsible for maintaining SOC2 compliance with Security, Privacy, and Availability Service Principles
- Coordinated annual, quarterly, monthly, weekly, and daily audit activities with all technical owners
- Accountable for annual SOC2 assessment with external auditors
- Product Security Owner
- Conducted design reviews, secure coding consultations, and provided remediation guidance for pen-test findings and vulnerability scans.
Director, Security Architecture and Assurance
Global Payments/Heartland Payment Systems
05.2013 - 05.2017
- Security Architecture and Engineering Owner
- Led a team of security architects to research and design a robust, secure, and cost-effective technical landscape in a 'Plan, Build, Run' model
- Instrumental in the monumental architecture shift from PCI 2.X to 3.0, leading the coordination of nearly every technical team in the organization
- Spearheaded the integration of the two massive infrastructures into a single, unified, and streamlined model
- Managed the new architecture model to the financial synergies reported to Wall Street
- Oversaw a team of engineers to implement, or 'Build' the capabilities outlined by the security architecture team ('Plan')
- Application Security Program Owner
- Developed, implemented, and operated the Secure SDLC process with all development teams across the merging organizations
- Coordinated the integration of the two SDLC processes, taking advantage of strengths from each
- Set prioritization of application security engagement with product owners and executive team members through risk analysis
- Oversaw a team of Application Security professionals who guided developers on secure design and architecture in project design reviews, owned, maintained, and optimized SAST utilities, assisted developers with granular remediation tasks from SAST or pen-test findings, and trained developers on secure coding techniques, including the creation of a custom environment in which developers could experiment with web application vulnerabilities and practice remediation
- Information Security Merger Contributor
- Appointed by the acquiring CISO to threat model the merging of two industry-leading security organizations, helping to quantify risks throughout the process
- Developed and implemented a new methodology to threat model the merger
- Merger and Acquisition Due Diligence Committee Member
- Conducted due diligence on more than 12 acquisitions made by Heartland Payment Systems prior to the Global Payments acquisition of Heartland
- Homeland Security Advisor
- Advised the Department of Homeland Security on Application Security best practices to be implemented across all Federal agencies and contractors.
Application Security Consultant
Humana, Inc.
02.2008 - 05.2013
- Secure SDLC Process Owner
- Spearheaded SDLC process re-design
- Partnered with Development Leadership, Product, and fellow SDLC Process Owners to re-engineer new Secure SDLC within the broader SDLC overhaul
- Earned trust among each development group, fostering understanding and adoption
- Reduced process overhead and improved security posture by focusing on risk-based action
- Served as a SDLC Working Group representative for continuous process improvement
- Led team of Application Security professionals, mentoring and coaching while embedding them in their most ideal product areas and development teams for consultation
- Provided technical consultation for vulnerability remediation/prevention Scrum-based projects
- Led successful implementation of static and dynamic application security scanning tools
- Developed process for inclusion of automated and manual scanning efforts in overall SDL
- Consulted on vendor/acquisition software integration
- Represented application security at recurring town-halls/program calls for developers, architects, and project managers relating to their specific areas
- Recipient of multiple awards for excellence
- Promoted from Analyst to Consultant.
Education
Bachelor of Science - Computer Information Systems
University of Louisville
Louisville, KY 05.2001 -
Private Pilot Certificate -
Aerotech
Lexington, KY 05.2001 -
Skills
Strategic Planning
Risk Management
Mergers and Acquisitions
Digital Transformation
Enterprise Architecture
Relationship and Team Building
Leadership and People Development
Board Reporting
Financial Leadership
Process Improvements
Policy Development
Certification
CISSP - Certified Information System Security Professional
Timeline
EVP, Chief Technology Officer and Chief Information Security Officer
Get Beyond, Inc.
11.2022 - 6 2024
CISSP - Certified Information System Security Professional
10-2019
SVP, Chief Information Security Officer
Get Beyond, Inc.
05.2018 - 11.2022
Director, Information Security
Software Information Systems, LLC
05.2017 - 05.2018
Director, Security Architecture and Assurance
Global Payments/Heartland Payment Systems
05.2013 - 05.2017
Application Security Consultant
Humana, Inc.
02.2008 - 05.2013
Bachelor of Science - Computer Information Systems
University of Louisville
05.2001 -
Private Pilot Certificate -
Aerotech
05.2001 -
Similar Profiles
Darrell MulrooneyDarrell Mulrooney
Spray foam tech/Driver at Sexton Insulation and guttersSpray foam tech/Driver at Sexton Insulation and gutters
Selena TimberlakeSelena Timberlake
Team Lead at KnippeRxTeam Lead at KnippeRx
Kendall JenkinsKendall Jenkins
Front Line Supervisor at UPSFront Line Supervisor at UPS