Larry Whiteside Jr.

acc8d6@r.postjobfree.com Mobile: 917-***-****

Information Security and Risk Management Executive

Executive Profile

Information Security ~ Risk Management ~ Threat Management

Proven Information Security and Risk Management Executive visionary with an innate ability to identify

risk and apply complimentary controls to support business initiatives. Holds tremendous business acumen

with an ability to get cross functional consensus and partnerships on information security initiatives that

provide value to different aspects of the business.

Information Security Strategic Planning

20 years of experience in Security and IT Risk

Identity, Access, and Entitlement Management

Business Partner relationship management

Information Security Policies and Standards

Advanced Threat Management

Audit, Compliance, and Regulatory Expertise

Proactive Vulnerability Management

Board level reporting and relationship management

Risk Management and Governance Life Cycle

HIPAA, HiTech, GLBA, SSAE16, PCI, ISO, SOX,

Secure Software Development Life Cycle

NIST

Innovative Security Architecture

Disaster Recovery and Business/Service Continuity

Adept at leading global projects, teams of personnel, excels in communication, makes sound decisions,

exhibits unwavering ethics, utilizes motivational techniques, adapts to multiple situations, shows initiative, and

is the ultimate representative of an organization. Experience in speaking to both sides of the team and taking

tech speak and put it in terms that an executive would understand while also taking executive initiatives and

showing staff how business needs directly relate to their functions.

Professional Experience

Dec 2011 – Aug 2013

Spectrum Health

Chief Information Security Officer (CISO)

Dec 2011 – Aug 2013

Director, Enterprise Operations

Nov 2012 – Aug 2013

As CISO, restructured technology risk program in response to compliance and legal challenges resulting in significant

regulatory oversight of the Health System and technology operations. Initiated foundational programs around risk

management, security architecture/engineering/operations management, user entitlement management, audit management,

compliance, business continuity and data management.

As Ops Director, took over struggling Operations Group and created efficiencies in processes and procedures to better

support business initiatives. Lead fundamental changes in group’s morale and ability to achieve optimal operational

effectiveness.

First Chief Information Security Officer for corporate entity. Assessed organizational structure of Information

Security Group, Information systems organization, and business. Created Information Security Group structure

that fit organizational business models and functions

Through vendor consolidation and toolset retirement, saved over $2.3M in annual operating expense. Immediate

cost reduction was lauded by CFO as example of cost cutting other execs could do moving forward

Established the IT risk management program through partnership with compliance, legal, business executive

management, and internal audit which mitigated risk through risk identification, prioritization, tracking and reporting

in support of risk based approach to regulatory and legal compliance requirements (PCI, HIPAA, HITECH,

JCAHO, MAR, SOC1, SOX like financial controls and others

Led the BYOD initiative to support non standard devices whether corporate purchased or personally owned.

Increased employee satisfaction scores while also reducing risk through use of innovative technologies

Created the Risk and Compliance Group which was responsible for the relationship management of client security

assessments, vendor security assessments and M&A due diligence. Resulted in a reduced risk profile and better

overall visibility into actual risk associated with 3rd party business relationships

Designed and executed strategy for new corporate security program; including security technology and resource

planning/budgeting resulting in the establishment of hybrid approach to centralized and de centralized information

security program leveraging the BISO model.

Managed build of new $19M Data Center to include all physical plant and technology components. Ensured all

delays were mitigated by creating efficiencies in the way equipment is ordered and components are built. Data

Center is first non manned Data Center organization has had enforcing discipline in operating procedure and

process development

Analyzed Help Desk structure, identified areas of waste, and made technological changes in specific applications.

Altogether, HD calls were reduced by over 30% thus allowing the creations of a new Help Desk to support new

business initiatives around customer portals without increasing staff.

Created 2nd Level support model to provide better problem resolution prior to engaging Sr. Engineering/Operations

teams. Team allowed for 40% reduction in tickets going to Sr. Engineering/Operations teams in first 90 days.

Efforts allowed engineering team to focus more on engineering efforts and moving strategic initiatives forward.

Led the efforts to build, test, and deploy Windows 7 to an enterprise of 25k users. Ensured all aspects of Windows

platform performed and were tested appropriately to include enterprise application delivery and asset

management components. Also developed deployment schedule that ensured minimal impact on business

operations.

Developed Service Continuity Program and Application Tiering model to ensure proper SLAs were applied to

critical business systems. Ensured proper budgeting could be applied to appropriate critical systems in order to

properly architect systems to their appropriate tier

Created End User Experience Committee to drive fundamental changes in the experience end users have with

technology. Partnered with business to achieve marked improvements in not only how users interacted with

technology, but in the feedback loops necessary to make impactful changes.

Quickly assessed group morale and made systematic changes to operating principles that guided the group.

Changes improved overall morale and contributed to better service delivery.

Dec 2007 – Dec 2011

Visiting Nurse Service of New York

Chief Information Security Officer (CISO)

Designed, engineered and executed the strategic evolution of the information security program through a collaborative and

innovative approach to balancing business imperatives while managing appropriate firm wide risk. Transformation of IS

program involved significant culture shift around perception and reputation of the information security team combined with

comprehensive restructuring of people, process and technology to address increased risk levels, low morale, and lack of

visibility across the organization.

Established the security compliance program that delivered consistent and measurable compliance metrics

against policies/procedures and standards, enterprise security controls, risk assessments, and regulatory

compliance. (SOX like controls, SAS70, ISO 27001, FFIEC, PCI, HIPAA, Red Flags, etc.)

Established the security engineering and monitoring program resulting in enhancements in internal and external

infrastructure controls and monitoring capabilities. Increased detection, prevention, and mitigation capabilities

across the enterprise

Created formal programs around network and vulnerability scanning/remediation, application security assessment,

secure SDLC, data loss prevention, security information and event management and incident handling

Strategically aligned Information Security Strategies with Business and Clinical 5 year strategies

Built security awareness framework to educate business of their responsibility as it relates to information security

practices. Established partnership type relationship Information Security would need moving forward to

accomplish shared goals.

Managed research, acquisition, design, and deployment of all security related technologies to include: Enterprise

Data Loss Prevention (gateway, discovery, and endpoint), Whole Disk Encryption for ALL user computers, Web

Content Filtering, Host Based Security (firewall and intrusion prevention, usb encryption), Security Event Incident

Management, Vulnerability Scanning, Penetration Testing, Cloud Single Sign on, and Identity and Access

Management framework and tool

Maintained Risk Register and quarterly reported to governance committees. As risk were identified through

different mediums, risk that must be accepted with mitigating controls were documented for annual follow up. Built

corporate governance structure and committees to monitor Information Security Program results and metrics.

Achieved HiTrust certification for 90% of information systems in <4 years resulting in a direct correlation to risk

reduction and overall management and client confidence security posture.

Built Secure Software Development Lifecycle to ensure all projects and development efforts followed standard

process and received proper sign off and review from development through production implementation which

resulted in saving over $300k in annual developer cost

Oct 2005 – Aug 2007

MMC Deputy CISO VP Global Information Security Group

– July 2006 – August 2007

Marsh CISO VP Global Information Security Group –

February 2006 – August 2007

Marsh Deputy CISO – AVP Global Information Security

Group – November 2005 – February 2006

Responsible for people, process and technology of global information security group. Established fundamental relationships

to enhance the visibility and partnerships of information security. The organizational change necessitated the rapid creation

of an information security program designed and built under aggressive timelines which focused on maintaining critical

protection to customer transactions and data.

Managed global deployment of desktop encryption solution (60,000 users) in an effort to mitigate risk of lost or

stolen devices. Despite major obstacles, project came in on time and under cost

Partnered with internal audit to develop proactive risk identification tracking process which resulted in more

positive results in meeting myriad of global regulatory statutes (Sarbanes Oxley, HIPAA, PCI, and FSA) and

internal governance bodies

Created the risk assessment process for third parties and M&A. Reviewed and analyzed the completed

assessments before permitting access to the corporate data and assets. Resulted in reduced risk of new initiatives

Created Global Information Security Policies and systems standards as part of operating company merger to allow

consolidated measurement of risk posture. Collaborated with other Operating Companies to ensure compatibility

across all businesses.

Improved global design of 8 globally dispersed data centers; Managed engineering of new strategic data center

model. Closed multi million dollar deal for global MSSP. Resulted in improved operational responses to global

infrastructure risk.

Liaised with business partners to identify risk in new business initiatives and align Risk and Information Security

Strategy with Business Strategies. Maintained an understanding of business services and how they were impacted

by the information security decisions

Developed the Global Incident Response Process and Team. Oversaw incident response planning as well as the

investigation of security breaches, and assisted with disciplinary and legal matters associated with such breaches

Computer Horizons Corp Sept 2004 – Nov 2005

Practice Lead/Managing Sr. Security Consultant

Lead entire NYC Information Security Practice to deliver unparalleled information security expertise and services for

Healthcare clients across NYC.

April 2004 – Nov 2005

NetForensics

Consultant – Director of Competitive Analysis and

Technical Documentation

Responsible for roadmap direction within Product Management as well as the technical and competitive analysis

documentation within the Marketing department.

Naval Strategic Systems Programs May 2003 – April 2004

Consultant – Director of IT Security

Responsible for all aspects of information security program primarily facilitated by contractors. Lead efforts to coordinate

security initiatives across DoD, Federal, and Contractor cross connected networks and systems.

TruSecure Corp

May 2002 – May 2003

Assistant Manager/Sr. Security Analyst – South Eastern

US and Europe

Leader in Security Assurance Services Group and served clients across the globe as their Security Strategist. Lead their

efforts to assess and mitigate risk identified in global operating environments.

June 1994 – May 2002

Officer, United States Air Force

Chief, Info Warfare / Network Security Divisions Pentagon June 2000 –

May 2002

Chief, Network Security Division Pentagon Oct 1998 – Feb 2001

Information Systems Flight Commander June 1996 – Oct 1998

Chief, Network Control Center June 1994 – June 1996

Communications Officer responsible for multiple aspects of technology and information security supporting the

administrative and warfighter missions.

Other Current Experience

Jul 2009 Present

Whiteside Security Consulting, LLC

Chief Executive Officer

Provide specialized services to C Level Business Leaders, Information Security Start ups, and prospective technology

investors.

Secure World Expo Jul 2012 Present

Executive Steering Committee

Help set topics and outline for coming conferences.

Comodo

Sept 2013 – Present

Corporate Strategy Advisor

Provide insight to CEO on how to improve sales, marketing, and product management teams and initiatives.

Mobile Active Defense

Aug 2012 – Present

Advisory Board Founding Member

Provide insight into direction of mobile as it relates to information security and corporate risk.

Aug 2010 Present

Lynx Technology Partners

Chief Security Officer

Give guidance on bleeding edge information security technologies to partner with and resell.

Education: Huston Tillotson University

B.S. Computer Science 1990 – 1994

Honors and Awards: Company Grade Officer of the Year for 1997, 1999

North American Information Security Executive of the Year 2009, 2010 (Nominee)

North East Information Security Executive of the Year 2009, 2010 (Nominee)

SC Magazine – quotes, direct articles, and cover stories

Speaking Engagements and

RSA Conference – BYOD panel, data loss prevention panel

Other Media:

SC Congress – Keynote, BYOD Panel, HIPAA presentation, PCI, Audit Preparation

Core Security – Penetration Testing Keynote, Webinars

Symplified – Cloud Single Sign on/Identity and Access Management Keynote

Gartner Security Summit – Security Best Practices, BYOD Panel, CISO Program

Keynote

ConNEXTIONS – BYOD panel, Technology Innovations presentation

ISE Programs – Information Security practices presentation

Secure World Expo Speaking and panels

Symantec Security Conference Speaking and panels

Tech Forum NYC Speaking and panels

CSO Magazine and Online – quotes and direct articles

CISO Executive Network Speaking and panels

T.E.N. – Forum Keynote, Award presenter, event host

Memberships: ISSA, ISACA, CISO Executive Network, Cloud Security Alliance, Phi Beta Sigma

Fraternity Inc.

Contact this candidate