MARK MODISETTE
***** ********** *******, ******** *******, CO 80921
abh0fh@r.postjobfree.com . hm 719-***-**** cell 719-***-****
PROFESSIONAL PROFILE:
Exceptional leader and technical team motivator with an impressive
knowledge and understanding of system development life cycle, IT
operations, and IT technologies in diverse and global environments. Twenty
year career span leading successful and dynamic IT security teams in
supporting and deploying security related enterprise technical solutions,
security policy, application of compliance measures, employing industry
best practices, frameworks and methodologies. Trusted corporate consultant
and advisor who is equipped with the management acumen and technical
expertise required to marry technology and security strategy to business
needs and communicate the ROI of security investments and initiatives.
Charismatic and articulate with superior communication, negotiation,
presentation, and public speaking skills. Easily establishes optimum
business relationships with staff from all levels, corporate heads,
contractors, and a host of supportive agencies.
CORE COMPETENCIES:
. Information Security . Network/Computer Security Architecture
. Regulatory Adherence . Cost/Benefits Analysis .
TOP SECRET Clearance . Security Analysis
. Plans & Policy Development . Vendor Management .
Contract Administration
. Enterprise Security Management . Report Writing & Presentations
. Corporate Consultant
. Project Management . Disaster Recovery . Team
Building
RELEVANT SKILLS & EXPERIENCE:
Security Management and Risk Prevention
. Applies high degree of security management and security engineering
skills to protect the confidentiality, integrity, and availability
(CIA) of company's customer and proprietary information and
processes.
. Creates extensive technical documentation and implements security
policies, standards and procedures.
. Consistently monitors operations to ensure compliance with corporate
information security policies, security standards, and procedures
among employees, contractors, alliances, and other third parties, and
refers escalated issues to appropriate departmental managers or
administrators as warranted.
. Identifies global changes in best practice, regulatory and
legislative issues that affect company security; and, initiates,
facilitates, and promotes activities to foster security awareness.
. Manages and directs security risk assessment professionals and
compliance experts; and, serves as information security consultant to
company executives in the area of security related advancements.
. Institutes strategies and plans that provide for timely business
resumption in event of serious disruption.
Systems Security Architecture and Engineering
. Develops and implements procedures and functionalities required to
monitor, manage, coordinate, secure, and control government and
private industry level infrastructures and provide operational
support.
. Creates solutions to integration/interoperability issues; and,
designed, developed, and managed systems that met current and/or
future business needs with a focus on applying, extending, enhancing,
and optimizing existing architecture and security requirements.
. Translates business and IT strategy into secure solutions and
infrastructure that supports company objectives.
. Applies breadth of knowledge and creativity business needs to ensure
new technologies and trends have appropriate levels of security
controls.
IT Management/Project Management
. Writes and establishes and develops corporate policy and traceability
matrixes to test and enforce policy.
. Consults with senior leadership on IT operations, requirements,
security threats, and related issues and activities to ensure the
integration of secure IT programs and services.
. Manages and directs staff and operations related to 24X7 support for
enterprise security operations.
. Spearheads technical security projects for financial institutions.
. Develops and monitors practices that ensure customer, business
partner and employee information remains secure from unauthorized
access, protected from inappropriate alteration and remains
physically secure.
. Establishes vendor relationships and administers contracts for
security related products and functions.
Technical Consulting, Technical Communications, Presentations, & Training
. Serves as lead security consultant with full accountability for
customer's WAN and LAN security designs.
. Performs requirements gathering and evaluates customers network
configuration to develop recommendations for securing assets and
provides best options for total network security.
. Assesses security posture and makes recommendations for enhancements.
. Performs public speaking engagements on security related subject
matter.
. Creates and deliveres ITIL Foundations training sessions to global
technical audiences.
. Trains/mentors sales and support staff on security offerings and
initiatives managed by security team.
. Facilitates training efforts for technical staff on regulatory and
industry based security requirements (i.e., Sarbanes-Oxley and PCI),
and proper security design methods and implementation.
. Authors and implements Computer Incident Response Team (CIRT) Program
and related processes.
PROFESSIONAL EXPERIENCE:
AVAYA Inc., Westminster, CO 2006 - Present
Director, Avaya Global IT Security & Senior Manager, Services Security and
Consulting
Led efforts to 1) develop an Avaya Global Services (AGS) level security
program and risk advisory program 2) created the AGS Incident Response Team
(AIRT) designed to provide a quick response to services related issues 3)
act as subject matter expert for Six Sigma team to create the Approved
Secure Connectivity Methods standard that ensured a secure and consistent
support delivery mechanism 4) Created ISO aligned security standards
framework 5) Created new process to retrieve employee equipment and data
from exiting emplyees 6) Developed awareness program 7) Developed System
Categorization & Control Standard 8) Created Logging, Monitoring and
Response strategy and related standard 9) enhanced the Avaya-CERT
capability ensuring appropriate levels of manning, adjusting processes and
adding tools to assist with Avaya's response capability to potential
security incidents 10) authored and implemented the Avaya - Security in the
System Development Life Cycle (SDLC) Methodology for the Global IT
Organization 11) authored and implemented the Secure Zones Security
standard that outlined appropriate security controls and traffic flows for
systems assigned to a security zone 12) authored and presented the Avaya
Security strategic plan and security architecture to Avaya senior
leadership.
MISSILE DEFENSE AGENCY (MDA), Schriever AFB, Colorado 2004 -
2006
Senior Security Manager and SETA (Systems Engineering and Technical
Assistance)
Project Lead for 1) establishment of the MDA ENOSC and alternate NOSC; 2)
nation-wide roll-out of a security aggregation and correlation tool; and,
3) Manager of Managers (MoM) tool that provided reporting and statistics
for strategic planning and situational awareness of the enterprise
environment.
BELLSOUTH, Atlanta, Georgia 2003 - 2004
Senior Network Security Consultant
Responsible for 1) conducting customer enterprise security assessments and
present findings to "C" level leadership - received "BellSouth outstanding
Customer Service Award" 2) writing white papers detailing security risks
associated with emerging technologies 3) creating and conducting training
programs and briefing sales staff on security related offerings.
ENT FEDERAL CREDIT UNION, Colorado Springs, Colorado 2001 -
2003
Information Security Officer
Key in 1) creating the framework for the ENT Federal Credit Union Security
Program 2) instituting processes for secure NT/2000 server installations
and upgrades 3) supporting technical staff in the planning, engineering,
and execution of data center migration 4) conducting risk analysis and
penetration tests, building hardening checklists, and creating ENT's
Network System's "Server Certification and Accreditation Program"
MINDPORT, Colorado Springs, Colorado 1999 -
2001
Information Systems Technical Manager/Enterprise Security Manager
Instrumental in 1) implementing several security initiatives that improved
overall security operations and consisted of firewall rule-base changes and
standardization, anti-virus standardization and email system redesign 2)
securely architecting company merger whereby three separate private
networks were linked together with requirements to share enterprise
business assets 3) creating company's disaster recovery and business
continuity plan 4) secure implementation of Outlook Web Access (OWA) to
facilitate communication for traveling executives
USAA Property and Casualty, Colorado Springs, Colorado
1998 - 1999
Information Technology Project Manager
HEWLETT-PACKARD, Colorado Springs, Colorado 1997 - 1998
Information Technology Project Manager
UNITED STATES AIR FORCE 1985 - 1997
Network Systems Lead
EDUCATION, TRAINING, & CERTIFICATIONS:
Master of Science, Management, Emphasis in Security Management/Project
Management
Colorado Technical University
Bachelor of Science, Computer Science, Cum Laude with Highest Honors/Minor:
Mathematics
Regis University
Computer Information Systems Security Professional (CISSP) Certification
Certified in the Governance of Information Technology (CGEIT) Certification
Project Management Professional (PMP) Certification
Information Technology Infrastructure Library (ITIL) Foundations
Microsoft Certified Systems Engineer (MCSE)
Six Sigma Green Belt Training
KEY WORDS:
CISSP
CGEIT
MCSE
PMP
ITIL
ISO 270**-***** 27002
SABSA
Jericho Security Architecture
ISS (IBM) Proventia
McAfee AV
Symantec AV
GLBA
SOX
HIPAA
DITSCAP
DIACAP
NIACAP
SSAA
eEye Retina Vulnerability Scanner
ISS Security Scanner (IBM)
Arcsight
Consumerization
Cloud Computing
Distributed Computing
Terminal Client Computing (TCC)
Network Access Control (NAC)
GRC Governance Risk and Compliance
Security Information and Event Management (SIEM)
Data Loss Prevention (DLP)
Policy Management