Patrick Santistevan, CISSP, AIT

**** ******** ***** ***** ****

Fort Collins, Colorado 80526

Mobile 603-***-****

Email: abmokj@r.postjobfree.com

_________________________________________________________________________________

Information Assurance * System Security * Global

_________________________________________________________________________________

Results driven Information Security professional with project management, business analyst, and software

development experience providing technical expertise and business acumen. Excellent rapport with

management, business groups and technical teams to analyze computer systems and processes, submit

recommendations and proposals. Skilled at formulating plans for system development, operational process,

installation, and implementation while maintaining systems confidentiality, integrity, and availability.

Demonstrated team building, relationship building, and communication skills.

_________________________________________________________________________________

Core Competencies include:

* Data Center Security Operations * Server Hardening * Technical Documentation

* Enterprise Compliance & Governance * Identity & Access Management * Strategic Planning

* Role Based Access Control (RBAC) * Critical Production Support * Design Validation

* Project Management * Reengineering * Technology Transfer

* Process Improvement * Systems Integration * End User Training

* Cloud Computing * Virtualization * Change Management

* Interdepartmental Coordination * Business Continuity * Disaster Recovery

________________________________________________________________________________________

Professional Experience

_________________________________________________________________________________

Liberty Mutual Group 1998 Present

Senior Information Security Analyst – Security Operations (July 2007 Present)

• Accountable for adhering to the information security policy by proactively collaborating within Hosting

Services infrastructure support towers and six strategic business units worldwide. Proactively

administering procedures and collaborating across business units in support of information systems that

are the operational foundation protecting assets of the organization. Facilitated a more consistent,

comparable, and repeatable approach for selecting and specifying security controls for information

systems thus enabling less skilled employees to contribute in operational support.

Key Achievements:

• Instrumental in Top 10 project directive to identify enterprise wide system accounts and reduce level of

access to essential personnel. Worked diligently to remediate level of access and successfully enforced

internal controls aligned to least privilege and separation of duties concepts.

Resume of Patrick Santistevan Page 2 of 2

Reengineered enterprise wide system compliance scanning by replacing application toolset thus

•

allowing a yearly departmental cost reduction of $500,000. Correlated compliance policies from CIS

and PCI standards to incorporate preexisting company specific policies. Developed reporting and

security scanning metrics to be reviewed by IT management, technical teams, and audit groups.

Provided continuous hands on training of security analysts to promote the development of skills in

•

anticipating, identifying, and troubleshooting technical problems and operational processes flows.

Maintain awareness of existing and proposed security standard setting groups, State and Federal

•

legislation and regulations pertaining to information security and identified regulatory changes that will

affect information security policy, standards and procedures, and recommend appropriate changes.

Coordinated development, testing, and implementation of security plans, products, and control

•

techniques. Consult with client and development area management and staff in the design and

implementation for new or modified information security processes.

Liberty Mutual Group Colorado Casualty Insurance Company

Software Developer, Application Security, Business Analyst (February 2000 July 2007)

• Acted as liaison between business groups (underwriting, claims, finance, marketing, agents) and IT staff

by translating product requirements into business applications. Developed product functional

requirements to be in compliance with state regulatory pricing and statistical reporting. Served on

committee to represent regional company(Colorado Casualty) in a business and IT capacity to parent

company( Liberty Mutual Group).

Key Achievements:

• Served as project manager to lead a team of software developers and security analysts to implement

controls that adhered to Sarbanes Oxley legislation. Created authorization lists to control object

authority, programmer and business user authorities, and implemented processes to utilize change

management guidelines. Successfully included additional business request to reconfigure user menu

flows dramatically increasing efficiency for business units.

• Managed the core business systems through the complete lifecycle of design, coding, testing,

implementation, training, maintenance, and retirement. This business system enabled the company to

grow from $40 million to $300 million in policy premiums with a combined ratio of 88% at its peak.

• Created underwriting notes program that allow business units to document client information and

securely stored client data enabling authorization mechanism requirements. The program was adopted

and replicated to all business systems that contained client decision points and strategy.

Education and Designations

• CISSP

• AIT designation – Associate Insurance Technology.

• Pursuing Master degree in Computer Science Information Technology –

Specializing in System Engineering at Regis University Denver Colorado.

Resume of Patrick Santistevan Page 2 of 2

Colorado State University Bachelor of Arts – Major Economics.

•

Recent Technical Training

• Red Hat Linux System Administrator

• SANS Virtualization Security Fundamentals

• Windows Server 2008

• Windows 2003 Implementing and Administering Security

• BMC Bladelogic (Atrium Orchestrator, Basra Reporting, RBAC administration)

• Managing IT Projects

Technical Proficiencies

Software: Bladelogic, Nessus Tenable, CyberArk, Symantec Security Expressions, Cybertrust,

NetPro Change Auditor, Standguard, MS Power Point, Excel, Outlook, Visio,Point5.0,

Documentum, Peregrin Service Center, CA Advantage 2E(Synon2E), PMSC, Turnover

Technologies: Active Directory, LDAP, Distributed File System, Teradata.

Languages: Script modification and reuse (Visual Basic, Perl, Shell), Cobol AS400, CL AS400, SQL AS400.

Operating Systems: LINUX(RHEL, SUSE), AIX, Solaris, AS/400 i5Series, Windows 2003/2008, Windows

XP/Vista/7, VM.

Contact this candidate