Security Management
Resume:
Larry Whiteside Jr.
*****.*********@*****************.*** Mobile: 917-***-****
Information Security and Risk Management Executive
Executive Profile
Information Security ~ Risk Management ~ Threat Management
Proven Information Security and Risk Management Executive visionary with an innate ability to identify
risk and apply complimentary controls to support business initiatives. Holds tremendous business acumen
with an ability to get cross functional consensus and partnerships on information security initiatives that
provide value to different aspects of the business.
Information Security Strategic Planning
20 years of experience in Security and IT Risk
Identity, Access, and Entitlement Management
Business Partner relationship management
Information Security Policies and Standards
Advanced Threat Management
Audit, Compliance, and Regulatory Expertise
Proactive Vulnerability Management
Board level reporting and relationship management
Risk Management and Governance Life Cycle
HIPAA, HiTech, GLBA, SSAE16, PCI, ISO, SOX,
Secure Software Development Life Cycle
NIST
Innovative Security Architecture
Disaster Recovery and Business/Service Continuity
Adept at leading global projects, teams of personnel, excels in communication, makes sound decisions,
exhibits unwavering ethics, utilizes motivational techniques, adapts to multiple situations, shows initiative, and
is the ultimate representative of an organization. Experience in speaking to both sides of the team and taking
tech speak and put it in terms that an executive would understand while also taking executive initiatives and
showing staff how business needs directly relate to their functions.
Professional Experience
Dec 2011 – Aug 2013
Spectrum Health
Chief Information Security Officer (CISO)
Dec 2011 – Aug 2013
Director, Enterprise Operations
Nov 2012 – Aug 2013
As CISO, restructured technology risk program in response to compliance and legal challenges resulting in significant
regulatory oversight of the Health System and technology operations. Initiated foundational programs around risk
management, security architecture/engineering/operations management, user entitlement management, audit management,
compliance, business continuity and data management.
As Ops Director, took over struggling Operations Group and created efficiencies in processes and procedures to better
support business initiatives. Lead fundamental changes in group’s morale and ability to achieve optimal operational
effectiveness.
First Chief Information Security Officer for corporate entity. Assessed organizational structure of Information
Security Group, Information systems organization, and business. Created Information Security Group structure
that fit organizational business models and functions
Through vendor consolidation and toolset retirement, saved over $2.3M in annual operating expense. Immediate
cost reduction was lauded by CFO as example of cost cutting other execs could do moving forward
Established the IT risk management program through partnership with compliance, legal, business executive
management, and internal audit which mitigated risk through risk identification, prioritization, tracking and reporting
in support of risk based approach to regulatory and legal compliance requirements (PCI, HIPAA, HITECH,
JCAHO, MAR, SOC1, SOX like financial controls and others
Led the BYOD initiative to support non standard devices whether corporate purchased or personally owned.
Increased employee satisfaction scores while also reducing risk through use of innovative technologies
Created the Risk and Compliance Group which was responsible for the relationship management of client security
assessments, vendor security assessments and M&A due diligence. Resulted in a reduced risk profile and better
overall visibility into actual risk associated with 3rd party business relationships
Designed and executed strategy for new corporate security program; including security technology and resource
planning/budgeting resulting in the establishment of hybrid approach to centralized and de centralized information
security program leveraging the BISO model.
Managed build of new $19M Data Center to include all physical plant and technology components. Ensured all
delays were mitigated by creating efficiencies in the way equipment is ordered and components are built. Data
Center is first non manned Data Center organization has had enforcing discipline in operating procedure and
process development
Analyzed Help Desk structure, identified areas of waste, and made technological changes in specific applications.
Altogether, HD calls were reduced by over 30% thus allowing the creations of a new Help Desk to support new
business initiatives around customer portals without increasing staff.
Created 2nd Level support model to provide better problem resolution prior to engaging Sr. Engineering/Operations
teams. Team allowed for 40% reduction in tickets going to Sr. Engineering/Operations teams in first 90 days.
Efforts allowed engineering team to focus more on engineering efforts and moving strategic initiatives forward.
Led the efforts to build, test, and deploy Windows 7 to an enterprise of 25k users. Ensured all aspects of Windows
platform performed and were tested appropriately to include enterprise application delivery and asset
management components. Also developed deployment schedule that ensured minimal impact on business
operations.
Developed Service Continuity Program and Application Tiering model to ensure proper SLAs were applied to
critical business systems. Ensured proper budgeting could be applied to appropriate critical systems in order to
properly architect systems to their appropriate tier
Created End User Experience Committee to drive fundamental changes in the experience end users have with
technology. Partnered with business to achieve marked improvements in not only how users interacted with
technology, but in the feedback loops necessary to make impactful changes.
Quickly assessed group morale and made systematic changes to operating principles that guided the group.
Changes improved overall morale and contributed to better service delivery.
Dec 2007 – Dec 2011
Visiting Nurse Service of New York
Chief Information Security Officer (CISO)
Designed, engineered and executed the strategic evolution of the information security program through a collaborative and
innovative approach to balancing business imperatives while managing appropriate firm wide risk. Transformation of IS
program involved significant culture shift around perception and reputation of the information security team combined with
comprehensive restructuring of people, process and technology to address increased risk levels, low morale, and lack of
visibility across the organization.
Established the security compliance program that delivered consistent and measurable compliance metrics
against policies/procedures and standards, enterprise security controls, risk assessments, and regulatory
compliance. (SOX like controls, SAS70, ISO 27001, FFIEC, PCI, HIPAA, Red Flags, etc.)
Established the security engineering and monitoring program resulting in enhancements in internal and external
infrastructure controls and monitoring capabilities. Increased detection, prevention, and mitigation capabilities
across the enterprise
Created formal programs around network and vulnerability scanning/remediation, application security assessment,
secure SDLC, data loss prevention, security information and event management and incident handling
Strategically aligned Information Security Strategies with Business and Clinical 5 year strategies
Built security awareness framework to educate business of their responsibility as it relates to information security
practices. Established partnership type relationship Information Security would need moving forward to
accomplish shared goals.
Managed research, acquisition, design, and deployment of all security related technologies to include: Enterprise
Data Loss Prevention (gateway, discovery, and endpoint), Whole Disk Encryption for ALL user computers, Web
Content Filtering, Host Based Security (firewall and intrusion prevention, usb encryption), Security Event Incident
Management, Vulnerability Scanning, Penetration Testing, Cloud Single Sign on, and Identity and Access
Management framework and tool
Maintained Risk Register and quarterly reported to governance committees. As risk were identified through
different mediums, risk that must be accepted with mitigating controls were documented for annual follow up. Built
corporate governance structure and committees to monitor Information Security Program results and metrics.
Achieved HiTrust certification for 90% of information systems in <4 years resulting in a direct correlation to risk
reduction and overall management and client confidence security posture.
Built Secure Software Development Lifecycle to ensure all projects and development efforts followed standard
process and received proper sign off and review from development through production implementation which
resulted in saving over $300k in annual developer cost
Oct 2005 – Aug 2007
MMC Deputy CISO VP Global Information Security Group
– July 2006 – August 2007
Marsh CISO VP Global Information Security Group –
February 2006 – August 2007
Marsh Deputy CISO – AVP Global Information Security
Group – November 2005 – February 2006
Responsible for people, process and technology of global information security group. Established fundamental relationships
to enhance the visibility and partnerships of information security. The organizational change necessitated the rapid creation
of an information security program designed and built under aggressive timelines which focused on maintaining critical
protection to customer transactions and data.
Managed global deployment of desktop encryption solution (60,000 users) in an effort to mitigate risk of lost or
stolen devices. Despite major obstacles, project came in on time and under cost
Partnered with internal audit to develop proactive risk identification tracking process which resulted in more
positive results in meeting myriad of global regulatory statutes (Sarbanes Oxley, HIPAA, PCI, and FSA) and
internal governance bodies
Created the risk assessment process for third parties and M&A. Reviewed and analyzed the completed
assessments before permitting access to the corporate data and assets. Resulted in reduced risk of new initiatives
Created Global Information Security Policies and systems standards as part of operating company merger to allow
consolidated measurement of risk posture. Collaborated with other Operating Companies to ensure compatibility
across all businesses.
Improved global design of 8 globally dispersed data centers; Managed engineering of new strategic data center
model. Closed multi million dollar deal for global MSSP. Resulted in improved operational responses to global
infrastructure risk.
Liaised with business partners to identify risk in new business initiatives and align Risk and Information Security
Strategy with Business Strategies. Maintained an understanding of business services and how they were impacted
by the information security decisions
Developed the Global Incident Response Process and Team. Oversaw incident response planning as well as the
investigation of security breaches, and assisted with disciplinary and legal matters associated with such breaches
Computer Horizons Corp Sept 2004 – Nov 2005
Practice Lead/Managing Sr. Security Consultant
Lead entire NYC Information Security Practice to deliver unparalleled information security expertise and services for
Healthcare clients across NYC.
April 2004 – Nov 2005
NetForensics
Consultant – Director of Competitive Analysis and
Technical Documentation
Responsible for roadmap direction within Product Management as well as the technical and competitive analysis
documentation within the Marketing department.
Naval Strategic Systems Programs May 2003 – April 2004
Consultant – Director of IT Security
Responsible for all aspects of information security program primarily facilitated by contractors. Lead efforts to coordinate
security initiatives across DoD, Federal, and Contractor cross connected networks and systems.
TruSecure Corp
May 2002 – May 2003
Assistant Manager/Sr. Security Analyst – South Eastern
US and Europe
Leader in Security Assurance Services Group and served clients across the globe as their Security Strategist. Lead their
efforts to assess and mitigate risk identified in global operating environments.
June 1994 – May 2002
Officer, United States Air Force
Chief, Info Warfare / Network Security Divisions Pentagon June 2000 –
May 2002
Chief, Network Security Division Pentagon Oct 1998 – Feb 2001
Information Systems Flight Commander June 1996 – Oct 1998
Chief, Network Control Center June 1994 – June 1996
Communications Officer responsible for multiple aspects of technology and information security supporting the
administrative and warfighter missions.
Other Current Experience
Jul 2009 Present
Whiteside Security Consulting, LLC
Chief Executive Officer
Provide specialized services to C Level Business Leaders, Information Security Start ups, and prospective technology
investors.
Secure World Expo Jul 2012 Present
Executive Steering Committee
Help set topics and outline for coming conferences.
Comodo
Sept 2013 – Present
Corporate Strategy Advisor
Provide insight to CEO on how to improve sales, marketing, and product management teams and initiatives.
Mobile Active Defense
Aug 2012 – Present
Advisory Board Founding Member
Provide insight into direction of mobile as it relates to information security and corporate risk.
Aug 2010 Present
Lynx Technology Partners
Chief Security Officer
Give guidance on bleeding edge information security technologies to partner with and resell.
Education: Huston Tillotson University
B.S. Computer Science 1990 – 1994
Honors and Awards: Company Grade Officer of the Year for 1997, 1999
North American Information Security Executive of the Year 2009, 2010 (Nominee)
North East Information Security Executive of the Year 2009, 2010 (Nominee)
SC Magazine – quotes, direct articles, and cover stories
Speaking Engagements and
RSA Conference – BYOD panel, data loss prevention panel
Other Media:
SC Congress – Keynote, BYOD Panel, HIPAA presentation, PCI, Audit Preparation
Core Security – Penetration Testing Keynote, Webinars
Symplified – Cloud Single Sign on/Identity and Access Management Keynote
Gartner Security Summit – Security Best Practices, BYOD Panel, CISO Program
Keynote
ConNEXTIONS – BYOD panel, Technology Innovations presentation
ISE Programs – Information Security practices presentation
Secure World Expo Speaking and panels
Symantec Security Conference Speaking and panels
Tech Forum NYC Speaking and panels
CSO Magazine and Online – quotes and direct articles
CISO Executive Network Speaking and panels
T.E.N. – Forum Keynote, Award presenter, event host
Memberships: ISSA, ISACA, CISO Executive Network, Cloud Security Alliance, Phi Beta Sigma
Fraternity Inc.
Contact this candidate