Security Information Systems
Resume:
Information Technology & Security Executive
Risk Management … Data Privacy … Regulatory Compliance … Incident Response … Security Awareness
Protect shareholder value by providing a secure and standardized IT environment that empowers the business.
I currently serve as the Director, IT Infrastructure & Security Operations with Chart Industries, a $1B publicly traded corporation with a global reach. My team includes 4 managers, 5 individual contributors and 15 site administrators who architect, implement and administer the IT infrastructure and security used enterprise-wide across 43 locations. As a strong team together, we provide world class service, performance and availability to 6,000 employees through a consultative approach and are entrusted with an annual $14M budget including OPEX & CAPEX.
I lead the development and execution of global security policies, data handling procedures, incident response and security awareness training. Since taking this role in 2014, we have taken Chart from the bottom 20% of companies for security maturity based on the number of security incidents (reported by BitSight – a third party rating agency) to the top 10%. We implemented a metrics scorecard which all senior executives access, and this becomes the central point to get all of IT working toward the same shared goals. Our team was become a respected agent for change, responding to security threats and dynamic business needs. Manage projects and budgets. Strong presentation and public speaking skills. Compliance and regulation expertise in: Safe Harbor, PCI, HIPAA, ISO 27001, COBIT, NIST, and SSAE16/SOC2.
Areas of Expertise
CISSP CRISC • GSLC • GCIH CCNP VCP
Enterprise Risk Management Governance, Risk and Compliance Vulnerability Management & Compliance
Global Security Policies & Procedures • Security Awareness Incident Response Privacy Law Safe Harbor
Lean Six Sigma Green Belt • Budget Management Project Management • Strategy Development & Execution
Vendor Management • Negotiations • Training & Mentoring • Talent Management • Previous DoD Top Secret Clearance
Career Synopsis
CHART INDUSTRIES, INC Cleveland, Ohio • 2014 Present
$1.5B publicly traded manufacturer of cryogenic equipment used in the production, storage and distribution of gases with a global reach and about 6000 employees.
Director, IT Infrastructure & Security Operations
Serve on the senior leadership team assisting the CIO in developing the strategic plan for Chart’s global IT infrastructure and security controls. This includes budget forecasting, resource procurement, staffing decisions, merger integration and system/application implementations to align our strategic plans to the company mission. Accountable for the maturity and enterprise-wide operation of all servers, workstations, telecommunications, and risk management program.
Designated Information Security Officer responsible for the security protection strategy and programs for protecting intellectual property and regulatory data that includes PII, HIPAA, PCI, Safe Harbor and ITAR.
Develop 3-year strategic plan and Business Continuity Program with help from my team of 4 managers, 5 individual contributors and 15 site administrators that architect, implement and administer the IT infrastructure and security used enterprise-wide across 43 locations. Administer an annual $14M budget including both OPEX & CAPEX with 5-year forecasting.
In 2014, Chart was in the bottom 20% of companies for security maturity based on the number of reported security incidents by BitSight and after implementing a metrics scorecard we ended 2016 in the top 10% of peer companies.
Recognized by CSO magazine with the CSO50 award for connecting security initiatives to business value and delivering measurable results.
Accountable for adjusting and realigning IT strategy with business strategy and economic conditions. Championed a global switch in enterprise backup to a tapeless backup solution by CommVault and reduced our RTO from 48 hours to 4 hours. Saved $1.2M over five years and developed an improved Business Continuity plan.
Implemented Service Now using ITIL best practices for Incident, Request, Change, Knowledge and Problem Management.
Champion of change to lead the company to adopt many cloud solutions that improved customer satisfaction, availability and self-service options with solutions like: Office 365, OneLogin, SuccessFactors, Kronos, SalesForce, Box.com, ProofPoint, OpenDNS, ChromeRiver and Intune.
Increased security posture by implementing the ProofPoint suite of products. ProofPoint reduced SPAM, virus, and malware breakouts by 60%. The Targeted Attack Prevention module ushered in a new level of protection from spear-phishing attacks and targeted email attacks at our C-level executes.
Part of a team responsible for $7M (2014-2016) of cost avoidance and savings through better vendor management and effective negotiations using the Karrass Negotiation method. Implemented a new procurement management process to ensure that we are receiving proper discounts and competitive bids and created vendor calendar to track fiscal year-ends to plan optimal technology spends to maximize discounts.
Successfully renegotiated Microsoft Enterprise Agreement (EA), and Level 3 MPLS Telecommunication agreement for a total value of new contracts $3.4 million and saved over $500k per year. These new agreements included the enablement of new services such as Office 365 and Microsoft Azure.
Led the Server Virtualization Standardization Global Campaign transitioning from 60% of servers virtualized globally to 98%, over 800 virtualized servers, saving $200k in annual IT life cycle replacement expenditures.
GRAFTECH INTERNATIONAL HOLDINGS INC Parma, Ohio • 2010 2014
$1B publicly traded manufacturer of carbon and graphite products for over 125 years with a global reach of 30 locations and about 5000 employees.
Director of Global Information Security
Recruited to develop the information security and data privacy program under the CIO. Built the vision and executed strategy for the security program. Set the policy, and define risk mitigation projects to secure all corporate assets, intellectual property, and regulatory controlled data, balancing risk with ensuring user convenience. Respected agent for change across the enterprise that enhanced projects, managed budgets and resources to deliver on the vision of a security aware culture.
Recognized as one of the “People Who Made a Difference in Security in 2013” by the SANS Institute for setting an example that others could follow to reduce the occurrence and severity of information security incidents.
Prepared and drove adoption of international security and privacy standards and controls to manage data protection across people, process, and technologies based on ISO 27001.
Implemented an enterprise vulnerability management program.
Developed a computer security incident response team and a global cyber security awareness program.
Reduced malware infections by 60% and the need for reimaging systems by 80% through a metrics driven approach to reduce the attack surface of our workstations and servers.
Developed and delivered training across the organization on security and data privacy through a combination of in person training, online training, and email awareness campaigns.
LOGOS COMMUNICATIONS, INC Westlake, Ohio • 2008 2010
$250M Cisco solutions provider dedicated to helping customers build, manage, optimize and secure their IT infrastructure
Practice Lead – Pre-Sales Network & Security Engineering
Assisted clients with meeting business needs through technology. Provided complete infrastructure solutions and ensured 100% customer satisfaction. Developed and enhanced service offerings. Teamed with clients to translate business and technical requirements into system specifications including design and solution deliverables.
Designed and presented technology solutions for Cisco networks, data centers, DR and VMware at corporate levels.
Created a new service offering for contingency planning sessions to enhance and update disaster recovery plans.
Managed implementation of large and critical infrastructure projects, and coordinated and provided leadership to multiple cross-functional groups.
NATIONAL CITY BANK Cleveland, Ohio • 2003 2008
$358B publicly traded American financial services corporation with 2,600 branches, 9,000 ATM’s and 52,000 employees.
IT Security Integration Engineer
Led the design, implementation and architecture of new systems supporting National City’s infrastructure. Teamed with various lines of business and vendors to translate business and technical requirements into systems specifications and repeatable design strategies and patterns. Completed design deliverables for each phase including detailed infrastructure diagrams and architectural design documents. Served as a trusted project manager for the build out of systems over $50M; coordinated multiple groups to complete projects on time and within budget.
Created a three-tiered architecture for National City’s Enterprise Portal based on Microsoft SharePoint technologies. Implemented successful Enterprise Portal to more than 37,000 users allowing increased speed to make business decisions.
Served as Lead Integration Engineer for Corporate Security Services. Designed infrastructure and coordinated teams to deliver projects on time and within budget. Projects included Public Key Infrastructure, Two Factor Authentication, Security Risk Analyzer, Corporate Content Protection, Customer Traffic Finger-Printer, and Enterprise Password Vault.
DEPARTMENT of DEFENSE (DoD), CONTRACTOR ACS-GSG Vienna, Ohio • 2000 2003
Network & Server Security Manager
Managed more than thirty servers and the network infrastructure for the 910th Airlift Wing. Updated, installed, maintained and ran backups on all services. Provided management of daily network operations, monitoring, performance, capacity planning and third level support. Held a DoD Top Secret Clearance to administer the Defense Messaging System.
Migrated servers from Windows NT to Windows 2000; migrated 2500 users and computers to Active Directory.
Administered the Defense Messaging System (DMS) running Exchange 5.5. Rolled out DoD PKI-enabled Common Access Cards for two factor authentication to NIPRNet and SIPRNet.
Conducted security assessments to include vulnerability scanning, access rights, and password audits.
VALUENET, INC., (ISP) – subsidiary of Sky Bank Lisbon, Ohio • 1996 2000
IT Manager
Education
BALDWIN WALLACE UNIVERSITY; Berea, Ohio
Executive Master of Business Administrative • 2014
YOUNGSTOWN STATE UNIVERSITY; Youngstown, Ohio
Bachelor of Science in Applied Science (B.S.A.S.), Computer Information Systems and Business Administration • 2002
Addendum
Professional Certifications
Certified Information System Security Professional (CISSP)
GIAC Security Leadership Certification (GSLC)
ISACA Certified - Risk & Information Systems Control (CRISC)
GIAC Certified Incident Handler (GCIH)
Implementing & Auditing the Critical Security Controls
VMware Certified Professional on vSphere 4 (VCP)
Cisco Certified Network Professional (CCNP)
Cisco Certified Network Associate (CCNA)
Microsoft Certified Professional (MCP – Windows
2000, 2003 & 2008)
Professional Development
Evanta CISO Coalition – Exclusive Collaboration
Karrass Effective Negotiating Training
Cleveland FBI Citizens Academy
Project Management Training (PMP)
ITIL Foundation v.3 Certification
Lean Six Sigma Green Belt Training
Root Cause Mapping Training
Managing to Learn (A3 process to solve problems)
Generally Accepted Privacy Principles Seminar
Leadership and Communication Strategies
Public Speaking
InfoSec World Conference
Evanta Global CIO & CISO Executive Summit
Cleveland Information Security Summit
CIO Forum & Executive IT Security Summit
Customer Advisory Boards
Advisor, Cisco Strategic Security Forum at Cisco
Customer Advisory Member at BitSight Technologies
Customer Advisory Board Member at OpenDNS
Technical Advisory Board at Malwarebytes
Memberships
FBI Citizens Academy Foundation of Cleveland (FBI), formed as a nonprofit public service organization that promotes safer communities in the greater Cleveland metropolitan area. Members help to improve understanding and appreciation of law enforcement among citizens and community leaders.
Board Member of Northern Ohio Chapter of InfraGard (FBI), is a non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members.
Information Systems Audit and Control Association (ISACA), engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide.
CSO Xchange, is a group of thought leaders and executive-level peers who have a passion for security, audit, risk management or compliance and the responsibility to protect their company’s information assets. Promotes the sharing of ideas, concerns, and thoughts about GRC, security strategy, best practices and pragmatic solutions.
Third Party Security Rating
Multi-Layered Defense Strategy
Contact this candidate