JUSTIN MCDOUGALL

Atlanta, GA • 404-***-**** • adyzcl@r.postjobfree.com • www.linkedin.com/in/justin-mcdougall Strategic and KPI-driven professional with a balance of information security, vulnerability management, and incident response skills. Security expert with a proven track record of successfully developing holistic, 360-degree cybersecurity strategies that effectively anticipate and mitigate information security risks on a global scale. Develops robust continuity, incident response, and risk management plans that close gaps in compliance and protect the organizations’ core strategic assets.

● Strategic Planning & Execution

● Cybersecurity & Information Security

● Incident Management & Response

● Risk Management & Mitigation

● Digital Forensics & Investigations

● Team Leadership & Development

● Business Continuity Planning

● Process Improvement/Optimization

● Vulnerability Management

● Threat Assessment & Response

● Regulatory Compliance

● Data and Cloud Security

● Policy & Program Design

● Cross-Functional Collaboration

● Security Audit Management

Routinely drives awareness of high-risk issues across the organization. Fosters a corporate culture of compliance, security, agility, and operational excellence.

Time-tested strategist and cybersecurity subject matter expert; highly skilled at conveying technical concepts to a non-technical audience, identifying and closing compliance gaps, and creating paradigm shifts in cybersecurity to optimize business outcomes.

Exceptional ability to keep a finger on the pulse of the industry; effectively anticipates and responds to changes in security regulations, industry dynamics, organizational needs, and technology innovations. PROFESSIONAL EXPERIENCE

2022 - 2023: MCDONALD’S • Remote

Multinational fast-food chain with over $23.2B in annual revenue. Senior Manager of Incident Response, Global Strategy Reporting to the Senior Director Incident Response, managed comprehensive global risk management, incident response, and offensive security activities in a 24/7/365 environment to improve security posture, protect organizational assets, and meet the needs of markets, corporate departments, and other stakeholders. Develop strategic plans to strengthen organizational resilience, protect organizational assets, and address the needs of markets, corporate departments, and stakeholders. Also led the formation of a new Red Team, creating a strategic roadmap for its operation and guiding its penetration testing activities.

Plan and validate the organization’s Incident Response program and the newly formed Red Team; develop a strategic roadmap and future state vision to guide all associated activities.

Classify incidents and guide the incident response team toward resolution; communicate lessons learned and remediation activities throughout the organization.

Manage and initiate tabletop exercises, security audits, application-focused pentests, Red Team operations, and MSIM forums; lead a suite of process improvements to close gaps or vulnerabilities in key systems.

Conduct deep dives to identify and capitalize on improvement opportunities; currently establishing SLAs, KPIs, and standard resolution times for vendors which are expected to improve resolution times by 300%.

Develop presentations and security collateral to raise awareness of high-priority issues and evangelize the incident response and red team programs.

Ensure all internal/external policies and SOPs comply with security regulations and incident response guidelines.

Develop security standards and methodologies that are standardized, scalable, and informed by industry best practices.

Provide technical support for an integrated risk management program; contribute to the identification and remediation of critical processes and systems, current and projected threats, and system vulnerabilities.

Maintain a current knowledge of IT security trends, emerging threats, and state-of-the-art tools and technologies.

Partner with cross-functional IT teams to identify and deploy value-added technologies.

Established a training monitoring system to ensure staff meet all continuing education requirements.

Developed the process flow and successfully automated 35% of total tickets/incidents/alerts.

Led a strategic initiative to offload low-level alerts to a third-party vendor, freeing up critical resources to focus on higher- priority issues.

Initiated an Offensive Security program to identify internal vulnerabilities and mitigate risk exposure.

“I have had the pleasure of working with Justin McDougall over the past five years, and I can state with confidence that Justin McDougall is a motivated, disciplined, professional, and responsible individual with a high degree of integrity. As such, I expect that he would be a very positive security service to your company. He came in and took over working the security services here at Orbits Edge when the former security service was not living up to the expectations we required. In this role, he had a considerable amount of responsibility, and handled it effortlessly.”

Richard W., CTO, Orbits Edge

JUSTIN MCDOUGALL Page 2

2020 - 2022: MAUSER PACKAGING SOLUTIONS • Atlanta, GA Leading provider of integrated solutions and services across the packaging lifecycle with $3.3B in annual revenue. Manager of Global Security Operations and Incident Response Reporting to the Director of Cybersecurity, provided leadership, oversight, and strategic direction for 5 staff and 30 contracted personnel, specializing in security operations, application security, and offensive security strategies, including penetration testing across on-premises, cloud, and SaaS environments across 12 countries. Orchestrated comprehensive threat hunting and penetration testing activities to identify and eliminate potential security vulnerabilities. Developed forward-looking incident response plans that integrated with application security protocols. Communicated directly with senior executives to ensure a prompt, efficient response to any security incidents.

Executed a robust application security and penetration testing program, improving overall system security and resilience.

Delivered security awareness trainings, resulting in 76% lower compromised emails.

Strategically minimized technical debt, negotiated with vendors, and consolidated the product stack to achieve $480K in annual cost savings.

Managed and administered the 2021 information security budget; ensured the optimal allocation of departmental resources.

Optimized the incident response process to reduce overall dwell time from days to hours; lowered resolution times from 10-14 days to <1 day.

2018 - PRESENT: HYPERION INFORMATION SECURITY • Alpharetta, GA Leading provider of comprehensive cybersecurity assessments and solutions. Founder/Owner, Information Security

Established and currently operate a consultancy to provide the full suite of IT risk assessment and mitigation services for aerospace industry clients. Work closely with client-side teams to establish a risk profile, design an integrated risk management framework, strengthen information security controls, and ensure compliance with ISO2700x, ITIL, and NIST standards.

Built trusted-advisor relationships with senior staff and the Board in four major aerospace companies; counseled on information security program health and industry threat landscape.

Overhauled enterprise incident response playbooks and led a suite of cross-functional tabletop exercises, and trained senior executives in risk management best practices.

Reduced high-risk employee internet usage by 60%+ and increased voluntary phishing reporting by 900%. 2018 - 2020: GLOBAL PAYMENTS • Atlanta, GA

Provider of payment technology services with $46B in annual revenue. Senior Manager, Security Incident Response

Managed all aspects of incident response planning; partnered with legal and technical teams to mature and evolve the incident management process. Drove process design and optimization initiatives to strengthen regulatory compliance posture. Supported forensic artifacts collection, including data integrity, chain of custody, access control, and secure transport and storage.

Led the response team to successfully triage and resolve a $2MM breach on an accelerated timeframe.

Increased the reliance on automation; streamlined incident response times from 45 to 6 minutes. 2016 - 2018: DEFENSESTORM (FKA: PRAESIDIO) • Alpharetta, GA Cybersecurity, cyberfraud, and cybercompliance company serving the banking sector. Senior Security Engineer, Penetration Tester

Led an extensive range of social engineering engagements, vulnerability assessments, and application-focused black box penetration testing activities, ensuring robust application security across all levels

Conducted thorough vendor risk evaluations, ensured compliance with FS-ISAC standards, and trained engineers in advanced application security and offensive security best practices.

Designed a remediation plan address application and network security gaps, with a particular emphasis on hardening system vulnerabilities detected during penetration testing. 2014 - 2016: JACK HENRY & ASSOCIATES • Alpharetta, GA American technology company and payment processing service for the financial services industry. Security Analyst Security Engineer Penetration Tester Sourced, qualified, recruited, and led a team of six to conduct external penetration testing, internal vulnerability assessments, and social engineering engagements. Developed robust security standards, policies, and best practices in line with regulatory requirements.

Contributed to a strengthening of security posture at multiple financial institutions via on-site physical assessments and the development of firewall standards and security policies.

Established and launched a Red Team program to address critical security breaches and emergencies. JUSTIN MCDOUGALL Page 2

ADDITIONAL ROLES: GCPS IMD, Network Engineer (2013-2014) DNB Computer Tech, Computer Technician (2011-2013) EDUCATION & CERTIFICATIONS

KENNESAW STATE UNIVERSITY, Coursework in Mechatronics, Robotics, and Automation Engineering (Three Years)

Contact this candidate