| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate1SAM CATTLE, MSIA C CISO CISM CRISC CISSPStreet Address
EMAIL AVAILABLE PHONE NUMBER AVAILABLE Security leader, director, consultant, and business development professional specializing in business/security models supported by converged networks and technologies Designs, builds, governs information security for a wide range of organizations, including risk & compliance programs Interpersonal/cross-cultural communicator, big picture and interdisciplinary thinker CORE COMPETENCIES Information Security Governance Compliance Management Security Portfolio Development Wireless/Converged Security Business/Security Consulting Security Solution Building Risk Management Security Service Development Public Speaking and EducationACCOMPLISHMENTS Advizex: Founded security practice, grew to $12.4M in three years, included product and services (advisory, professional, and managed) Advizex: Created first ever managed Varonis operations and remediation service Advizex: Created Data-Centric Security Model, Security Advizer, Security Tools Advizer methodology GlassHouse: Served as CISO for consulting firm, managed contract compliance across all customers, built out security infrastructure for managed services GlassHouse: Security SME for v1.0 development of Splunk Apps for PCI and Enterprise Security, later sold to Splunk CERTIFICATIONSArtificial Inntelligence Governance Professional (AIGP #pending), AIPP in progress Certified Data Privacy Solutions Engineer (CDPSE #2116387), ISACA 2021-Present Certified CISO (C CISO), EC Council 2013-PresentCertified in Risk and Information Systems Control (CRISC #1000396), ISACA 2010-Present Certified Information Security Manager (CISM #1013161), ISACA 2009-Present Certified SCADA Security Administrator (CSSA), Infosec Institute 2006 Certified Information Systems Security Professional (CISSP #46595), (ISC) 2003-Present EXPERIENCEVeritable Security, Detroit, MIVice-President and Consulting Partner 2018-Present Boutique security services firm focused on GRC and security advisory services ranging from assessments to security program design, policy, documentation to virtual CISO services; part of a growing network of boutique firms each focused on their own areas of security, privacy, and compliance specialties Founded channel partner program, led business development across all channels vCISO and GRC advisory, including Rich Foods, Roche Medical Devices, Teck Mining, Ullico, US Chamber of Commerce Service design and development, including ISO 27001-based SSRR (Strategic Security Review & Roadmap) service Compliance work in PCI, HIPAA, GDPR, NIST CSF, COBIT, CCPA/CCRA, NYS DFS Cyber, ISO 27001 series, US state privacy laws, China Personal Information Safety Specification, FDA SaMD, EU MDR Advizex Technologies, Cleveland, OHNational Security Practice Director 2015-2018Datacenter VAR and services firm with a broad IT product portfolio as well as advisory, professional, and managed services across the entire IT stack, on prem and in the cloud Created security practice of product, advisory services, and professional services 2 Y1 $750K services/$4.3M product, Y2 $1.3M services/$8.1M product, Y3 $1.4M services/$11M product Security product portfolio management: Palo Alto Networks, Varonis, Fortinet, RSA, Thales e-Security, Mimecast, ServiceNow Security advisory consulting services: ISO 27001-based Security Advizer strategic assessment, information ownership, Security Tools Advizer (requirements/use case development) Security professional services: Palo Alto Networks Traps deployment, one of only three partners field certified for Varonis installs, created first managed Varonis offering in market Customer-facing sales support, proposal development, marketing collateral & videos Content development of security & policy frameworks, security strategy/roadmap/design for Fortune 500 customers and SMBs Developed security branding, marketing content, monthly webinar series, presented regularly at regional security conferences Compliance work in PCI, HIPAA, GDPR, NIST CSF, COBIT, NYS DFS Cyber, ISO 27001, US state privacy laws, CSC20, CSRIC IV wg4Service Development Created Security Advizer: security strategy assessment, sizing security to fit customers Created Security Tools Advizer: identifies customer requirements/use case for converged security products such as Identity & Access Management, Data Protection, Data-Centric Audit & Protection Created first ever managed Varonis service offering, combining platform operation and remediation Creation of vCISO service to provide interim/part-time security governance capability to SMB market Mainstream Security, Cincinnati, OHSecurity Consulting Manager 2014-2015Consulting firm specializing in expert IT security and digital forensic services, advising clients on intellectual property protection and identifying/addressing and managing security breaches(Mainstream Security was acquired by RoundTower Technologies in 2017) Performed security/compliance consulting, risk assessment, QA on all security service deliverables Customer-facing business development, proposal development, service development Developed security frameworks, policy frameworks, security strategy/roadmap/design for Fortune 500 customers and SMBs Compliance work in PCI, ISO 27001, NIST CSF, COBIT, HIPAA, CPNI, NERC CIP, US state privacy laws, CSC20 Service Development Overhaul of proposal/SOW/LOE process to streamline and standardize efforts and offerings Led development of standardized service portfolio to enable sales through 20+ channel partners in parallel Ontolog, Inc., Herndon, VAFounder, Principal 2013-2015Boutique security governance and compliance management advisory firm specializing in the security/compliance challenges inherent in converging technologies and business models Security/compliance/risk assessment, Security governance and compliance management advisory Data breach handling/notificationGlassHouse Technologies, Southborough, MAGlobal provider of data center consulting services (acquired by Signature Technology Group in 2014), focused on a vendor- independent approach to architect, implement and operate IT environments that drive high performance and agility. Director of Information Security 2012-2013Assured compliance with regulatory and contractual compliance drivers for a global consulting and managed services organization Initiated global information security program: assessment, remediation, program design, implementation and governance Initiated compliance program to drive security scope and spend based on changing regulatory and contractual compliance landscape Security Practice Lead 2011-2013Principal Security Consultant 2009-2011Led security/Splunk consulting practice in GTM strategy, business development, service development, delivery QA 3 Responsible for $2.2M security/Splunk consulting revenue for 2013, $1.9M in 2012 Consulted and performed Splunk (and app) installations in the US, Asia and Middle East Designed and delivered Splunk app training for PCI and Enterprise Security Top consultant and SME on information security and compliance, authored security white papers and magazine articles Customer-facing sales support, proposal development, marketing collateral & videos, QA on all security customer deliverables Developed security organizational frameworks, policy frameworks, security strategy/roadmap/design for Fortune 500 customers Performed and managed threat modeling exercises, security reviews/assessments and led assessment/audit remediation efforts for both wireless and enterprise networks Compliance work in PCI, SOX, GLBA, FFIEC, ISO 27001, CPNI, US state privacy laws Service Development Led development of security assessment methodology for fit to business model and organizational maturity Creation of Virtual CISO service to provide interim/part-time security governance capability to SMB market Security SME for development of Splunk apps for Enterprise Security and PCI (sold to Splunk in 2012) Converged Security Services Group, Chicago, IL 2008 Founding Partner, Principal ConsultantFounded boutique security consulting firm focused on security challenges inherent in converging wireless and mobility technologies(acquired by GlassHouse Technologies in 2009) Compliance and professional services lead Business development, service deliveries, developed security business model analysis methodology Service Development Development of Converged Security Methodology Custom development of security service portfolios to complement and bring customer solutions to market Motorola, Schaumburg, ILMotorola Security Services Engagement Manager 2006-2008 Led sales support and deliveries of Motorola Security Services across multiple markets, including cellular, packet data radio, enterprise networks in the Americas, Europe and Asia Business development, spoke at information security conferences, trade shows Developed sales funnel tracking database to help guide sales strategy Defined role and responsibilities for engagement manager position for the Motorola Security Operations Center Performed cellular vendor product assessments, authored procurement language to drive information security roadmap Compliance work in DITSCAP/DIACAP, NERC CIP, CPNI, BS 7799/ISO 17799 (precursor to ISO 27001) Service Development Designed compliance-focused (NERC CIP) security service portfolio for North American power companies Partnered with cellular infrastructure engineering and product development to dovetail security services portfolio with cellular infrastructure product roadmap in support of compliance (CPNI) requirements Partnered with Motorola Security Operations Center to create professional services wrapper for onboarding SOC customers EDUCATIONM.S., Information Assurance, Norwich University, Northfield, VT 2008 B.S., Mathematics, Wheaton College, Wheaton, IL 1995 REFERENCESRobert Higgins, Partner, PwCScott Shepard, CISO, Motorola SolutionsBill Boni, retired, fmr SVP InfoSec, T-Mobile USAMark Cyhaniuk, Director, Global Services Ops, CommVault Matthew Lehman, Head of Security Testing, Amazon.com Paul Timmerman, CEO and CTO, Mediu LLCPROFILE: http://LINKEDIN LINK AVAILABLE |
