Security Engineer
Resume:
Barry Miller
*** ****** ***** ***** ********, SC 29229
cell: 803-***-**** *********@*****.***
Information Technology/Security Management Profile
With Track Record of Success in Providing Strong Strategic Planning, Team Direction, Cost
Containment, and Development of Enterprise Wide Network and Security Solutions.
Accomplished IT, Security, Compliance and business solutions leader with 20+ years of
experience and success in fulfilling mission critical objectives and goals, directing cross
functional technology teams, and leading complex projects from conception to deployment. Offer
advanced capabilities and expertise in Information Security management, Network technology
and Regulatory Compliance combined with deep understanding of intersection between
technology, business, and operational needs. Core Competencies:
Regulatory Compliance
Team Building and Leadership Business/IT Reengineering
Senior Executive
Relationships Strategic Planning & Development Systems Security Analysis
Project Lifecycle Management Technology Evaluation & Selection Time/Resource Management
Business Process Risk Evaluation & Management DR / BCP governance
Optimization
Hold Key Industry Certifications, Including CISSP, ISSAP, PMP and CHSP Designations
Experience in Analysis of HIPAA, state privacy laws (California SB1386), PCI, Sarbanes Oxley,
GLBA and EU Data Protection Act
Professional Experience
The South Financial Group
Lexington, SC Current
SVP/Chief Information Security Officer / Privacy Officer / Enterprise Continuity Planning
As the Chief Information Security Officer (CISO), responsible for the corporate Information Security
program to include establishing and maintaining a corporate wide information security program to ensure
that information assets are adequately protected. Responsible for identifying, evaluating and reporting on
information security risks in a manner that meets compliance and regulatory requirements. Proactively
work with business units to implement practices that meet defined policies and standards for information
security and oversee all information risk management activities. Act as the process owner of all ongoing
activities related to the availability, integrity and confidentiality of customers, business partners,
employees and business information, in compliance with the organization's information security policies.
Partner with executive management to determine acceptable levels of risk for the organization and
provide strategic and tactical security guidance to include the evaluation and recommendation of
procedural and technical controls. Provide corporate wide governance for Disaster Recovery / Business
Continuity Planning. As Privacy Officer, ensure alignment of corporate compliance for technical and
operational processes with GLBA, HIPAA and other Federal regulatory requirements. Provide
Governance for corporate Enterprise Continuity Planning (ECP) and Disaster Recovery.
NetBank, Inc.
Columbia, SC 2006 – July 2007
Senior Officer, Director of Technology Risk and Information security
Performed the functions of Chief Information Security Officer (CISO) for the Internet Bank and its
subsidiaries. Responsibilities include defining the strategy and vision for the continued development of all
aspects of Information Security. Maintaining an effective company security/risk posture by ensuring policy
and standards development, associate security awareness, access control procedures, Incident
Response, risk mitigation efforts, system baseline security guidance, FFIEC/OTS and regulatory
compliance and staff development are defined, implemented and maintained. Received glowing
accolades from external auditors on the Security program in relation to GLBA regulatory requirements.
Selected Accomplishments:
Performed the risk analysis, implementation design and tuning strategy to create the appropriate
balance between business/customer impact and risk to comply with FFIEC guidance in regards to
2 factor access and protection of customer data.
Created the guidance (policies, standards and procedures) outlining a strategy which enabled the
implementation of a corporate wide Data Classification program. This included partnering with the
business and IT department heads to perform the required data identification, classification, data
ownership definitions and the risk assessment and remediation of any deficient security controls.
This process was integrated into the System Development Life Cycle (SDLC) to ensure it was
maintained.
Co chaired with the Chief Legal Executive, the Privacy and Business Information Security (P/BISC)
council attended by representatives from all areas of the business and Information Technology.
This monthly meeting facilitated discussion around current and pending regulatory requirement,
and any privacy/security initiatives allowing effective identification, analysis and management of
risks to maintain compliance with GLBA, FFIEC and OCC/OTS requirements around the
safeguarding of customer non public information.
Directed the annual GLBA Security Risk Assessment of business processes, physical security,
access control methodologies and system availability architecture employed to access and protect
customer information and presented the resulting report to the Board of Directors.
Wal Mart
Bentonville, AR 1997 Jan 2006
SECURITY STRATEGY ARCHITECT (2002 2006)
Provided expertise and strategic vision for all aspects of security to include access control, system design,
vulnerability assessment/remediation, incident response, forensics, and auditing. Developed policies and
budgets, reviewed relevant legislation to ensure regulatory compliance for all business operations with
HIPAA, GLBA, EU Data Protection Act and address outside audits and assessments. Negotiated prices
and build support models for security technologies/services. Selected Accomplishments:
Cost Reduction & Avoidance Negotiated savings of over $20 million on enterprise based security
purchase and secured favorable pricing on additional technology purchases.
Staff Development Mentored 60+ engineers and 4 managers on technologies, troubleshooting and
security assurance. Developed Security Awareness training which led to improved capabilities of
team members.
Business Continuity Evaluated systems and contributed to design of Disaster Recovery/Business
Continuance models that increased systems availability and reduced time/cost expenditures.
Knowledge Sharing Assisted in developing Information Systems Security Association (ISSA) chapter
for NW AR region.
Strategic Applications Manager, Network Engineering (2000 2002)
Supervised 15 associates in LAN and WAN design, implementation and support for all Home Offices, all
remote connectivity to vendors, satellite connectivity to 3,500 stores and videoconference capabilities.
Guided outside carriers in development and provisioning of secure global VPN services. Implemented
and maintained network device security. Managed $15 million budget and directed all phases of project
life cycles, from requirements determination to close out. Selected Accomplishments:
Training & Coaching Developed customized training and career progression plans for all team
members to assist in furthering their careers.
Cost Reduction & Avoidance Negotiated contracts and service level agreements with vendors on
technologies and services, capturing over $18 million in savings.
Technology Solutions Led team to achieve 99.998% systems availability.
Manager, File & Print Services (1999 2000)
Promoted to supervise team in building, implementing, maintaining, and monitoring all file storage and
back up methodologies for 3,500 stores, 135 remote sites and 7 international Home Offices. Transformed
team from fragmented to a cohesive unit. Selected Accomplishments:
Performance Improvement Reversed prior history of under performing systems by increasing
availability and performance of File and Print Services by 45%.
Infrastructure Enhancement Successfully migrated enterprise from Novell to Microsoft Active
Directory services.
SENIOR NETWORK ENGINEER, SECURITY TEAM LEAD (1998 2000)
NETWORK ENGINEER, DEVELOPMENT TEAM (1997 1998)
Promoted to Lead Engineer and Team Lead for Security team. Led development of design of multi
layer defenses; assisted in development of security policies and procedures. Mentored team on
effective implementation and support of firewalls, VPN equipment, anti virus protection and
Intrusion Detection sensors. Designed highly available communication networks for all locations
worldwide, maintaining 40,000+ pieces of network equipment. Acted as Technical Lead for all
remote connectivity projects.
U.S. Air Force 1990 1997
COMMUNICATIONS COMPUTER CONTROL SPECIALIST (held Top Secret/SCI security Clearance)
Developed and integrated computer systems for all of US Space Command and the Cheyenne Mountain
complex.
Awards
Information Security Executive of the Year (Southeast States Nominee) 2008 and 2009
Education / Professional Development
MBA / PM Aspen University
B.S, Information Technology – Capella University
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Architecture Professional (ISSAP)
Certified HIPAA Security Professional (CHSP)
Certified Project Management Professional (PMP)
Contact this candidate