Resume

Sign in

CISO

Location:
Kings County, New York, United States
Posted:
August 29, 2017

Contact this candidate

Dear Sourcing and Recruiting;

I welcome the opportunity to share the value I can bring to your company or client as the Chief Information Security Officer (CISO). I have summarized the breadth and depth of my multi-facet candidacy, including my recent presentations at the CISO Executive Boardroom conference in New York City, which are on my LinkedIn page.

• 20 years’ experience in defining, delivering and managing Data Analytic and Information Security teams in support of Cyber Security, Resilience, AML, Fraud Detection, Industrial Internet of Thing (IIoT), Communication of Things (CoT), Data and Risk management processes. Experience in Policy Development, Risk Management, Program Management, Incident Management, Continuity of Operations Management, Breach Management, Financial Management and Cultivating a High-performance Team with 5 years Big Five consulting experience.

• 15 years’ demonstrated experience integrating Predictive Analytics at the C-Suite level driving efficiencies in business and security operations through innovative technologies like Big data analytics, Splunk, Hadoop, fraud detection, Risk Prediction, Cloud-based endpoint, Cyber Threat Intelligence Utilization System to transform the enterprise through large-scale managed services and cloud migrations in corporate enterprises, Fusion centers and ISAC’s. This also includes security and risk requirements for PCI-DSS / HIPAA Risk Assessments services and GRC Risk Automation Reporting services.

• 11 years demonstrated experience integrating predictive analytics and security into the service development lifecycle including the development of high-speed, high-transactional systems for Security Monitoring and Fraud Analytic Detection Digital Rights Management (Digital Access Key Service), Intelligence Property Protection (Fraud Access Service), Telecommunications/IP Networks (LI, RD services), E-Commerce (Credit Card), Finance (Stock trade), Banking (AML), Healthcare (Medicare), Insider Threat (Corporate Enterprise)

• Thorough understanding of IT finance structure where at BAE and HP, I participated in the budgeting and planning process that drove the investment for cyber security (i.e., SOC, Fraud, SIEM. Etc.) Services. I managed the $200M P&L for the Cyber services at BAE along with the CDM contract bids. At GDIT, I led the initiative to implement shared services as a Cost-Center model to capture and track overhead costs and its impact to the EBITA. My thought leadership and consensus building skills were critical in the security program turn around because it allowed us to track the profitability of cyber services across the 18 contracts and eliminate non-performing services.

• Strong negotiating, influencing and problem-solving experience at HP working with CIO’s to assess their needs, establish technology roadmaps and vision, then rapidly translating the needs into effective and efficient solutions winning 70% of the Continuous Diagnostic and Mitigation (CDM) contract award on task order one.

• A cross-functional collaborative leader who has led the technology partnering process at HP for the CDM contract establishing vendor relationships, building consensus and driving innovation and creativity while securing the supply chain.

• Thorough understanding of risk management frameworks across industry and markets including International (ISO27001, ISO27002, COBIT), Government (NIST-800-53,), Call Center, HealthCare (HITRUST, HIPAA), Banking/Finance (PCI-DSS, SOX, GLBA) Datacenter (SOC 1, SOC 2, SAE16 ), and Intel (ICD-503).

• Certified Information Security Professional (CISSP) and Privacy (CHPS)

• ITILv3 Service Delivery Expert (ITILv3).

• Big Data Analytics (CCHD)

• Program Management (PMP) and Scrum Master (PMP-SM)

• Master’s Degree Electrical Engineering and Certificate in Public Policy development

As a consultant, CISO, CADO, CRO, CISSP and Privacy professional with 20 years C-Suite expertise, I have mastered the ability to use persuasion and influence to build team consensus in a federated or franchised organization. This ability will be a requirement to the success of this position. I have used this ability to develop shared data analytic and security services that address the fraud detection, risk management, security architecture, enterprise data security, information risk management, compliance, privacy management, access control, digital forensics, disaster recovery, business continuity and cyber protection needs of the organization.

Furthermore, I understand the vision of the next generation of security and fraud service offerings that use predictive analytics to integrate threat intelligence into the Endpoint. The Security and Fraud services I have established to protect and mitigate business risks are themselves predicated on building and managing a big data analytic environment in the cloud.

As a Cloudera Certified Hadoop Developer (CCHD), I managed big data analytic teams where data is collected, normalized and analyzed to generate business intelligence and fraud analytics to mitigate business risks and improve business intelligence. More importantly, I have experience in addressing the security, compliance and privacy issues surrounding the deployment of Big Data Analytics in a cloud environment.

In the meantime, please let me know if there is anything, I can do for you. I have attached a soft copy of my resume for your review and socialization. I look forward to our future conversation.

Thank you for your time, guidance and consideration.

Sincerely,

Martin Redmond, PMP, CISSP, ITILV3, CCHD, MCSD

CISO CRO CSRO CRPO Innovative Results Driven Customer Focused

http://www.linkedin.com/in/candue

@CanDoRedmond

540-***-****

MARTIN REDMOND, CISSP, PMP, SCRUM, CCHD, ITILv3-EXPERT

540.***.**** • ac12di@r.postjobfree.com • @CanDoRedmond • http://www.linkedin.com/in/candue

SUMMARY

A Chief Information Security Officer (CISO) / Chief Risk Officer (CRO) / Chief Security and Privacy Officer (CSPO) that is a collaborative, self-driven, dynamic leader with 20+ years’ experience including five years in Big Five consulting. I wield influence and thought leadership while setting an appropriate tone to motivate the team in a positive culture by enabling a flexible, creative but strong execution management style that anticipates the impact of decisions, initiatives, and threats.

Holds (IC) TS/SCI Full Scope Poly. Clearance

Competencies include:

• C-Level Management and advisory services

• Program, Portfolio & Innovation Management

• SOC, Fraud, APT, Forensic, Malware, IIoT, & CoT

• Risk Management and Process Improvement (HITRUST CSF)

• Cross Functional Team Leadership

• Cloud Computing, Mobility & Big Data Analytics

• Certification & Accreditation: (NIST 800-53, FedRamp, ICD 503, NISPOM, ISO/IEC 27002 & 1)

• Security Compliance PCI-DSS, SSAE-16, SOX, HIPAA, FISMA, EMV, GLBA

• ITILv3 Service Operations and Management

• Digital Payment, Fraud Detection, Insider Threat

• Cyber, Risk, Analytics, Cloud Computing and Mobility Technology Development

• Change Management

• IT Security, Enterprise Security Architecture & Risk Management (CISSP)

• Program, Product & Portfolio Management (PMP)

• Predictive & Data Analytics Management (CCHD)

• ITIL Service Management (ITILv3-Expert)

EXPERIENCE

APPLICATION INTEGRATORS & INFOMETRIC SYSTEMS, McLean, VA 2/2013 – Present

CISO / CRO /CTO / CIO / CINO / CEO

Lead senior cyber security leadership, technical innovation, and security management consulting engagements with Financial, Technology, Healthcare, Government and Management Consulting clients

• Provide technical guidance to senior executives and their teams to align and drive innovation to meet business needs.

• Provide risk management strategies, policies, services, and projects to secure corporate and business infrastructure.

U.S. DEPARTMENT. OF COMMERCE (DOC) (i.e.OS, NIST, NOAA, NTIS, NTIA, PTO, BIS, etc.) 11/16 – Present

CISO / OCS / Consulting Automated Risk Implementation (i.e. Information Systems Continuous Monitoring (ISCM)).

DOC CIO / CISO - Automated Risk Implementation (NIST 800-137, 800-34)

• I amended DOC - OCIO Organizational policies to embody data-driven risk automation principals (i.e. ISCM).

• I provided guidance and influence on the prioritization of sub-agencies business functions to implement ISCM.

• I implemented sub agency’s automated data collection processes for vulnerabilities, patches, events, incidents, malware detection, asset, configuration, network, licenses, information, software assurance, collaboration, authorization and risk management.

HOSPITALS IN WASHINGTON DC METRO AREA (Customer Name NDA Disclosure Limited) 1/16 – 11/16

CISO Consulting Healthcare Risk Assessments

• I perform HIPAA Risk Assessments in support of Meaningful Use and prioritizing Risks for CIO’s and CISO’s

• I evaluate and implement operational improvements to Forensic & Malware Analysis, Security Operations Center (SOC), vulnerability scanning, remediation and risk reporting processes.

• I support High Trust Certification which includes Common Security Framework (CSF)

FINANCIAL ORGANIZATIONS IN DC METRO AREA (Customer Name NDA Disclosure Limited) 1/16 – 11/16

CIO/CISO Consulting Strategic Banking Risk Assessments

• I perform PCI-DSS Risk Assessments in support of credit card EMV security requirements

• I evaluate and implement operational improvements to Forensic & Malware Analysis, Security Operations Center (SOC), vulnerability scanning, remediation and risk reporting processes.

• I support ISO 27001 and ISO 27002 certification processes

GENERAL DYNAMICS INFORMATION TECHNOLOGY, Fairfax, VA, and Towson, MD 6/15 – 12/15

(ACTING) CISO / CRO / Senior Managing Director of Cyber & Fraud Portfolio

Senior Leadership & Technical Guidance for Health & Commercial Sector. Led Cyber Portfolio offering team of 30+ people

• As CISO for GDIT health solutions division and a key member of the Risk Management team at GDIT, I represented the cyber and fraud risk position of the service offerings. I applied security in accordance with the risk appetite of the business and risk management board. A key obstacle I overcame was the lack of employee awareness and compliance to corporate security policies and best practices. To accomplish this, I institutionalize the industry security standards and actively reinforce best practices through red team tests. I enforce training requirements and the development of remediation plans for those that fail the red team test. The result was an 80% reduction in successful phishing attacks.

• I was accountable for company compliance with industry standards. I participated in the development of standards led by the Payment Card Industry (PCI) Security Standards Council, Assistant Secretary for Planning and Evaluation (ASPE) and National Institute of Standards and Technology (NIST). I have been influential in shaping standards to align with the corporate strategy. The challenge is members of the standards body have hidden interest that often conflict. Leveraging my in-depth knowledge of emerging cyber and fraud threats, information security standards and best practices, I persuaded and influenced two separate standards body decisions to address and protect the company’s best interests.

• As senior director responsible for GDIT HCSD’s cyber and fraud portfolio offering in the commercial, federal and international markets, I was challenged with developing an effective market entry strategy that would work in all three market segments. To accomplish this, I established a risk management consulting team and implemented GRC reporting tools that leverage a risk management framework that was compliant to each market segment. The consulting team supported the sales team and me in assessing customer and corporate risks across each of the market segments and GDIT locations. The result was 15M in consulting sales and follow-on business with a 10% reduction in overhead.

• Supporting customer engagements and new business opportunities for GDIT cyber portfolio offerings and Health Payer Fraud, Waste and Abuse (FWA) products, I was responsible for managing the operational risk assessments including cyber, fraud and risk management. My team provided customer risk-assessments to generate new business; however, scope creep can occur throughout the assessment process thereby affecting the delivery cost and schedule. My approach to solving scope creep and cost overruns was to flow down performance goals and key performance indicators that were tied to the Earn Value project management metrics and customer satisfaction scores. Project cost and schedule were brought within a 5% risk management tolerance. Profits rose 22%, and sales increased 18%.

• With the variety, volume, velocity, and veracity of cyber and fraud attacks, I was accountable for customer engagements in the implementation of GDIT’s next generation intelligence and predictive analytics solutions for cyber and fraud. The challenge was to address the missing elements in the customer’s environment that were needed for predictive analytics to work. The first was the ability to rapidly promote and discover data. The second was a flexible approach for analysts to use different techniques including risk-based analysis or Monte Carlo analysis, and finally the ability for analysts to rapidly react to data. To resolve this, I facilitated the implementation of policies that removed the inhibitors to the intelligent analytic approach. The result was the implementation of integrated systems, data sets and workflows, improved data quality, data sharing, reduced implementation complexities, improved ease of use and staff knowledge. Our measure of success in transforming our customer’s cyber, fraud and risk management processes to a proactive and predictive approach was validated by their ability to detect and respond to a cyber or fraud incident in real-time.

LARGE CONSULTING FIRM (NDA Disclosure), McLean, VA 7/14 – 5/15

CISO Strategy & Implementation Consulting

Public & Private Sector Continuous Diagnostics and Mitigation (CDM) CIO / CISO Strategy & Implementation

• Working with a large government health care agency in Baltimore, MD to leverage Continuous Diagnostic and Mitigation (CDM) contract implementation of security controls in AWS HIPAA compliant cloud.

• Working with large credit card processing company in Northern VA, I supported the implementation of Big Data Analytics platform including Data Management plan and Fraud Analytic development.

HEWLETT-PACKARD, Herndon, VA 5/13 – 6/14

CISO / CRO / Sr. Managing Director of Security and Fraud Products and Technology Management

Senior Leadership and Technical Guidance for 300+ people supporting 23 agencies.

• As senior executive supporting public sector and commercial programs, I briefed executives ranging from the Chief Risk Officer at the Treasury Department to a senior executive at Capital One on relevant emerging threats to their business (i.e. infrastructure, digital payments) and the associated mitigation controls. Financial institutions and government agencies have a low-risk appetite when it comes to implementing new cyber and fraud technologies and processes. Thus, higher risk out of the box thinking is not accepted. As a trusted advisor, I manage the ambiguity and proposed solutions with varying implementation risk levels. Gauging the political landscape and risk appetite, I use persuasion and influence to move initiatives forward at the senior level. I was successful in chartering 15 new projects across the programs.

• Led service strategy activities that included product strategy, product planning, demand management and financial management. Presented business case for mobility and big data analytics portfolio offering to the investment review board. Established executive stakeholder consensus and credibility with the approval of $20M in portfolio funding.

• Leveraged the best practices in the ITILv3 governance framework to improve operational efficiencies of HP’s contracts. The best practices included Management of Risk (M_o_R), Management of Value (M_o_V), Managing Successful Programmes (MSP), and Management of Portfolios (MOP). Improved program portfolio performance by 29%.

• As senior executive supporting the DHS- DOJ Fusion Center, and the FBI information sharing contracts, I was responsible for providing executive guidance in establishing a comprehensive risk compliance, intelligence, investigation, and technology roadmap to combat cybercrime and fraud. In large organizations like DHS, DOJ, and the FBI, it requires extremely strong leadership to achieve organizational change in key operational processes like cyber and fraud, particularly when transforming to a proactive intelligence and investigative organization driven by predictive analytics. To facilitate this organizational change, I chartered educational champions that evangelized the importance of adopting industry security standards and practices from organizations like NIST, SANs and the Association of Certified Fraud Examiners (ACFE). I advised on policies that promoted proactive and predictive cyber and fraud incident response. Through HP’s dual contract vehicle, I facilitated enhancements of five criminal enforcement and cyber breach policies and processes and nine programs within the FBI and DHS/DOJ Fusion Center.

• As senior executive on the $6B Continuous Diagnostic and Mitigation (CDM) contract, which was a key business enabler of HP’s Cyber Security and Risk Management portfolio offering, I was responsible for aligning the product and service offerings for HP and our strategic partners’ with the needs of the contract vehicle to ensure the best value-add to the customer. The major challenge was discerning which of the strategic partners’ products provided the best value proposition particularly in competing product market segments and customer environments. To address the challenge, I hosted a CDM innovation management conference, which brought together key stakeholders outside my control (i.e. engineering, sales, and partners), and I challenged them to collaborate and determine the best course of action for each agency and customer. The deliverables were a solution selection process that included costing, risk models, risk compliance, and management framework that were based on customer needs and current configuration management reports. Along with, a strategic partnership with US national laboratories through the DHS Cyber Security Division Transition to Practice (TTP) Program to transferred and matured innovative technologies.

• Oversaw development of high-performance design and implementation of Big Data Analysis services (SaaS and PaaS) in the DHS Data Center utilizing AWS DynamoDB, Redshift, Pivotal, and HP Haven. Ensure compliance and certification with PCI-DSS payment card and FedRamp standards achieving 100% schedule and delivery commitment.

• Supporting a customer engagement for the HP’s Anti-Money Laundering (AML) and Insider Threat detection products, I was responsible for working with senior customer executives during each phase (Trigger, Triage, Response, Remediation) of the incident response plan. The difficulty was the customer lacked the strategy, resources, and expertise in developing incident response plans. I contributed to the development and implementation of a strategy that leveraged workflow automation tools integrated into HP’s, Cloud, Insider Threat, AML, SEIM and Open View product offerings to automate the data collection in support of the triage, response and remediation phases of the incident response processes. I achieve trusted and strategic partner status.

LARGE CREDIT CARD / BANK IN DC METRO AREA (Customer Name NDA Disclosure Limited) 2/13 - 4/13

Bank / Credit card Consulting AML and Fraud Analytic Implementation

• Performed PCI DSS compliance assessments along with SSAE16 SOC1 reporting.

BAE SYSTEMS, McLean, VA 4/2005 – 1/2013

CISO / CRO / Sr. Cyber-Intel Managing Director 10/12 – 1/13

Direct Management and Mentoring 25 people. Indirect management 85 people. 3 contracts (DoD, IC & DHS)

• As managing director of global analysis, I was responsible for establishing and managing partnering and subcontract agreements, for three global analytic contracts supporting cyber, fraud, waste, and abuse services for commercial, intelligence, and public sector markets. One of the challenges was the process flows across the cyber and fraud incident response plans were not integrated and contained gaps. I provided leadership by chartering initiatives to integrate tools and internal business functions across the cyber and fraud incident response processes. This included integrating services like forensic accounting, computer forensic, cyber and fraud incident response and event management. I established partnering relationships to fill our capability gaps. The result was a unified partnering ecosystem that addressed all gaps in the service offering along with expanded capabilities while providing the best value proposition for the customer.

CISO / Cyber-Intel Managing Director 5/11 -9/12

Direct & Mentoring of 3 teams (60 people):10 Data Scientists; 10 Cyber and 40 Intel Analysts.

• Leading a team of 10-compliance analyst and 40 intelligence (Cyber, AML, and fraud) analysts, I was responsible and accountable for developing and executing a comprehensive intelligence and investigation roadmap for an intelligence community and law enforcement fusion center. The existing workflows of identifying, investigating, monitoring and reporting on criminal and espionage activities was broken due to the variety, velocity, veracity, and volume of criminal behavior and security attacks, incidences and events. To be able to pursue multiple targets simultaneously without sacrificing quality, I provided leadership by introducing data automation processes at the collection, tagging, and integration phase. Behavioral analytics and semantic indicators were introduced at the analysis phase along with visualization and reporting tools. I enhanced operational policies and procedures to adapt to high load conditions. The result was an increase in operational bandwidth by four orders of magnitude and improved reporting accuracy of 27%.

CISO Advisory / Management Consultant / SOC, SIEM, GRC Product & ITIL Service Manager 4/05-4/11

Strategic leadership & direct management/mentoring - 4 separate strategic initiatives (25+ technical people).

• Leading a team of 20- cyber and fraud intelligent analysts, I was responsible for executing the operational cyber and fraud analytical procedures and the security strategy for the SEC support contract. My challenge was attracting talent that had the required skill sets to fill 15 requisitions that had been open for 90 days. I established a training program for the roles of cyber analyst, fraud investigator, data security analyst and incident response engineer. The training was a combination of courses from associations like ACFE, SANs, and Ethical hacker and internal company classes. Training completion was incentivized. The mean average days a job requisition was open dropped to 21 days, job retention increased 300%, and job satisfaction increased 400%. Contract profitability increased 37%.

• As program manager leading a group of 40 intelligent, cyber and risk analysts, we prepared executive level briefings outlining the global risks to US interests (i.e. financial, infrastructure, oil, and military). A major obstacle was the lack of a centralized data quality program across agencies to control consistency, data stewardship, data ownership, and data governance for report and intelligence generation. To address the issue, I provided thought leadership to senior management in the form of policies and operational processes that would allow the standardization of data quality, governance, and stewardship. I followed up with a demonstration of the benefits of risk reporting products. The result was the development and implementation of a standard that was adopted across agencies.

HOUSTON ASSOCIATES (Raytheon), Arlington, VA 3/2003 – 3/2005

Program Director / Senior Software Architect

Direct management / mentoring of 15 people: 4 network architects, 3 security and 8 modeling and simulation engineers.

• Led ES trade study for the CIO of Defense Information Systems Agency (DISA), reduced operating costs by 6%.

ACS DEFENSE, INC. (Lockheed Martin), Washington DC 2/2001 – 2/2003

Program Manager / Senior System Software Engineer

Direct management / mentoring of 10 people: 3 contract specialists; 5 engineers and 2 subject matter experts.

• Demonstrated leadership with the FAA OCIO office by analyzing information security controls. Awarded $3M T.O .

OTHER RELEVANT EXPERIENCE

IBM, Consultant (Big 5) Telecommunication & Network Engineer, Tampa, FL, Raleigh, NC & Boca Raton, FL 98 - 01

CAP GEMINI, IT Consultant (Big 5), Tampa, FL 96 - 98

SUPERIOR ELECTRONICS, Telecommunication, Cable & Network Engineer, Sarasota, FL 93 - 96

TECHNOLOGY TOOLS & CERTIFICATIONS

Digital Transaction Fraud Tools : CyberSouce Payment Management platform, Precise ID, Wirecard, KD Nuggets

Health Care Fraud Tools : GDIT-Health Payer, IBM- Watson Health Analytics

AML and Stock Trading Fraud : HP- AML Analytics, BAE – Deltics, FINRA – Custom Analytics

Health Care Billing & Info Sys. : HL7, HIE, Allscripts EMR, Epic Resolute, GE Centricity, SIEMENS SMS

Firewalls, SIEM tools : Checkpoint, CrowdStrike,Soltra, ArcSight, Splunk,Nitro,McAfee,Tenable, Nessus

GRC, DLP, & Insider Threat : RSA Archer, RM Std, Symtc Ctl Cmpl Autonomy, Digital Guardian, Forcepoint

Forensic & Malware tools : Tivoli End-Point, Symantec, McAfee, FireEye, EnCase, ProDiscover

Enterprise Data Warehouse : Microsoft, Oracle (OWB), SAP HANA, Netezza, Greenplum, Teradata, Vertica

MDM, BPM & ETL Tools : SAP NetWeaver, IBM MDM, Siebal UCM, Infomatica, SAS DataFlux, TIBCO

Analytics & Visualization : Tableau, Palantir, TIBCO, Datameer, Pentaho, Panopticon, Karamashere

Business Intelligence : MicroStrategy, SAP, Oracle, Microsoft, Hyperon, Congnos

Big Data Analytics Infrstrctr : Vertica, Cloudera, MapR, Greenplum, MangoDB, Hortonworks, Netezza, YARN

Cloud, Open Stack & Analytics : AWS, Helion, Azue, RackSpace, RDO, IBM OpenStack, Pivotal, EMR, Kinesis

Data Center & Virtualization : Virtustream, VCE, HP-SDN & SDDC, VMWare VNF

Encryption & Network Security : RSA, Archer HP-Atalla, Palo Alto Networks, Check Point, Thales Datacryptor

DevOps & Development : Jenkins, Git, Puppet, Chef, Maven, Ant, Ivy, UrbanCode, Docker

Management Certifications: PMP, CCISO (Expected 9/17)

Technical Certifications: CISSP, CCHD- Hadoop, CHPS, MCSD, ITILv3 - Expert, Agile/Scrum

EDUCATION

Certificate in Public Policy University of Maryland, College Park, MD

Masters Electrical Engineering University of Virginia, Charlottesville, VA

B.S. Electrical Engineering North Carolina State University, Raleigh, NC

B.S. Computer Engineering North Carolina State University, Raleigh, NC



Contact this candidate