VP and Chief Information Security Officer

Brian Hanson

**** ****** **. *******, ** *****

(Cell) 925-***-**** ● ********@*********.***

PROFESSIONAL PROFILE

Security Leadership Executive with extensive business experience in healthcare, property and casualty insurance, and technology domains. Skilled at negotiating between business and technology to find compatible solutions, identifying deficiencies and developing effective solutions while analyzing information security programs. Experience working in a consensus driven environments where high degrees of inclusion are required for success. Real-world experience developing and deploying an information security program from scratch.

Over 25 years of security leadership experience with particular focus on application and data security. Hired, developed, and led high-impact teams to successful implementation of complete security stack. Built confidence with business partners and increased revenue by focusing on the business risk, sales and effectively managing mitigation and remediation. Experienced in presenting to and working with company board members to address security related concerns and business issues.

Enterprise Security Strategy Business Leadership Core Executive Traits

C-Level Information Security Management ● Providing Direction, Vision & Oversight ● Prioritizing Multiple Projects

Aligning Risk to Business Goals ● Collaborating with top Executives ● Strong Leadership Presence

Governance Risk and Compliance ● Driving Operational Excellence ● Maximizing ROI & Reducing Costs

Drive Secure Products and Operations ● Cross-Functional Team Leadership ● Strategic and Analytical Planning

PROFESSIONAL EXPERIENCE

VP and CISO

JLI – (October 2018 - Present)

Responsible for the end-to-end security buildout and operations for one of the fastest growing companies in the world.

Key Achievements:

Built and operationalized a complete security program from scratch during tremendous company growth of 300 to 4000+ employees and operational expansion into 11 countries in just over a year.

Secured multiple SaaS operations and properties to include B2C, B2R, B2D, Mobile and Device microservices.

Built security into manufacturing and supply chains across four countries to include fraud prevention and data protection.

Developed the GDPR, SOX, and PCI security controls and attained compliance in less than a year.

Built the physical security program and controls for facilities, manufacturing, retail and inventory.

VP and CISO

Micro Focus – (August 2017/merge – October 2018)

Responsible for complete Cyber Security stack for seventh largest pure software company with $4.5B in revenue and a global presence.

Key Achievements:

Responsible for end to end security of 17,500 employees, 200 products and over 130 facilities (labs, datacenters and office space)

Developed a strategy and framework that allowed the organization and products to get ISO 27001/27002 certified, SOC2 certified and prepared for GDPR.

Merged two separate companies’ security organizations people, process and technology resulting in increased efficiency and reduced cost.

Collaborated with R&D and IT to build security into all facets of products and architecture to include building security into the SDLC and cloud operations.

HP Software CISO and VP of Product Security

Hewlett Packard – (March 2013-August 2017, merged with Micro Focus)

Responsible for end-to-end Cyber Security for HP Software and for the proactive application of security within the development lifecycle for all HP products. Collaborate with product engineers and developers on security concerns for all projects to evaluate security assurance and compliance. Presented Information Security topics to senior leadership, department heads and the board of directors to ensure that all investments meet stipulated security requirements.

Key Achievements:

Built complete cyber security program for HP Software to include Security Operations, Assessment, Governance, Risk and Compliance, 24/7/365 SOC and related processes.

Managed security related merger and acquisition risk to include HP separation into two fortune 50 organizations, 110,000 employee services divesture to CSC, 15,000 employee divesture to Micro Focus, Aruba acquisition, Tipping point divesture, and other M&A.

Built from scratch a team of 84 highly effective security professionals and developed a program to apply and test security prior to production all of HP products.

Increased business sales by demonstrating security assurance practices, met customer regulatory obligations (PCI, SOX, etc.) and proving to customer’s security was “built in”.

Developed and operationalized multiple security capabilities to include incident response, product assurance, code signing and others.

Utilized comprehensive metrics to show risk reduction and business savings for security investment. Presented as required to Board of Directors Audit subcommittee status of security program.

Chief Security Officer (CSO)

Sony Network Entertainment (January 2012-March 2013)

Responsible for end-to-end cyber and physical security in the areas of information asset management, risk and vulnerability management, audit & compliance and general security awareness for the Sony Network Entertainment business.

Key Achievements:

Managed, budgeted, and defined a roadmap of complete security program for 138 security professionals and $32 million budget.

Presented to board on quarterly basis on security ROI, residual risks and security posture of organization.

Developed several new and innovative security measures to solve business problems and customer experiences in the organizations strategic platform the PlayStation 4.

Applied product security program proactively on an extremely diverse set of platforms to include the Sony Entertainment Network, PlayStation, Music and Video streaming services, online gaming, mobile, and various electronics.

Developed a compliance and control framework which allowed for PCI, SOX and ISO adherence.

Director of Strategy, Technology and Security

Kaiser Permanente (June 2001-Jan 2012)

The primary role of this position is to understand emerging threats to the organizations in a 1-3 year time frame and proactively develop and operationalize the capabilities that will protect the data, brand and reputation from those risks.

Key Achievements:

Created and led the team to develop the security architecture and detailed security design for Kaiser Permanente’s primary strategic initiative – the online medical record.

Defined, built and managed four separate teams within the strategy, application, mobile and database security domains.

Provided security thought leadership, risk mitigation, and funding justification resulting in several multi-year multi-million dollar security efforts.

Defined offshore security controls for KP and partnered with multiple offshore organizations to meet those controls. Developed repeatable security patterns to how electronic medical information and other sensitive data can be processed offshore securely with minimal risks.

Defined, documented, implemented and passed multiple control objectives for SOX, PCI, and HIPAA providing business benefit and cost avoidance.

Developed a comprehensive application security program from scratch and staffed it to be operational in less than 1 year.

E-Business Architect/Lead Developer

Fireman’s Fund Insurance (June 1995 – June 2001)

As a chief architect and security lead developer from the E-Business group, my primary responsibilities included understanding and developing in emerging technologies, managing consultants in development efforts, evaluating vendor technologies, and developing applications in the E-Business organization.

Section Leader

US Army (August 1989 – September 1992)

Supervised, trained, and evaluated a small team in a highly demanding and stressful environment.

Received Army Achievement and Army Commendation medals while in service.

Honorably discharged

EDUCATION AND HONORS

San Jose State University (1992-1995) - B.S. Business Administration - Management Information Systems. Interdisciplinary minor with focus on computer science.

Harvard Business School (February 2014-January 2015) – Executive Strategy

Certifications

oCISSP - Certified Information System Security Professional

oGHFI - Computer Hacking and Forensic Investigator

Publications

oWebSphere Application Server Bible (contributor) - Wiley Press

oDMZ best practices – ServerSide.com

Speaking

oHP Protect – Product Security panel

o"SANS - What Works" in application security programs

oDCI (Digital Consulting Institute) Portal Conference – Expert Panel Speaker

Specialties

oLeadership and strategy in security domain; building security organizations; Application Security; Computer Forensics; Security Architecture; incident response.

Contact this candidate