Information Security Officer

Brad Boynton “Security with a Bottom-Line Focus”

Tel: 805-***-**** ************@*****.***

Executive: Information Security and Administration

Senior security expert with proven success delivering unprecedented efficiency, security, and collaboration through top technical implementation. International experience ensuring complete consistency, confidential data protection, and network quality in the U.S., Europe, and Australia.

Needs Assessment IT Security IT Infrastructure & Design Network Administration

Information Security Accomplishments

Information security SOC Manager February 2017 – April 2020

Orion Health

Information Security Engineer II/ SOC Manager

Designed, implemented and managed Security operation center monitoring for Orion Health’s customer AWS Cloud accounts and hosted environments on a global scale with an additional focus on GDPR, EU privacy laws as well as privacy laws in APAC. Conducted risk assessments for customer accounts in multiple regions and developed a standard model for SOC monitoring all environments. Created and Implemented the Security incident response process to include both the corporate and customer environments. Developed policies, procedures and standards to address a broad range of security risks. Managed all aspects SOC staff and Managed services contracts.

Information security Manager (CISO) February 2015 – February 2017

Hawaii Health Systems Corporation

Chief Information Security Officer

Update and create IT and IT security policies, Build an information security program and systems from the ground up. Build consensus among different IT groups within the 5 HHSC autonomous regions. Educate resistant corporate board members and the regional board members using life network data when necessary. Hands on management utilizing commercial and open source security tools. Made and enforced many unpopular decisions while at the same time actively found ways in which IT could accomplish their projects in a secure and compliant way. Implement commercial deep packet analyzer, open source vulnerability scanner and other tools.

Information security architecture & management contract July 2014 – February 2015

University of Massachusetts Medical schools

Executive Security Consultant and Architect

Assess existing information security policies, procedures and architecture for the purpose of implementing improvements and automation. Architect and operationalize vulnerability management, Incident Response, SIEM, Firewalls, DMZ Design, IDS and IPS and training new information security staff. Make decisions on behalf of the CISO in his absence. Implement and operationalize log management and correlation. Advise on state and federal privacy and healthcare compliance laws. Conducting network and application pen testing and working with app dev in each phase of development. Participated in endpoint encryption, AV operationalization/migration and third party assessments.

Independent consulting September 2013- July 2014

Healthcare Practices

Security Consultant

Evaluating Security systems, procedures and policies of healthcare facilities to improve their security posture with a focus on HIPAA compliance and PII. Utilizing my management and people skills to overcome resistance to changes and train medical staff to improve the security of each client.

PennyMac, MoorPark CA Contract June 2013–September 18 2013

Financial institution

Sr. Security Engineer (2013–September)

Architecting and engineering Security systems, procedures and policies to improve the security posture of PennyMac. Utilizing my management and people skills to overcome resistance to changes and improve the security posture of PennyMac.

Acted as an integral part of the Incident response team and I was part of the front line in information systems defense.

Redesigned the enterprise wide AV protection and OS/Application Patches

Advise in the development and creation of Security Policies, work instructions and SOPs.

Created the overall design for Security infrastructure

Designed IDS/IPS systems for the network

Designed SIEM Solutions

Designed DMZ

Brought a holistic approach to security challenges

Secure Works, Atlanta GA November 2011–April2013

Division of Dell Inc.

Sr. Security Advisor (2011–2013)

Advisor to the Security Operations team at a large pharmaceutical company. Hold responsibility across multiple European, North American, South American, Asian and Australian sites.

Acted as an integral part of the Incident response team and was part of the front line in information systems defense.

Ensured HIPAA, PCI/DSS, PII, Safe Harbor, SEC and FDA compliance.

Complied with international laws primarily Safe Harbor. Advise on enterprise wide AV protection and OS/Application Patches

Advise in the development of Security Policies, work instructions and SOPs.

Enterprise experience: vulnerability scanning, data loss prevention, endpoint protection, event management solutions, intrusion detection

Train users on Security Awareness

Any mentoring of junior security analysts

Advise on IDS/IPS systems for the network

Advise on SIEM Solutions

Brought a holistic approach to security challenges

Mentor Worldwide LLC, Santa Barbara, CA October2006–September 2011

Division of Johnson & Johnson devoted to medical devices, pharmaceuticals, other consumer health products. 150K employees.

Chief Information Security Officer (2006–2011)

Led all information security functions on a global basis, managing security maintenance and improvement initiatives for email, server, database, network, IDS/IPS, web, plus data loss prevention.

Execute a variety of technical, analytical, and strategic functions to ensure security of global operations, with focus on efficient, secure interactions between Mentor employees and assets and the greater Johnson & Johnson network. Hold responsibility across multiple European, North American, and Australian sites.

Eliminated risks and achieved zero service disruption during complete migration from Mentor to Johnson & Johnson network, coordinating with diverse teams from both organizations for results.

Spearheaded drive to 100% compliance across Mentor for Johnson & Johnson’s stringent SOX controls, designing and leading 80+ SOX control activities and test scripts for SOX transition.

Ensured HIPAA, PCI/DSS, PII, Safe Harbor, SEC and FDA compliance.

Complied with international laws primarily Safe Harbor.

Ensured efficiency, effectiveness, and coordination between Mentor and overall enterprise by leading compliance with Information Assurance Protection Policies; designed and conducted technical and policy changes and evaluation across all international sites.

Safeguarded intellectual property and proprietary business information by discovering instances of data being traded to rivals via network; closed security gaps, investigating all privacy and security issues.

Hands on CISO with overall management of security systems

Increased productivity 10% and ended email security incidents completely by retooling corporate email systems to prevent 99% of spam from reaching end users by implementing and managing a new email gateway (Iron Port).

Any mentoring of junior security analysts

Secured confidential data by reducing intentional and unintentional leakage a combined total of 80% through implementation of new controls and revamped training of affected users.

Protected company against unwise investment—potentially millions of dollars—by instituting and conducting thorough pre-purchase evaluations of all new technology.

Developed world-class security despite resistance from leadership by introducing new technologies on a trial basis and demonstrating key security loopholes to catalyze buy-in for enhanced measures.

Captured data crucial to ending corporate espionage by implementing a SIEM logging and alarm system. (Log Rhythm) as well as a email gateway DLP solution (Proof Point)

Lead all incident and eDiscovery requests using various tools.

Monitored intrusion prevention systems for suspicious activities.

Conducted regular Security and vulnerability assessments using Qualys and Nessus.

Developed and managed the corporate OS and Application Patch management schedule and testing.

Enterprise experience: vulnerability scanning, data loss prevention, endpoint protection, event management solutions, intrusion detection

Implemented and maintained corporate URL filtering using WebSense.

Conducted packet analysis using Sniffer Pro and Wire Shark.

Implemented hard disk encryption for laptops using Guardian Edge.

Information Security Incident and Breech experience while at different positions and organizations

Experience with detecting and stopping insider threats including working with law enforcement and testimony in the judicial system. Experience with detecting, mitigating and remediating APTs several of which resulted in working with the FBI. Experience with OCR, FDA, SOX audits and remediating findings. Experience with Safe Harbour, several EU nation states, and Canada and Australian privacy and compliance laws.

Bachelor of Science in Business Administration; City University of Seattle, Seattle, WA

Certified in CISSP, MCSE Proficient in Windows Server MS Office Suite Security Applications. Presented at 2013 ASIS/ISC2 Security Congress in Chicago. Topic: End Point Protection is always between the chair and the keyboard. Have a deep passion for Information Security – ISSA, CSA, ISC2, OWASP

http://www.linkedin.com/pub/brad-boynton/3/966/24

Contact this candidate