Security Management

Stephen DakeDirectorofSecurityCISSPCISM

Email: *********@********.***

Address: *** ******** ******

City: Cambridge

State: WI

Zip: 53523

Country: USA

Phone: 608-***-****

Skill Level: Director

Salary Range: $153,000

Willing to Relocate

Primary Skills/Experience:

See Resume

Educational Background:

See Resume

Job History / Details:

Stephen D. Dake, CISSP, CISM

Information Security Management, CISO

225 Sullivan Street, Cambridge, WI 53523 608-***-**** *******.****@*****.***

Objective

Supporting corporate objectives to protect reputation and brand through thoughtful and reasonable mitigation of information security risks.

Summary Statement

I lead information security functions, offer expert analysis, planning, and oversight of risk-mitigation initiatives to provide business leaders the understanding and tools to make appropriate risk-related decisions. My wide range of real-world experience combines with continuing education, professional and self-development to create a unique blend of capabilities and insight. My work reduces the risk of costly security breaches, protects corporate reputation, preserves information integrity and availability, and saves money through reasonable and efficient solutions.

Professional Profile

I effectively lead information risk, governance, and security management programs. Over the past 15 years, my career has progressively advanced in both responsibility and influence because of the value I provide to my employers. My expertise extends through information technology, privacy and security compliance, and the enterprise-wide mitigation of information risks in corporate environments of varying sizes and industry.

My business skills provide value for the executive decision process resulting in reduced costs, improved efficiencies, profitable strategic planning, and risk mitigation. I do not exaggerate risks. In short, I provide honest and thoughtful management based on extensive experience and understanding business objectives. My conscientious approach saves money by focusing attention on legitimate concerns.

I am a valuable investment to my employer because I reduce complexities, simplify operations, support corporate objective, and manage the risks of data breaches to meet compliance regulations and protect the reputation of my employer.

AREAS OF EXPERTISE

Corporate security, information risk, compliance and program leadership

Department planning and direction in support of business goals

Writing and review of policy, research, instructive, agreements

Remediation efforts: compliance and audit findings

Business outsourcing initiatives and security management

Control assessment and remediation initiatives

Simplifying operations and improving efficiencies

Vendor management and selection

Socializing change

PROFESSIONAL EXPERIENCE

Director of Information Security / CISO

WEA Insurance Corporation Madison, Wisconsin

April 2007 - Current

I report to the CIO and provide valuable security governance for the organization as the security leader, a contributor to strategic planning, a stakeholder in procurement, a manager of projects for remediation of identified risks, and consultant to other business areas for security and privacy objectives. I provide actionable assessments of the corporate security posture, manage security initiatives, staff, and resources; and assist the business in achieving its desired level of acceptable risk.

Over the past six years at the Trust, I have reduced exposure of costly data breaches, modernized operational maturity, and simplified administrative complexities by overseeing changes in several important areas: protecting stored data (e.g., encrypted backup tapes, laptops, and portable storage), intrusion prevention and detection systems, vulnerability management operations, mobile device management, both internal and outsourced assessment strategies, policy and procedure review process, security event management, strategic planning, vendor negotiations and management, close integration with legal review process, staff development, and compliance reporting.

At the present time, the Trust is undergoing a major transformation. In that process, we are adopting Internet-hosted (Cloud or SaaS) solutions to reduce costs and complexities. From this experience, I have acquired a tremendous amount of practical knowledge, supplemented with off-site training that will prove valuable to anyone outsourcing traditional in-house solutions to the Cloud.

Senior Security Consultant

Blue Cross Blue Shield / Noridian-- Fargo, North Dakota

November 2006 April 2007

As a senior-level security consultant, I helped Blue Cross / Noridian of North Dakota meet federal and state driven regulatory objectives by working closely with corporate management to develop and assess compliance remediation strategies.

I applied my expertise to the identification of remediation opportunities relating to federal information processing standards (FIPS), and I offered recommendation to meet corrective action plans (CAP). My management over the validation of encryption modules and remediation plans helped Blue Cross of North Dakota earn valuable new business by achieving compliance with federal HIPAA regulations and CMS mandates.

The following list identifies technical areas relating to my responsibilities at Blue Cross Blue Shield:

o Vulnerability assessment and testing

o Completing remediation initiatives of DISA requirements (via STIGs)

o Assessing compliance with Federal Information Processing Standards (FIPS)--Cryptography module identification and validation

o Following National Institute of Standards and Technology (NIST)

o FISMA (Federal Information Security Management Act) Compliance Guidance

o Compliance direction (HIPAA, CMS (Medicare/Medicaid)

o Security/business documentation and reporting

o Policy, standards, and guidelines development

Information Security Management Advisor

Stephen Dake Consultancy, Llc.-- Cambridge, Wisconsin

2006 Present

I manage costly risk exposures by providing valuable solutions and support that enables clients to meet specific security and privacy objectives. My services range from strategic planning, research, solution recommendation, policy review and development, control assessments, business documentation, and reducing operational costs through by simplifying administration and consolidating solutions.

Corporate Information Security Administrator, CISA/CISO

NGLI Company-- Madison, Wisconsin

August 2005 October 2006

I led the design of a new security program for this company to protect customer information and corporate reputation. In the first year, I guided decisions with valuable insight and direction by implementing actionable policies and controls that carefully aligned with corporate objectives, created a privacy and security oversight board, and provided clear and reasonable direction resulting in a sustainable and self-manageable governance program.

Senior Security Analyst

State Farm Insurance Corporate--Bloomington, Illinois

April 2002 August 2005

As one of the worlds largest insurance companies, State Farm Insurance supports an enormous centralized computer network across North America. This environment provided incredible opportunities to meet a wide-range of information security challenges. State Farm operates under well-matured business processes. The experience, practical knowledge, and enormous amounts of training is valuable in most environments and continues to provide a high standard for efficiency, critical analysis, and risk-based security processes.

I gained precious expertise collaborating with hundreds of talented co-workers and contributing to projects that affected over 100,000 systems. My interpretation and input to security policy, detailed procedures, research documentation, and analysis proved valuable and appreciated. At State Farm Corporate, I worked on three security teams: Internet applications, cryptography, and vulnerability assessments.

Technical Solutions Consultant

EMC--Hopkinton, Massachusetts

2000-2002

I worked in the data center at the corporate headquarters of the worlds largest earth-moving equipment manufacturer (Caterpillar, Inc.). In this role, I represented my employer while I serviced and maintained mission-critical storage and processing equipment worth millions of dollars. I became proficient on new solution lines, so the company leveraged my knowledge and expertise for the training of DELL service engineers throughout the Mid-west region--an opportunity that resulted from a licensing agreement between DELL and EMC. My accounts included: Caterpillar, Eli Lilly, AC Delco, St. Francis Medical, John Deere, and Mitsubishi Motors.

System Service Representative

IBM-- Armonk, New York

1998-2000

As a system service representative, I studied networking, UNIX, mainframe, storage technologies, and advanced computer science concepts over a period of two years. I primarily served the Caterpillar headquarters both on-site and on-call. This multi-billion-dollar fortune 100 company relies upon its on-site engineers to ensure that corporate-critical data centers are operational and well maintained.

Intelligence Analyst and Infantry Soldier

United States Army/ National Guard (Inactive)

February 2003- February 2012

I served honorably my country in the Army National Guard as an infantry soldier (11B) and transitioned to an intelligence unit as a Intelligence Analyst (96B) (awaiting AIT). My service was state-side during Iraq and Afghanistan conflicts, and I supported security and relief efforts during the hurricane Katrina disaster.

33rd Intelligence Special Troop Battalion as Intelligence Analyst (96B)

Served in 133rd Infantry Battalion and 33rd BSTB

Top Secret Clearance (processed prior to separation)(expired)

Received extensive leadership and team building training

Combat and situational awareness training

Experienced squad leader

EDUCATION

Certified Information Systems Security Professional (CISSP)

Certified Information Security Management (CISM)

Business Management University of Phoenix (2012)

Business Management workshops from University of Wisconsin (2012)

Extensive SANS security training (GSEC)

Cloud Security Alliance (CCSK) training 2012

Black Hat / DefCon training and conferences (2002-2010)

Penetration / Vulnerability Testing techniques (2000-2010)

Foundstone Ultimate Hacking Workshops (2005)

Network+, A+, Security+ Certifications (2003-2005)

Ethical Hacking (CEH Training) (2010)

Windows Security Certifications (2002)

Linux Administration (2002)

Various Security Products Training and Practical Experience

United States Army technical, tactical, and intelligence training

PROFESSIONAL AFFILIATIONS

ISC2

HIPAA Collaboration of Wisconsin

Information Systems Security Association (ISSA)

Information Systems Audit and Control Association (ISACA)

SOCIAL GROUPS AND AFFILIATIONS

Commander of the American Legion James Munro Post 195 (2009-Present)

Member of Cambridge Historic Committee 2011

Elected Village Board Member of Cambridge, Wisconsin 2010

Advisor to Dennis Hall, Congressional Candidate Wisconsin Dist. 2, 2012

President of the Lake Ripley Esoteric Society, 2012

F&AM S.W.

On-line Information Resources

Linked In Profile. www.linkedin.com/in/stevedake

Professional website www.sdakec.com

One page Resume www.sdakec.com/resume.php

STEPHEN D. DAKE, CISSP, CISM 2013

Contact this candidate