1. William T Haase
333 1st Street Apt C108, Seal Beach CA 90740
(614) 323-9836, williamthaase@gmail.com
http://www.linkedin.com/in/billhaase
Expert in Security, Privacy, Integration Technologies with an ability to communicate complex
ideas that develop a project and a team.
Eclectic collection of talents & abilities to see data sets, patterns, technology, and use soft skills to
bring people together to solve problems with experience in on site and off shore teams.
My skills include areas of security, software architecture, data integration, and data
communication technologies.
I build revenue streams with these skills.
Skills
● Cyber Security and Compliance Expert in Healthcare, Pharma and Financial Services
● Successful business development which has generated at least 20 million in new revenue from
security services projects each year
● Proven track record of developing relationships as a trusted advisor
● Communication skills including writing, presentations and speaking
● Sales of services and software for security leveraging onsite and offshore model
● Presentation skills, and other soft skills which enable board room presentations and
management decisions
● Management and team development leveraging an onsite / offshore model
● IT Security Thought Leadership using compliance requirements, industry standards and best
practices
● Compliance alignment with control frameworks to integrate automation and processes
● Expert in Gap Analysis, Policy Development and Security Controls design and integration
● Planning and management of projects which mitigate delays for on time delivery
● IT Security and Software Expert with specialties in GRC and Identity and Access Management
● Listening, Diagnostics and Communication – Soft Skills
● An ability to integrate multiple domains of knowledge
● Developing and Closing Contracts and Partnerships in technology and consulting services
● Cross cultural integration, building teams, sound managers and leaders
● Consulting expert with no escalations but expertise with handling hostile clients
● Risk Identification and Management
● Identity and Access Management Expert with experience with Sailpoint, Tivoli, and Oracle
● Governance and Policy Expert (GRC)
● Measurement and the development of measures for processes and controls
● Compliance Expert for security and privacy regulation
● Legal and regulatory analysis with an ability to derive requirements
● Expert in diagnostics and root cause analysis – Roadmap development, planning and team
building to achieve the results with measures that are demonstrable
2. ● Expert in integration and architecture design of complex systems and code
● Multiple domain knowledge and thinking including Risk, Finance, Healthcare, Compliance,
Security and Privacy expertise
● Expert in Identity and Access Management expert with governance and implementation
experience with SailPoint
● Expert in GRC technologies including Archer, Modulo other Technologies and Processes
● Expert in Process development and policy development including NIST and ISO Standards
● Expert in Privacy and Security with Patents in Data Classification
● Developing requirements from regulation and law for information security and privacy
including NERC-CIP, HIPAA, SOX, GLBA, EU Data Protection, SB1386, NIST 800 Series,
PCI, FFIEC Information Security, ISO 27001, ISO 27002 and others
● Proven ability to identify client needs as well as communicate difficult and complex
information.
● Extensive technical experience developing solutions and knowledge including networking,
information security, privacy, systems architecture, SOA, and others.
Experience
Business Development and Sales Experience
Currently I am helping develop and market cyber security services including IdM, GRC and
Infrastructure Security for Healthcare and Pharma vertical markets and managing 14 accounts
directly.
In my last organization I served I met my sales targets every year for four years. I usually
complete my sales target by end of February. Then work to expand that through the teams I
manage. Last year I did a little over 20 million in new services revenue
I have developed several new business offing’s include “Phase 0” assessments, workshops, and
on site management of multiple projects called a “COE”. The assessments and workshops lead
to “star-bursting” a client. This means multiple projects come from the initial engagement.
I have extensive experience in writing Statements of Work that focus on client outcomes
I have helped develop three security and privacy consulting practices – IBM, Oracle and
Cognizant – I focus measures, market demand and the development and intellectual property.
I look to add additional revenue to each services project by licensing intellectual property as a
part of the services delivered.
Partnership development and maintenance has been a key to adding additional revenue by
leveraging my personal network and experience with vendors and clients.
3. Information Security and Privacy Projects
Developed information security risk assessment methodology for a healthcare company and
executed it based on new compliance obligations, the integration of business objectives and
corporate policies.
Developed architecture for integration of SEIM data to develop and support GRC reporting for
compliance of PCI and HIPAA Omnibus.
Developed integration of Identity Management and Physical Security to automate the complete
provisioning of a new worker (Employee, Contractor or temp)
Developed new data integrity strategy and processes to clean data and “clean” authoritative”
sources
Developed Healthcare Security Offerings, delivery methodology and managed all Healthcare
and Life Science Security Projects for one of the largest Global Consulting Companies.
Developed 7 new managers and teams across several clients across the 7 different States in the
US.
Developed and delivered “Phase 0” Consulting Assessments and which delivered roadmaps for
multiple projects at each client. Each roadmap developed for a client included at least 7
projects and multiple work streams to enable the client to reduce their risks and reach their
compliance and business efficiency objectives.
Developed and Delivered HIPAA Omnibus IT Risk Assessment offering and delivered this
engagement at several large Healthcare Organizations. This included developing a IT Risk
maturity model, Assessment tools and framework as well as IT Risk Register and mitigation
roadmap.
Developed and delivered offing’s in Identity and Assessment for healthcare, Insurance and
International Banking clients. Including the delivery with Oracle suite, SailPoint and Tivoli
Products. This included developed custom entitlement management systems for two large
banks and the implementation of Identity Management and Identity Governance programs at
several Healthcare companies, retail companies and media companies.
Developed security requirements integrating NERC-CIP and corporate security standards for an
Identity Management Infrastructure which included systems integration and enterprise
architecture.
Developed and designed a new consulting methodology for demonstrable compliance based on
aligning policy, standards and requirements to controls and audit trail artifacts.
Served as a subject matter expert in security and privacy concerns for clients. Expert in Privacy
and Security architecture and management. Key delivery focus starts with policies,
management processes and application architecture for application, network, system, and
operational security, and on the proper handling and protection of personal information for
privacy. Demonstrated ability to turn policies into procedures and system architecture design
for software, databases and networks.
4. Developed compliance requirements matrix for data protection and privacy controls. This
included all national and international law governing data transfers, and sensitive data types
using in delivery of financial services.
Served as lead technical architect on the development of custom integrated security services
software architecture for a large insurance company. This effort included discovery and
development of security requirements and development of a security services architecture for a
diverse computing environment that included over 50 mainframes, 1,000's of UNIX servers and
thousands of Microsoft NT servers. This effort required the integration of IBM's software
development method using UML and Rational Rose and security principles and services that
provided common security services across and beyond the enterprise.
Developed a patent in the area of data classification which was used as the basis for multiple
consulting engagements to support enterprise security and privacy programs globally.
Developed HIPAA assessment and remediation methodology which was used at four of the
largest Blue Cross Blue Shield insurance companies.
Served as the technical director for the Oracle Protected Enterprise Practice and developed the
offerings and methodology to deliver customer results.
One of the founding consultants for the IBM Privacy Practice which developed patents and
methodology to enable organizations to meet privacy compliance requirements globally.
Application Development Projects
Served as lead integration architect for a Medicaid Portal for a large us Healthcare Payor. This
included developing the a federated identity management services and access management
services for the Portal integration with several internal systems.
Served as a trusted advisor and lead security architect for several large projects including a joint
venture between Oracle and a large service provider offering turn-key outsourcing solutions for
human resource management. Resulting in a turn-key system supporting multiple fortune 100
companies including many in financial services.
Developed and designed a new SOA based authorization service for the largest auto insurance
company. This had strict performance and compliance requirements. In addition, this
component had to be able to support all the companies’ platforms including mainframe, UNIX
and MS NT Servers.
Designed and developed a SOA based credit card processing service that including
requirements from the Payment Card Industry Security Standard.
Designed and developed complete stock and bond trading system, Asset-backed bond analysis
and aggregation system and automated trading systems for investment banks, investment
management companies and pension systems.
5. Software Implementation Projects
Developed and implemented a new Identity Management and access control software
implementation methodology which would support compliance requirements for banking and
insurance companies operating in the United States.
Developed and led the implementation of new methodology for multi-product security software
solutions including three first of kind solutions;New authorization system, Data migration,
cleansing and privacy controls, data protection for privacy and PCI compliance.
Designed, integrated and packaged solutions for supporting regulatory compliance around
COTS software solutions including SAP, Siebel and PeopleSoft.
Identified and developed integrated security software sales solutions around regulatory
compliance requirements for Sarbanes-Oxley, PCI, HIPAA, GLB, FFIEC Information Security,
Basel II, and NIST 800 Series. This included developing sales support presentations, white
papers and other sales support tools.
Consulting Experience and Expertise
Develop, manage and sell consulting services including assessments, policy development
engagements and security architecture upgrades to meet regulatory compliance obligations.
Develop the organization's methodology and intellectual property including The Baseline set of
policies, standards, procedures and controls.
Developed, managed and implemented a method for delivering consulting services which
maximized the value to the client derived from skills, repeatable processes and methodology
and intellectual property.
Served as one of the developers for the Method for Architecting Secure Solutions at IBM
Serve as an industry expert and public speaker at conferences and standards bodies for IT
Governance, Risk, and Compliance (GRC).
Served on OASIS standards development committees and Liberty Alliance
Developed strategy, whitepapers and books for privacy, HIPAA, SOX and PCI compliance
Work Employment History
WiPro – Senior Practice Manager – Sales – Oct 2015 to Present
Cognizant – Associate Director – June 2011 – Sept 2015
6. Logic Trends – Senior Manager – June 2009 – April 2011
Independent Security Consulting - August 2007 – May 2009
Oracle – Principal & Associate Director – January 2006 – July 2007
IBM – Managing Consultant & Senior Technical Specialist – January 2001 – November 2005
7. Experience Deriving Requirements from Law, Regulation and Standards
ISO 27001, ISO 27002
NIST 800 Series (including 800-171 and 800-39)
OECD Privacy Principles
NERC-CIP
Gramm-Leach Bliley Act
California SB 1386
HIPAA
Payment Card Industry Security Standard
Basel II: International Convergence of Capital Measurement and Capital Standards – A Revised
Framework
BIS Sound Practices for the Management and Supervision of Operational Risk
Standards for Safeguarding Customer Information - FTC 16 CFR 314
Privacy of Consumer Financial Information - FTC 16 CFR 313
Safety and Soundness Standards - Appendix of OCC 12 CFR 30
Federal Financial Institutions Examination Council - Information Security
Formal Education and Professional Training
● Bachelor of Science degree from Ohio State University with majors in Marketing and Finance
and Minor in Computer Science
● Certified IBM Consultant
● Certified Tivoli Engineer
● Certification as a Novell Network Engineer
● Certified Netscape Consulting Engineer
● A founder and Chairman of the Board of Directors for the Network Professionals Association
● Experienced speaker on network security, eBusiness systems and systems integration
● HIPAA Consultant with experience in the development of the security and privacy sections of
the law
● Extensive marketing strategy development and training in emerging markets