DARRION W. RAKESTRAW, M.ENG. CHIEF INFORMATION SECURITY OFFICER

adcwld@r.postjobfree.com 916-***-**** · Rancho Santa Fe CA 92067

Mr. Rakestraw is a U.S. Navy veteran with 25 years of IT Security, Risk Management, and Security Operations experience. Visionary. In-demand. Thought-leader, responsible for providing vision, strategy and execution excellence in delivering large transformational projects with global scope. He has diverse international experience and is skilled in building technology shared services and centers of excellence, streamlining application delivery and infrastructure operations Seeking a Global CISO or SVP executive level role at a Fortune 500 firm.

Areas of Expertise include:

Information Security Technical Project Management Global Perspective

Strategic Business Planning Business Process Improvement Systems Analysis

Persuasive Communication Skills Team Management Team Building

Budget Management Visionary Thinker Exemplary Presentation Skills

EDUCATION & CREDENTIALS

Doctorate Candidate, Law and Policy

NORTHEASTERN UNIVERSITY Expected Completion: 2021

Master of Engineering

UNIVERSITY OF CALIFORNIA, LOS ANGELES 2011

Bachelor of Technology, Telecommunications Engineering

GOLDEN GATE UNIVERSITY 2004

Certifications

HCISPP, CISSP, CISM, CISA, PgMP, MCSE, MCT, CNNP, CCDP, CCNA, CCDA, FSE, CMSP

CHC (Expected Completion: 2020)

PROFESSIONAL EXPERIENCE

Alluma Sacramento, CA Sept-19- present

Chief Information Risk Officer

Focused on building strong security governance, policies and procedures, and offering leadership to organizations with developing and defining enterprise-level information security programs. Proficient in risk and operational management with experience identifying safety threats and workable solutions.

WWT Miami, FL Mar-2018-Sept-2019

Advisory Services Leader: Security Strategy, Risk, and Compliance

Manage and lead multi-disciplined global delivery teams and provide delivery management, thought leadership, project management and oversight as required.

Manage client and vendor relationships including senior (“C” Level) leadership

•Provide consultative sales support as required

•Develop intellectual properties, service offerings, and related materials as required

•Manage and administer project resources including performance reviews

•Assist with recruiting activities as required

MERCANTIL BANK · Miami, FL Mar-2016–Mar-2018

SVP Chief Information Security Officer

Provide risk management, information protection, and security assurance for the 4th largest commercial bank in Venezuela with assets of $9 Billion. Develop IT Security governance structure to reduce risks in business processes, enhance information security, and ensure compliance with regulatory standards. Developed FISMA, FFIEC ISO and NIST crosswalks and mapping. Develop methodologies for risk assessment, business impact analysis, and security assurance to improve systems and operational security. Work closely with business unit to identify perceived threats to the integrity, availability, and confidentiality of their information assets.

•Managed, coached, and mentored a team of 17 security professionals while reporting directly to the Chief Risk Officer.

•Recognized for re-structuring the data security functions while managing a $14M budget.

•Conducted 30+ Threat and Risk Assessments and IT Security Reviews to analyze business and technology risks within the current operating model.

•Created and deployed Security Awareness Program, Computer Incident Response Team, and Disaster Recover/Business. Continuity Plans to safeguard bank.

•Developed and implemented an information security framework strategy, and re-developed policies and standards to centralize security functions for all major platforms across the enterprise.

•Implemented an information security awareness program, host and network IDS, secure remote access solution, and an internet monitoring solution.

OHIOHEALTH · Columbus, OH 2016

CONTRACT - 4 Month Interim CISO

UNIVERSITY OF THE PACICIFIC 2013 to 2016

CONTRACT - Interim Vice President Chief Information Security Officer

Developed strategic information security objectives and directed technology platforms and business units within the University. Developed, tested, and implemented appropriate security plans, products, and control techniques.

•Served as HIPAA Security Officer of 8 Ohio Health hybrid agencies. Interpreted regulations, wrote policies, developed and facilitated security training, and managed compliance.

•Developed training documentation for GLBA, SOX, and HIPAA compliance processes.

•Implemented appropriate policies relative to IT systems/infrastructure and non-automated methods and procedures.

•Developed training programs to ensure staff compliance with policies and established protocols.

HCL TECHNOLOGIES · Sunnyvale, CA 2011 – 2013

General Manager

Managed overall IT operations and served as a senior leader in governance processes of the organization’s architecture, telecommunications, networks, programming, media, and desktops. Ensured compliance with HIPAA, SOX, and PCI-DSS regulations. Led strategic technological planning to accomplish business goals.

Prioritized technology initiatives and coordinated evaluation, deployment and management of current and future technologies.

•Collaborated cross-functionally to develop and manage a technology plan that supported organizational needs.

•Approved and controlled projects and a project portfolio relative to the selection, acquisition, development, and installation of major information systems.

•Worked closely with the Head of Demand Management Planning for Infrastructure Engineering to perform benchmarking

to ensure per unit costs were in line with market and best practices.

•Recruited, developed, and trained dedicated IT teams, developed initiatives to support employee retention and relations.

•Oversaw service level agreements and continuously monitored systems, programs, and equipment performance to ensure continuous delivery of technical services to end users.

TABORDA SOLUTIONS, Folsom, CA June 2014-Jan 2016

SR DIRECTOR OF INFORMATION SECURITY

•My direct responsibilities require a strong knowledgeable leader to provide vision, strategy, and hands-on execution of our security initiatives.

•Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and agency information systems

•Developing, maintaining and overseeing an agency wide information security program

•Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements

•Training and overseeing personnel with significant responsibilities for information security

•Assisting senior agency officials on cybersecurity matters

•Ensuring the agency has a sufficient number of trained and security-cleared personnel to assist in complying with federal cybersecurity law and procedures

•Reporting at least annually to agency executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats

RESTORATION HARDWARE Corte Madera, CA July 2013- June 2014

DIRECTOR OF INFORMATION SECURITY

Design comprehensive information security program, which involves both internal, and advisor/customer security practices and solutions as well as assessment of information security risk in light of executive management's risk tolerance.

•Function as the leading member of the Computer Incident Response Team (CIRT), in charge of investigating the internal and external incidents as well as rendering guidance and root cause analysis to executive leadership Administer the review, validation, redirection, and approval of information security infrastructure

•Handle threat and vulnerability management (TVM) activities as well as complete the execution of due diligence audits and assessment of vendor contracts for information security concerns

•Evaluate and approve security exceptions as well as monitor the compliance with all the employed policies

Render direct oversight to the Security Operations Center (SOC) activities, which included penetration testing, scanning, and monitoring of the environment

•Played a pivotal role in implementing a successful information security program, with policies and standards that complied with the requirements derived from Financial Industry Regulatory Authority (FINRA), Payment Card Industry (PCI), Sarbanes Oxley (SOX)

KAISER PERMANENTE Walnut Creek, CA September 2010-August 2011 PORTFOLIO PROGRAM MANAGER

The Information Assurance practice includes Governance, Risk, and Compliance (GRC); PCI Compliance; Application and Database Security; Security Assessments; Data Security & Privacy; and Incident Management. Accountable for building and maintaining strong working relationships and driving successful project outcomes through disciplined project and program management processes. Other duties include:

•Served as Security Liaison Information Security program

•Managed over $1 Million in budget for Application Security Program, Information Security Lab and Forensics/Investigations

•Managed complete eDiscovery Process for IT and Legal

•Responsible for implementation Information Security policies for the Overall GRC Program

•Responsible for risk assessment and remediation recommendations of all IT applications assessed by risk assessment process

•Responsible for SOX Compliance Audit and Assessment

•Liaison to the Business to promote security within KP

•Responsible for Training Classes for IT to ensure Information Security Standards are communicated and adopted for new systems on boarded

•Responsible for assessing application security and compliance

•Liaison between the client and the service delivery organization.

•Support the close of the Information Assurance top-line gross profit number target.

•Track individual Information Assurance calls/meetings, pre-sales activities, and wins/losses, and proposal outcomes.

•Describe Information Assurance offerings in detail, understanding of all pricing models, reference accounts and past Information Assurance engagements.

•Provide Information Assurance overview presentations to new and existing Client’s clientele.

•Provide follow up communication to account team and client regarding the differentiators of Client’s Information Assurance Practice.

•Assist in performing Quality Assurance (QA) on all client proposals for opportunities with direct involvement

•Gather and collect pre-engagement information for accurate scoping on proposals.

•Support sales representatives in scope/price negotiation process with client.

•Conduct post-meeting follow-up with appropriate customer contacts to confirm that Client’s understanding, strategy, and direction are in line with client service proposal expectations

•Engage in Account Management Strategy meetings with Account Executives, assisting in targeting accounts for

specific Information Assurance related services.

•Transfer of scoping data to Project Sales Group with all involved opportunities.

•Provide support for the Project Management Office in account transition (sales to delivery knowledge transfer)

•Evangelize Client’s professional services organization (focused on information assurance) to raise awareness of Client’s on a Regional Level.

CISCO SYSTEMS, San Jose, CA October 2009-November 2010

SENIOR PROGRAM MANAGER

•Managed over $600,000+ budget for the Information Security Program

•Responsible for Information Security Program

•Responsible for Creation of Information security policies

•Responsible for Security assessment and audit of IT Projects

•Responsible for the Security Awareness training program

•Completed the rollout of an SSL VPN Solution

•Successfully deployed TWO-Factor authentication system.

•Successfully deployed corporate wide intrusion detection and prevention devices

•Successfully deployed vulnerability assessment software

•Responsible for the creation and implementation of the IT Change Management plan & schedule.

•Participated extensively in the review of the companies Sarbanes/Oxley audit.

•Reduced overall corporate systems patch level non-compliance from 70% to 10%

•Implemented processes to provide investigatory services to other departments.

•General Network troubleshooting and support across global architecture

Kaiser Permanente, Walnut Creek, CA October 2008-August 2009

SENIOR PROGRAM MANAGER

Performed direction and oversight for a hosting transition between Benefits Enhancement Tracking Systems (BETS) and Kaiser Permanente IT Division (KPIT). Conducted procurement coordination, resource planning, testing process, release management, licensing and program reporting.

•Directed multiple project teams totaling 36 direct reports and maintained compliance for Kaiser, Agile-Scrum, RAD, RUP, V Model Methodologies and Lean Six Sigma initiatives.

•Ensuring IT infrastructure is compliant, including Networks, Servers, Storage, Security, etc.

•Leading technical design and compliance standards (HIPPA, SOX, PCI-DSS)

•PCI/DSS design and implementation, including high-level design (HLD) and low-level design (LLD). HIPPA design and implementation, including high-level design (HLD) and low-level design (LLD).

•SOX design and implementation, including high-level design (HLD) and low-level design (LLD).

•Application build /design and implementation, including high-level design (HLD) and low-level design (LLD).

•Recommending improvements and enhancements to current IT infrastructure solutions.

•Acting as TDA / technical design authority for PCI/DSS compliance.

•Disaster Recovery Implementation included, identification of mission-critical assets, data storage and recovery testing Oracle 10g fail-over testing, site fail-over recovery testing, integration of business continuity planning and emergency operations planning and training.

AT&T, San Diego, CA March 2008- October 2008

SENIOR PROGRAM MANAGER

Utilized Agile-Scrum methodologies along with Six Sigma practices to manage data-networking and telecommunication projects led project teams and maintained compliance in all process. Defined roles of project deployment and management, vendor hosting and infrastructure delivery.

•Configured, performed QA testing and installed Access Control Servers

•Providing network security and AAA on the County of San Diego core network for remote users

•Formulated a Disaster Recovery (DR) strategy and Business Continuity plan for the CoSD enhanced VoIP messaging

•Managed the design and implementation of strategic geographical mirror host

•Validated DR strategy through testing and execution drills

•Managed consultants and engineers ranging in experience from entry level to Principal level.

Implemented Data Center Disaster Recovery Plan for the County of San Diego Security services design, creation and management of development and operations Management and performance of vulnerability assessments (penetration testing)

IBM, Sacramento, CA March 2000- March 2008

NETWORK ARCHITECT/ASSOCIATE PRINCIPAL

Managed all aspects of multiple projects, matrix teams as large as 170 with 31 direct reports. Developed requirements analysis, process design; performed sales consulting, prototyping, testing, change management and implementation. Provided engineering support to data-center migration network engineering teams, site engineering, and system engineering. Performed vendor product evaluation, performance/trend analysis, and system level problem identification and resolution. Managed Data Center Migration and Consolidation for CalPERS, DHHS and McKesson. Delivered extensive network support, network design, capacity planning and risk management for California Automated Child Support System for DHHS and FTB. Develop and Deploy SAP implementations for CalOHI, Performed HIPAA and SOX audits for several State of California agencies.

•Regulatory Compliance Practice Lead (both HIPAA, and GLBA)

•Certification Offering Practice Lead IP Protection Framework design

•Risk management program design and risk assessment methodologies

•Management of enterprise security initiatives and program

•Design and performance of regulatory compliance assessments and remediation implementations

•Firewall, VPN and encryption technology solution implementation

•Performance and management of Network Security Assessments

•Managed and delivered Ethical Hacking Security vulnerability assessments and Penetration tests for both public and private sector customers.

•Delivered high-level risk management based on NIST SP800-30, SP800-27, SP800-14, as well as OMB Circular

standards A-130. Managed a full network assessment, HIPAA

•Roadmap for McKesson Corporation to facilitate the consolidation and relocation of 5 data centers and the design and consolidation of 5 network operations centers.

EDS, Sacramento, CA December 1998- March 2000

NETWORK OPERATIONS MANAGER

Directed network engineering and operations, performed traffic trend analysis, supervised and directed 50 network technicians, and provided support for help desk and network operations. Provided change management and systems maintenance.

SENIOR SYSTEMS ENGINEER, Innovative Solutions, Inc., Sacramento, CA August 1997-December1998

SYSTEMS ENGINEER, GE Capital IT, Sacramento, CA September 1993-August1997

ELECTRICIAN, International Brotherhood of Electrical Workers, August 1989-September 1993

Contact this candidate