Email address
abozgi@r.postjobfree.com
First Name Middle Last Name Suffix Maiden Name
John Farrell
N/A
Work Phone & Ext Toll Free Phone Fax Phone Home Phone
Cell Phone Pager Personal Web Site Address
Secondary E-mail
abozgi@r.postjobfree.com
Address City, State
Zip
1665 Peridot Dr. Livermore CA 94550
Month/Year Hired Month/Year Left Total Years with Company
Jan 1996Mar 2000 5
Office Division Title
Silicon Valley Consulting ManagerCountry Other Employment Details
(Previous positions, duties, or fun info)
United States
Company Name Position
PG&E Senior Information Security Specialist
Company Web Site
http://www.pge.com
Company Size (employees) Est. Company Revenue Industry
251+ > $25,000,000 Manufacturing
Do you hold any professional certifications?
(Separate with commas)
CISSP, CISA, CEH
Other Current Employment Details
(Description of Position)
As Senior Information Security Specialist I provide a framework and the evaluation skills
for PG&E to assess and manage information risk so that Lines of Business and other groups
implement IT solutions within the PG&E s acceptable level of risk. I ensure that the
confidentiality, integrity and availability of PG&E information is assured. In this role I
am responsible for ensuring the highest level pf protection for PG&E s information assets,
including responsibility for security architecture and implementation. PG&E recently
received the coveted INFOSEC Assurance Capability Maturity Model (IA-CMM) certification.
Birthday Marital Status Spouse's Name Anniversary
Apr 7 Married Phyllis Feb. 10
Children's Names & Ages
Jason 25
c Copyright Andersen Alumni Association 2012. All Rights Reserved.
John Farrell - Security_Consultant, IS_Manager, IT Auditor.doc
OVERVIEW
Executive Level Staff Management building, motivating and managing multi-level, multi-
discipline teams to optimize quality and productivity.
Thorough experience in technological innovation, complex regulation and increased
accountability.
Proven leadership of projects that embrace innovative applications of technology and
radically improve the way business is done, streamlining operations to increase sales and
lower costs.
Project Management of complex assignments, implementing technology solutions for
strategic enterprise-wide business problems, consistently meeting time and budget targets.
Cross-functional collaboration and relationship building with key members of other
departments, executive management, clients and vendors.
In-depth proficiency managing the full spectrum of departmental functions application
development, infrastructure management and end user support. Comprehensive technical
direction in multiple operating systems, multiple environments (complex client server with
a vast array of interfaces) and widely varied applications.
Technical expertise in revenue enhancing sales tools, and document management systems.
Comprehensive experience in both large and small firm consulting, assurance, IT security,
IT risk control and business engineering. In-depth practice in IT security and audit,
application development, business process controls, information technology controls design
& implementation, project management and assessments of policies and procedures.
Unique combination of talent including information security, auditing and strong
negotiation, facilitation, communication and program management skills.
SKILLS
Management Technical Detailed business analysis
IT control methodology
Sarbanes-Oxley & PCI compliance Operating Systems (Linux, Solaris, Windows 2000 Server,
Windows 2003 Server, Windows XP) Business & Technical Strategies Application Development
IT Security Document & Workflow Management Financial Tracking Financial Transaction &
Process Flows IT risk control 24/7 Support Management Personnel Management Hardware
Management Budget Forecasting IT Security including Payment Card Industry Data Security
Standard (PCI DSS)
PROFESSIONAL EXPERIENCE
PG&E, San Francisco, ca 2007 to PresentSenior Information Security Specialist
Few areas have been as affected by change as information technology (IT). Each of the
major changes has created major risks. As Senior Information Security Specialist I provide
a framework and the evaluation skills for PG&E to assess and manage information risk so
that Lines of Business and other groups implement IT solutions within the PG&E s
acceptable level of risk. I ensure that the confidentiality, integrity and availability of
PG&E information is assured. In this role I am responsible for ensuring the highest level
pf protection for PG&E s information assets, including responsibility for security
architecture and implementation. PG&E recently received the coveted INFOSEC Assurance
Capability Maturity Model (IA-CMM) certification.
Continuously assesses IT assets and projects and defines information risk to PG&E.
Provides recommendations for remediation/mitigation of findings.
Conducts impact assessment and scoring of the new work related to Information Security,
IT Continuity, IT SOX, IT Compliance and audit and Information Risk.
Verisign, Mountain View, CA 2006 to 2007CONSULTING MANAGER
Manager of technical teams for multiple security engagements at client s location. I
conduct reviews, audits and technical assessments of client security either individually
or through team members. I consult on security architecture, infrastructure, and
implementation of proposed solutions. I create and mold multiple computer security
policies to client s particular requirements (information security, email retention, patch
management, etc.). I conduct vulnerability assessments, firewall and security device
review and make technical recommendations for improvement. Specialist in Payment Card
Industry Data (PCI) security consulting, reviews and examinations. Experience in Gramm-
Leach-Bliley Act (GLBA) and REAL-ID compliance.
Deloitte Touche Tohmatsu, San Francisco, CA 2005 to 2006Manager of consultants specializing in Assurance and Risk Management
I helped my clients leverage their Sarbanes-Oxley corporate governance efforts to include
a hard look at business processes and systems. As a manager of professional services, I
was responsible for engagement planning, budgeting, organizing, executing work plans,
managing daily aspects of client engagements and documenting, coordinating and presenting
client deliverables.
Manager for two major Sarbanes-Oxley review and implementation projects for a large
financial institution and a key telecommunications manufacturer. Processed were reviewed,
updated and improved. Recommended controls were implemented by the client to improve the
client s compliance while meeting the business requirements of the company. I used my
technical management experience to quickly drill down to the real issues.
Team lead for a review of all anti-money laundering and Bank Secrecy Act (BSA)
applications within a major bank.
Institutions approach to regulatory compliance.
Review of application architecture.
Investigated application development process.
Made recommendations for improvement to overall business function.
WELLS FARGO SERVICES COMPANY, San Francisco, CA 2000 to 2005Manager, Retail Product Information Technology Infrastructure
Led the detailed technical direction for a team of development and systems technicians in
building multiple Technology Infrastructure applications to improve back and front office
productivity.
Transformed manual processes into an electronically enabled process, i.e. getting the
right data to the right people at the right time so they can make the best decision or
take the correct action. Saved over $1 million dollars in the first year of operation.
Improved the security of sensitive customer data and ensured that the data could not be
inadvertently revealed even assuming an employee error.
Web (IIS, XML and .net) and data interfaces to front offices, middle tier and mainframe.
Heavy use of workflow technology to ensure delivery. Multiple data center replication to
ensure immediate fail over and availability. Database interface with back office for
research and assurance.
Managed an infrastructure consisting of over 125 servers, three operating systems
(Windows server, Linux and Solaris), six separate applications and their associated test
environments. Created an effective and safe fail over system so that no customer
transactions could be disrupted or lost. Used technologies such as clustering to ensure
that no single failure would disrupt an operation. Dealt effectively with network problems
impacting the applications. All servers were supported in a full datacenter environment.
Trained technicians to work successfully in multiple environments.
Drove multiple discipline teams to create production ready systems that maximize
availability and minimize security and operations risk. Created and implemented processes
that ensure successful development, installation and ease of upgrade for these systems.
Oversaw operations and development budgets of $1.6 million and $2 million respectively.
End-to-end project management of entire application process from gathering user
requirements, budgeting, developing, testing and infrastructure support till end of life.
Managed installation of enterprise-wide retail banking applications that boosted sales
and increased customer satisfaction.
Directed a team of technical professionals in developing an innovative sales tool as well
as customer tracking and front office applications to maintain and update account
information. Sales tool experienced a 500% annual growth in usage. Each transaction
completed is a revenue enhancing action.
Fully automated application installation processes to ensure correct set up. Never
experienced an installation failure or need for back out.
No down time on installed applications.
Executed installation of an Operations Center workflow engine, replacing an entirely
manual system in a far shorter time frame than normally possible.
Improved back office operations saving nearly $1.8 million in first year of operation.
SHARED VISION GROUP, San Francisco CA 2000 (hired by client after eight months)
Project Manager, Wells Fargo Bank
Managed information technology architecture engagement for the largest and most
significant client of this e-commerce boutique-consulting firm.
Worked as prime mover and trouble shooter for the bank s IT architect. Involved in
defining the standards for a number of projects including workflow and client server
applications. Managed the turn around of distressed application projects restoring
schedule and budget discipline. Created useful tools for the bankers out of formerly
failed projects.
Led implementation of the bank s application to determine correct rates for loans, CDs,
etc., across the nation. Data is then automatically fed into a broad spectrum of
applications. Created the transaction counting application that manages user billing for
Wells Fargo controlled desktop.
Ensured that effective risk management and security controls were realized while
producing a significant leap forward in speed and usability.
ARTHUR ANDERSEN, San Francisco, CA 1996 to 2000
Manager of computer consultants specializing in Computer Risk Management
Directed Security Management, Business Applications Management and Network Technologies
practices.
Leader of Bay Area information technology security practice.
Conducted security policy planning, writing & implementation
Managed client relationships, determined requirements, presented proposals, and closed
contracts in the western region; managed vendor compliance, methodology, communications,
and work plans.
Managed Y2K efforts for the practice. Numerous clients and engagements at all levels of
complexity. No client suffered even a single failure.
Performed HIPAA enforcement engagements for Fortune 500 clients.
Provided internal audit support and directly interacted with the audit teams providing
computer expertise.
Executed assignments involving re-engineering, systems development, quality assurance and
testing, as well as information security assessment, design, and program implementation.
Evaluated existing systems and developed in-depth Internet and network security
strategies for high tech clients.
Developed firm wide best practices and control standards.
Implemented change control procedures.
Generated over $2 million in revenue for the practice in one year.
EDUCATION
MS, Accounting and Information Systems, Arizona State University, Tempe, AZ
BA, Psychology, University of South Florida, Tampa, FL
Honors, Member, Beta Gamma Sigma, the highest recognition for students in an AACSB
accredited business school program.JOHN D. FARRELL
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
ITIL Certified
1665 Peridot Drive 925-***-****
Livermore, CA 94550 page of abozgi@r.postjobfree.com
JOHN D. FARRELL
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
ITIL Certified
1665 Peridot Drive 925-***-****
Livermore, CA 94550 abozgi@r.postjobfree.com