Albert E. Whale, CEH CHS CISA CISSP CMMC-RP

Global Business Security Leader

International Award-winning Author Speaker Certified Coach

Albert Whale, a cybersecurity expert with over 30 years of experience, has a proven track record of leading teams to achieve better security. As a Founding Member and Certified Coach with the prestigious Napoleon Hill Institute, Albert has truly mastered his craft. He has undergone a transformative shift in his security career, expanding his expertise into leadership coaching, speaking engagements, and being an award-winning author.

Drawing on his extensive knowledge of hacker techniques, Albert can identify the probability and impact risks that businesses face when it comes to cybersecurity. Not only is he a Service-Disabled Veteran of the US Navy, but he is also an internationally acclaimed author, public speaker, and go-to expert for cybersecurity interviews.

In addition to his illustrious career, Albert serves as an Advisory Board member for Pittsburgh Technical College and EC Council University. He has participated in renowned events including 'Hack the Pentagon' and 'Hack the Air Force' as part of the Red Teaming efforts.

As one of the Founding Members and Certified Coaches with the prestigious Napoleon Hill Institute, Albert has a proven track record of success. But he doesn't just talk the talk - he walks the talk. Albert is a product of his product, making a Quantum Shift in his own security career and expanding his expertise into coaching, speaking, and authorship.

Albert's highly sought-after book "#HACKED" is specifically designed to guide the reader on a personal cybersecurity journey. His second book, "#HACKED2," which he co-wrote with twelve other cybersecurity professionals became a #1 International Best Seller within a mere twelve hours. Albert has published his fourth book in less than two years, Getting UnHacked, with seven Coaches from the Napoleon Hill Institute. Albert’s expertise and leadership are essential in this hyper-connected world.

Albert is currently leading the curation of contributions from experts for his upcoming publication on implementing ZTA in the Quantum world, showcasing his expertise in the field and ability to drive collaborative projects. This will be a must-read for every Board Room and Security Team.

Sr. Security Cybersecurity and Zero Trust Architect

Mr. Whale’s experience with network and cybersecurity issues, as well as the techniques that Hackers employ, provides his clients with a unique understanding of the vulnerabilities and techniques that may be applied to mitigate these issues.

Albert has worked as an Application Specialist, as well as an Application Architect. He has used his expertise to support the various efforts to include but not limited to; Requirements Traceability Matrices (RTM), Performance Specifications, Product Quality Deficiency Reports (PQDRs), Engineering Change Proposals, test artifacts, and test reports. His expertise was essential in the Migration of opportunities from Waterfall to Agile, and also the creation of Automation in the development of Continuous Delivery or DevSecOps pipelines. Albert's efforts were recognized for inclusion in the Federal Register by the Carnegie Mellon Software Engineering Institute, marking it as the first and only Federal Security Assurance Process that could keep pace with agile software development.

Applying techniques and principles has aided his ability to architect better solutions for organizations. He created the DevSecOps and CMMC security offerings for Capgemini Globally

Employment History

Capgemini

Sr. Security Manager/Cybersecurity Lead/Architect Sep 2019 – April 2024

Mr. Whale has worked on large-scale solutions for organizations for multiple organizations, with roles as Cybersecurity Architect, Zero Trust Advisor, Regional Information security Officer, and Cloud Migration Security professional. He supported the Newport Naval Shipyard’s implantation of IOT and IIOT control solutions on the Digital Network for easier decision making while assuring the eligibility to meet CMMC and NNPI Certifications.

Supported the Migration of Global Manufacturing, Pharmaceuticals, and Agricultural activities from various environments to AWS, Azure, and GCP.

Supported the RFP Creation for multiple Government opportunities applying expertise in cybersecurity and zero trust.

Worked as the Workstream Lead for M&A activities, identifying multiple savings and improvements for client security issues. One migration tool offered a $1 million time savings across multiple man years. He identified defined and undefined security processes within the organization to institutionalize a consistent, efficient, and secure process.

Standardized the use of existing tools in the organization in a consistent manner in the SDLC.

Automated scanning of open-source software components within processes.

Institutionalized the use of Architectural design reviews, network and data designs, as well as the ranking of business applications to determine the implied risk level of the application.

Planned migration of resources to the cloud from a physical DC.

Worked in support of Global Banking Organizations, including USAA, Wells Fargo, Bank of America, and Comenity.

Determined necessary security tools, policies and baselines for the organization.

Created security standards for mitigating the risk of the client and Capgemini.

IT Security Solutions, Inc.

Founder & CEO Jul 2018 – Sep 2019

Mr. Whale created a Cyber Security Product which is branded as a managed service named ITS Safe™. ITS Safe is targeted to small businesses to monitor the constantly changing security landscape. ITS Safe is designed to block activities from Foreign Countries as well as stop hackers before they infect business computers. Firewalls and Virus Scanners are a reactive approach to understanding Vulnerabilities. ITS Safe constantly scans network activities for known and unknown vulnerabilities.

Created the ITS SafeTM security appliance

PNC Bank - Wipro

Lead Consultant – GRC - IT Risk Management Consultant Dec 2017 – Jul 2018

Supported auditing and control testing involved in the retail banking sector. This effort was structured to support the Internal ETS-CTS Control Validation testing of business controls. Utilized RiskLens to minimize perceived Risk on the organization.

GLBA Risk evaluations

Sox remediation recommendations

RiskLens filtering of compliance issues.

IT Security, Inc.

President/Chief Information Security Officer (CISO) Jun 2013 – Dec 2017

Mr. Whale provided technical expertise in the Manual Ethical Hacks and Technical Risk Management departments of BNY Mellon. Mr. Whale’s technical expertise assisted major corporations in determining their risk exposure, scoping the effort to secure network infrastructures as well as the software applications. His security and technology leadership assisted his development of solution architecture for his clients.

His efforts helped to identify and streamline the communications between security analysts and software developers, enabling more efficient communications, as well as improving organizational efficiency.

Provided and led applications testing and remediation advice.

Utilized various tools including Qualys, Nessus, OpenVAS, and Burp, among others.

Performed Synack Red Team testing.

Performed Governance-Risk-Compliance (GRC), development, review and testing.

Improved the overall testing format for existing applications.

Developed training materials for Security Analysts, Developers, and Program Managers relating to Security Issues.

Institutionalized new Communications/Reporting pathways for Security Teams to communicate more effectively with Developers.

Conducted Penetration tests.

Identified system vulnerabilities.

Analyzed risks and recommend control measures.

Simulated breaches to enhance network security.

Developed measures to lock down risk areas.

Trained Development and Architecture Teams to prevent attacks.

Performed Penetration Testing and Ethical Hacking applying tools and attack forms.

Exploited scripts and programs to test whether vendor and developer patches operate as required and remediated or mitigated the identified vulnerability of malicious code.

Architected Intrusion Detection Environments and forms of attack to enable intrusion analysis of the systems and application logs.

Improved the overall Secure SDLC program with updates originating in the Security Team.

Cigital

Security Consultant Apr 2012 – Jun 2013

Leveraged my expertise in cybersecurity to enhance the US Air Force's security protocols by providing comprehensive training and guidance to teams, developers, project managers, and program managers. I conducted on-site training sessions to educate teams on the vulnerabilities that hackers exploit in software, emphasizing the importance of robust security practices.

Provided training to US Air Force, DISA, DARPA, SOCOM and numerous other Gov’t Agencies for implementing security in their software development programs (legacy and current projects) supporting their SDLC.

Educated Government Agencies on the issues of hacking attacks on the software application in the projects supporting their organizations, without interruption to normal business operations.

Updated training materials to provide better education & training programs.

Assessed vulnerabilities and provided customer remediation paths.

Identified issues with SDLC program structure aiding in the reduction of CAT I/II findings with reduced mitigation costs.

Provided Pen Testing services for multiple customers in various industries.

Published a White Paper on Malicious Code Detection to improve internal software development efforts for banking clients.

Published an article for reducing attack threats in the Pen Test Magazine, Homeland Security.

Performed both Application and Network based penetration tests.

Developed program understanding in the BSIMM and vBSIMM methodologies for clients.

L3 Services (Engility)

Information Assurance Lead/Manager Nov 2011 – Apr 2012

Enhanced VA DevSecOps by updating SDLC waterfall cybersecurity to an Agile based SDLC. This approach saved the VA (and the contract teams) more than $1 million. Due to the forward thinking, our company was able to win the re-award of the contract for L3, which was estimated in excess of $10 Million dollars.

Redirected and organized the IA Team for working with the VBMS project.

Managed a team of 12 Information Security Team members of varying capabilities.

Organized the team to implement the NIST controls with a multi-million-dollar project.

Utilized the Agile methodology to implement the NIST objectives.

Contributed to the re-award for the project to L3 from the Dept of Veteran Affairs.

Managed the IA team for integration into 12 Software Development Scrum Teams.

Implemented Controls and Remediation paths for FISMA objectives in the development of better software security.

Improved the overall security stance of the organization, while educating teams about security awareness (everyone is a member of the security team).

ABS Computer Technology

Senior Security & Technology Director Sep 2009 – Dec 2011

Performed project planning, resource planning, project schedule development and maintenance functions.

Created and monitored project estimates and budget as required.

Provided leadership to diagnose and overcome barriers to team and project progress.

Executed the implementation plan and monitored progress. Performed project review and created summary documents to include standard operating procedures.

Designed networks, enterprise monitoring solutions, and architected enhanced secure network solutions.

Implemented OWASP considerations for improving Web and application security.

Created and customized OWASP rule sets for multiple virtual hosts in the web hosting environment for both ABS and other customers.

Led researchers and development teams to implement projects.

Analyzed and protected OWASP vulnerabilities on hosting and per-website basis.

Architected complex network strategies to both protect the internal and external resources of the customer (internal and external).

Deployed IDS/IPS solutions on networks and servers to augment the hardened environment.

Collaborated with associates to determine business needs in implementing selections for OS implementation, security tools, pen testing assignments, security evaluations, and risk assessments.

Implemented OWASP standards for web application security.

Improved security of webservers using SSL and web security tools.

Assisted developers in remediating issues with security assessments which exceed OWASP standards.

Performed application security auditing using CEH training to determine the vulnerability of applications.

Developed and maintained solutions in enterprise environments for HIPAA, SOX, and PCI regulatory compliance.

Created a customized Information System Security Assessment Framework (ISSAF) for evaluating networks, and application security.

Scanned networks, servers and other resources for customers to validate compliance and security issues using numerous tools.

Developed secure network architecture for new and existing environments.

Customized COTS, Open Source, and Custom software for customers.

Managed projects using the Agile PM methodology.

Provided analysis information of network and malware attacks to open-source communities.

Presented multiple attack methodologies to groups and businesses in developing a better security design for their networks.

Developed client server-based applications and customized interfaces to databases.

Customized security solutions for Unix/Linux environments with server hardening tools such as Bastille, ModSecurity, and PSAD.

Created enterprise monitoring and management resources for NOCs and security operational centers.

As acting CTO, created Reliable, Redundant, and Cost-Effective IT platform to support customer operations.

Worked with SMB and Fortune 1000 companies, including AT&T Prepaid, Alcoa, and Stadtler Drug.

BACKGROUND

SUMMARY

Education

BSEE, Penn State University

Certifications

CEH

CHS

CISA

CISSP

CMMC RP

Professional Experience

30+ Years

Award Winning Author

#HACKED – 10 practical Tips to Protect your Personal and Business information.

#1 International Best-Selling Author

#HACKED2 – Practical Guidance for Dealing with Threats to Your Business and Privacy

Honored Inductee 2023 Marquis Who’s Who

Contact this candidate