Senior Information Security Executive
Resume:
Preston Broesche CISSP 281-***-**** (C) *********@*****.***
Senior Information Security Executive
Leading Enterprise-wide Initiatives to Build Successful Security Programs While Maintaining Performance and Efficiency
IT Security & Compliance – Risk Assessment & Mitigation–Process Implementation & Improvement – Teambuilding
Confident, senior information security leader, with two decades of experience across a wide range of industries and companies. [including the federal government, Fortune 500 companies, finance, healthcare, power utility, consulting] Proven abilities related to defining objectives and implementing actionable plans to build successful information security programs.
Technical knowledge covering servers, networks, virtualization, cloud-based initiatives, security and identity management with demonstrated success improving security programs.
Security Frameworks including NIST CSF, ISO27001/2, PCI DSS, ICS, NERC, FERC, and CIS.
Respected project manager with the proven ability to manage resources, budgets and timelines to drive accountability and keep key projects on track. Able to blend superior communication skills with technical knowledge to achieve results.
Exceptional Teambuilding skills, ranging from recruiting and hiring to training, development, coaching and cultivating leadership. Proven strength in managing through change and retaining top-performing talent.
Recognized for motivating high-performance, risk driven management and technical teams through the introduction of company-wide standards, operational best practices, and continual quality improvements.
Equally capable as both a strategic and tactical leader poised for next-level success within a quality-focused organization.
Team Leadership— Security and Risk management—Strategic Planning and Management—Budgeting—Forecasting—Training, Mentorship &Development—Security Controls—Risk Assessments—Process Implementation & Improvement—Project Management—Headcount—Budget controlled—Strategic Planning—Digital Transformation—ITIL—Root Cause Analysis & Problem Solving—Cloud Technologies— Corrective Actions—Negotiation—Compliance —Vendor Management
Professional History
DIRECTOR OF INFORMATION SECURITY (CISO)
Kirby Houston, TX October 2018 – Present
Director of Information Security, with responsibility for all security operations including risk and vulnerability management, security roadmap planning and regulatory compliance management. Developed a new cyber security program to offset overwhelming operational risks. Interface with the executive board and executive management as well as external customers on security strategy and posture.
Responsible for the development and maturation of a streamlined new cyber security program that more effectively operationalized multiple functions including incident detection and response, risk management, and audit capabilities.
As the CISO, acted as the cyber security point of contact during customer audits and assessments of Kirby’s vessel/shore safety and security.
Teamed with business unit managers and directors in order to understand the nature of the business and how best to integrate security into the existing processes.
Oversight and management of Kirby’s multimillion-dollar IT Security budget focusing on high performance at as low a cost as possible.
Managed a team of 2 internal personnel and a 3rd party managed detection and response team.
Managed all vendor and contractor agreements and relationships for the IT security program including scoping and negotiations.
Involved in a companywide digital transformation effort that involved security tools, incident response playbook automation and RPA (robotic process automation) capabilities.
SENIOR MANAGER OF SECURITY ENGINEERING AND ARCHITECTURE
Vistra Energy (Merger with Dynegy) Houston, TX May 2018 – October 2018
Transitional position to help bridge the gap between Vistra and Dynegy post-merger.
Collaborated with Vistra security architecture and operations team to transfer Dynegy security assets during the merger transition.
Performed advisory and consulting activities for Vistra NERC CIP and SOX Compliance teams in order to maintain a successful program.
Maintained all security and compliance needs including budgetary and management concerns during the transitional period
SENIOR MANAGER OF SECURITY ENGINEERING AND ARCHITECTURE
Dynegy Houston, TX November 2013 – May 2018
Senior Manager of Security, with responsibility for daily security operations including oversight, risk and vulnerability management, security roadmap planning and regulatory compliance management. Evaluate risk and assess programmatic impact. Developed a comprehensive vulnerability management program utilizing and implementing a new tool set. Threat analysis, modeling and reporting to management as needed and on a regular basis. Provide mitigation or appropriate countermeasure solutions.
IT Security Manager with responsibility for daily security operations, risk and vulnerability management and security roadmap planning.
Developed an enterprise information security program ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.
Responsible for development and management of the NERC CIP program involving High, Medium and Low environments in SCADA environments.
Developed a cloud security risk assessment program and performed extensive risk assessments on all new external 3rd party cloud applications.
Managed a team of analysts and maintained the budget for all security engineering and architecture tools.
MISSION SYSTEMS SECURITY OPERATION CENTER MANAGER
Lockheed Martin Houston, TX November 2012 – November 2013
As the Mission Systems Security Operation Center manager, I was responsible not only for daily operations management of the existing security group but also planning for the new security operations center. Responsible for developing policies and procedures related to the buildout of the new security operations center. Presentation of weekly and quarterly information security metrics to NASA and corporate audiences. Absorbed and implemented new tool sets such as Palo Alto/Cisco/Checkpoint Firewalls, Splunk, Sourcefire, BigFix/Tivoli Endpoint Manager, McAfee vulnerability manager and Nessus.
Developed processes and tools to build the new Missions Systems Security Operations Center.
Created a service-based delivery ideology for the security group encompassing threat management, risk management & incident response.
CYBER SECURITY MANAGER
Saint Luke’s Episcopal Health System Houston, TX June 2012 – November 2012
As the Cyber Security Manager, I developed and maintained IT security policies and standards in adherence to agreed-upon security frameworks, industry regulations, and best practices. I also maintained awareness of current HIPAA, HITECH, PCI and other regulatory security requirements. This security awareness training led to improved staff security knowledge and awareness that helped to decrease unnecessary risks through insecure IT practices. I reviewed and modified all existing security policies and procedures ensuring alignment with current business model and industry best practices. This provided St. Luke’s with an updated initial baseline which indicated areas for remediation. This resulted in timely and accurate report findings to be used for further investigation by compliance or legal. As the IT Security Team Lead I am responsible for providing functional oversight of security teams managing work assignments and overall progress. I also served as the project manager on all IT security projects.
In conjunction with the training department, I developed an annual IT security training module utilizing corporate security policy and other standards
I plan and perform investigations and responses to security incidents. These investigations involved both standard security incidents & HIPAA misuse cases.
Managed and lead a team of 6 security analysts and engineers in security operations and compliance
CYBER SECURITY LEAD
Booz Allen Hamilton(NASA Contractor) Houston, TX August 2011 – June 2012
During these engagements I developed security policies and business process standards for clients.
As a security team lead, I came up with the idea to extend the existing proprietary malware detection software to cloud environments. This resulted in an innovative method of increasing our security offering base by taking into account new trends in computing. Developed and delivered a training boot camp on cloud security for employees to prepare them to earn the Certificate of Cloud Security Knowledge. This resulted in cost savings of approximately $1000 per employee. I collaborated with and advised the NASA Cloud Computing Working Group on a strategic cloud adoption plan. This resulted in the procedures and criteria required for NASA to decide which applications were acceptable cloud candidates.
As a team lead on multiple security engagements I performed penetration testing, security audits and vulnerability analysis in order to improve the client’s system security posture.
Built and managed the Houston Cyber Security lab where security information management tools were tested and evaluated so that a vendor recommendation could be made.
ORGANIZATIONAL CHIEF INFORMATION OFFICER
NASA JOHNSON SPACE CENTER Houston, TX December 2007 – August 2011
During this time I reduced cost by eliminating workforce duplication and wasteful IT practices.
As an information security officer, for NASA I authored several IT security policies regarding how to approach securely sharing information with international partners. During the course of implementing this policy a security flaw was found that if left unchecked would have resulted in potential unwanted data leakage. Chaired the IT Control Board leading quarterly design and architectural review meetings. The meetings consisted of project and budget status reports as well as conflict resolution. This allowed the managers to concentrate on engineering and business matters and not the day to day operations of IT and security.
As a NASA civil servant, I managed IT and security operations contracts including a staff of 20+ contractors, and a multimillion-dollar budget.
As an IT manager I authored the annual IT spend plan and resulting budget. developed an enterprise wide server obsolescence plan and a migration to virtual platforms which reduced the cost of server replacement and maintenance by 50%.
SENIOR SECURITY LEAD
Science Applications International Corp. (NASA Contractor) Houston, TX December 2005 – August 2007
Position involved evaluating control objectives and authoring control implementations that addressed the objectives
adequately. This allowed the IT manager the flexibility to focus on more enterprise wide management tasks. As the senior security representative, I provided overall server, network, security engineering and incidence response support. This allowed us to satisfy our contractual requirements with NASA while delivering capabilities and skills above and beyond what was required. Established working relationships between SAIC and NASA’s institutional IT organization. I managed to foster cooperation and collaboration in an environment previously plagued by an overall lack of trust.
Developed and maintained several NASA FISMA system security plans for certification and accreditation life cycle.
Assumed the responsibility of developing a security awareness training program for new contract personnel.
SENIOR SECURITY LEAD
KPMG Houston, TX June 2005 – December 2005
I became well versed in commercial, state and federal standards, including COBIT, HIPAA, and FISMA. Conducted forensic analysis of compromised computer systems for preservation and legal action. This allowed the client to maintain chain of custody and protect themselves from litigation. Evaluated IDS, IPS and firewall and network configurations and settings for validity and efficiency. Performed social engineering attacks per clients’ requests in order to educate and increase security awareness among their employees. This resulted in a better understanding of the criticality of the underestimated social engineering.
Performed security and vulnerability assessments utilizing various standards and frameworks.
Performed attack and penetration assessments and applied approved exploits to gain and expand access to those systems.
INFORMATION TECHNOLOGY MANAGER
CORNERSTONE HOME LENDING Houston, TX December 2000 – June 2005
Commanded LAN/WAN operations center and firewalls for corporate office including internal and co-location networks. Developed and implemented security policies and procedures in conjunction with management, Human Resources and corporate Information Security Department ensuring fastest and most cost effective recovery times. Oversaw the daily activities of an internal team, contractors and vendors in order to provide progress monitoring and budget adherence to corporate management.
Established the corporate server system architecture and network design plans, and authored corporate policies, procedures and plans for process and change control optimization.
Successfully deployed patch management systems for a network of over 250 Windows servers and 1,000 Windows workstations.
Education
BACHELOR OF SCIENCE, Sam Houston State University, Huntsville, TX
PROFESSIONAL CERTIFICATIONS:
CISSP-94638
CSA CERTIFIED CLOUD SECURITY KNOWLEDGE
FEAC-FEDERAL CERTIFIED ENTERPRISE ARCHITECT (BLACK BELT)
TS SCI Federal Clearance (Expired)
Lean Six Sigma-(Green Belt)
CEH-Certified Ethical Hacker V.6
ITIL V.3 Foundations
Contact this candidate