Patrick Santistevan, CISSP, AIT
**** ******** ***** ***** ****
Fort Collins, Colorado 80526
Mobile 603-***-****
Email: abmokj@r.postjobfree.com
_________________________________________________________________________________
Information Assurance * System Security * Global
_________________________________________________________________________________
Results driven Information Security professional with project management, business analyst, and software
development experience providing technical expertise and business acumen. Excellent rapport with
management, business groups and technical teams to analyze computer systems and processes, submit
recommendations and proposals. Skilled at formulating plans for system development, operational process,
installation, and implementation while maintaining systems confidentiality, integrity, and availability.
Demonstrated team building, relationship building, and communication skills.
_________________________________________________________________________________
Core Competencies include:
* Data Center Security Operations * Server Hardening * Technical Documentation
* Enterprise Compliance & Governance * Identity & Access Management * Strategic Planning
* Role Based Access Control (RBAC) * Critical Production Support * Design Validation
* Project Management * Reengineering * Technology Transfer
* Process Improvement * Systems Integration * End User Training
* Cloud Computing * Virtualization * Change Management
* Interdepartmental Coordination * Business Continuity * Disaster Recovery
________________________________________________________________________________________
Professional Experience
_________________________________________________________________________________
Liberty Mutual Group 1998 Present
Senior Information Security Analyst – Security Operations (July 2007 Present)
• Accountable for adhering to the information security policy by proactively collaborating within Hosting
Services infrastructure support towers and six strategic business units worldwide. Proactively
administering procedures and collaborating across business units in support of information systems that
are the operational foundation protecting assets of the organization. Facilitated a more consistent,
comparable, and repeatable approach for selecting and specifying security controls for information
systems thus enabling less skilled employees to contribute in operational support.
Key Achievements:
• Instrumental in Top 10 project directive to identify enterprise wide system accounts and reduce level of
access to essential personnel. Worked diligently to remediate level of access and successfully enforced
internal controls aligned to least privilege and separation of duties concepts.
Resume of Patrick Santistevan Page 2 of 2
Reengineered enterprise wide system compliance scanning by replacing application toolset thus
•
allowing a yearly departmental cost reduction of $500,000. Correlated compliance policies from CIS
and PCI standards to incorporate preexisting company specific policies. Developed reporting and
security scanning metrics to be reviewed by IT management, technical teams, and audit groups.
Provided continuous hands on training of security analysts to promote the development of skills in
•
anticipating, identifying, and troubleshooting technical problems and operational processes flows.
Maintain awareness of existing and proposed security standard setting groups, State and Federal
•
legislation and regulations pertaining to information security and identified regulatory changes that will
affect information security policy, standards and procedures, and recommend appropriate changes.
Coordinated development, testing, and implementation of security plans, products, and control
•
techniques. Consult with client and development area management and staff in the design and
implementation for new or modified information security processes.
Liberty Mutual Group Colorado Casualty Insurance Company
Software Developer, Application Security, Business Analyst (February 2000 July 2007)
• Acted as liaison between business groups (underwriting, claims, finance, marketing, agents) and IT staff
by translating product requirements into business applications. Developed product functional
requirements to be in compliance with state regulatory pricing and statistical reporting. Served on
committee to represent regional company(Colorado Casualty) in a business and IT capacity to parent
company( Liberty Mutual Group).
Key Achievements:
• Served as project manager to lead a team of software developers and security analysts to implement
controls that adhered to Sarbanes Oxley legislation. Created authorization lists to control object
authority, programmer and business user authorities, and implemented processes to utilize change
management guidelines. Successfully included additional business request to reconfigure user menu
flows dramatically increasing efficiency for business units.
• Managed the core business systems through the complete lifecycle of design, coding, testing,
implementation, training, maintenance, and retirement. This business system enabled the company to
grow from $40 million to $300 million in policy premiums with a combined ratio of 88% at its peak.
• Created underwriting notes program that allow business units to document client information and
securely stored client data enabling authorization mechanism requirements. The program was adopted
and replicated to all business systems that contained client decision points and strategy.
Education and Designations
• CISSP
• AIT designation – Associate Insurance Technology.
• Pursuing Master degree in Computer Science Information Technology –
Specializing in System Engineering at Regis University Denver Colorado.
Resume of Patrick Santistevan Page 2 of 2
Colorado State University Bachelor of Arts – Major Economics.
•
Recent Technical Training
• Red Hat Linux System Administrator
• SANS Virtualization Security Fundamentals
• Windows Server 2008
• Windows 2003 Implementing and Administering Security
• BMC Bladelogic (Atrium Orchestrator, Basra Reporting, RBAC administration)
• Managing IT Projects
Technical Proficiencies
Software: Bladelogic, Nessus Tenable, CyberArk, Symantec Security Expressions, Cybertrust,
NetPro Change Auditor, Standguard, MS Power Point, Excel, Outlook, Visio,Point5.0,
Documentum, Peregrin Service Center, CA Advantage 2E(Synon2E), PMSC, Turnover
Technologies: Active Directory, LDAP, Distributed File System, Teradata.
Languages: Script modification and reuse (Visual Basic, Perl, Shell), Cobol AS400, CL AS400, SQL AS400.
Operating Systems: LINUX(RHEL, SUSE), AIX, Solaris, AS/400 i5Series, Windows 2003/2008, Windows
XP/Vista/7, VM.