Director Cyber Security
Resume:
ROBERT C. HART
972-***-**** adlo5o@r.postjobfree.com
Veteran – United States Navy
IT Security & Technology Leader
Accomplished, outcome-driven IT Security leader with + 10 years of Cyber Security and +30 years of Information Technology experience growing year-over-year success in leading complex, challenging IT Security and Operations initiatives. Uniquely qualified as a leader with a solid knowledge of operations, strategy and management who has enjoyed repeated success guiding highly skilled, cross functional teams in areas of IT operations, project management, and cybersecurity. Highly competitive, passionate, persuasive, and articulate, able to forge solid relationships with upper-level executives and build consensus across multiple organization levels.
CORE SKILL AREAS
· Governance Risk and Compliance · ISO 270001, 9001 · SOC 1 SOC2 PCI
· Cyber Security Operations · Team Development & Mentoring · Project Planning & Management
· SIEM, SOAR, SLED, CSIRT · IT Policy Development · Technology Program Development
· Strategic/Tactical Planning · Data Integration & Migration · Intelligence & Analysis
· Risk Management · Security Assessments · Incident Response
CAREER SYNOPSIS
Director, Cyber Fusion Center
BlackSwan CyberSecurity – Cyber Security and Research Organization May 2020 – Feb 2021
Planned, developed, and implemented the company’s first Cyber Fusion Center to provide 24/7/365 identify detect and response managed services aligned with NIST Framework.
Defined vision for the Cyber Fusion Center One Team One Job to Actively protect our customers data from malicious and suspicious actors both externally and internally.
Functions include full security life cycle monitoring, incident response, vulnerability scanning, security engineering. project management, product selection, customer onboarding, and sales presentations.
Vendor Management using cloud based SAAS vendors to manage cost and ensure smooth delivery of services engaging customer support and engineering teams to ensure product stability and availability.
Developed baseline for NIST, PCI, SOC2 and Incident Response with the understanding that cyber security maturity is a process that you start with the basics hardening, edge protection, active monitoring of critical devices and graduate as budget and risk acceptance change.
Reviewed Risk Assessments with customers to determine how to prioritize the onboarding of devices and level of filtering if any understand the concept of junk in junk out for log monitoring.
Participated in sales engagements as the delivery leader, supporting new customers presentations on company offerings with a closure rate of 85%.
Developed a project plan for the onboarding process ensuring monitoring occurred as devices were added so we reduce gaps in security monitoring during the onboarding process allowing for a continuous ingestion of log data using a discover, configure, tune, optimize, monitor – repeat process.
Developed Performance Goals for the team to help drive quality and build an element of team unity and competition.
Engaged teams in Continuous Service Improvement and Continuous Process Improvement which allowed the team to think outside the box make mistakes learn from those mistakes in order to improve the overall process.
Created Incident Response policies and procedures solicited feedback from customers aligning our process with their processes and testing the results during the onboarding process.
Actively engaged with customers to learn their business this helps ensure we can properly prioritize log ingestion and filtering security events that don’t add value to the incident detection and response.
Created Computer Security Incident Response Procedures that could be adapted by our customers and integrated with their existing incident response plan or serve as a baseline if they did not have one.
Ensured we follow the customer first concept that we always put our customer needs above our own breaking down barriers and building lines of communication and collaboration.
Meet with customers audited communication with customers actively participated in calls with customers letting them know we are here to support them.
Forecasted, planned and hired qualified Analyst and engineers to fill positions based on corporate growth and minimal baseline standards to provide 24/7/365 Monitoring Detection and Response capabilities.
Managed SIEM SaaS Platform Securonix for early threat detection and response
Managed Cloud Environment and Incident Response using Defender and Advanced Threat Protect.
Built out Production and Test Environments for Labs and Red and Blue team scenarios using VMWare, Linux including Red Hat, Centos, Ubuntu, Windows 10
Setup Microsoft Service Manager (ITIL) environment with SQL as the primary database. Tested collaboration tools like Teams, Discord, Slack.
Director, Managed Cloud Security Services
NTT Data Services (Formerly Dell Services) Jun 2016 – May 2020
Lead 3 Geographically Diverse Security Operations Center Teams in the United States and India providing Tier 1 and Tier 2 and Tier 3 Support Operations 24/7/365 for 54 customers and staff of 60 SOC Analyst and Engineers.
Lead 2 International Engineering Teams Supporting Vulnerability Management Program and Security Information Event Management (SIEM). Managing and supporting Rapid 7, Nexpose, Qualys, Tenable Nessus, RSA Net Witness McAfee ESM, Securonix, LogRhythm, Splunk. Lead SIEM Management team providing Technical Engineering support for RSA Security Analytics, MacAfee SIEM, Splunk, and ArcSite ensuring 99.9 % uptime for SIEM’s and N-1 on Software Patching and updates to systems reducing risk potential for Vulnerabilities through active remediation.
Familiar with technologies for endpoint protection Sophos, Cylance, Crowdstrike Falcon Symantec, McAfee especially integration with SIEM and Incident Response and remediation.
Lead CSIRT and Actively participates and advises Crisis Response Teams. Personally, responsible for approving and maintaining security operational policies procedures and ensuring regulatory compliance for NTT and our customers based on multiple regulatory agency’s (NIST Framework, ISO27001, PCI, SOC2, etc).
Lead by example Servant Leadership style work through problems collaboratively reduce problems by following proper change management procedures all incidents have a root cause.
Key leader in 2018 ISO 9001, 27001 Audit resulting in continuing certifications and no minor, or major findings.
Actively monitored Service Now Ticketing Queues for multiple customers ensuring we provided quality service.
Actively participated in Azure MSSP Audit resulting in Certification as an Azure Gold MSP Partner
Develop and Maintain Continuous Service Improvement program for security professional tying in threat research and updating of playbooks and use cases to Performance goals.
Developed highly motivated teams focusing on the customer, providing quality service delivery exceeding expectations.
Created key metrics to monitor performance for SOC Analyst and Engineers to ensure measurable results.
Focus on reducing attrition by focusing on the individual, opening career paths for team members and enabling them by providing excellent training and growth opportunities within the Security organization.
Sr Project Manager
Christus Health – Jun 2015 – Jun 2016
Upgraded and Migrated Horizon Patient Folder Application and migrated 3 regional hubs into one enterprise hub in 3 months after project had been ongoing for 3 years prior to my start.
Replacing MModal transcription application 7 regional hubs into one enterprise Nuance eScription system. Completed transition for all CHRISTUS hospitals successfully resulting in significant reduction of maintenance fees and standardized processes across all hospitals.
Worked with Security team to update corporate strategy ensuring secure VPN access for remotely accessed applications inside and outside of the firewall.
Verified Role based security was defined and managed by appropriate security staff for managed applications.
Ensure compliance with HIPAA (Health Insurance Portability and Accountability Act of 1996)
Developed deployment packages for Nuance using Microsoft SCCM tools to deploy sw for user community.
Technical Project Manager
Marin General Hospital (Contract with Vanderhouwen and Associates) Feb 2015 – Jun 2015
Responsible for managing project, ensuring tasks are completed on time, within budget, with assigned local and vendor resources. Upgraded remotely hosted application from HPF 15.1 to One Content 16.2.
Work with departments to identify Super Users to participate in training and testing of the new application and train in house users on product using the train the trainer approach.
Ensure Role Base Access Controls were in place minimizing access for those who needed it
Work with super Users to develop a training plan and schedule update policies and procedures.
Provide Technical Solutions, how to guides and oversight of project.
Develop Interface Specifications for Midas Lab
Serve as IT Technical consultant on ICD10 Project ensuring IT department and hospital were ready for ICD10.
Developed strategy to ensure users were only granted access to application required to complete the role they were hired for using Role based security standards.
Service Delivery Manager, Clinical Applications
TENET Health Systems (Contract with Medsys Group) July 2014 - Jan 2015
Responsible for manager Vendor Partner relationships for Cerner HIS ensuring people processes, and procedures are in place to ensure quality service delivery as it pertains to Routine Request submissions
Reduced turnaround times on Cerner Request for change from an average of 8 days to 6.5
Reduced aging tickets in preparation for ITSM Remedy force go live by 50%
Developed IT Service Management reports & dashboards for clinical business users ensuring more visibility.
Created +100 reports to provide visibility into the status of an incident or request from inception to completion.
Responsible for successfully completing +200 test cases in preparation for Remedyforce Go Live allowing for an agile software development life cycle.
Tracked and executed over 300 defects identified by testing team ranging from enhancements to defects.
Senior Consulting Engineer
Hospital Corporation of America (HCA). Jul 2010 – July 2014
Technical project and team lead of 6 providing escalation and administrative and training support as well as ensuring Change and Incident Management resolutions are timely and efficiencies in place to ensure quality service delivery.
Successful upgraded 14 combined (Horizon Patient Folder / McKesson Patient Folder) HPF 15.x Instances (140 +- Hospitals) including QA and Training sites
Successfully implemented, transitioned and supported 34 Horizon Patient folder 13.5 application for 18 separate Instances encompassing 140 + hospitals ensuring Production, QA and training sites available for user communities.
Automated operational and support tasks reducing number of FTE’s required to support daily operations while increasing overall throughput utilizing offshore and onshore resources.
Developed strategy and implemented Event Log Management solution for using Corner Bowl Log Manager and Corner bowl Server Manager to ensure log retention and audit and control availability.
Responsible for ensuring Application Security by defining and following IT Security Policies throughout the application life cycle. User access based upon roles and responsibilities while system access is limited to function and purpose.
Managed development team members through implementation ensuring strict adherence to Gold Standards, Operations, Change Management and Incident Management Processes as it pertained to Horizon Patient Folder supporting modules, Formfast, ADT (Cloverleaf) Interfaces, Transman, Signature Server, Release Manager, Archive Release, Web Station, DCS / QCI, Index Upload, Microsoft SQL 2008 R2, et al
Trained contract resources on Image Engine System Administration (Users, Volumes, Barcode, Image Management, DCS / QCI, Forms), tasks and HPF System Administration Task (Add, Modify, Change, Users, Physicians Security including Advanced Workflow ) ensuring smooth transition from Upgrade mode to Operational Support mode.
Installed ICD 10 Codes in Development in Preparation for regulatory requirements not moved to production because the date was pushed due to regulatory changes.
Technical Project Manager
Community Hospital Systems (Contract with Vertek Solutions) Jun 2009 – Feb 2010
Supervised team of 6 remote implementation analyst ensuring resources were on site, productive and following task assignments, conducted yearly reviews and helped set team and individual goals.
Successfully completed 6 McKesson Clinical EMR Implementations in large hospital setting integrating McKesson Horizon Patient Folder (HPF) v13 with other McKesson Lab, McKesson Radiology systems. Ensured all third-party interfaces to existing cardiology systems (GE Muse), where upgraded and interfaced to the EMR. Integrated third party documentation applications and Emergency Department applications with 100% success.
Ensure EMR compliance for HIPPA and other state and federal regulatory agencies like JCHACO. Work directly with hospital informatics, compliance, administration, and physician services, and security to ensure systems are compliant and policies and procedures are developed to reduce risk and improve patient care.
Monitor Track and develop migration and conversion strategies to migrate 3rd party EMR Applications to the standard.
Ensured application followed security requirements for users and system compliance.
EMR Senior Project Analyst
Mayo Hospital and Clinic, Scottsdale, AZ (Contract with AP Professionals) Aug 2008 – Jun 2009
Instituted standard quarterly Software Development Life Cycle for GI EMR replacing monthly releases cycle thus dramatically increasing application availability and stability. Went from 80% or less availability to 99% availability first two quarters 2009.
Upgraded GE Muse System and interfaced with EMR
Ensured Good Health Monitoring of the HPF (IMNET) System continues updated stored procedures, database backups, and monitoring is done in accordance with McKesson Best Practices.
Technical Project Manager, Change Manager / Team Lead
Perot Systems Corporation (DELL) Apr 2004 - Aug 2008
Managed 11 technical resources for HIM implantation team, hired additional staff, conducted yearly interviews to set team and individual goals, ensured performance goals were meet and if not put remediation steps in place when not compliant.
Managed 4 change managers for incident and change management, responsible for staffing resources, performance and budgeting.
Served as Technical Project Manager for Horizon Ambulatory Care Project was responsible for successful implementation of Horizon Practice Plus (Oracle 9 environment) application for 4 hospitals. Created Project Charter, scope and agendas ensuring project was delivered on schedule, within budget with proper resources.
Reported to PMO Project Manager and Implementation team on project status on weekly basis escalated and completed tasks as appropriate to ensure timely delivery of services and ensure meet all deadlines using PMP methodology.
Received top honors in 2005 for 92% Customer Satisfaction Rating in support of a large Hospital System.
Ensured application security is being followed and ensure plugins available for centralized monitoring.
Managed resources to interface Lawson to Horizon Practice Plus to ensure accounts receivable were in line between both systems.
SQL Administrator responsible for database and application running in Windows Environment
EDUCATION
Master of Science – Computer Information Systems, University of Phoenix, Online 2004
Bachelor of Science – Computer Information Systems, Colorado Christian University, Colorado Springs, CO 1994
CERTIFICATIONS and TRAINING
CSSGB Six Sigma Green Belt Active 6C Public Trust Clearance
ITIL Certified Cloud Security Professional Certificate
Black Hills Security SOC Certificate Black Hills Security MITRE Certificate
Azure Fundamentals Certified Certified Information Security Officer
CISM In Progress Certificate of Introduction to Agile and Scrum
Certified Cloud Security Officer
Contact this candidate