Security Manager
Resume:
Glendale, Wisconsin
CLINT LASKOWSKI, CISSP, CISM m: 414-***-****
abqjwk@r.postjobfree.com
PROFILE & OBJECTIVE
Information security professional with extensive experience in the administrative, technical, and physical domains
of information security, including Security Testing, IT Audit, Information Assurance, Regulatory Compliance,
Governance, and Risk Management.
Seeks a senior consulting position where skills, knowledge, background, and passion for assessing, treating, and
monitoring risks to information and information systems will be of significant business value.
SUMMARY OF SKILLS
Design, execution and testing of Information Security Management Systems / Programs
Development and maintenance of Policies and Procedures based on ISO 27001/27002
Conduct of Information Security Risk Assessments based on NIST and ISO 27005/31000
Penetration Testing, (Web) Application Security Testing, and Vulnerability Scanning
Social Engineering and Lock Picking
Regulatory Compliance based on HIPAA, GLBA, SOX, and FDA Title 21 CFR Part 11
Department of Defense Information Assurance requirements including DITSCAP and DIACAP
Business Impact Assessments, and Continuity and Disaster Recovery Planning
Security Awareness, Training and Education
Network and Host Intrusion Detection
Incident Response including Computer Forensics, Imaging and Analysis
Capture the Flag (CTF) and Cyber Defense Exercises ( War Games )
Software Development and Testing in Python, Lisp and C, and web development in HTML and CSS
Experience with Qualys, Core Impact, Nmap, WireShark, Metasploit, Cain and Able, John the Ripper, Nikto,
Netstumbler, GnuPG, BackTrack, Nagios, Burpsuite, and other commercial and open source security software
Hardware and Software Development based on ATmega (Arduino), 68HC11, and 6502 controllers/processors
Considerable experience with a variety of Operating Systems including Windows, Linux, and Macintosh OSX
MILITARY EXPERIENCE: U.S. ARMY RESERVE
Enlisted in 1982. Attended basic training at Ft. Benning, GA, for Infantry skills. Attained rank of Sergeant First Class.
Experience included work as a Drill Sergeant (13+ years) and as an Information Operations Analyst (5+ years). Retired
with honorable discharge after 23+ years service in 2005.
INFORMATION OPERATIONS ANALYST
Security Clearance: INTERIM TOP SECRET, 2004-2005
Worked to improve information security, information assurance and cyber-warfare capabilities within the Army
Reserve Information Operations Command
Performed Red Team penetration and attack activities during the 2004 US Army Reserve Information Assurance
Exercise and during the 2004 and 2005 NSA-sponsored Service Academy Cyber Defense Exercises
Instructed Forensics Guide to Incident Response for Technical Staff, a course developed by CMU/CERT
Training included: Information Assurance Security Officer Course (IASO), Information Security for Technical Staff
Course (ISFTS), Advanced Information Assurance Course (AIA), System Administrator / Network Manager Security
Course (SA/NMS), and the Sectera KG-235 Inline Network Encryptor (INE) Course
Certifications included: Do-It-Yourself-Vulnerability-Assessment-Program Certification (DITYVAP), and ISS System
Scanner 7 Certification
DRILL SERGEANT
Led soldiers through basic training at military bases across the United States. Instructed cadets at the U.S. Military
Academy at West Point, NY. Awarded Expert Infantryman Badge and Certified as a Battle-Focused Instructor.
CLINT LASKOWSKI RESUME Page 2 of 3
WORK EXPERIENCE
WIPFLI, Senior Security Consultant, 2011 Present (Milwaukee, WI)
Responsible for conducting IT examinations (audits) of financial institutions with a focus on IT infrastructure and
information security, and for conducting perimeter and internal vulnerability assessments for clients. Vulnerability
assessments are conducted using QualysGuard and CORE IMPACT PRO vulnerability scanning solutions, a variety of
open-source software tools, and custom scripts. Results of scans are manually verified to reduce false positives before
reports are developed and delivered to clients.
NORTHWESTERN MUTUAL, Information Security Manager, 2007 2011 (Milwaukee, WI)
Responsible for identifying, assessing, and mitigating information security risks in projects across the enterprise.
Developed internal consulting processes and key deliverables. Coordinated and conducted technical training for
consulting staff. Managed information risks related to the company s Technology Introduction Process. Led weekly
information security, privacy, and records management roundtable meetings. Managed information risks during more
than 100 Information Systems projects, including the implementation of Microsoft Windows 7, Microsoft SharePoint,
Symantec Endpoint Protection Suite, and Juniper VPN used by home office and field representatives. Participated in
development and review of company PKI certificate policy and practice statement.
VIRCHOW KRAUSE, Experienced Information Security Consulting Manager, 2006 2007 (Milwaukee, WI)
Now known as Baker Tilly Virchow Krause. Initiated and developed an overall information security practice. Led and
participated in various projects to assess compliance with Sarbanes-Oxley, HIPAA, GLBA, and Title 21 CFR Part 11.
Researched new business opportunities in regulatory compliance, computer forensics and e-Discovery. Represented
the firm in presentations to regional industry associations and conferences.
BLUEHAT SECURITY, Founder and Information Security Consultant, 2004 2006 (Milwaukee, WI)
Worked as a sole-practitioner consultant to help clients understand and improve the security of their information
systems to better protect data and meet regulatory and audit requirements. Projects included: the design and
implementation of an automated network backup system; a complex malware investigation; the creation of forensic
images of hard drives used in AIX systems; development of a client information security policy aligned with ISO
information security controls; assessments and IT audit support; penetration testing and computer war games ;
intrusion detection system selection and implementation; log management; data recovery; and training and
education of end-users and administrators. Experience also included Certification and Accreditation support for
Department of Defense contractors, project management, security leadership, and collaboration with regulatory
agencies.
WELLPOINT, Information Security Manager, 2002 2004 (Milwaukee, WI)
Previously known as "Blue Cross Blue Shield of Wisconsin, BCBSOW, Cobalt Corporation, and Anthem. Hired as
the organization s first Information Security Manager. Led the development of the organization s first information
security program. Established an Information Security Council resulting in broad support of security policies and plans.
Initiated web-based security training for employees, resulting in early HIPAA compliance. Provided internal consulting
and oversight to security projects, allowing BCBSOW to meet critical deadlines on-time and within budget. Worked
closely with IT Audit to develop work plans and to resolve findings. Participated in Department of Defense Military
Health Information Security meetings, resulting in improved customer relations and a better understanding of DoD
requirements including DITSCAP. Selected as a member of the integration team which oversaw the seamless
transition of BCBSOW information security and HIPAA efforts into the WellPoint s corporate structure.
DIVINE PROFESSIONAL SERVICES, Information Security Practice Lead, 2001 2002 (Milwaukee, WI)
Previously known as marchFIRST. Established a Milwaukee-based information security consulting practice. Provided
security assessments and cost-effective recommendations for clients. Organized internal advisory teams to improve
CLINT LASKOWSKI RESUME Page 3 of 3
communications and provide new training for staff and management. Initiated new vendor relationships, resulting in
a wider range of solution choices for clients.
ANDERSEN, Technology Risk Consulting Manager, 1998 2001 (Milwaukee, WI)
Previously known as Arthur Andersen Computer Risk Management. Responsible for client IT audits and technology
risk consulting projects. Focused on information security reviews and assessments. Managed growth of group from
two to 12 employees, and from $400K to $1.2M in annual revenues. Supported client financial audits with critical
perspectives on technology risk. Managed a security review for a large staffing firm, resulting in findings and
recommendations that eliminated critical vulnerabilities. Led software testing for a web-based collaboration
application for automotive suppliers, resulting in better management of requirements, change requests and
automated testing. Collaborated with other managers to develop an information security training lab, providing
hands-on experience and reduced travel expenses.
ROBOTIC SYSTEMS, Founder, President and Technology Consultant, 1995 1998 (Milwaukee, WI)
Developed a Wisconsin-based S corporation to develop and sell a small mobile robotic platform for use by
educators, hobbyists, and researchers. Succeeded in raising startup capital and developing initial prototypes based on
68hc11 microcontrollers. Funded additional operations by way of technology consulting. Developed a web-based
training program for a leading computer manufacturer to increase product knowledge in sales channels. Reorganized
the creative services workflow at a national bank to streamline the development of marketing materials. Migrated a
regional teaching hospital to modern servers to improve long-term support.
PROFESSIONAL AFFILIATIONS
Information Systems Security Association (ISSA), Milwaukee Chapter (Events Director, 2007)
International Information Systems Security Certification Consortium (ISC2)
Information Systems Audit and Control Association (ISACA), Kettle-Moraine Chapter (Past-President)
Others: FBI Infragard, BarCamp Milwaukee, OWASP, MilSec
EDUCATION
University of Wisconsin-Milwaukee and Milwaukee Area Technical College
Many on-the-job, military, vendor, and industry training sessions, workshops, seminars and conferences
OTHER RECENT ACTIVITIES
Apr 2011: Attended Thotcon and BSides information security conferences in Chicago, IL
Dec 2010: Successfully completed several Texas A&M University online Information Risk Management courses
Oct 2010: Awarded ISACA Certified Information Security Manager (CISM) designation
Jul/Aug 2010: Attended Black Hat USA 2010, Security BSides, and DEFCON 18 in Las Vegas, NV
Oct 2009: Completed LOMA FLMI Level 1: Insurance Fundamentals Certification
Jul 2009: Led teen volunteers in cleaning up Galveston, TX, after Hurricane Ike
Personal and Professional References Available Upon Request.
Public PGP Key for secure communications available at http://www.clintlaskowski/public-pgp-key/.
Last updated: 2011-April-30.
###
Contact this candidate