Scrum Master Project Manager
Resume:
JIM STONE
SAFe Certified CSM, PSM *&* PMI-PMP/ACP PCIP Security+ (ISC)2 CISSP, CCSP, SSCP, CC
Jim brings 20+ years of security project management experience including audits, certifications, implementations, and migrations in enterprise environments. He led the successful implementation of Zscaler for a global ag company on a very tight timeline, as well as several PCI certifications, CyberArk implementations, and NIST review/gap analysis. Jim is a problem-solving project manager with years of experience in solving project issues. Jim is fully trained and can project manage in Waterfall, Agile Scrum/coach, Gira/Confluence, SAFe.
SKILLS
Agile/Scrum (certified), Waterfall, hybrid
SAFe – SPC6 can teach/sponsor.
SDLC
Gap assessments, Audits, PCI
M&A projects
MS Project/Project Server
Jira, Confluence, Excel, Visio
Teams, SharePoint
ServiceNow, Remedy
Mentoring/Leadership
Client and Vendor Management
Scrum/ SAFe Coach
CERTIFICATIONS
Security
PCIP: Payment Card Industry - Professional
CompTIA: Security +
(ISC)2 Certifications: Cloud Migration, Zero Trust for Identity: Strategies and Leadership to Protect Businesses, preparing for a Zero Trust Initiative, Zero Trust Architecture in the Cloud
CISSP (ISC)2
CC (ISC)2 Certified in Cyber Security
SSCP (ISC)2 Systems Security Certified Practitioner
CCSP (ISC)2 Certified Cloud Security Professional, Training Complete, Exam scheduled.
Project Management
PMI - PMP Waterfall
PMI - ACP Scrum
PSM 1 (Professional Scrum Master) Scrum.org
PSM II (Advanced Professional Scrum Master 2) Scrum.org
CSM (Certified Scrum Master) Scrum Alliance
SAFe - SPC 6.0
SAFe Certified Scrum Master 6.0
SAFe - Advanced Certified Scrum Master 6.0
SAFe - Product Owner/Product Manager 6.0
SAFe - Release Train Engineer 6.0
SAFe - SA 6.0
:
EXPERIENCE
SCS, Stone Consulting Services, Inc. Dec 2023– Present
Contractor per hour
While completing several ISC certifications (CC, SSCP) and gaining additional knowledge in cloud migrations and zero trust certificates, provided paid consulting services and project management within a variety of industries. Some paid contractor projects include:
Advised as a contractor - companies on how to pass a PCI ROC (Report on Compliance) – did this for a Commercial Services Contracting Company, a Las Vegas Casino, and an InfoSec Company.
Advised as a contractor -a distribution company on how to pass a PCI SAQ (Self Assess Questionnaire).
Advised as a contractor - an InfoSec company as to how to bid on a Zero Trust implementation, did training sessions on what zero trust implementation would look like, and spoke to the company the Service Contractor was doing a Zero trust bid for.
Advised as a contractor - a Healthcare company on creating a secure zone for a PII and PHI data and controls for egress and Ingress security policies.
oDiscussed with the staff, the pros and cons of moving the information to the cloud.
oAdvised what cloud services are the right fit for their needs.
oDiscussed best migration practices and proper risk management for the situation, and proper strategies.
Discussed with their IT staff what is the correct way to implement a Zero Trust environment in the cloud.
oAssessed current and past situations they experience in the cloud environment and provided solutions to implement a Zero trust.
oDiscussed changes in SDLC from internal Datacenter vs. Cloud SDLC, and how to insert Security into their SDLC process in the cloud.
For each PCI engagement, reviewed the new PCI DSS 4.0 – what has changed and how it affects the client, as well as the process for passing a ROC, and dealing with the independent QSA.
Medical Sabbatical December 2021-December 2023
Time off for medical reasons.
While rehabbing Jim took many classes to become certified in Agile and SAFe.
Corteva Jun 2021 – Nov 2021
Security Project Manager - Zscaler Implementation
Tested and implemented Zscaler product in entire company.
Project managed deployment to all desktops in the organization.
Worked with contractor Zscaler PM to coordinate the Corteva Zscaler team for daily 2-a-day meetings. Maintained notes and to-do lists. Drove tasks to completion.
Solved multiple project problems.
Coordinated with several Corteva datacenters and Corteva Datacenter Managers around the world to manage the implement the Zscaler product in different time zones and different countries.
Verizon to Accenture briefing and hand over datacenter support project.
Worked with Accenture project manager to coordinate our combined activities to get Accenture familiar with Corteva datacenters. Resolved many disputes between organizations and kept the project moving forward. We ended the project on time.
Worked on getting both sides, Corteva and Accenture, back together as they disagreed regarding monies owed and stopped working on the project before I was assigned. I was able to resolve the monies issue and got the project back on track and plotted a course to finish with a very tight schedule on time.
Casey’s Dec 2020 – Jun 2021
Transformation Consultant – Bucky’s transformation
Worked with Bucky’s resource to coordinate activities.
Resolved all actions needed to make Bucky’s transition to Casey’s.
Created a project plan that would list all the activities to complete a transition and have us finish on time.
Corteva Jun 2019 – Dec 2020
Sr Project Manager - SQL Optimization Projects (CTAS)
Migrated Dev, SIT, UAT environments from full SQL licenses to Free Dev SQL licenses. 6 million in savings. SQL patching throughout the organization.
Scrum Master: Agile re-write of application that reached its maximum ability with Access to a SQL based application. Used full agile planning and execution using Jira, Azure Dev Ops, Kanban boards and Trello.
Federal Home Loan Bank of Des. Moines Sept 2018 – Feb 2019
NIST SME
Worked with IT teams to define NIST standards and determine how it fits in infrastructure.
Conducted gap assessment meetings with infrastructure teams to get an estimate to where they are currently with implementing the standards.
Created a tracking spreadsheet of totals reporting. Reported out to upper management with results.
Dupont Pioneer Feb 2016 – Aug 2018
Migration Project Manager - Spin Project – User Migration
Project Managed the migration of 12,500 users back from one domain.
Worked with Microsoft on their migration portal to reverse the direction.
Project Managed 100’s of sites to prep and execute the migration.
Modified the way the migration was conducted by working with the IT team to create a scripted process versus a manual process. Lowered defect rate and speeded up the migration process.
Sands - Venetian Hotel Las Vegas Apr 2016 – Dec 2016
PCI Security Project Manager
A PCI initiative was already underway, but QSA (Qualified Security Auditor) had walked off the project. Met with QSA and resolve their differences.
Set new expectations between the Sands and the QSA.
Reviewed gap assessment and checked current requirement evidence locker. Identified short comings in the evidence and met with IT and technical writer. Discussed why evidence was insufficient and where evidence was needed to meet the 365 controls. Created a project plan to address remaining requirements needing to be satisfied. Conducted WebEx meetings with QSA and Sands to approve remaining requirements. Drove requirements to completion.
To satisfy one PCI requirement, corporation first had to decide on which outside organization to follow. I discussed NIST, CIS, ISO, etc, and the pros and Cons of each to bring the Sands to a conclusion. Once the NIST outside security frameworks was decided on, the project had a framework to follow. All the 365 PCI controls were referenced back to NIST for clarity. Acted as requirement SME. Evidence first passed my inspection before it was presented to QSA. Developed IAM
Dupont Pioneer Oct 2014 – Mar 2016
Spin Project Manager – User Migration
Project Managed the migration of 12,500 users from one domain to another and to lock down the security of domains.
Project managed application moving from one domain to another.
Project Managed 100’s of sites to prep and execute the migration.
Worked with IT to lock down the Active directory and not disrupt the project.
Aetna Jan 2014 – May 2014
PCI Security Project Manager - PCI SME.
Priority 1
oIn a short time, prepared Aetna for a QSA audit.
oConducted WebEx’s with Aetna staff and the PCI auditor.
oConducted gap assessment with IT and the QSA.
oCreated list of remediation work from WebEx assessments with auditor.
oWorked with component owners to create project plan and deliverables for remediation work.
oConducted regular meetings with component owners to check on progress of remediation work.
oStood Archer back up in preparation for a PCI audit. Matched PCI controls to NIST controls.
oAudited Aetna’s international controls and make recommendations.
oCreated process to remediate Aetna’s vulnerability scan reports.
oDeveloped IAM
Priority 2 Worked on Aetna’s NIST initiative.
Allstate Mar 2014- Dec 2014
PCI Security Project Manager - SME/PCI
Project Managed new application installation and configuration of the CyberArk application.
oCreated business requirements for an enterprise solution.
oSized infrastructure to meet business requirements.
oCreated cost estimate documentation.
oManaged gating process.
Worked with the CyberArk vendor on costs and deliverables and timing.
oProjects managed included the standup of the infrastructure in 2 different datacenters, the installation of CyberArk to match business requirements, and safe creation for applications and components.
oCreated slide deck on how to order a safe and held WebEx’s to demonstrate how to order a safe. Managed application ID and password upload into CyberArk.
oCreated slide deck on how to use CyberArk safe and held WebEx’s on how to use the safe.
oProject managed Component and Application Privileged ID and password upload into CyberArk. Project managed over 100 new CyberArk safes and uploading of privileged passwords on a tight timeline and completed on time.
HIPS installation: Project managed installation of HIPS 8 on 1000 desktops across several call centers for network isolation.
oCreated project plan for a very tight schedule, moved it through gating steps, managed the coordination and timing between the HIPS team and the call center teams, and completed project on time.
Verint call recording with encompass.
oProject managed the cleanup of old call records with credit card information. Created project plan. Acquired funding. Moved project through gating process. Managed the creation and timing of change tickets. Managed the schedule as to not interrupt production.
oMoved thousands of production records to new NAS Filer without interruption to production on time. Cleaned records of credit card information and moved the clean records back to production.
Helpdesk
oProject managed new process for helpdesk to verify user on another end of the phone and the new process to use a random password generator.
Reviewed and modified several groups for proper access rights, RBAC and adjusted.
Project managed asset modifications to add several new flags for input components and new applications into CMDB. Documented current process flow with Visio work streams and documented new workflows that were needed.
Training
oProject managed training for developers, so they could pass the QSA interview regarding secure code development. All Developers passed the QSA interview, and all scored a 100.
oDeveloped a repeatable training Program for secure code development.
Project managed several complex password changes that involved SQL and multiple applications and completed on time. Discovered application developers were using the privileged usernames and passwords.
oManaged the creation of change tickets. Coordinated between the SQL team and the application team. Changed the passwords and uploaded new passwords into CyberArk.
Created a training library of Power Point slides for all the DSS 3.0 requirements to help the teams understand what requirements they own and what does the requirement mean to them and what evidence they will need to create to satisfy that requirement.
Held WebEx training sessions for all the component and application teams to discuss what requirements they own and what evidence they need to create and when they will need to have it by.
Filled in where needed on other tracks to help pass the QSA audit.
State Farm Aug 2013 – Dec 2013
PCI Security Project Manager - PCI SME
Worked with application team (DC8) as they deployed the addition of Amex/Disc onto their websites as additional choices for customers to pay with credit card.
Monitored and advised secure code development.
Attended and represented application team in PERT meeting to achieve gate approval to move through their environments and into production on Dec 8th, 2013.
Requested and analyzed vulnerability scans for new code both static and dynamic. Made recommendations on findings. Presented clean scans to PERT meetings for gate approval.
Managed application teams PCI secure training achievement. Developed IAM
Advised present PERT team on PCI related issues that I have seen on other projects as they maintain their PCI ROC compliance.
AIG Apr 2012- Dec 2013
PCI Security Project Manager - SME/PCI
Developed the InfoSec roles, responsibilities, and mission statement.
Worked on Federal Readiness audit remediation and identified test procedures and test points for auditing.
Wrote all policies, procedures, standards, and processes to comply with the PCI DSS. Worked with several teams including application, infrastructure, and security to design processes to satisfy the PCI DSS. All successfully approved by the QSA from Protiviti. Worked with the business side of the DSS to gain approval by QSA.
PCI call center remediation. Identifying processes of all Call Center activities and remediating (changing) processes to meet the DSS requirements.
Walked through their SDLC process and put security into the process with additional steps. They are now securing their code “before” it is put into production using a combination of manual review and App Scan by IBM. Their SDLC process now is PCI compliant.
Managed Application Penetration testing for PCI QSA’s approval. Pen tested several verticals and gathered results from scans and worked closely with IS/IT teams to remediate findings and rescanned to get passing results.
Developed clients Vulnerability Management Process. Developed a process to assure quarterly vulnerability scans were conducted on time and remediation was conducted on time.
Worked on SOX and PII compliance issues.
Developed IAM
Prior Roles Held:
Liberty Mutual - PCI Security Project Manager ME/PCI - PCI DSS PM for Hosting Unix/Wintel Team
Starwood Hotels - PCI Security Project Manager SME/PCI
ITA Group Inc. - PCI Security Program Manager - PCI DSS Certification
Aviva - PCI Security Project Manager - Network Security Audit Remediation
Wells Fargo –Senior Project Manager - Datacenter infrastructure and application installations
Pearson - Senior Project Manager (ITPM/Scrum Master/Architect) for major initiative.
State of Iowa and Kaiser Permanente - Senior Project Manager
Northrop Grumman-IT - Project Manager
TelePacific - Telecommunications CLEC - Director IS/IT
Affordable Technology - Project Manager / Director of IS/IT
Northrop - Manager, IT/Technician – B2 Bomber and SBIRS Projects.
Contact this candidate