Cybersecurity
Coding and building security playforms
Automation and Intelligence
Richard La Bella
Miami,FL
Summary
A Cybersecurity and Information Technology (IT) veteran with three decades of medium-to-large Corporate Enterprise experience. I have cultivated a successful career putting people first through effective and compassionate leadership philosophies that produce the right results for Cybersecurity Programs. I help business leaders develop and improve strategic, tactical, and operational strategies with a deep and wide understanding of people, process, and technology.
Overview
27
27
years of professional experience
1
1
Certification
Work History
Director of Cybersecurity
Alliance Ground International (AGI)
07.2023 - Current
- Developed and authored AGI’s Cybersecurity Policies and Procedures in line with the CIS Controls Framework to ensure proper alignment with operational controls.
- Responsible for PCI Security and SAQ-D Attestation completion to ensure AGI meets PCI requirements for various lines of business. Standardized on Chase Payment Tech as a Service Provider for credit card processing.
- Responsible for planning and remediation of findings related to AGI’s third-party annual penetration testing.
- Developed a two-year Cybersecurity Roadmap.
- Developed a Cybersecurity Risk Tracking Dashboard for CTO and CEO risk and awareness.
- Spearheaded our Cisco/Meraki ISE Zero Trust Architecture for network access control.
- Improved Microsoft Azure and O365 Secure Scores for Cloud Security.
- Implemented several hardening improvements for Barracuda Email Defense from a Geolocation and File prevention strategy to reduce risk.
- Managed the CrowdStrike Falcon Complete Solution leveraging that platform prevention, detection, and response and for a light vulnerability management solution to operationalize vulnerability risk reduction across all assets.
- Responsible for all incident response procedures and responding to threats such as account take over activities related to phishing attacks.
- Responsible for conducting all AGI’s simulated phishing attacks in a measured and repeatable process to ensure reduction in human risk.
- Implemented adversary emulation by conducting a variety of reconnaissance and enumeration attacks targeting domains, sub-domains, and web applications for proactive security prevention using Amazon Cloud EC2 Instances.
- Worked with Web Development to help them understand web application vulnerability findings and how to mitigate and remediate findings related to PHP, HTML, and Java Script errors.
Owner & Operator
ID PROTECT
08.2022 - 07.2023
- Spearheaded and developed a comprehensive identity management and identity theft solution for high-profile, high wealth individuals.
- Developed a customized identity theft prevention, detection, and response blueprint using a combination of Identity Theft Protection solutions and actionable steps using a defense in-depth approach to reduce risk to the human.
- Conducted numerous demonstrations to individuals and groups for how they can protect their identities with the blueprints I developed.
Director, Cybersecurity Operations & Support
University of Miami Health System
11.2021 - 07.2022
- Responsible for Cybersecurity Operations and Support.
- Develop, mentor, and lead Cybersecurity team.
- Developed professional development plans for staff.
- Responsible for incident response training & testing, working with Mandiant.
- Implemented Incident Response Team (IRT).
- Created Incident Response Playbooks.
- Managed vulnerability management program using Tanium, Qualys for assessment and SCCM for patching.
- Implemented CyberArk for privileged access management (PAM).
- Implemented a defense in-depth endpoint security roadmap strategy using CrowdStrike, Carbon Black, Tanium, Qualys, Absolute, InTune, JAMF, CyberArk, AirWatch, USB Blocking, and Encase for forensics.
- Steered implementation of Encase forensics program.
- Steered the development of UHealth's data collection and intelligence program using Splunk for SIEM and our Managed Security Service Provider for 24x7x365 incident response.
- Responsible for a six month, multi-million Palo Alto Firewall rollout strategy to protect against threats targeting patient data repositories/data bases.
Chief Information Security Officer
VITAS Healthcare
10.2015 - 11.2021
- Provide guidance and counsel to corporate leadership, working closely with senior managers and directors in Information Technology, Claims, Finance, Legal, and IT Leadership, defining Cybersecurity policies, procedures, and guidelines while building and maintaining strong relationships across the organization.
- Assisted Executive Committee in making informed decisions and improving performance, transparency, and accountability for a newly implemented Cybersecurity Program by articulating confusing technology terms into easy-to-understand business acumen.
- Provided a thoughtful and appropriate leadership philosophy for the Cybersecurity Program vertically and horizontally within the organization to ensure a consistent message of security, transparency, openness, and trust.
- Visionary for all aspects of the Cybersecurity Program, developing a reliable and available defense in-depth strategy for endpoints, servers, and perimeter-based vectors using tools such as EndGame, Rapid7, VMware virtual micro-segmentation, and Cisco Firewalls.
- Work with leadership to oversee business operations to ensure the Cybersecurity strategy is in alignment and support of business goals and objectives.
- Responsible for acquiring Cyber Insurance through collaboration with Corporate Leadership.
- Delivered Enterprise-wide Security Awareness and Education physically and virtually, leveraging simulated phishing attacks and creative games to drive awareness using tools such as ProofPoint and KnowBe4.
- Defined security metrics and a consistent reporting cadence; creating maturity models and roadmaps for continual program improvements for Vulnerability Management using tools such as Tanium, Rapid7, and Tenable.
- Steered the design and implementation for an Enterprise micro-segmentation process across the VMware virtualized environment as part of my defense in-depth objectives.
- Implemented a broad range of safeguards and countermeasures such as VMware Micro-segmentation, and a continuous vulnerability risk assessment and remediation and mitigation process to protect the confidentiality, integrity, and availability of VITAS's electronic health record system.
- Monitored threats 24x7x365 and addressed intentional or accidental misuse of data across all environments by developing a comprehensive Managed Detection and Response Program for incident response using Splunk and Rapid7 Cloud-based SIEM solutions.
- Drove automation for rapid mitigation of threats using Proofpoint, Tanium, and Rapid7 for effective endpoint security and intelligence.
- Drove a mature security risk assessment questionnaire process to help feed in business-critical information for new vendor engagements and business alignment with the Project Management Office.
- Acquired outside HIPAA Risk Assessor, Clearwater Compliance for annual risk assessments and remediation of findings.
Corporate Information Security Advisor
Assurant
12.2014 - 06.2015
- Held responsibility for reviewing and assessing risk for mergers and acquisitions as it relates to Authentication, Authorization, and Accounting (AAA).
- Advised legal, HR, and other business groups to adopt appropriate security jargon in all contracts, statements of work, and any terms and conditions prior to finalizing business agreements with customers and 3rd party organizations.
- Protect the confidentiality, integrity, and availability of classified data by identifying and conveying security risks to the business.
- Adhered to ISO 27001/27002 standards while providing information security risk leadership for Assurant Corporate.
- Ensured to meet security and compliance requirements, while providing recommendations to a number of practice areas and departments across the corporation.
- Led and executed the Corporate Security Program that addresses the risks, threats, and vulnerabilities across the organization.
- Minimized risk and ensured confidentiality, integrity, and availability of data by revising and enforcing Assurant's security policies, procedures, and standards across the organization.
Senior Manager, Information Security
AvMed
02.2012 - 12.2014
- Information Security, and Compliance.
- Implemented NIST 800-53 privacy and security controls, FIPS 199 & 200 standards, and HIPAA and PCI regulatory requirements across AvMed.
- Developed a culture of hospitality and service excellence by liaising with the team.
- Delivered month-over-month reporting on patching, HIPAA compliance remediation efforts, and endpoint security compliance by creating a robust security metrics program.
- Ensured alignment of newly developed AvMed's vision for Cyber Defense and threat prevention with business capabilities related to enterprise data integration and its 350K member/customer database.
- Maximized workflow productivity and efficiency through management of 12 security analysts, telecommunications, network infrastructure, and service desk personnel across the state of Florida and seven offices.
- Recognized by the Executive Leadership Team out of 800 employees to support AvMed's internal 'Culture Change' and 'Decision-Making Accountability' program.
- Saved AvMed $65K a year through development of a standard solution for patch management and related processes.
- Steered the development and deployment of AvMed's Bring Your Own Device (BYOD) strategy by utilizing Mobile Iron for Apple and Android devices.
Manager, Security Risk and Compliance
City of Miami
04.2011 - 02.2012
- Ensured smooth delivery of the City of Miami's new website design and the mayor's website while acting as a project lead.
- Oversaw the quality, efficiency, and effectiveness of the City's Service Desk Program through consistent leadership and employee evaluation.
- Evaluated IT security performance and value to key IT and business stakeholders through development of security metrics program.
- Saved City of Miami $100K in development costs by leveraging in-house skillsets for website design and development.
- Acknowledged by the City of Miami Mayor, Thomas Regalado to provide overall IT skills and process evaluation for the City of Miami Information Technology Department.
Founder & CEO
La Bella Security Group
05.2010 - 04.2011
Senior Manager, Information Security
Citrix Systems, Inc
03.2004 - 05.2010
Senior Security Analyst
Office Depot Corporate Offices
09.2001 - 10.2003
Manager, Security Operations and Support
Marex.com
10.1998 - 09.2001
Education
Check Point Certified Engineer -
Check Point
Check Point Certified Administrator -
SANS Systems Forensics Track
CCNA -
Cisco
MCP -
Microsoft
MCSE -
Microsoft
CISSP -
ISC2
09.2011
Skills
- Executive Leadership
- People Management
- Project Management
- Visionary & Strategist
- Incident Response
- Budgetary Expertise
- Vulnerability Management
- Regulatory Compliance (HIPAA, PCI, GLBA, SOX)
- Vendor Management
Certification
- CISSP (Certified Information Systems Security Professional)
- CIPA (Certified Identity Protection Advisor)
Accomplishments
- Produced security metrics program for vulnerability management for Executive Committee’s & Boards using a variety of tools such as Rapid7, Tenable, Tanium, and SCCM
- Achieved 80% reduction of account takeover through automation leveraging ProofPoint TRAP.
- Reduced IT Security Budget by 10% utilizing current investments by providing more education and training via automated simulated phishing attacks, and in-person training nationally and internationally where needed.
- Reduced critical Vulnerabilities by 90% across all server and endpoints through consistent measurement and dashboarding via Rapid7, Tenable, and Qualys.
Affiliations
- Healthcare Sector Chief, South Florida InfraGard, 2018-2020
- First South Florida President, InfraGard, 1999-2000
- Member, Information Systems Security Association (ISSA)
- Founder, South Florida Honeynet Project, 2004
- Co-Founder, Honeynet Research Alliance, 2003
- Winner, SC Magazine Reboot Leadership Award, 2019
- Co-Author, "Know Your Enemy: Second Edition", 2004
- Public Speaker, Citrix, 2009
- Public Speaker, West Point Military Academy
- Speaker, Department of Defense Agencies/The Pentagon; InfraGard and the FBI; numerous Industry Conventions such as Black Hat, Symantec, and McAfee
Interests
Timeline
Director of Cybersecurity
Alliance Ground International (AGI)
07.2023 - Current
Owner & Operator
ID PROTECT
08.2022 - 07.2023
Director, Cybersecurity Operations & Support
University of Miami Health System
11.2021 - 07.2022
Chief Information Security Officer
VITAS Healthcare
10.2015 - 11.2021
Corporate Information Security Advisor
Assurant
12.2014 - 06.2015
Senior Manager, Information Security
AvMed
02.2012 - 12.2014
Manager, Security Risk and Compliance
City of Miami
04.2011 - 02.2012
Founder & CEO
La Bella Security Group
05.2010 - 04.2011
Senior Manager, Information Security
Citrix Systems, Inc
03.2004 - 05.2010
Senior Security Analyst
Office Depot Corporate Offices
09.2001 - 10.2003
Manager, Security Operations and Support
Marex.com
10.1998 - 09.2001
Check Point Certified Engineer -
Check Point
Check Point Certified Administrator -
SANS Systems Forensics Track
CCNA -
Cisco
MCP -
Microsoft
MCSE -
Microsoft
CISSP -
ISC2
Similar Profiles
Omotoyosi Adebisi OduyoyeOmotoyosi Adebisi Oduyoye
Ground Ramp Agent at Alliance Ground International (AGI)Ground Ramp Agent at Alliance Ground International (AGI)
XIAOBING YEXIAOBING YE
Operator Helper at AGI ALLIANCE GROUNDOperator Helper at AGI ALLIANCE GROUND
Sukhmani KaurSukhmani Kaur
Passenger Service Agent at Alliance Group International (AGI)Passenger Service Agent at Alliance Group International (AGI)