KATHRYN SALAZAR
Scottsdale, AZ 480-***-****
SUMMARY AND PROFILE
Security Thought leader with 15+ years of experience in designing and delivering cost-effective, high performance enterprise security solutions. Proven expertise in information technology, financial crimes, cyber security, risk management, and identity technologies
PROFESSIONAL EXPERIENCE
McBride Consulting, Sacramento, CA /remote
Information Security Consultant
2018- Present
Achievements: A proven track record of success in developing and deploying secure enterprise solutions. Highlights include:
Led the development and implementation of a Zero Trust Architecture that reduced security incidents by 50%
Transitioned Identity & Access Management from a focus on entitlements and federation to attribute-based access controls and dynamic authorization, with a focus on organizational roles and user attributes
Aligned and integrated the information security strategy with enterprise business goals
Updated the overall information security strategy, mechanisms for policy enforcement, definition of ownership, monitoring mechanisms, and processes and controls
Developed and implemented a cybersecurity incident response playbook and DFIR process
Established and managed an application security program that included SAST/DAST, pen testing, red teams, and secure SDLC
Managed internal controls, risk assessments, business process and internal IT/external control testing, and operational auditing
Successfully deployed security industry standards, including an updated Information Security Management System and program, and maintained compliance with HIPAA HITrust, SSAE18 SOC2, PCI DSS, FISMA, CCPA, CMMC and GDPR
Revenue Solutions Inc. Roseville, CA
Chief Security Architect/CISO
3/2016-6/2018
Achievements: A proven track record of success in developing and implementing secure enterprise solutions. Highlights include:
Application Security:
o Led the development and implementation of a Zero Trust Architecture, reducing security incidents by 50%.
o Established and managed an application security program that included SAST/DAST, pen testing, and Secure Development Lifecycle (SDL) for all products.
Security Architecture and Strategy:
o Designed and maintained a security architecture and roadmap for an enterprise at both the enterprise and solution level.
o Aligned and integrated the information security strategy with enterprise security and business goals. o Developed and maintained the overall information security strategy, mechanisms for policy enforcement, definition of ownership, monitoring mechanisms, process, and controls.
Security Management:
o Established, communicated, and maintained a charter for the security management function, including scope and objectives for the security management responsibilities and drivers (GRC). o Provided marketing strategy for security posture with existing and future client base. o Demonstrated management of projects in a system security, controls, and information security management environment, specifically the following information security domains:
Security Operations Center (SOC) MSSP
Cyber Incident Response Management (CIRM)
Security Architecture and Strategy (Zero Trust Architecture)
Transition from Identity & Access Management (IAM) Focus on Entitlements, Federation to Attribute Based Access Controls (ABAC) Focus on organizational roles and user attributes
Security Compliance:
o Successfully deployed security standards (PCI PA DSS, HIPAA, IRS Pub1075, CMMC, FISMA/NIST800), especially as it relates to the following:
Built an Information Security GRC program for RSI & RSI Clients.
Managed internal controls, risk assessments, business process and internal IT/external control testing and operational auditing.
Raley’s Sacramento, CA
Director, IS/CISO
3/2014-11/2015
Achievements: a proven track record of success in developing and implementing secure enterprise solutions. Highlights include:
Security Architecture and Strategy:
o Aligned and integrated the information security strategy with corporate security and business goals. o Developed and maintained the overall information security strategy, mechanisms for policy enforcement, definition of ownership, monitoring mechanisms, and process and controls. o Designed and maintained security architecture and roadmap at both the enterprise and solution level.
Security Management:
o Established, communicated, and maintained a charter for the security management function, including scope and objectives for the security management responsibilities and drivers (GRC). o Managed a progressive IT environment and system security, controls, and information security management environments.
o Led implementation efforts with complex project management capabilities.
Security Compliance:
o Successfully deployed security industry standards, including an Information Security Management System (ISMS) and program, and maintained compliance with ISO27001, FISMA, PCI-DSS, and HIPAA. o Built an ISMS program
o Managed internal controls, risk assessments, business process and internal IT/external control testing, and operational auditing.
Security Projects:
o Demonstrated management of projects in a system security, controls, and information security management environment, specifically the following information security domains:
Application Security: DAST, pen testing, and SDLC alignment for eCommerce product
Security Operations Center (SOC)
Identity & Access Management (IAM) Focus on Entitlements, Federation
Data Leakage Prevention (DLP) Focus on Data Flow, Encryption
Large Complex Program Execution/Implementation
Cyber Incident Response Management (CIRM)
McBride Consulting
Interim CISO
2013-2014
McBride Consulting (AZDoR) Phoenix, AZ
Director Tech & Engineering/CISO
2011-2012
McBride Consulting (Wynn Resorts) Las Vegas, NV
Director Tech & Engineering/CISO
2003-2011
EDUCATION AND OTHERS
University of Puget Sound
Bachelor of Science in Computer Science
Motorola University: CISSP, Capability Maturity Model (SEI CMM) Level 4, 6Sigma Green Belt