Seasoned and results-oriented technology executive with distinguished career of 25+ years developing information security and information technology programs for top global companies and government entities. Extensive and in-depth knowledge of complex security and regulatory requirements governing sensitive company data. Leverage combination of technical aptitude and business acumen to develop long-range plans guiding IT/IS strategy, infrastructure, compliance, policies/procedures, and operations. Expertise in delivering and managing all stages of security solutions from strategy and architecture, to design, development and deployment for programs. Exceptional analytical, interpersonal, and exceptional leadership qualities.
Accenture March 2014 to Present
Senior Security Manager
Own, drive and lead large security architecture programs across North America, managing budgets of $20+ million.
•Operate with senior client executives (C-levels, VPs, Directors), and assist clients in successfully defining Cyber Security strategies, investments and operating models to support priorities.
•Lead large security engagements advising clients strategically with big-picture and tactical guidance on how technology can enable a wide range of business outcomes.
•Engage with clients in strategic discussions to provide best in class security IT Strategy and industry guidance to maximize client's long-term business objectives.
•Develop strong and lasting relationships with client executives, effectively sell new business and follow on security advisory engagements.
•Driving operational efficiencies and deployments of large-scale projects to include building, driving and managing globally distributed diverse teams.
•Lead efforts on several RFP’s relating to information security managed services and compliance offerings.
ICC July 2013 to March 2014
Led business operations, client relations, contracting, cost control, and strategic planning for information security provider. Established strategic partnerships with professional organizations and companies to increase client base and strengthen brand. Designed and implemented client-specific security policies, procedures, and awareness programs; managed numerous compliance projects; directed security administration and evaluations. Handled all aspects of technology including, planning, implementation, support, information security, daily operations, technology audits and reporting to Board of Directors and executive management.
Dragonfli July 2012 to July 2013
Executive Security Director
CISO level role responsible for Information Security and Compliance teams to include, overseeing all aspects of strategic planning including goals, metrics, budgeting & organizational objectives. Creating & delivering successful Information Security and Compliance program that includes 3-5 year roadmap, various technology implementations, risk management, governance & business continuity. Provided management and technical consulting services in cyber security related disciplines to executive management and technical staff to help solve current enterprise ecurity issues including, but not limited to Risk Management, Security Planning, Security Incident Response, Security Management processes, Enterprise Continuous Monitoring, Security Information and Event Management, Logical Access Controls (LACS), Identity and Access Management (I&AM) and IT Security controls implementation and testing, Federal IT Security laws, regulations and compliance (FISMA, NIST, SOX), Cloud Initiatives and SOC plan, design build and support.
Ken Reely, 443-***-**** Page 2
SRA International, Inc. January 2011 to July 2012
Principal Security Architect
Program lead for a large technical security team to support a wide range of security issues onsite for the Department of VA to include: detailed infrastructure audits and security reviews, production and documentation of security policies, standards and procedures, systems security design and architecture development concepts
and methodologies, design, development and integration of application, computer and network security technologies, threat, vulnerability and risk assessment, security operations, administration and governance. Implementation of higher-level security requirements, defining security plans and policies, assessing new system design methodologies to improve software quality and ensure user awareness and compliance. Developing Security Assessment and Authorization (A&A) documentation, performing independent ST&E evaluations, and conducted annual security reviews in accordance with NIST Special Publication 800-37 and other NIST guidance. Planning and participation on large scale enterprise projects in order to design, modify and implement technical, procedural and administrative security solutions to help ensure the protection of information systems and resources. Architectural guidance and oversight into integration of GOTS & COTS products. Risk assessments to identify current and future internal and external security vulnerabilities and provide recommendations necessary to derive decisions about risk acceptance and risk mitigation, and identify the best ways to reduce information security risks. Technical and functional reviews of application security architecture. Development and assessment of security requirements and IA control implementation in the evaluation of emerging cloud computing security technologies. Development of test and evaluation procedures, assessment of IA Plans of Action and Milestones (POA&M and monitoring implementation of security processes and hardware/software solutions. Participated as a key member of integrated government/contractor executive teams of technical and functional experts in the conduct of Information Assurance, Security Test and Evaluation (ST&E) and Certification and Accreditation (C&A) assessments of government information systems.
Gerretson October 2008 to October 2010
Principal Security Lead
CISO level role responsible for Information Security leading a large cyber security team to deliver technical security architecture and engineering support of various security technologies onsite for the Department of Treasury. Designed and implemented security policies, procedures, and awareness programs; managed numerous compliance projects. Handled all aspects of technology including, planning, implementation, support, information security, daily operations, technology audits and reporting to executive management. Represented the program office regarding significant security engineering issues at technical meetings with other government agencies and private industry. Provided architectural guidance and oversight into integration of GOTS & COTS products within the customer’s IT environment. Lead a FISMA re-alignment team to aggregate accreditation boundaries which lead to a yearly cost saving of several million dollars. Lead risk assessment teams to determine vulnerabilities and provide recommendations for secure design and threat mitigation. Supported and developed cyber security policies and procedures to include: policy analysis, internal audits and internal control reviews, security product evaluation, penetration testing, audit log analysis.
e-Management May 2007 to October 2008
Senior Security Manager
Lead a large information security team in developing policies and procedures to include establishing and implementing security programs and processes onsite for the Department of Transportation. Produced several IT security procedural manuals and guidelines with a focus on FISMA & OMB compliance. Addressed IT education with an emphasis on cyber security training. Supported the investigating and reporting of all information security incidents and made recommendations to executive management for corrective actions to ensure the integrity of systems and employees. Arbitrated and determined best course of action in varied security engineering technical issues to resolve incompatibilities and minimize security threats. Served as the primary Information Security
Ken Reely, 443-***-**** Page 3
Officer (ISO) to implement security policies and procedures. Conducted Cyber Security Awareness and Information Assurance (entire C&A Life Cycle) training when needed. Supported COTS analysis and performance tests and assessments of security technologies to include: IDS/IPS monitoring & trends analysis, Asset management alignment and reporting, Policy & Audit log analysis Internal audits and control reviews, Security product evaluation, Vulnerability management & remediation and Penetration testing.
Sytex June 2005 to May 2007
Senior Security Manager
Planned, assigned, and directed work tasks for a team of contractors supporting security architecture activities onsite for the Department of Defense. Reviewed and evaluated security incident response policies and helped to develop long-range plans for IT security systems. Prepared and presented technical oral and written presentations and reports to executive DoD personnel. Worked in parallel with the Army Computer Emergency Response Team (ACERT) to track and manage incident reporting requirements. Coordinated with the site administrators to ensure compliance with the latest Information Assurance Vulnerability Alerts (IAVAs), DISA STIGs and HQ CID policies, as well coordinated and reviewed technical proposals and reports and provided recommendations. Validated security plans, as well as verified results generated from Certification & Accreditation testing and audit activities.
Oversaw and audited complete database systems maintained by other contractors and service personnel, to include validating existing documentation and testing system integrity. Conducted interviews, hiring and training.
Computer Associates International January 2000 to June 2005
Global Security Manager
Lead global member pre/post-sales operations and professional services organization teams to support security engineering activities in support of governmental and commercial clients worldwide. Provided technical oversight and guidance to security architects and was responsible for the roadmap, timelines and quality of the various security solution efforts. Delivery of security service packages offerings. Development of security focused products and services engineering, establishing CA’s leadership in Security Management Solutions. Responsible for global services budget to include: strategic initiatives and aggressive revenue growth, partner recruitment and competitive positioning. Delivered internal and partner certification program leading to over 100 certified solution providers, reseller, technology, OEM and training partners worldwide. Developed new service offerings based on CA’s security, enterprise and wireless technologies resulting in three fold increase of packaged services sales in North America leading to over $50M in incremental revenue. Presented corporate and product strategies, and drove results at executive management levels both within CA and with the partners and other external parties.
Increased awareness of CA's position in the solution area market internally as well as externally. Trained, guided, mentored and assisted Technology Services in the security solution areas. Involved with local industry groups and became CA's voice in the market. Worked closely with the worldwide product management and brand marketing teams, as well as other field organizations (SE, PSO, channels) in the development of solution architectures, best practices, and solution and service delivery toolkits to build Technology Service strategies with the CA Brand Units. Presented corporate and product strategies, and drove results at executive management levels both within CA and with the partners and other external parties.
Ken Reely, 443-***-**** Page 4
Various Consultant Roles, Technical Roles March 1993 to January 2000
Technical Lead to support security engineering activities in support of Government and Commercial clients.
Bachelor of Science (B.S.), Computer Science; (In Process), AWS Cloud Security Architect (In Process)
Holds Industry certifications, CISSP, Security+, MCP+ I, CEH, ITILv3, Okta IAM Technical, DoD Information Assurance (Defense in Depth), (DITSCAP & DIACAP), Trusted Agent FISMA (TAF), Project Management Trained
Dale Carnegie High Impact Presentations, CA-Certified Unicenter Network Engineer/Architect (CUE/CUA)
Network Security (SEIM, IDS/IPS, firewalls, crypto, PKI (X.509, PKCS, OCSP), Internet services, Incident Response, Vulnerability Analysis and Forensics, Packet capturing technology, Penetration testing, Two-Factor Authentication, VPNs, electronic mail, Biometric Identification systems, developing and building comprehensive SIEM architecture to support real-time security monitoring operations.
System Security (Microsoft NT/2000/AD, Unix/ Linux, workstation platforms, appliance-based platforms)
Database Security (Microsoft SQL Server, Oracle, MySQL, SQLite)
Internet Security (Microsoft IIS, Apache, web services and applications, CGI, Java, PHP
Hands-on experience with security tools such as nmap, Wireshark, tcpdump, Nessus, Metasploit, Tripwire, CORE Impact, Snort, Oracle, SQL, Trusted Agent FISMA (TAF), Computer Associates eTrust, Unicenter, Brightstor, DISA Gold Disk, ISS Internet Scanner and Harris STAT, Information Assurance Vulnerability Alerts (IAVAs), Foundstone, Snort, ArcSight, MBSA, Wireshark, Tripwire.