David L. Phipps, CISSP, IAM, CISM

*** ********* *****

Iowa City, IA 52245

Hm: 319-***-****

Cell: 512-***-****

abhzxl@r.postjobfree.com

Professional Profile

I am seeking an Information Security / Risk Management senior leadership

position. I bring a broad range of experience to my position in your

organization and a dedication to detail.

Throughout my career I have worked with various standards covering all

aspects of enterprise security, including: COBIT, PCI DSS, FISMA/NIST SP

800-53, ISO/IEC 17799/ 2700x security standards, DoD TCSEC C2 and Common

Criteria and the ISO 7498-2 Security Architecture.

Security Industry Certifications: ISC2/CISSP, NSA/IAM, ISACA/CISM

2006 - Present Director of IT Security ACT,

Inc.

I am currently employed by ACT, Inc. as the Director of Information

Security, building and formalizing their information security program.

My responsibilities include writing corporate information security

policy and standards, leading initiatives for PCI compliance,

Certification & Accreditation for FISMA compliance on government

contracts and leading the Computer Security Incident Response Team

(CSIRT). I have written Information Security Awareness training

materials, delivered training sessions and authored guides on the use

of various encryption technologies. I coordinate work with internal

areas such as: internal audit on COBIT controls, corporate attorneys

on privacy policy, contracts and data retention issues, communications

on corporate messaging, IT operations on ITIL security processes, PKI

and access controls, application solution architectures, integration

of new technology and encryption / key management requirements,

business leaders and development staff on application security

requirements, vendor management to review SAS 70 reports, and the CEO

and senior leadership team on corporate policy. I manage/track

remediation projects to completion as necessary. I developed the risk

assessment framework used across the corporation. I manage the IT

internal audit team for compliance with corporate and external

policies and regulations. I work with external entities on

information security such as our ISP on spam issues, security tool

vendors, vendors for PCI compliance services, and consultants on

various security projects.

2004 - 2006 Development Manager Citrix Systems, Inc.

I worked with the leadership team to shape the content and direction

of the product release, address security and other technical issues

and oversee the execution of the product release with up to 14

software engineers reporting to me. I managed staffing plans,

development plans and evaluations. I pioneered a skills inventory and

planning process with the HR department. I also led a CISSP study

group for those interested in pursuing this certification.

The Citrix Password Manager product is part of an Enterprise Single

Sign-On solution, which controls and protects a user's application

passwords. A user's credentials are protected in storage and transit

with FIPS 140-2 validated cryptography.

1996 - 2004 Sr. Security Consultant IBM Global

Services

I performed both technical and engagement management roles on

engagements lasting from one week to several months. Assessments

resulted in a concise report discussing the threats and

vulnerabilities that were found, the resulting risks, and actionable

technical and business process control recommendations necessary to

mitigate the risks. My operations projects were focused on delivering

systems and custom software. I worked on engagements involving

banking on the Internet, insurance applications, web hosting, firewall

administration, encryption, intrusion detection, application code

reviews and industry best practices for setup and operations. I also

worked on several government accounts, one of which required a

government security clearance.

Other Professional Experience:

1983 - 1996 Staff Programmer (on several projects) IBM

I worked in the AIX operating system development group as the project

lead for the IBM 7318 Communications Server, coordinating customer

service, product test and development and on the Network Terminal

Accelerator Adapter for the RS/6000. This responsibility included

interfacing with vendors for support services and follow-on

development features.

I worked in systems development and had worldwide Product Engineering

responsibility for the 9370 disk & tape subsystem. I authored and

taught classes worldwide on the 9370 integrated disk and tape

subsystem. The microcode implemented the S/370 channel functions and

Fixed Block Architecture (FBA) disk control unit functions on a single

card.

Education:

- Bachelor of Science in Applied Mathematics, Engineering and Physics

from the University of Wisconsin at Madison.

- Master of Science in Computer Science from the University of Wisconsin

at Madison. While in graduate school I conducted research on the

DIRECT project, a back-end parallel database machine.

Professional Training

- PKI Consulting and Services Delivery Methodology

- Wireless Technology

- Digital Forensics

- Oracle Security

Conferences Attended recently:

- RSA Security Conference

- Black Hat briefings

- DefCon conference

- University of Iowa Security Day (speaker)

- ISACA Information Security Governance, Risk & Compliance

- IAPP Privacy Academy

Professional Organizations:

- IEEE, ISC2, ISACA, IAPP

Publications / speaking engagements:

. Zero Latency Service Time Measurements for 370 Adapter Microcode, IBM

Technical Reports, 1991. Also presented at IBM Performance ITC, 1990.

. The 7318 Communications Server, AIXpert, 1995.

. The Network Terminal Accelerator Adapter, AIXpert, 1995.

. PCI Compliance, University of Iowa, 2007.

References provided upon request.

Contact this candidate