Information Security Air Force

Anthony Buenger, Jr. Augusta, GA 334-***-****

***********@*****.*** LinkedIn

Chief Information Security Officer / Cyber Security Thought Leader 20+ years’ success leading IT solutions and security for government, private, and commercial entities Accomplished information security leader with expertise in planning, developing, and guiding strategic IT security roadmaps to achieve maximum operational impacts with minimum resource expenditures. Talent for assessing procedures and practices, identifying security related issues, and evaluating compliance controls to determine best risk management strategy. Technical visionary with expertise in staff development, mentoring, and management, continuously monitoring and driving security initiatives. Highlights of Expertise

• Security Planning, Analysis, & Supervision

• Risk Management & Contingency Planning

• Vendor & Stakeholder Relationship Management

• Security Training Development & Implementation

• Issue Identification & Resolution

• Cyber Security Operations & Governance

• Cross-Functional IT & Business Collaboration

• Operational Process Improvements

• Staff Mentoring & Leadership

• Regulatory Compliance (HIPAA, PCI DSS, PII)

Certifications

Certified Chief Information Security Officer (CCISO) Certified Information Security Systems Professional (CISSP) Certified Information Security Manager (CISM)

Certified in Governance of Enterprise IT (CGEIT)

NSTISSI 4011 Information Assurance Certificate

Career Experience

Augusta University and Health, Augusta, GA

Provided leadership, direction, and management oversight to team of information security professionals supporting immediate high risk remediation efforts after a significant data breach. CHIEF INFORMATION SECURITY OFFICER - INTERIM (TEMP CONTRACT) (10/2018 to 4/30/2019) Effectively managed a team of security engineers and architects in providing remediation support for the university and health campus. Responsible for establishing and maintaining a corporate-wide information security strategy and leading multiple security programs to ensure that information assets are adequately protected.

• In a very short amount of time implemented technical security solutions to remediate the university president’s high risk vulnerabilities, to include secure email and multi-factor authentication (MFA).

• Developed an Executive Cyber Security Scorecard providing executive leadership with a concise status of the organization’s security strategy, compliance and remediation status, and hot button metrics; briefs executive leadership bi-weekly

• Developed a cyber security road show to communicate cyber security issues as part of the university’s security training and awareness program; road show includes hands-on training and use of MFA, secure email, and secure storage for sensitive data (HIPAA, FERPA, PII). Universal Service Administrative Company, Washington, DC Provided leadership, direction, and management oversight to team of information security professionals supporting USAC’s information confidentiality, integrity, and availability activities. DIRECTOR, INFORMATION SECURITY (TEMP) (2/2018 to 10/2018) Effectively managed a group of security engineers and administrators in providing 24x7 security operations support through utilization of Splunk, CarbonBlack, TrendMicro, Tenable Security Center, VeraCode, Confluence, and Jira. Ensured full business and IT alignment through collaboration with enterprise risk and compliance functions. Developed and implemented IS roadmap and successfully oversaw risk management framework, managing review cycle to ensure all security operations functions were well documented.

• Designed company's first information security framework, putting disciplined, repeatable process into motion for determining organizational risk from vulnerabilities and providing executive leadership with visibility into risks for more effective business governance and decision-making. Tony Buenger Page 2

• Pioneered company's FISMA compliance using NIST guidance and methodologies to gain 2 of 9 major IT systems Authorities to Operate (ATO) within 4 months, with remaining 7 well underway to be completed by year end.

• Grew IS team from only 5 security professionals to 12, with expertise in maintaining ATOs in accordance with NIST risk management framework, including continuous monitoring.

• Integrated information security into the organization’s devops/agile/scrum life cycle processes.

• Established and maintained strong partnerships with USAC’s programs, IT organization, FCC, and vendors and accurately communicated security and risk status to key stakeholders. Baptist Health, Montgomery, AL

Led central Alabama region cyber security department with accountability for cyber security governance, risk management, strategy, architecture, and cyber operations. CHIEF INFORMATION SECURITY OFFICER (CISO) (10/2015 to 2/2018) Conceptualized, developed, and initiated hospital’s first cyber security strategy, strategic plan, and enterprise roadmap in addition to establishing first ever monthly executive level cyber security and privacy committee. Led security awareness and training initiatives, including social engineering exercises, and developed and led highly effective security incident response team.

• Implemented hospital's first security operations center (SOC) capability with CarbonBlack, Tenable Security Center, and AirWatch, improving governance from 38% to 90% compliance.

• Achieved Cerner validation of hospital progression from CMMI Level 1 to 3 in just 18 months.

• Developed and initiated hospital's first risk-based cyber security framework, putting into motion people, processes, and technologies to protect data, assets, and patient safety.

• Led team of security analysts in performing in-depth analyses of exploits and malicious activity, and implemented advanced security tools to monitor external and internal environments.

• Developed cyber security architecture integrated with IT enterprise architecture, reducing unnecessary expenditures and collaborating with developers and testers to ensure security requirements are built in early in software development life cycle.

Civil Service, Chief Information Assurance, Certifying Authority, Montgomery, AL Developed and maintained cyber security metrics for and reported directly to Headquarters United States Air Force, Pentagon, IT, finance, and logistics agencies.

SENIOR IS SECURITY ENGINEER (10/2007 to 10/2015)

Productively led team of 15 security professionals to conduct testing, vulnerability analyses, and risk assessments in accordance with NIST risk management framework and PCI DSS (payment card industry). Developed USAF level policies and procedures for web security, application security, and cloud security and provided thought leadership for designing, developing, testing, and implementing secure cloud services.

• Key team lead at the Pentagon in planning and implementation of NIST risk management framework Air Force-wide; US Air Force is now managing organizational risks from known security vulnerabilities and program weaknesses by maintaining static compliance.

• Performed risk-based security assessments, providing major Air Force IT systems with method to prioritize risks for making holistic business decisions on mitigating risks in disciplined, fiduciary responsible, and repeatable manner.

DSD Labs, Montgomery, AL

Provided federal agencies with expert consulting and auditing services in direct support of information security strategies, comprehensive certification, and accreditation of systems deployed or being deployed. SENIOR IS ENGINEER & ANALYST (1/2007 to 10/2007)

Performed security testing, scanning, and evaluation, vulnerability analyses, and risk assessments, and recommended mitigation actions.

• Led team of security professionals and auditors in assisting US Department of Agriculture in achieving first FISMA accreditation for its infrastructure and IT systems.

• Leveraged industry cyber security framework models (NIST, ISO) to determine risks associated with known vulnerabilities for Railroad Retirement Board's first accreditation; briefed results to client C-suite for more informed risk mitigation decision-making.

Tony Buenger Page 3

ADDITIONAL EXPERIENCE

Associate Professor (Military Faculty) (2005 to 2007) National Defense University, Washington, DC Chief Information Officer (CIO) (2003 to 2005) Communications Squadron Commander, Rapid City, SD Senior IT & Management Consultant (1997 to 2002) United States Air Force Education & Credentials

Master of Military Operational Art and Science, Air University, ACSC, Maxwell AFB, AL Master of Arts, Space Systems Management, Webster University, Colorado Springs, CO Bachelor of Science, Electrical Engineering, University of Maryland, College Park, MD Publications

Buenger, Tony, (January 2017). Effectively Measuring & Communicating PenTest Results. PenTest Magazine. Buenger Anthony, (December 2008). Developing an Insider Threat Risk Mitigation Strategy. ISSA Journal. Buenger Anthony, (January 2008). Digital convergence and information security policy. Handbook of Research on Public Information Technology. IGI Research, Hershey, PA Buenger Anthony (2006). C4ISR: premier catalyst triggering a transformed network centric war fighting force. Information Insights. IRMC Publication. National Defense University. Ft McNair, Wash DC. Affiliations

Member, Montgomery Chamber of Commerce

Information Systems Security Association (ISSA)

Audio Engineering Society (AES)

(ISC)2

ISACA

EC Council

Contact this candidate