CHRISTOPHER L. BUECHNER
**** ****** ****, *********, ** 77459 Phone: 540-***-**** **********@*****.*** IT & DATA SECURITY AND PRIVACY EXPERT
Delivering Global Strategic Leadership in Identifying, Managing and Mitigating Information Security Risks
Data Gathering & Analysis Superlative Information Security Fraud Detection & Prevention Innovative and versatile INFOSEC Security Leader with more than 30 years of progressive responsibility and top performance with Harley-Davidson, Financial Institutions and the Federal Bureau of Investigation. Highly transferable skills, strategic leadership, education, certifications and operational capabilities ranging from CISSP and CISM certified, executive briefing, managing a global security enterprise, personnel resourcing, budgeting, accounting, training and team leadership, collaborating with multiple agencies both internationally and domestically, hardware and software expertise, maintaining chain of evidence and adherence to stringent regulations and requirements while handling the most sensitive, highest priority investigations. Well respected executive and frequently requested as an advisory resource in risk management, information security, computer forensic analysis, risk identification and computer intrusion investigations. Additional strengths include: Uncovering and Remediating Gaps: Recognized for applying a holistic view of security (spanning people, facilities and technology) along with an outside perspective to collect and understand threat intelligence, gap identification and provide practical application of analytics, which has proven critical in uncovering threats, identifying vulnerabilities and exploits. Aligning Security with Business Operations: Adept at transforming the perception of information security from a reactive, siloed and restrictive function to a proactive, and collaborative partner enabling business operations and providing a demonstrable return on investment (ROI).
High-Impact Team Leadership: Highly skilled in managing through strategic change, building new departments, supervising both full dedicated and project-based resources, both internal and outsourced while cultivating multidisciplinary global teams to reach peak performance and productivity.
Previous Security Clearance: Top Secret / Special Compartmentalized Information (TS/SCI) AREAS OF EXPERTISE
§ SECURITY STANDARDS AND CONTROLS
& BEST PRACTICES (NIST, ISO)
§ STRATEGIC LEADER OF A GLOBAL
MANAGED SECURITY SERVICE
CONTRACT
§ DEVELOPMENT AND EXECUTION OF A
CLOUD INFORMATION SECURITY
STRATEGY
§ INCIDENT RESPONSE & INVESTIGATIONS
§ FORENSICS ANALYSIS & E-DISCOVERY
§ VULNERABILITY AND RISK
MANAGEMENT
§ DISASTER RECOVERY PLANNING
§ QUALITY, ASSURANCE & INTEGRITY
§ REGULATORY COMPLIANCE - PCI,
GDPR, SOX
§ BUDGETING AND FISCAL EXPERIENCE
§ SECURITY POLICY AND STANDARD
DEVELOPMENT
§ OPERATIONS PLANNING
§ COMPUTER SOFTWARE AND
HARDWARE
§ CYBER ANALYSIS & TOOL
DEVELOPMENT
§ PENETRATION TESTING
§ TEAM LEADERSHIP & TRAINING
PROFESSIONAL HISTORY
Buechner Consulting Service 2020
INFORMATION SECURITY OFFICER-AMERICA REGION(CONTRACTOR)- ROYAL VOPAK COMPANY Houston, TX March 2020 - Current
Develop and define policies, controls and procedures to safeguard organizational assets, ensure data integrity, availability and confidentiality for all locations in North America, South America and Canada. Supported business continuity and ensured compliance with all government and industry regulations. Performed security investigations and coordinated incident response.
Conducted thorough risk assessment of all IT/OT and non-IT assets that identified gaps and areas for improvement
Created and fine-tuned information security policies and standards that supported the objectives and requirements defined in the company security plan
Designed and implemented internal security controls that were successful in ensuring 100% compliance with company security policies
Evaluated security risks and provided recommendations while considering the business impact of the decisions. C HRISTOPHER B UECHNER 2
Engaged with IT managers as a key member of major IT and OT project teams to ensure security considerations were addressed early and effectively, including completing Business Impact Assessments
Responsible to balance information security needs with the organization's strategic business plan, identify risk factors with evolving business plans and organizational initiatives, and propose and drives implementation of mitigating solutions.
Elevations Credit Union 2020
VICE PRESIDENT INFORMATION SECURITY OFFICER Boulder, CO January 2020 - March 2020 As the VP of Information Security, I was responsible for implementing, maintaining, and overseeing ECU’s information security program, including the governance, management, and advisement of information security efforts and strategic vision across the organization. The position was a working leader role that was accountable for executing and delivering on all Information Security projects. The position reported to the Chief Information Officer and lead security risk assessment efforts, which included overseeing the design, implementation and operation of controls to mitigate known risks, drive information security awareness and training programs, and reduce vulnerabilities that could create inappropriate exposure to the business or its members' data. I worked closely with the CIO, external partners, and business stakeholders to ensure the information security program follows industry best practices, adheres to all federal and state laws and regulations governing and applicable to the Credit Union, including the Bank Secrecy Act, and aligned with company stakeholder needs and expectations.
Worked to improve the efficiency of information security processes and advance the effectiveness of the information security controls of a cloud operating model
Selected to perform risk assessments, set strategy and create an operating model, provide program updates, and advise the CIO, CEO Council and Board of Directors on all matters pertaining to information security and their potential impact to the business and its stakeholders.
Recruited to function as a thought leader and change agent to the organization and provide recommendations in the analysis and discussion of security policies, standards and practices, and guides the design and acquisition of advanced security controls.
Evaluated security risks and provided recommendations while considering the business impact of the decisions.
Recruited to manage the enterprise's information security organization, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews. Recommend staffing levels, and resources to support best practices and business operations.
Responsible to balance information security needs with the organization's strategic business plan, identify risk factors with evolving business plans and organizational initiatives, and propose and drives implementation of mitigating solutions.
I was expected to exercised extreme confidentiality as the scope of work included access to sensitive data and financial perspectives of members and employee After being selected and relocated to Colorado, I resigned my position due to my son’s unexpected diagnosis of cancer which required a relocation to Houston, TX. for long-term treatment. Harley Davidson Motor Company 2016 – 2019
DIRECTOR CYBERSECURITY/INFORMATION SECURITY – ASSISTANT CHIEF INFORMATION SECURITY OFFICER Milwaukee, WI June 2016 – December 2019
As the Director of Cybersecurity my responsibilities included overseeing Harley-Davidson’s Global Cybersecurity platform, Information security program, Cloud Security, Threat, Identity and Access Management, Global Information Systems Controls and Disaster Recovery Teams. These Teams are responsible for protecting and defending the data of Harley- Davidson Motor Company and Harley-Davidson Financial Services’ global customers, employees, dealers, suppliers and business interests through the preparedness, identification, analysis, mitigation, access and control of threats and disruptions to all of Harley-Davidson’s technology and information resources. As the Director of Cybersecurity, I am a senior member of a leadership team that drives the enforcement and implementation of a centralized INFOSEC program that is closely aligned to the NIST framework for information protection, best practices, policies, and standards. The INFOSEC program offers security guidance across the entire global organization and cloud infrastructure to ensure the safeguard of Harley-Davidson’s proprietary data, intellectual property, assets, and resources from internal and external threats.
Supervise a dynamic team of over thirty highly skilled IT security professionals stationed at a multitude of global locations, including 4 information security managers and a multi-million dollar budget. C HRISTOPHER B UECHNER 3
Improve the efficiency of information security processes and advance the effectiveness of the information security controls of a cloud operating model
Provide governance in demanding results from a global managed security service provider. Regularly meet with MSSP’s leadership and drive the provider to deliver on the expected results as documented in the SLA’s and SLO’s.
Directed and sponsored a multi-million dollar, multi-year multifaceted Cybersecurity project. Coordinated efforts that facilitated the design and implementation of a significant security infrastructure improvement.
Directed the coordination and institution of a Disaster Recovery and Business Continuity program for all international and domestic Harley-Davidson locations.
Coordinated and implemented a comprehensive global security program, including building security standards, deploying technologies, tools, awareness, training, network architectures, designs, and develop an application security program.
Strategically worked with business units to educate executive leadership on IT and OT risk analysis and deployed a robust vendor risk management and exception program.
Frequently worked with global enterprise business stakeholders to identify acceptable or mitigating levels of residual risk and spearheaded the development of a robust risk and vulnerability management program.
Acted as the main point of contact to executive leadership for managing and driving remediation of information security risk within the context of the AWS Cloud infrastructure
Provided leadership and direction in the execution of an IT Risk & Security assessment which identified gaps in the information security program. I was chartered to develop strategies and appropriate policies to incorporate a NIST framework in the Harley-Davidson INFOSEC environment.
Recommend security solutions to assist with a detailed physical security assessment and developed a plan for continual improvement of Harley-Davidson Motor Company and presented the results to Executive Senior Leadership and the Board of Directors.
Federal Bureau of Investigations (FBI) 1996 – 2016 SUPERVISORY SPECIAL AGENT – OPERATIONAL TECHNOLOGY DIVISION Quantico, VA June 2009 – June 2016 Hand-picked to serve as a member of the Reconnaissance Operational Control Unit (ROCU) and Tactical Computer Access Unit (TCAU) of the Tactical Operation Center, an elite team of operators providing strategic support for field offices throughout the United States. Supervise, plan and oversee the coordination of several hundred classified operations involving covert/surreptitious entries for court-authorized warrants related to suspected terrorism, espionage, criminal and intellectual property cases. Provide penetration testing and vulnerability analysis to determine the optimal techniques required to facilitate the gathering of physical and digital evidence without detection. Maintain data integrity while meeting stringent and frequently changing regulations, regarding the collection of information in commercial and residential settings. Utilize computer forensic software Encase and Access Data FTK to provide hands on expertise in digital evidence collection and analysis of computers, cell phones, tablets, hardware, software and related systems and platforms to be utilized as evidence and/or intelligence. Experience in the decomposition and analysis of malware and spyware to determine its behavior and the impact against the weaknesses in commercial antivirus solutions. Provided leadership, training and mentorship to teams of up to 25 senior agents and analysts.
Highly valued and specifically requested to enhance mission success by providing expertise in bypassing, defeating and compromising physical and technological security, spanning computers, networks, security systems and software.
Supervised complex, multimillion dollar classified contracts that included developing specialized penetration tools and programs, which are still being used by military and law enforcement agency clients and other intelligence partners.
In depth understanding and applicable use of configure, change and patch management policies and procedures to provide a secure testing environment for analysis and development in the tactical operation center network.
Experience in developing and deploying honeypots and honeynets to develop an understanding of their behavior, response and collection of data when deployed on a network.
Deployed based on performance and experience to conduct computer forensics, cyber security analysis and vulnerability testing with the U.S. Military Special Forces in Afghanistan in response to concerns surrounding compromised technology systems and intelligence.
Knowledge and experience in analyzing and deploying network and host based intrusion detection platforms: familiarity with setup, configuration, monitoring and responses to determine strengths and methods to exploit their weaknesses.
Recognized with five incentive-based rewards and two quality step increases for the overall performance in gathering actionable intelligence.
C HRISTOPHER B UECHNER 4 SUPERVISORY SPECIAL AGENT Denver, CO April 2004 – June 2009 Selected to serve as Laboratory Director of the Rocky Mountain Regional Computer Forensic Laboratory (RMRCFL), which entailed establishing and managing all aspects of the highly coveted FBI-sponsored cutting-edge regional computer forensic laboratory. Supervised the development of all policies and procedures that was required to meet the highest quality standards and defined the overall goals and methodologies of the laboratory. Presented quarterly reports to the national and local executive boards, which demonstrated the effectiveness and efficiently of the laboratory. Trained, supervised and led to up to 28 direct reports. Supervised and contributed to the development and implementation of a secure IT system which protected and efficiently managed collected digital evidence with an annual budget of $1M. Collaborated closely with Federal, State and Local law enforcement agencies to support open cases (beyond those assigned by the FBI) and recruit and trained professionals across multiple agencies as part of a 3-year rotation program.
Led the laboratory to achieve the prestigious American Society of Crime Laboratory Directors (ASCLAD) accreditation.
Established a high level of trust with agencies outside of the FBI (which grew to roughly 65% of total caseload) and increased caseload by 70% year-over-year without sacrificing quality.
Requested to serve as Acting Assistant Special Agent in Charge of the Denver FBI Office while waiting for the successor to be appointed and to arrive in the office.
Developed and maintained a superior reputation for quality and data integrity, such that attorneys and law enforcement professionals specifically requested and required that computer forensic work be conducted by the RMRCFL.
Selected to serve for three months as an Assistant Cyber Legal Attaché in London England, which entailed working closely with international law enforcement and intelligence agencies to support investigations in Europe.
Requested to spearhead international trainings in Brazil, Columbia, Russia, India, Estonia and Japan, and assist with investigations in China, Russia, Pakistan, Switzerland, London, Germany and Peru. SPECIAL AGENT Denver, CO January 2002 – April 2004 Transferred to the Denver office to conduct cyber investigations and court authorized search warrants, which included computer forensic examinations as a Certified FBI Computer Forensic Examiner. Analyzed and gathered data from a wide range of systems and platforms including Mac and PC computers, tablets and cell phones using EnCase, FTK, Cellebrite, UNIX and related software and tools. Coordinated closely with the local field office cyber intrusion squad. Reviewed the work of fellow forensic examiners and provided training and support for deferral, state and local law enforcement agencies.
Testified in multiple State and Federal court cases as an expert witness.
Elected by peers, to serve a two-year term on a national review committee for the development of policies and procedures, that were implemented and adopted within the computer forensics community.
Organized and developed a successful and highly requested Internet safety presentation, that was intended for both parents and children. The program was requested and delivered to schools in Colorado and across the nation.
Specifically requested to present on behalf of the FBI to promote cyber security and Internet safety on several documentaries for local news and radio stations.
Recognized with three incentive-based rewards for overall performance.
Trained and served as tactical operator and team leader on local FBI SWAT team. SPECIAL AGENT San Francisco, CA July 1996 – January 2002 SPECIAL AGENT TRAINING Quantico, VA March 1996 – July 1996 Led a wide range of investigations including but not limited to computer intrusions, child pornography, crimes against children, bank fraud, civil rights violations, terrorism, internal fraud and embezzlement. Gathered, investigated and prepared facts for prosecution. Utilized interviews, document analysis and search warrants to collect and analyze physical and digital evidence. Translated complex, granular technical and financial data into actionable, practical information and reports for attorneys, juries and defendants. Ensured compliance with all regulations and laws.
Affiant on several Title III data search warrants, physical search warrant, computer search warrant
Co-Case agent on well-known classified cyber intrusion intelligence case.
Recognized with incentive based cash reward for outstanding contribution to several prosecutions.
Trained and served as tactical operator and assistant team leader on local FBI SWAT team. C HRISTOPHER B UECHNER 5 Early Career Summary 1988 – 1996
In addition to the roles and achievements highlighted above, prior to joining the FBI, served in multiple roles as an accounting, finance and computer administrator professional within private industry. Financial Accountant and Network Developer for Golden Star Resources in Denver, CO, Assisted in developing a secure wide area network that was utilized in assisting the local financial managers in securely submitting their financial documentation to the headquarter office on a monthly basis. The implementation of the network saved significant time and secured the records.
Increased efficiency and effectiveness of the documentation flow of financial statements.
Recognized with a promotion and cash based incentive bonus. Financial Controller, Western Geophysical based in Rio De Janeiro Brazil. Assisted in obtaining and supervised the execution of multi-million dollar contracts in both US Dollar and local currency contracts. Supervised all areas of financial operations for a local chartered company that was a subsidiary of a US corporation.
Supervised a staff of 15 local accounting and human resource personal.
Speak and worked professionally in a Portuguese environment.
Received several promotions and cash based incentives for contribution. Financial Accountant, MI Drilling Fluids in Houston, TX. Entry-level financial accounting position
Performed financial accounting functions for multiple foreign locations.
Developed an accounting software to assist in the financial reporting from international locations. EDUCATION & CERTIFICATION
MASTER OF SCIENCE IN INFORMATION AND PHYSICAL SECURITY, Denver University, Denver, CO – 2009 KELLOGG SCHOOL OF MANAGEMENT, Northwestern University, Chicago, IL – 2004 BACHELOR OF ARTS IN ACCOUNTING, Hastings College, Hastings, NE – 1988 ADDITIONAL TRAINING AND CERTIFICATIONS
§ CISSP
§ CISM
§ ITIL Foundation
§ CompTIA A+
§ Security+
§ Net+
§ Adjunct FBI Instructor
§ Wireless Security +
§ FBI Certified Computer
Forensic Examiner
§ Certified FBI Police Instructor
§ Certified SWAT operator
§ Over 1,500 hours of hands-on
legal compliance, computer
security and computer forensic
training
TECHNOLOGY SKILLS
Software: MS Word, Works, Excel, PowerPoint, SecurityOnion, Snort, CheckPoint, Access Data FTK, Cellbrite, Encase, FireEye, Norton Security Suite, Symantec AVS, Cisco Security Solutions, QRadar, O365 Deployment, Operating Systems: MS Windows, Mac OS and Linux (Red Hat, UNIX) Networking: Cisco routers and switches, VPN, ACS and Cisco PIX