SUMMARY:

• Global senior information security executive with over 24+ years of work experience, with 18+ years in global multinational financial corporates with adequate international experience within large financial institutions; offer corporate leadership, regulatory compliance, backed by proven track record demonstrating strategic planning, quality assurance, and process improvement proficiencies.
• As a CISO for over 15+ years, managed large global InfoSec, Risk & Compliance programs
• Experienced at defining and executing improvements in process, using right - sized policies and standards, implementing effective internal controls, employing multiple tools to provide measurable and positive results. I have helped multiple organizations through the FISMA and PCI certification and am familiar with the FFIEC requirements for Banks and Financial institutions.
• Lead the incident response and recovery after the Dept. of Energy zero-day vulnerability CyberAttack using multistage complex APT.
• Responsible for establishing the Confidential ’s Global CyberTeam and cyber fusion center (Cyber Intelligence, Cyber Threat Monitoring), together with Brand Protection, Investigations & Forensics (“CSIRT”), Application and Infra Vulnerability Management (including RED teams).
• Developed expertise in Confidential leading Cyber Incident Response & Recovery (assisting critical customers recover from targeted APT attacks). Security delivery solutions using the Confidential Secure Dev. LifeCycle (MS-SDL) and Threat Models based on STRIDE/ DREAD.
• Experienced in establishing and managing global teams with off/near/best-shore resource at Confidential.
• Actively involved in financial services industry cyber and resilience organizations such as the FSISAC, FFSSC, FBIIC, FFIEC Cybersecurity working group and State Banking Regulators cybersecurity initiatives.
• Contributed to and provided leadership to my profession, through public speaking, as a professor of cybersecurity at University of Maryland and engagement with industry associations (ISACA, SIM, ISC2), multiple IT forums and leading vendor events.

PROFESSIONAL E XPERIENCE:

Executive Advisor (IT Program Management & Cybersecurity)

Confidential

Responsibilities:

• Creative delivers commercial - grade solutions using agile/SCRUM methodology on aPaaS platforms, such as Salesforce s force.com, Confidential Dynamics, ServiceNow s NOW and infrastructure solutions on AWS & Azure.
• Creative s Cyber services include compliance a ss e ss ments (27001, PCI, NIST 800-53A) and architecture (NIST 800-160) by building -s ecurity-in systems (800-160).
• o Responsible for CIO Program Management of 4 mission critical programs for a large federal agency on SFDC/force.com and ServiceNow
• Deployed a critical customer facing grant management system on force.com in 12 weeks that included complying with full agency SDLC process (e.g. stage gate reviews, 508 compliance, Load-tests, etc.), security (e.g. pen test, IA&A) and obtained a Federal ATO (Authority to Operate) under FISMA for production deployment.
• Deploy a suite of 6 mission support digital transformation modules (HR On-boarding, finance, etc.) on the ServiceNow platform Responsible for attaining for systems by preparing package for the Certification and Accreditation phases per the RMF 800-37. o Consult on Security and Privacy for Confidential and Confidential based on FISMA and other Federal Regulations. Helped Federal agencies deliver Application Security, Security Operation, Vulnerability Management and InfoSec Continuous Monitoring models.

Confidential

CISO & Interim CIO

Responsibilities:

• Adopted a “cloud-first” strategy to successfully migrate from private cloud to the Amazon AWS Cloud nd custom apps to the Salesforce platform. Migrated to several
• HP Autonomy Online (backup), McAfee SaaS (Email Protection), Zixmail (Secure mail). Achieved a 100% virtualized datacenter with offsite cloud storage on Azure fileservers and AWS S3. Built a FISMA approved DataWareHouse on Amazon using EC2 and S3.
• Delivered 4 apps (Certification, LSFSv2, Contract Management & Accreditation) on the Salesforce’s platform.
• Developed a program on Executive Leadership of Cybersecurity for the Bank Executives (www. Confidential .org/cybersecurity) and developed in conjunction with regulatory affairs and corp communications a Cybersecurity Resource Guide for Bank Executives.
• Conducted FISMA C&A assessments.
• Hired team to conduct periodic pen tests for NIST and PCI compliance and evaluated the security of applications using OWASP and SANS Top 20.
• Provided guidance to the Regulatory & Bank Supervision Section on FFIEC Cybersecurity, OCC CCIWG activities.
• Regularly presented to Confidential Board Executives and Confidential membership on IT matters.

Confidential

Responsibilities:

• Institutional and Investment banking arm of the global Confidential group.
• The Financing, Syndication & Risk Solutions businesses built onthe idea of integrated solutions, on a foundation of insightful content, structuring and provide support through the transaction life-cycle - from origination through to trade execution and risk management.
• The Trading & Flow Sales businesses provided liquidity, thought leadership and risk management in rates, currencies and credit to global financial institutions, investors, counterparties and corporate customers through a combination of voice and electronic delivery.
• I reported to the Confidential Americas CAO, and managed a team of 60+ (40+ US, 20+ overseas) infosec and risk professionals to develop and implement the information security strategy.
• My direct reports were the Director of Security Engineering, Head of Security Projects, VP of Security Operations, VP of Controls Management, VP of Risk Assessments & Business Consultancy, Director of Audit & Risk Mgmt and VP of Controls Testing.
• Provided a complete range of services to address the IT risk management, compliance needs of Confidential Investment banking and global transaction processing business via group policy adherence, security awareness, risk processes, controls testing and operational governance.
• Key member of several global and regional governance and risk control committees. Primary Infosec interface with regulators (FRBB, Confidential, NYS), SOx Auditors (Deloitte) & Internal Audit on IT matters. I worked collaboratively with the Chief Compliance Officer and Operations Risk officers.
• Key accomplishments include addressing major FRB Audit findings C&D, MRIA and MRAs, improved overall IT Management Control Approach Audit rating from “3” to “2” in 9 months and also ORM CEC rating, initiated gap analysis against key financial services compliance requirements (GLBA, FFIEC AIBE, FTC RedFlags) and completed a program maturity (ISO27001-like assessment) review.
• Reduced overall team cost by moving non-essential services to Utah & India.
• Conducted gap analysis to NIST Cyber Framework, SEC, Confidential & NYS DFS Cyber Questionnaire and GCHQ CPNI Critical Cyber Controls guidance.

Confidential

Global Head of Cybersecurity

Responsibilities:

• I reported to Confidential ’s CISO and was responsible for real-time, cybersecurity situation awareness and response for the Global Confidential network and Confidential ’s global supply-chain. I was responsible for protecting the Confidential Brand and for ensuring the integrity of the financial transaction initiated by a Confidential customer anywhere on the globe. I developed Confidential ’s initial global cyber-organization and cyber fusion center with staff in the US (
• Teams comprised of Cyber Intelligence, Cyber Threat Monitoring, Brand Protection (DDoS, Anti-Phishing, Anti-Fraud), Incident Response (esp. APT), Investigations & Forensics (CSIRT), Application and Infrastructure Vulnerability Management (including RED teams).
• Enhanced cybersecurity operations in the Global Security Operations Center (GSOC) to provide advanced warning of cyber-attacks, enhanced understanding of adversary tactics, techniques and procedures (TTP) to facilitate proactive threat discovery and mitigation. Worked with the v.Me
• Product and Development manager to develop a world class application software assurance program for v.Me delivery for the 2012 Olympics including a dedicated RED team. Initiated a detailed pen testing program on vmware vBLOCK and associated orchestration components.
• Repelled several DDoS attacks against VISAnet using mitigation

Confidential

Senior Director & Principal Cybersecurity Strategist

Responsibilities:

• Developed expertise in leading Cyber Incident Response & Recovery (assisting critical customers recover from targeted APT attacks), acting as the CIO’s Trusted Security Advisor (delivering multi-year Cybersecurity Strategic plans) and developing custom security solutions (using the Confidential Secure Dev. LifeCycle (SDL) and Threat Management process).
• I led the Department of Energy recovery to the APT Response & Recovery efforts. I was also the Federal Cloud SME and represented the public sector team in the internal Confidential Cloud Compliance Working group comprising of MS/Azure, MS/Office360, SQL/Azure, and Global Foundation Svcs.
• Was responsible for facilitating the FISMA (800-53) certification of the Confidential Azure Cloud Platform. Presentations: Presentations at multiple customer events and conferences.
• Led the FedRAMP response for Confidential, reviewed the ISO 27032 Guideline for CyberSecurity.
• Member of the Confidential FIRST.org (Forum of Incident Response and Security Team). .

Confidential

Responsibilities:

• Confidential, formerly known as Confidential, was the former owner of the NASDAQ and AMEX. I managed the Information Security and Network budget and managed a team of ~30 employees, plus outsourced 24x7 global operations staff from 3rd party vendors. Had 5 direct report managers responsible for Infrastructure Security (IDS, VM, AV, Content), Tools (SEM, DLP & Platform Cofigs.), Network Services (LAN/WAN/VPN/DNS/IP), Network Security (FW, IPSEC & SSL VPN), Compliance/Risk, Desktop and Application Security. Developed an Enterprise Application Security program using OWASP best practices.
• Worked on WG entrusted with the responsibility of Reg S-P (classifying, identifying and protecting critical data).
• Supported Internal and External Audits (SOX, SEC, SRR, GAO, Confidential, FFIEC), SOX404 (program based on CoBIT), PCI (led PCI QSA reports from the 9 vendors, completed SAQ and submitted to the PCI DSS Council), FISMA ATO (gap analysis of 2 major applications to FISMA/NIST 800-53 and ATO from SEC & FDIC) and adherence to State Privacy Laws (MA/NV/CA Privacy Laws safeguards to specific controls).
• Based on the Confidential Technology Policy and Standards developed a compliance framework that mapped the technology controls to an attributes based compliance matrix. Instrumental in revisions to existing Network and InfoSec policies and drafted several new policies.
• Established a SOC for real-time log review & correlation using data from multiple sources.
• Attracted and hired the best talent available at a reasonable price.

Confidential

Founder & COO

Responsibilities:

• Senior technologist at software vendor with solutions for managing change in financial industry infrastructure (OSPF, BGP) and security components (MPLS, IPSec VPN, ACLs). Delivery and implementation of product to leading global financial services companies (RADIANZ/Reuters, SIAC SFTI and SWIFT SIPN).
• Drafted and Executed on the business plan: Presented to VCs and Venture fairs and raised 4 rounds of venture capital. Finance/ cashflow forecasting; staff recruitment, team development, emphasized operational effectiveness and cost containment.
• Relocation planning for the EuroClear DataCenter consolidation.
• Security management to S.W.IF.T. Secure IP Network SIPN, the largest financial funds transfer network organization.
• Conducted a Security Posture analysis and prepared a detailed security assessment report for BankOne CISO.