Scottard Banks
Executive Information Security Practitioner
Anthem,Arizona
Summary
Executive Security Professional Professional Summary More than 30 years of experience as an IT professional with strong expertise in IT management, IT security management, and IT enterprise architecture. Demonstrated expertise in establishing and implementing large information security programs. Designed and implemented automated tool-based vendor management, vulnerability management, and risk management frameworks, with continuous monitoring. Performed certification preparation and attainment of ISO 27001:2013, HITRUST to adhere to CIAA (Confidentiality, Integrity, Availability, and Authenticity) of critical business information assets and environment. Highly skilled, dedicated, financially aware, and enthusiastic team player with excellent leadership and communication Skills. Highly adept in risk management and business continuity with additional skills in Artificial Intelligent security, Deep learning, and blockchain technologies. Additional Skills building out highly effective Security Operations and incident response reporting and alerting. Qualification and Skills C|CISO 2016
Overview
37
37
years of professional experience
1
1
Certification
Work History
SmartRent Date Of
06.2019 - Current
- Creation of overall strategy around risk, privacy, compliance, and internal audit program
- That interacts with Sales, product, engineering, operation, and physical security
- Obtained security certification and attestations with from ISO 27k13/ISO 27k22, attestation SSAE 18 SOC 2 Type 2, and SOX 404a/b audit and report
- As well as provided guidance and direction on SEC and reporting
- Managed a team of Developers, Engineers, and architects for product development, engineering, and network security approaches
- Terraform and other automation tools are secured via the engineering and production security program and initial assessments and evaluation process as well Developed and implemented the overall global privacy strategy and framework
- As the continuous improvement imposed by standards and regulations
- Creation of overall responsible disclosure and intake system for continuous testing of every product and service offering deployed
- Facilitated and identified security framework for COVID-19 and work-from-home protocol
- Implementation and coordination of certification and attestation
- In order to obtain ISO 27001:2013 certification and SSAE 18- SOC 2 Type II, SOX 404
- Codebase elixir, ruby rails, and JS web3.0
- Expanded within AWS and architecture of fully redundant solutions and compliance within production services
- Creation of security architecture design utilizing the CSA framework to identify issues and preventative controls
- Implemented ISMS with no exclusion with full creation of policy library, vendor, vulnerability, risk, and internal audit function
- Creation of a 5-year security roadmap and KPI for governance structure and board reporting
- Lead initiative to convert SOW and Manual to workflows that are being automated
- Designed and implemented
- Creation of content for marketing and external websites
- Working with shareholders to implement and coach other holding companies
- Implementation of Salesforce, HRIIS, and automation tool security
- Auditor and author of Internal Audit framework, schedule, and reporting
- Implementation and administration of security controls, CI/CD scans, technical security, and WAF security controls as well as directory and SAML 2.0 and Auth 2.0 profiles data
- Creation of data dictionary and security controls and retention and risk statements
- Development of (Alliance/ Consortium) to help shape reasonable industry standards in the vertical to ensure proper, effective, and efficient security solutions and interop.
Executive Security Strategist
UC Healthcare System, Of
06.2015 - 06.2016
- Working with Mid to Large security UC Healthcare organizations providing security services to create effective and efficient security programs based on NIST CSF, technical roadmaps, and technical implementation
- Creating effective, efficient evaluations and assessments around Meaningful Use
- Creating and designing software and corresponding process and procedures and architectures to support the organization's growth and roadmaps
- Saving organization over $500,000 to 2million in cost associated with improper technology selection, resource, and needed skill sets, and technology that do not interop
- Creation of sensible security policies /standards/procedures
- Creation and implementation of vulnerability, awareness, and vendor management programs
- Development of technical roadmap, architectural design, and secure SDLC
- Providing assessment and audit utilizing ISO27001:2005/2013, AUP, NIST, HIPAA, GLBA, SOX 404, COBIT
- Automation code review and change management tool leveraging Kitana
- Development of initial budget, staffing needs, and job description as well as hiring and attracting talent to grow
- Delivery of ROI and TCO calculation as well as presentation to executives and boards
- Provide trusted advisory, code development, and intellectual property
- Provide and creation of forensics and incident response protocol and services
- Provide virtual Chief Information Security Officer services to assist in driving security strategy through the organization, customers, partners and 3rd parties.
WebPT Date Of
08.2010 - 02.2016
- The role of CISO was required to address the risk associated with the lack of a security program, and multiple security gaps in policy, procedures, and technologies
- The implementation and auditing to obtain of ISO 27001:2013 cert
- Also creating and implementing robust dashboarding and KPI
- Creator and implementor of the Internal Audit process
- In this role obtained the first certification in this vertical, within an 8-month time frame
- Implementation of SSO, Identity management, and MFA
- Drive the risk management program, and create a Secure Development Lifecycle, change controls, and release management with dynamic, and static security and code review solutions
- Managed multiple M&A reviews resulting in a financial reduction in the asking price
- Implementation of security architecture for cloud diversity leveraging AWS and AZURE to integrate with corporate solutions to extend the border to the cloud, and identify flaws that are and can be introduced by cloud solutions
- Creation and rollout of Secure SDLC and leveraging automation of IDE automation for code review via Veracode
- Creation of SAAS, Cloud, and premise security strategies for dynamic depth in defense
- Implementation of SIEM, Vulnerability Management solutions stack
- Able to impact revenue by designing and defining efficient controls by using risk identification and proper treatment and scoring to allocate proper funding for the most critical systems and environments Security report outs to the senior management test, steering committees, executive risk counsel, and the board
- By implementing an information security management system, the organization has seen revenue growth, and obtaining the ISO has created and changed the current culture within the organization
- Full Orchestration of AI, machine learning, Intelligence feeds, SIEM, and smart responses to ensure the automated attack is mitigated by automated preventions.
Interim Chief Information Security Officer
Dignity Health Date Of
02.2013 - 05.2015
- Obtained to remediate weaknesses and to create a comprehensive, security program, organization, budget and policies, methodologies and framework to address critical deficiencies
- The creation and effective implementation of a collaborative and consensus-driven executive security oversight committee
- The creation of and benchmarking of Key performance indicators around, (awareness, 3rd Party Security, risk assessment, business continuity as well as, change, vulnerability assessments and identity lifecycle management)
- Creation of and building dynamic highly effective information security, threat intelligence and operational risk teams to address all security concerns
- Creation and delivery of security program and toolset required for EPHI EPIC solution, Nextgen and Horizon Labs, to create dynamic and automated security provisioning and removal of the user's account
- Optimized and development of organization department budget, TCO and OpEx/CapEx budget ROI’s, management of budget in excess of 20 million over 4-year technical roadmap strategy
- Addressed all critical and high-level findings with first 40 days
- Performed Meaningful Use Stage 1 and 2 assessments over PHI environments, (Horizon Lab /Clinical and NextGen and EPIC EHR) Performed remediation planning and close out of all remediated items
- Analyzed network traffic, eliminated unnecessary routing and equipment and reduced TCO by 32.3%
- Created a gold image for Servers, workstations and mobile devices
- Developed and managed the BCP/DR plan, also managed the consolidation of 5 data centers to 2 and significant move
- Created strategic roadmap for transitioning off of dated Microsoft software and hardware and migrating to Windows8
- Maintained and delivered risk reporting and provided an executive dashboard for tracking, prioritization, and remediation and funding
- Provided security and risk requirements for ACO and converging 2 ACO’s into 1
- Annual State of Security Address to the Board of Directors and Auditing Boards
- Introduced a cost-reducing process with vendors, providing joint development
- Reduced technology cost by negotiation utilizing best of breed vetting
- Minimized risk by addressing roots caused and creation and development of proactive risk intelligence group and malware swat team
- Obtained 100% awareness acknowledgment within 90 days over 10,000 users
- Effectively addressed security concerns associated with FDA certified product and technologies that reside on the network
- Development and architecture design around identity intelligence solution that allowed for dynamic and autonomous and able to extend to cloud and allow for “byoi’ bring your own identity
- Led virtualization efforts to create an 80/20 mix of virtual environment and physical
- Development and configuration of DLP and system logging and auditing that allows for extended protection and monitoring of SAAS, PAAS, and IAAS
- Created, Designed predictive analytic security framework to address security within A.I
- Algorithm and analytical predictive systems and development protocols
- Created the Merger and Acquisition security requirements and guidelines for assimilation of acquired organization.
Deputy
Xerox HRO Date Of
02.2011 - 01.2013
- Implemented and designed performance optimization program around all solution being offered and created a new architecture, cost structure, and services model to apply the best of breed and reduction objective
- Responsible for securing Cloud and outsourced services for customers and the architecture, telecom, and network infrastructure, that also including databases, mainframe, data warehouse, business intelligence environments
- Act as trusted advisor and consensus builder when required acted as a virtual security professional for customers lacking security expertise
- Plan, develop, and manage information security and risk program for internal business units and to drive customer security requirement
- A directed international team of 120 information security directors, architects, engineers and specialists for information risk management, IT audit and compliance, information security operations, architecture/telecom/network, infrastructure and applications, incident response, and capital/expense budget of an excess of 24 million plus
- Designed, implemented and led information risk management framework that addressed all customer requirements
- Designed risk scorecard for graphical visualization of customers risks portfolio for briefing quarterly of customers risks management steering councils
- Managed and overall consolidation of Datacenter operations and implementation of virtual datacenter strategies utilizing virtualization solution
- Managed infrastructure, desktop and mobile tech refresh that reduced the overall cost of operation by 40% as well as creating a virtual desktop strategy and lockdown process
- Designed and implemented SAAS/PAAS/IAAS security solution for customers that would include tiered firewalls, network IDS, centralized logging, database encryptions, identity management and federation, and encrypted backup, as well as endpoint/infrastructure DLP
- Coordinated with business HR to develop information security, risk management, and infrastructure career path
- Designed strategic vision for infrastructure growth and implementation schedule and budget with the addition of PMO office and Change Management with overall project and budget for updating of infrastructure over course of 2 years
- Designed and implemented physical security controls and personnel
- Implementation included IP CCTV, access and incident door
- Evangelized virtual Wintel implementation for additional lockdown requirements and also restrict and provide security wall around customer data and adhere to all security compliance and frameworks
- Provides customer advocacy for security changes for internal infrastructure and managing all SOW requirements as well as gaps for remediation
- Managed organization uplift of router technology from the Cisco IOS to the Nexus platform which reduced the overall cost of hardware and management systems
- Increased efficiency of desktop and server build process by driving effective imaging standards and the subsequent processes
- Managed and provided reporting on compliance and information security effectiveness against EU Privacy Act
- Designed and implemented customers regulator and compliance and provides certification services for customers who wanted to obtain, ISO 27001 cert, SSAE 16 Type II and provided extensive risk and remediation GRC environment for vendors, 3rd parties, and external auditors
- Reduced TCO of managed services by 40% within FY10 with an increased profit margin of 5 million
- Developed comprehensive proposal (technology architecture, budget, and project plan, TCO, and ROI, Policy, Documentation) and led lifecycle of 3 million global ISO 27001 project to remediate IT infrastructure across 8 countries and 12 LOB
Chief Security Officer /designate Security Officer Hipaa
ASU Date Of
02.2005 - 05.2011
- Responsible for building out a security program for leading research universities in the US, infrastructure, identity lifecycle management, and all policies &procedures
- Led multiple campus and HIPAA activities which included 10 direct reports and 20 indirect reports in all aspects of security in a distributed environment with 2300+ servicers in multiple data centers
- Managed system audits, incident response team and procedure documentation, risk analysis methodology, intrusion detection systems, vulnerability & penetration systems, and information security guidance to the executive management team
- Evaluated all systems and performed all evaluation of technical solutions
- Hire, train, supervise, and evaluate support/technical personnel for campus-wide support of computing and information systems and infrastructure
- Coordinate the functions of the various units of assigned responsibility within the Office of Information Technology (OIT)
- Implement security best practices and business controls based on change and configuration management methodologies, computer security, network security, cryptography, etc
- Created the University security roadmap, information security program, and architecture, in addition to reviews and updates of Disaster Recovery and Business Continuity Plans
- Maintains security liaison, counsel and obtains buy-in across the university and implements university-wide information security awareness, incident response protocols, and training
- Conducts internal assessments of University security solutions and reviews the Secure Software Development and PMO mitigation processes
- Provided Information Risk Mitigation regarding the HIPAA HITECH Act and FERPA, and FISMA requirements and adhered to PCI requirements and ISO 27001:2005 standards as well as State Breach Legislation
- Responsible for all physical security requirements on multiple campuses for on-campus alert systems
- Implemented camera system campus-wide
- Reduced overall piracy by implementing a system to reduce all issues related to RIAA complaints
- Lead University-wide security compliance committee as well as university-wide application security standardization and leadership council
- Engineered overall security strategy for over 75000 users 5000 staff and 8000 faculty guest and physical security personnel, while enhancing user experience optimizing network traffic
- Appointed on Pandemic and Virginia Tech security initiatives with the overall architectural design of the first university zoned architecture and the utilization of NAT with university infrastructure
- Defined procurement legal documentation and negotiated all legal security requirements, assessment, and right to audit and site visit requirements
- Installed redundant servers and led virtualization efforts that increased line capacity
- Launched an effort overseeing a team of programmers review and rewrite over 30 key software applications to support cloud and mobile computing
- Implemented change management leveraging ITIL process documentation for all aspects of the business including, new software and telephony upgrades
- Maintained a highly secured environment base on FISMA, NIST, and FIPS-compliant technologies policies standards, and processes
- Architected, engineered, and operationalized all encryption communication as well as centralization of the PKI infrastructure and all subsequent implementations
- Managed and designed chip pin solution for university swipe pay and Sun Devil Dollars system
- Quarterly briefing and communication to the Board of Regions
- Launched security awareness programs that reached security and students and negotiated additional security packages for students with McAfee, Microsoft, and vendors
- Designated HIPAA Security Officer for the school of nursing, health clinics, and medical and emergency services
- Architected, engineered and operationalize all encryption communication as well as centralization of the PKI infrastructure and all subsequent implementations
- Managed and designed chip pin solution for university swipe pay and Sun Devil Dollars system
- Quarterly briefing and communication to the Board of Regions
- Launched security awareness programs that reached security and students and negotiated additional security packages for students with McAfee, Microsoft, and vendors
- Designated HIPAA Security Officer for the school of nursing, health clinics, and medical and emergency services
- A rapidly recruited team of contractors and security employees to develop and implement the comprehensive, cost-effective information security program
- Supported Board of Regions and Universities within Arizona as well as a State organization
- Negotiated statewide contract of IDM and implemented as a service for all participating agencies
- Implements a security service-oriented architecture within ASU, UofA, and NAU, which allowed for federated environments and services
- Performed additional duties serving as the designated HIPAA security officer of all ASU location
- Managed PCI level 2 assessments
- Design and implementation of ISO 27001 certification and award
- Compliance-driven by utilizing the ITIL service delivery model
- Created RFP for University-wide physical security systems which included (camera, access, and security guard )
- Increased standard .1% information security funding to 6 % within the first 18 months
PRINCIPLE SECURITY ARCHITECT
TERADATA NCR
02.2003 - 01.2005
- Enable Business Strategy - developed and coordinate multi-year project plans Information Security Operations - monitors, detect, and responded to information security incidents; coordinates and manages proactive prevention and responses to environmental attacks; conducted penetration testing and implemented preventive measures; coordinates technical investigations; manages firewall rules and devices; manages intrusion detection, anti-virus, and spam control technologies across the enterprise Audit/Regulatory Liaison and Change Control - in-depth knowledge of the banking/healthcare/retail regulatory environment, federal laws and regulations; completed an annual information security risk assessment, oversee information security policy; coordinated interaction with internal auditors and corporate security, industry regulators and government agencies, the OCC and the Federal Reserve, OTS; coordinated interactions with internal compliance; managed the production change control board and associated processes Information Security Engineering and Vendor Review - Developed and maintained the security architecture for the banks and healthcare; oversees the security architecture engineering lifecycle; coordinated existing and new solution security design reviews; coordinates security awareness and communications; completed third-party vendor risk reviews and oversee the annual review process Data Security and User Provisioning - oversee end-user security architecture; manages end-user computing controls including governance and compliance; managed end-user system access operations and services; managed end-user accounts and lifecycle Application Design Guidance - works with Application Development leaders to develop best-practice security methods and standards for custom and third-party vendor applications; conducts third-party vendor assessments and certifications before approval for production implementation Program Management - worked with enterprise project services (EPS) to formulate strategies and tactics for successful governance of Business Unit projects; establishes efficient work procedures in conjunction with EPS, assignments, monitoring mechanisms to meet objectives; understands risk-based project management and develops appropriate risk mitigation strategies; completed accurate project statuses and meet appropriate deadlines; ensured all software was developed in accordance with common services and risk management standards and methodology
- Resource Management - works with other IT Directors for effective and optimum use of resources within IT Risk Management and across the technology enterprise
- Financial Management - provided accurate and timely forecasts and information for reporting; monitor project financials routinely; takes corrective action to meet financial objectives; appropriately composed and presented the cost/benefit of IT investment decisions in support of business strategies
- Client Management - developed positive working relationships with all clients based on trust and contribution; maintains ongoing, substantive dialogue with business leaders resulting in a thorough understanding and embracing of business strategies
- Service Level Management - developed and monitored key success metrics and quality standards
- Solution Design - manages the process and the personnel, who identify, research, evaluate and recommend appropriate IT Risk solutions for business initiatives and provide assistance with a presentation to executive management
- Vendor Relationships - established relationships with key IT Risk vendors to expand computing capability while reducing technology complexity
- Assisted with projecting software and hardware requirements
- Consultation with personnel in information systems sections to coordinate activities
- Managed the simultaneous activities of multiple project teams
- Performed general management duties, exercising the usual authority concerning staff, performance appraisals, promotions, and terminations
- Recruited, developed and retains highly qualified staff
- Established the security advisor role across multiple international organizations and orchestrated security engagements with national and global Fortune 500 companies
- Provided information risk mitigation and security reviews for client’s security program
- Assessed Teradata security implementation solutions and provided tools and technical requirements for effective remediation and security controls
- Created the design and installation of security services and systems for Fortune 500 companies such as Albertson’s, DOD, CITI, Hershey’s, and Royal Bank of Canada
SENIOR DIRECTOR
FIRST COMMAND FINANCIAL SERVICES
05.2001 - 02.2003
- The areas of responsibility reporting directly to the CIO include Application Delivery, Mainframe Operations, Distributed System Operations, IT Risk Management, Physical Security, Telecommunications, Desktop Services, IT Vendor Mgmt and Administration, Enterprise Records Management and Enterprise Project Management
- Primary responsibilities included: Data Security User ID administration (provisioning and maintenance) Information Security Operations and Infrastructure (including Firewalls, intrusion detection, anti-virus, proxy servers, phishing, spam control, laptop encryption, database encryption, patch management) Corporate Computing Standards Oversight Audit and Regulatory Liaison Production Change Control Management
- Overall management expectations were to provide strategic leadership, vision, and on-going support to other IT and line of business (LOB) leaders regarding information security best practices and trends
- I worked in concert with the other members of the IT Leadership team to fulfill regulatory requirements and deliver state-of-the-art protection and oversight for the banking technology infrastructure
- Core competencies included technical capability and general savvy with leading information security tools and practices
- In addition, relationship and communication skills were critical due to the highly interactive nature of the position with external regulators, the board of directors, internal auditors, and internal enterprise risk management
- Other duties were general business knowledge, strategic/global/visionary/ enterprise thinking, critical thinking skills, overall leadership adeptness, and proven project management wisdom
- Service Level Management - developed and monitors key success metrics and quality standards Solution Design - manages the process and the personnel who identify, research, evaluate and recommend appropriate IT Risk solutions for business initiatives and provides assistance with presentation to executive management Vendor Relationships - establishes relationships with key IT Risk vendors to expand computing capability while reducing technology complexity Assists in projecting software and hardware requirements Consults with personnel in other information systems sections to coordinate activities Manages the simultaneous activities of multiple project teams Performs general management duties, exercising usual authority
- Implementation of surveillance systems within the bank and access badge system
- Negotiated cost-effective contracts and services with external vendors and retailers
- Evaluated in-house, non-COTS (Commercial off the Shelf), and legacy software implementation and enhancements
- Set annual budget considerations and developed long-term security strategies
- Managed updates and responsibilities regarding the Corporate Business Continuity Plan, including outsourcing recovery planning and providing BCP testing under FFIEC guidelines.
INFORMATION SECURITY SENIOR ARCHITECT
MATRIX
04.1991 - 03.2001
- Globally deployed and managed enterprise security architecture, infrastructure, and governance for complex security initiatives, as well as managed budgeting and forecasting for multinational organizations covering APAC, EMEA, America, and Africa
- Created a comprehensive security policy, processes, and procedural documentation and implemented supporting security technology and methodologies (based on Infosec Assessment Methodology NSA and ISO 17799)
- Reviewed and engineered the EDI framework as a secure solution for all backend processes and service calls
- Developed and implement comprehensive security policy and procedural documentation
- Secured project funding with ROI models and business case outlines as well as conducted returns on resources for completed installations
- Provided risk evaluation and protection through cyber-insurance exercises to retain coverage with local insurance companies
- Acquire, designed, and implemented a Global VPN solution, with RSA SecurID and directory services which supported over 35,000 users
- The design guaranteed an uptime of 99.999% by building redundancy and leveraging VRRP
- The solution also served as 3rd party environment for collaboration and joint development
- Developed standard images for desktop systems and servers
- Provided administration of Windows, Linux
- Created a Merger and Acquisition process for Information Security and evaluation criteria and reports
- Created an innovative solution for VPN to ensure timely and secure joint development was accomplished.
Regional Security Manager
SBC Internet Service
01.1996 - 01.1998
- Provided technical and business policies, management.
Information Risk Management Consultant
KPMG
01.1995 - 01.1996
- Provided risk assessments and evaluation services.
Senior Network Engineer
SuperNet
01.1991 - 01.1995
- Provided internet service provider network and infrastructure technical support and maintenance.
Intelligence/Logistical Officer
United States Marine Corps
01.1987 - 01.1992
Education
Regulations HIPAA/HITECH, PCI-DSS 3.2, State PII and Federal PII, GDPR, MIPS - undefined
HITRUST (5) ISO 27001:2013 # IS684187 Infosec Budget Forecasting, Management and ROI, Capex and OpEx, GRC, WAF, IDP, personnel management, Governance, Audit Board presentation, Awareness Program, Security program, Secure SDLC, OWASP Project Salesforce-Security, AWS – Security, Azure Security, Data Center Security, DR site security, DLP (endpoint, network, and CASB) Nextgen FW, Load -Balancer, Router Switched, Cisco Firepower, Certificate Authority, Code Static Analysis, dynamic scanning, policy compliance, Certificate Authority, Encryption: TLS 1.2, ECC Sha, SHA 512 - undefined
ISO 27001 Lead Auditor - undefined
2018
NSA Blue Team - undefined
2018
CRISC - undefined
2013
BACHELORS SCIENCE - undefined
ALAMEDA UNIVERSITY
2009
NSA_IAM - undefined
2003
CISSP - undefined
2002
Computer Forensic Investigator - undefined
2001
NSA Red Team Leader - undefined
2000
Bachelor of Science - Technology Engineering
Charter University
1995
Skills
- Lucent - ATM Switch
- Lucent – Definity Phone Switch
- Oracle – Security Best
- Proximity – Card Reader system
- Evantix, BITKOO, AppScan, Deep9nines, DBwall
- Cyber Law (Contracts), Atlassian (Jiro, Confluence), GitHub/Lab, AWS security hub, CASB , DLP , Dark Trace, ProductBoard, LucidChart, Google Security/ DLP , Okta
- Audit Compliance
- Investigate Breaches
- Takedown Maneuvers
- Improve Policies
- Training Methods
- Employee Relations
- Daily Status Reports
- Awareness Programs
- Staff Hiring
- Report Analysis
- Policy and Procedure Adherence
- Skilled in Conflict Resolution
- Protocol Optimization
- File and Records Management
- Regulatory Compliance
- Security and Antivirus Software
- Court Testimony
- Investigative Procedures
- Administrative Duties
- Team Leadership
- Security Resource Management
- Attentive and Observant
- Database Query Software
- Active Shooter Training
- Crime Prevention
- Security Hardware
- Compliance Management
- Program Auditing
- Company Risk Mitigation
- Operational Effectiveness
- Employee and Visitor Screening
- CCTV Monitoring
- Closed Circuit TV Systems
- Team Onboarding
- Corrective Actions
- Emergency Management
- Training Materials
- Wireless Technology
- Digital and IP Video
- Performance Evaluations
- CCTV Expertise
- Staff Management
- Criminal Law Understanding
- Employee Performance Evaluations
Accomplishments
- Saved the company more than $700k in security consulting fees.
- Collaborated with team of 20 in the development of security management .
- Achieved 100% compliance by introducing A.I. NDR,XDRSoftware for remediation and breach notification.
- Achieved Result through effectively helping with Task.
- Resolved product issue through consumer testing.
Certification
CRISC, NSA_IAM
AppScan – Certification
Rapid 7 Certificate
Core Impact Certificate
Palo Alto Firewall Certificate
FTK – Forensic Certificate
Cellebrite – Mobile Forensic Certificate
Qualys – Certification
Network Associates – Sniffer Certification
BEA – Portal, and Application Server Training (Known as Oracle Fusion)
EPIC – System Training
Websense DLP
CISCO – IOS
Microsoft – Server and Desktop Administration
Splunk
Oracle Security
SailPoint
Opower
Cyber Law – Contracts -ASU
Negotiation – ASU
PMI – Training Course
Checkpoint NGX – Training
Sonic - ESB Integration Training
I2 Technology –Rhythm training
Global Knowledge – Advanced Security Engineering Course
Global Knowledge – Biometrics
Teradata – Teradata Factory Phase I / II course
J2EE- Architecture Design
SOA Architecture
Global Knowledge – Ultimate Hacking Windows 2000
Forefront ILM /DRM certificate
Eeye –Retina Scanner
Network Associate - Scanner
Oracle – Administration & Security Best Practices
Lenel – Access System
Envisioning Information (Yale, Emeritus Edward Tuft)
ITIL- ITIL Foundation
Naval Intelligence: Cryptography IEEE: J2EE Security AlphaTrust: PKI Altiga: VPN Cisco: PIX Whales: Air Gap Firewall Nortel Network – Connectivity Switch NTI – CNSP (Computer Forensics) IEEE – Member IEEE - Advanced architecture Design
Affiliations
- Association of Information Technology Professionals
- APICS – Association for Supply Chain Management
- Toastmasters
- Project Management Institute
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Quote
You only have to do a few things right in your life so long as you don’t do too many things wrong.
Warren Buffett
Timeline
SmartRent Date Of
06.2019 - Current
Executive Security Strategist
UC Healthcare System, Of
06.2015 - 06.2016
Interim Chief Information Security Officer
Dignity Health Date Of
02.2013 - 05.2015
Deputy
Xerox HRO Date Of
02.2011 - 01.2013
WebPT Date Of
08.2010 - 02.2016
Chief Security Officer /designate Security Officer Hipaa
ASU Date Of
02.2005 - 05.2011
PRINCIPLE SECURITY ARCHITECT
TERADATA NCR
02.2003 - 01.2005
SENIOR DIRECTOR
FIRST COMMAND FINANCIAL SERVICES
05.2001 - 02.2003
Regional Security Manager
SBC Internet Service
01.1996 - 01.1998
Information Risk Management Consultant
KPMG
01.1995 - 01.1996
INFORMATION SECURITY SENIOR ARCHITECT
MATRIX
04.1991 - 03.2001
Senior Network Engineer
SuperNet
01.1991 - 01.1995
Intelligence/Logistical Officer
United States Marine Corps
01.1987 - 01.1992
Regulations HIPAA/HITECH, PCI-DSS 3.2, State PII and Federal PII, GDPR, MIPS - undefined
HITRUST (5) ISO 27001:2013 # IS684187 Infosec Budget Forecasting, Management and ROI, Capex and OpEx, GRC, WAF, IDP, personnel management, Governance, Audit Board presentation, Awareness Program, Security program, Secure SDLC, OWASP Project Salesforce-Security, AWS – Security, Azure Security, Data Center Security, DR site security, DLP (endpoint, network, and CASB) Nextgen FW, Load -Balancer, Router Switched, Cisco Firepower, Certificate Authority, Code Static Analysis, dynamic scanning, policy compliance, Certificate Authority, Encryption: TLS 1.2, ECC Sha, SHA 512 - undefined
ISO 27001 Lead Auditor - undefined
NSA Blue Team - undefined
CRISC - undefined
BACHELORS SCIENCE - undefined
ALAMEDA UNIVERSITY
NSA_IAM - undefined
CISSP - undefined
Computer Forensic Investigator - undefined
NSA Red Team Leader - undefined
Bachelor of Science - Technology Engineering
Charter University
Similar Profiles
Arjun YallapragadaArjun Yallapragada
Support Team Lead - Operations at SmartRent IncSupport Team Lead - Operations at SmartRent Inc
Christian VillalobosChristian Villalobos
Traveling Access Control Surveyor at SmartRentTraveling Access Control Surveyor at SmartRent
William GartnerWilliam Gartner
Regional Sales Executive - Mid Market at SmartRentRegional Sales Executive - Mid Market at SmartRent
Derek FranksDerek Franks
Low Price Analyst at Discount TireLow Price Analyst at Discount Tire
Christopher MulvennaChristopher Mulvenna
Senior Loan Officer at Union Home MortgageSenior Loan Officer at Union Home Mortgage