Benjamin Pavalon

**** *. ******* ? Chicago, IL **707 Cell: 773-***-**** acwbyb@r.postjobfree.com

Over 20 years of experience with security strategy and policies, information security operations and management, computer forensics, expert testimony and compliance. Possess excellent presentation and communications skills with extensive experience developing and managing Enterprise Network Design, Network Security, Migration and full lifecycle implementation of information security programs.

? Information Security Operations Management and Program Development: Established new information security programs where information security management did not exist. Established leadership, risk based management as well as trained staff for Bank of America, RR Donnelley,The Warranty Group, Falkor Group LLC and for clients of Project Leadership Associates.

? Information Security Forensics and Remediation: Consulted with numerous firms and companies by performing data forensics relating to hacking, industrial espionage, trade secrets and data theft through Project Leadership Associates. This support included efforts up to and including prosecution and criminal charges. Lead to many favorable decisions for his team. Has even advised on case strategy.

? Leadership: Consistently trusted with high profile projects involving stake holders at C level, President or Partner level for Bank of America, RR DonnelleyThe Warranty Group, Falkor Group LLC and for clients of Project Leadership Associates, ranging from a very public project involving Microsoft up to boardroom presentations.

EDUCATION

BA, Communications

Western Illinois University ? Macomb, IL, 1985

Electronics Technology

DeVry Institute of Technology ? Chicago, IL, 1991

CERTIFICATIONS:

Certified Information Security Systems Professional (CISSP)

Tripwire Enterprise 5.2, 2006

Microsoft Certified Systems Engineer (NT 4.0)

Microsoft Certified Professional + Internet Technologies

Certified in Adult Instructional Techniques

Qualysguard

CLE Accredited Speaker 2005

PROFESSIONAL EXPERIENCE:

Bank of America September 2012- Present

Bank of America Corporation (Nadaq BAC) through its subsidiaries, provides various banking and financial products and services to individual consumers, small-and middle-market businesses, institutional investors, corporations, and governments in the United States and internationally. The company?s Deposits segment provides traditional savings accounts, money market savings accounts, CDs and IRAs, and noninterest-and interest-bearing checking accounts, as well as investment accounts and products. Over 272,600 employees worldwide

VP Information Security Specialist Threat Management Program Lead: May 2016 - Present

AVP Information Security Specialist, Control Gap Remediation Team: October 2015 - May 2016

AVP Information Security Specialist, Control Gap Remediation Team: March 2014 - October 2015

Contractor: September 2012-March 2014

Responsible for North America, Latin America, Asia and Europe .Reports to Senior Vice President of Global Information Security.

As a Vice President Information Security Specialist, duties included:

? Targeted Threat Assessment

? Risk and Vulnerability Management

? Root Cause Analysis

? Policy compliance audits

? Develop Policies and Procedures

? Policy and Standard review

? Developed training process of new hires

? Develop and onboard new remediation efforts

? Application reviews

? Work with line of businesses to insure identified security issues are remediated

? Access Control remediation

? Red Team remediation

? Managed 6 direct reports

? Hunt Program

R.R. Donnelley Corporation January 2012- September 2012

RR Donnelley (Nasdaq:RRD) is a global provider of integrated communications. The company works collaboratively with more than 60,000 customers worldwide to develop custom communications solutions that reduce costs, drive top line growth, enhance ROI and ensure compliance. Drawing on a range of proprietary and commercially available digital and conventional technologies deployed across four continents, the company employs a suite of leading Internet based capabilities and other resources to provide premedia, printing, logistics and business process outsourcing services to clients in virtually every private and public sector. Over 58,000 employees worldwide.

Information Security Investigations Manager

Responsible for North America, Latin America, Asia and Europe .Reports to Director of Information Security with a dotted line report to the CISO. As part of IT Governance has created company cloud standards and controls. Represents IT governance in acquisition integrations. Security reviewer for change management committee.

As Information Security Investigations Manager, duties include:

? PCI and Sox Compliance

? Risk and Vulnerability Management

? Acquisition Integration audits

? Document classification and labeling

? Encryption Planning and procedures

? Policy compliance audits

? Vendor Assessments

? Cloud Compliance controls

? Develop Policies and Procedures based on NIST framework

? Policy and Standard review

? Intrusion Prevention

? Incident Response planning

? Access Control planning

? Computer Forensics

? Internal Investigations

The Warranty Group June 2008 ? January 2012

A wholly-owned business of ONEX Corporation (a $36 Billion [USD] Canadian firm), the Warranty Group is the world?s premier provider of extended service plans and related benefits, with operations in 33 countries and 2300 employees. By providing underwriting, claims administration, compliance and marketing expertise, The Warranty Group is a 40 year-old single-source solution for manufacturers.

Global Information Security Operations Manager

Responsible for North America, Latin America, Asia and Europe Worked with CIO and CRO to design and implement processes and procedures that were lacking for Sox compliance. Designed data classification plan, policies and procedures with data leakage prevention, obtained CRO sign off and the plan is moving forward. Formed and chair Policies and Standards committee which consists of bimonthly meetings with Legal, HR, Infrastructure, CRO and CIO. Review and approve all network and application roll outs, leading PCI compliance project working with both IT and the business units.

As Global Information Security Operations Manager, duties included:

? PCI and Sox Compliance

? Risk and Vulnerability Management

? Development of Security Program

? Work with line of business to insure security issues are remediated

? Encryption Planning and procedures

? Policy compliance audits

? Budget Planning

? Develop Policies and Procedures

? Policy and Standard review

? Intrusion Prevention

? Data Leak Prevention

? Incident Response planning

? Access Control planning

? Computer Forensics

? Internal Investigations

? Manage 2 direct reports

CONSULTING EXPERIENCE May 2007 ? February 2008

Falkor Group LLC

The Falkor Group was founded in 2002 to provide the businesses of Chicago with robust affordable options to solve their Information Technology Challenge. Acting as the customer's Technology Pathfinder, Falkor Group offers a complete suite of services that includes Infrastructure, Applications Development and Security Consulting Services to provide valuable solutions to any technology challenge they may encounter.

Reason for leaving: Separated as the business model changed resulting in rifs.

Security Practice Manager

Championed and created new Information Security and E-discovery services practices for the Falkor Group. Designed brochures and samples for each service; prepared detailed SOW documents for all prospective engagements. Wrote up analyses of client RFPs; determined scope, man hours, etc.; developed all proposals reports for prospective client RFPs/deliverables and as well as was the security SME/technical resource during client presentations them. Went out on sales calls to assure clients would have good understanding of our firm?s range of security offerings. Clients we engaged ranged from Fortune 1000 and 500 clients.

As a Security Practice Manager, duties included responding to client RFPs for solutions with roadmaps and documentation for the following issues and requests:

? Develop Services and Deliverables

? Risk and Vulnerability Assessments

? Penetration testing

? Document classification and labeling

? Encryption Planning and procedures

? Profit and Loss

? Policy compliance audits

? BCP Planning

? Network Vulnerability Scanner as well as Set Scanning guidelines

? Intrusion Prevention

? Data Leak Prevention

? Incident Response planning

? Access Control planning

? Computer Forensics

? Expert Testimony

? Speaking engagements

Project Leadership Associates, Chicago, IL January 2004 ? May 2007

Project Leadership Associates (Project Leadership) is a business and technology consulting firm that empowers small, middle market and enterprise organizations with services across four core solution groups: 1) Strategy & Execution, 2) Business Operations, 3) Applications, and 4) Infrastructure. Consistently ranked among Crain's Chicago Businesses' Fast 50 and Everything Channel's CRN Fast Growth 100 List as an annual recognition of our growth, performance, and for maintaining profitability since its' founding in 1998.

Reason for leaving: Recruited to create a new Information Security Consulting Practice.

Employee: Senior Security Consultant

Engaged with either C-level or Partner-level client management on high level projects; consistently increased revenues by building client confidence with reliable and honest service. Created new computer forensics practice and assisted in building it up. Served an expert security witness for all the top law firms in the city; his testimony was presented for some very high profile intellectual property theft cases. Entrusted to conduct investigations on board member, judicial and even government owned computers. Spoke at the Bar association and many of the top law firms on the subject of computer forensics.

As a Senior Security Consultant, duties include:

? Risk and Vulnerability Assessments

? Penetration testing

? Document classification and labeling

? Encryption procedures

? Policy compliance audits

? Set guidelines for Physical as well as Application Security

? Network Vulnerability Scanner as well as Set Scanning guidelines

? Secure centralized logging for all servers

? Patch management system for all servers

? Incident Response planning

? Access Control planning

? Computer Forensics

? Expert Testimony

ARC (July 2003 ? January 2004)

Client: ComEd an Exelon Corporation

Information Security Management Consultant

Worked with upper management to ensure that new third party product implementation met compliance standards. Designed processes and procedures for NERC standards and met with the power plants managers to insure proper security was used during implementation.

As a Information Security Management Consultant, duties include:

? Risk and Vulnerability Assessments

? Document classification and labeling

? Encryption procedures

? Active Directory security policies

? Set guidelines for Physical as well as Application Security

? Network Vulnerability Scanner as well as Set Scanning guidelines

? Secure centralized logging for all servers

? Patch management system for all servers

? Logging Audit levels for Windows 2000 and Tru64 servers

? Access Control planning

Ciber Inc (June 2002 ? May 2003)

Client: Wisconsin Dept. of Corrections

Information Security Management Consultant

Reported to the DOC?s equivalent of a CIO; and selected to lead this year long project to design and implement an effective security program with existing staff and a small budget to purchase needed technology. Trained the staff to follow the proper processes and procedures to be compliant with the state-mandated audits and the project was measured as a success due to improved security stature and audit results. Most of the processes that were put into place are still currently being used. As an Information Security Management Consultant, duties include:

? Performed Risk and Vulnerability Assessments

? Designed new security architecture

? Created Stronger Password Policies

? Created High level Security Policies

? Evaluated and Deployed Intrusion Detection System

? Set Server Hardening guidelines

? Set guidelines for Physical as well as Application Security

? Implemented Network Vulnerability Scanner as well as Set Scanning guidelines

? Established secure centralized logging for all 300 servers

? Implemented Patch management system for 10000 users

? Setup Security for DMZ

? Deployed SMS 2.0

? Deployed multilayered Antivirus protection

? Trained Security Personal in Network Forensics

? Conducted Forensic Investigations

? Conducted Security Audits

PC Help Services (December 2001 ? April 2002)

Client: Laidlaw Educational Services

Technical Analyst

As a Technical Analyst, duties include:

? Lead Network Project in Deployment of the new Microsoft SharePoint Portal Server, Content Management Server and .net server

? Created solution offerings including Security Analysis & Remediation, Network Analysis & Design, Network Administration & Support, and Implementation Services

? Responsible for client engagement coordination, technical quality assurance of all project deliverables, solution design review, pre-sales engineering and support, vendor management, and hardware and software procurement

? Developed Network Security Guidelines adopted by corporate as standard operating procedures for 14000 user environment.

? Developed internal technical resources, standards and procedure to facilitate communication between resources and clients

? Reviewed security procedures ensuring knowledge of updates and support for current vulnerabilities, implementing patches as required and approved.

? Upgrade server from Encompass resolution server to Microsoft CMS

? Responsible for training help desk and Network Administrators

? Write up all install and training documents

Ecreativesearch.com (January 2001 ? August 2001)

Permanent Employee

As a Network Director, duties included:

? Managed all facets of a 50 user LAN/WAN Windows 2000 network, software installation, TCP/IP configuration, hardware upgrade, and troubleshooting

? Created Security Policies

? Secured Web Servers

? Audited Security logs

? Setup file integrity checking for web servers using tripwire

? Scanned Network for Vulnerabilities

? Implemented Checkpoint Firewall 1

? Managed PIX Firewall

? Acted as liaison for corporate technical project teams and operators

? Monitored network resources

? Designed and implemented Active Directory

? Configured new devices

? Enabled LAN/WAN interconnectivity

? Deployed anti-virus software

? Loaded client applications

? Built user groups

Established network permissions

? Created logins and scripts and user support as well as phone support for remote users, P&L responsibility

? Designed Architecture for new Website

? Setup and designed NAS for media dept. video storage

? Managed and maintained Exchange 5.5 server

Technium Inc. April 1998 ? January 2001

Senior Technical Analyst/Practice Manager

Primarily

As a Senior Technical Analyst/Practice Manager, duties included:

? Acted as Windows 2000 Practice Manager

? Conducted Security Seminars and Training

? Gave technical briefings to clients and consultants

? Setup Intrusion Detection Systems

? Created service offerings and technical mentoring for NOS team members

? Conducted training classes and workshops for consultants and sales staff

? Provided consulting services to clients, which ranged from Network Migrations to Web Site Architecture

? Managed a 180+ user multi-protocol Windows and Novell operating systems

? Established and configured Windows NT 4.0 and 2000 with TCP/IP and DNS

? Installed, configured, and managed all software and hardware across the multi-file server LAN

? Migrated network to Windows 2000

? Implemented Active Directory

? Project lead for Windows 2000 Pre-deployment Planning

? Assessed entire hardware and software inventories and total cost of migration

? Planned out redesign of WAN with Network engineering for upgrade

? Set up test lab duplicating Workstation and server environment

? Planned Active Directory structure

? Designed Infrastructure for new web site

? Exampled as a case study model of a textbook MSF deployment by Microsoft

? Designed an unattended install compatible to 10 different types of workstations

? Wrote FDA IQOQ docs that would test setup for FDA compliance

? Project lead on a NT 4.0 desktop and Server migration

? Customized applications to work on multiple platforms

? Managed network engineers to successfully deploy the applications

? Provided 3rd level support for network engineers in the field

? Created and maintained extensive documentation used in the project

? Supported and troubleshot software profiles

? Scheduled deployments and migrations

? Tested software and production environment

Institutional Capital April, 1997 ? April 1998

Network Manager,

? Planned and implemented migration from Novell 3.11 to Windows NT 4.0

Server based network.

? Upgraded Mail System from MS Mail to Microsoft Exchange 5.0.Implemented T1 with Bay networks Instant Internet.

? Established tape backups using Cheyenne ARCserv.

? Planned cabling for office build out.

? Implemented Lucent Technologies Message Manager.

? Successfully trained office in the use of all new applications.

? Managed Budget and handled Vendor bids

RHI Consulting February 1995 ? April 1997

Client: Help Desk Technician/Project Leader

As a Help Desk Technician/Project Manager, duties included:

? Worked on a Netware 3.12 to NT 4.0 migration

? Performed software and hardware upgrades

? Tested Network Vulnerabilities

? Performed Security Audits

? Monitored Security Logs

? Wrote Security Policies

? Implemented new help desk package

? Redesigned Network to NT 4.0 environment

? Wrote install script

? Built and setup test lab

? Trained deployment team

Kanga Inc. October 1992 ? February 1996

Technical Analyst

As a Technical Analyst, duties included:

? Converted workstations from Macs to PC

? Installed applications

? Set up peer-to-peer network

? Assisted with IIS 4.0 implementation

? Set up Antivirus software

Earlier Employment 1985 - 1992

SOFTWARE:

BackOffice Suite

Backup Exec

Cheyenne Arcserve

Citrix/Metaframe

Fastlane Migration Suite

Ghost

LAN Escort

Norton Antivirus Corporate Edition

Octopus

Picture Taker

SMS 2.0

SQL 6.5/7.0/2000

Office XP

OPERATING SYSTEMS:

IIS

Linux Netware 3.x/4.x/5

Unix

Mac OSX Windows NT 4.0/2000/2008 Server/Advanced Server

XP/2003/2008/7

SECURITY SOFTWARE/HARDWARE

Lan Guard

Arcsite

ISS

Guardian

Retina

IRIS

Cisco IDS

Nessus

Superscan

Websense

Splunk

Juniper IPS Cisco Pix

Checkpoint Firewall 1

PKI

PGP

Enterasys Dragon

Trip Wire

Metasploit

Nikto

Nitro Security

HP Webinspect

Tennable Security Center

Symantec Endpoint Protection

Bright Mail Encase Forensics Edition/Enterprise

The @ stake Sleuth kit.

Snort

L0pht Crack

Paraben

FTK

Languard

Safend

Core Impact

Appdetective Pro

Qualysguard

McAfee EPO, Hercules, Policy Auditor, Safeboot

Contact this candidate