Cyber Security Change Management NIST ISO
Resume:
Martin O. Smith *********@*****.*** • 951-***-****
Martin Smith on Linkedin • Austin, Texas
Cyber Security Executive
20+ years of success in Cyber Security strategy/initiatives and 30+ years in technology. Dynamic, highly technical, hands-on cybersecurity leader with a wealth of knowledge and experience translating business problems into secure technology policies and solutions. Proactively identify requirements, analyze data, and provide technical guidance/recommendations that drive projects forward. Champion cyber security, governance, risk, and compliance efforts that align with organizational goals/objectives. Build and lead talented teams of professionals through interactive training and mentorship opportunities. Areas of Expertise
● Cyber
Security/Information
Security
● Governance & Compliance
● Strategic
Planning &
Execution
● Ransomware
● Threat
Intelligence &
Assessment
● Incident
Response/Management
● Intrusion Protection
● Information
Confidentiality
● Training & Mentorship
● Change Management
● Data Leak Prevention
● Security Best Practices
● Data Protection & Privacy
● Risk Assessment/Management
● Team Leadership
● E-Discovery & Forensics
Career Experience
Incora – Fort Worth, Texas Oct 2019 – Jul 2024
Director, Cyber Security, Governance, Risk, & Compliance Strategically lead the global team in all aspects of cyber security, governance, risk, and compliance. Acted as a critical leadership team member in efforts to modernize the cyber security program and the company’s technology platforms. Consistently evaluated and mitigated risks that allowed the company to grow competitively.
● Reduced overhead during the COVID-19 pandemic. Adjusted the operating model to accommodate the economic downturn.
● Designed and led the organizational and architecture strategy for the merger of Wesco and Pattonair into the new corporate entity, Incora.
● Slashed the mean time to detect and respond to significant incidents and identified threats by up to 90%. Advocated for a structured approach to problem-solving.
● Drive an existing three-year strategic roadmap rooted in organizational risk, industry trends, contractual requirements, and regulatory mandates. Tactically executed the strategy across the organization.
● Develop and monitor key performance indicators (KPIs) to measure the effectiveness of IT/Cyber policy governance.
● Prepare and present regular reports to senior management on IT/Cyber policy adherence, governance activities, and efforts.
● Organized the company’s complex contractual and regulatory mandated requirements (NIST 800-171, ISO 27001, CMMC Level 3, UK Cyber Essentials Plus, GDPR, SOC, and PCI) into a single governance framework. Improved auditing and reporting results across the board.
● Audited ITAR controls on a regular basis, including best practices, and provided input to changes
● Established and trained end-users in various new programs, including security awareness training, data Page 2 4
classification, vendor/supply chain risk management, security operations center, and incident response.
● Pivotal role as a member of the enterprise Change management board by acting as the change agent for the business verticals.
● Implemented a DLP program using Forcepoint, Crowd strike, Mime Cast, and Proofpoint to augment NIST 800-53, NIST 800-171, and Cyber Security Mature Model Certification (CMMC) compliance programs. Blackbaud, Inc – Austin, Texas 2016 – 2019
Team Lead – Forensics, Incident Response, and Threat Intelligence, Senior Cyber Security Engineer Collaboratively led the information security function as the corporate lead globally. Established the strategic vision for all incident response, eDiscovery, and forensics of the company’s cyber security program, representing significant annual revenue for the organization.
● Lead team responsible for DFIR, including mitigation, remediation, and reporting to Executive Leadership.
● Led team in developing requirements for forensics and eDiscovery platform across the enterprise and executed the deployment and operation.
● Lead effort into setting up a comprehensive Threat Intelligence program
● Responsible for meeting corporate goals and milestones for the Cyber Security team.
● Provide input as Project Planner in forecasting budget and staffing needs year to year.
● Team lead PCI-DSS 3.2 testing, remediation efforts, and evidence collection.
● Lead member of the DFIR team at Blackbaud, including mitigation, remediation, and reporting to Executive Leadership.
● Develop and implement strategic planning on cloud migration strategies and practices.
● Spearhead Vulnerability assessment, management, and remediation program.
● Act as Subject Matter Expert to software development and orchestration implementation teams.
● Responsible for meeting corporate goals and milestones for the Cyber Security team.
● Provide input as Project Planner in forecasting budget and staffing needs year to year.
● Manage Enterprise products Nexpose, Qualys, Nitro, ePo, Cisco AMP, and IronPort. Hewlett-Packard Aug 2014-Jan 2016
Senior Cyber Security Risk Manager Austin, TX
I maintained oversight, leadership, and responsibility for the development and daily management of the security risk management team.
• Member of the Cyber Security Risk Management team
• Responsible for identifying and evaluating risk across pan-HP enterprise
• Liaise with Senior leadership and technical management to identify risk and develop risk mitigation strategies
• Apply Corporate Risk policies to HP’s separation efforts across both new entities (HPE and HPI)
• Act as team lead as requirements and situations demand
• Represent Cyber Risk Management at the Mergers, Acquisition, and Divestiture Committee Advanced Micro Devices, Inc (AMD) 2010-2014
Principal Cyber Security Architect Austin, TX
Championed the origination and development of network security solutions that addressed risks across Bank of America. Expertly managed projects, served as a subject matter expert, and executed large-scale risk assessments.
• Architected and implemented Access Data’s Resolution One Cyber Security suite, including developing, managing, and acting on Indicators of Compromise (IoCs)
• Develop and implement an information security strategy that supports the business needs of AMD based on ISO27000 series Standards
• Develop, maintain, publish, and enforce corporate information security standards and guidelines encompassing data and intellectual security
• Act as interim manager to the Information Security team
• Deploy and manage Algosec’s Firewall Analyzer across the Enterprise
• Documents security policies and standards
• Installed and maintained ArcSight SEIM to monitor SOX compliance Page 3 4
• Perform information security risk assessments and serve as risk advisor for security issues County of Riverside, California 2000-2010
Information Security Analyst III Riverside, CA
Directly oversaw the security management and administration of the County’s enterprise LAN/WAN, SAN, and production environments. Led a team of network, system, and support specialists. Additional Experience
• Member, InfraGard, Austin Alliance
• Austin OWASP member
Education
• National Education Center, San Bernardino, Electronics Engineering Technology, April 1987. Associate Degree in Electronic Engineering
• San Bernardino Valley College, Major in Computer Science, 1979
• Austin Community College, 2015
• Texas State University, 2017
Certification & Professional Development
• Certified Information Systems Security Professional (CISSP) ID 90161 April 2006
• Certified Ethical Hacker (C EH) EC-Council April 2008
• Guidance Software’s EnCase Certified Examiner (EnCE) October 2008
• Graduate of the Supervisory Excellence Academy, County of Riverside, July 2008
• Certified Information Technology Infrastructure Library (ITIL) Version 3 Foundation level July 2009
• International Society of Certified Electronics Technicians - Journeyman's rating in the discipline of Computers
Page 4 4
Contact this candidate