IT Information Security Management Principles, 28 February - 02 March 2016 Du...
Raymond Perez-Information-Security-CISO-Resume3-2016
1. Raymond Perez
CISSP, CISM, CISA, CCFP, CCSP, CRISC, CCNA, MCSE,
CCISO, PMP, HCISPP, CHIMS, CHCIOe
5926 Garthmore Ave, Las Vegas, NV 89141
832.260.8880 raymondperez1@gmail.com
SENIOR INFORMATION AND SECURITY EXECUTIVE
Subject matter expert in Information Security Risk Management with executive and hands-on experience.
Accomplished senior manager with a 25+ years professional track record of successfully assessing
information security risks and designing information security programs for higher education, DOD, US
Military, Hospitals, large corporate physician groups, dental corporations, the international resort industry,
Banking and financial institutions and corporations. Master at identifying and clarifying information security
and technology risks and coordinating remediation efforts. Proven ability to lead and direct. Creative
problem solver and strategic decision maker in fast-paced fluid environments. Effective team leader,
continually empowering staff through training, guidance and motivation. Superior Project Management
Professional specializing in IT, security, network, and ERP projects.
Provided strategic direction to boards of trustees, boards of directors and senior management on technological issues
and challenges.
Technology Architecture and Integration Leading Edge WAN/LAN/Infrastructure Design
Global IT Delivery and Project Management Electronic Commerce Strategy Development
Budgeting and Cost Control Staff Management and Team Builder
Organization and Staff Development Strategic Analysis and Internal Consulting
Security Policy Development Strategic Security Planning and Implementation
Dynamic management career with strong leadership, consistent track record of excellence, problem-solving,
planning, team-building and project management skills. Recruited, developed, motivated and retained diverse
staff structuring them into teams that delivered results and savings. Full responsibility for return on investment
(ROI) and managing multi-million dollar budgets. Proven record of department profitability and cost savings
realized within various business enterprise settings.
Areas of Strength
Information Security Architecture Regulatory Compliance
Computer Forensics /Investigations
Business Continuity/Disaster Recovery
Higher Education IT Infrastructure, cyber security, and Information Risk
Management
Healthcare IT Infrastructure, cyber security, and Information Risk
Management
Banking and Financial Institution IT Infrastructure, cyber security, and
Information Risk Management
Resort, Gaming, and Entertainment industry IT Infrastructure, cyber
security, and Information Risk Management
Defense Industry IT Infrastructure, cyber security, and Information Risk
Management
Manufacturing and Corporate IT Infrastructure, cyber security, and
Information Risk Management
Cost Control & Savings Leadership Mentoring Cloud Information Risk Issue Identification &
Resolution Strategic Partnerships Employee Awareness Campaigns Risk Assessments
Data Breach Management SIEM Splunk FireEye SourceFire CarbonBlack EndPoint
Security
Clean Sarbanes-Oxley (SOX) GLBA Privacy HIPAA, HITECH, PCI,
MAR, FISMA and HITRUST. NIST Audits and Attestations. ISO 27K Audits
and Certifications, PCI Audits and Certifications, SAS 70Reports
Agile and Scrum Master
3. • Train and employ IT risk analysis and management personnel.
• IT security policy development and implementation for hospitals, physician
practices, insurance companies, universities, Defense, banking and financial
institutions, gaming and resort industries.
• Data center design and architecture of networks for business continuity and
disaster recovery.
• NIST audit practice development and initiation
• HIPAA security and compliance consulting.
• ISO 27001:2013 audit and certifications
• ISO 27002 Audits and certifications
• ISMS certification of Security Plans
• PCI Audits and certifications
• Security Remediation Plans.
CTO, CISO, CSO - June 2014 to Present- Full time; Principal Consultant- May 2009 to
May 2014
ILBE, LLC - Las Vegas, NV- Virtual CISO/IT/Network/Security & Risk Management
Consulting
• IT and network security design.
• IT risk analysis and management.
• IT security policy development and implementation for hospitals, physician
practices, dental practices, education, and corporations.
• Data center design and architecture of networks for business continuity and
disaster recovery.
• Updating of network storage processes, and implemented VMs.
• Software development and implementation for ERPs. EHR, EMR.
• HIPAA security and compliance consulting.
• Virtual CISO services to healthcare clients
• Hospital and medical clinic security, software, and IT risk management
• Developed IT security practices model to implement with clients.
• Dual factor authentication, endpoint security, data encryption, software
security.
• ISO 27001 ISMS certification of Security Plans
• ISO 27002 Audits
• Remediation for hospitals and Physician Practices.
Reserve Commander of US Cyber Security Institute (2012 to present)
• Provided executive leadership as head of The US Cyber Security Institute-
Provide direction as well as taught Cyber Security Technology, Cyber Security
Information Services, Cloud Security and network security services.
• Develop curriculum and recruit staff and instructors
• Provided principal direction for all aspects of strategic Cyber Security IT
planning, implementation and support
• Special emphasis on training DOD, military, intelligence, banking and
financial institutions, hospitals and medical practices, and university cyber
security personnel and managers, CISOs and CSOs.
2008 – to June 2014
VP of Technology Services/CIO/CISO/HIPAA Compliance Officer- Roseman University
of Health Sciences
In my CISO role my responsibilities included:
• Established the University’s first full service Information Technology Security
unit consisting of 4 Full Time Equivalent IT Security professionals with
associated forensics tools and information security equipment.
• Directed, managed, planed and administered the operational and
administrative activities of a full service IT security department.
4. • Developed, implemented security standards, procedures and guidelines for
multiple platforms and diverse systems environments.
• Prepared responses to State inquiries regarding information security related
matters
• Reviewed the development, testing and implementation of security plans,
products and controls techniques
• Identified and assessed IT security risk/ exposure on new and existing
infrastructure
• Investigated/recommended appropriate corrective actions for IT security
incidents.
• Developed and maintained security policies, controls and their compliance.
• Hospital and medical clinic security, software, and IT risk management.
• Analyzed security incidents and escalation of security events.
• Liaised with customers with regards to information security incidents.
• Developed cutting-edge, innovative solutions for IT network security.
• Studied the proliferation of viruses; prevent hacker intrusion.
• Conducted active penetration tests; discovered vulnerabilities in information
systems and remediated.
• Overall responsibility for the University's central data security and privacy
policies, architecture, and procedures.
• Prepared on-line and hard-copy documentation of University security plans
and procedures.
• Worked with constituent groups to create, document, implement, and
manage policies, procedures, and practices that ensure the availability,
integrity, and privacy of information asset on centrally managed computer
systems.
• Worked with functional groups and staff in the creation of guidelines to
ensure the security and privacy of information on the University's computer
systems.
• Assisted the University in its compliance with relevant information
technology laws and policies.
• Developed and implemented the overall information security strategy and
architecture to be used by the University's centrally managed systems
developers and administrators.
• Served as facilitator of the Computer Security Incident Response Team
working in collaboration with other constituencies, such as the University
Council concerning information security and privacy incidents.
• Served as liaison between CSIRT, University administration, and unit
representatives to maximize the adoption of and support for IT security plans
and procedures.
• Maintained expertise in security-related technologies, trends, issues, and
solutions.
• Investigated security needs, and recommended, planned, implemented,
tested, and monitored information security improvements.
• Planned and coordinated information security investigations, feasibility
studies, and surveys, to include cost-benefit evaluations of proposed and
existing security solutions.
• Provided instruction and information security awareness training for a
Faculty, Staff and Student body.
• Insured State regulatory requirements with respect to information security
procedures and their application are adhered to.
• Participated as appropriate in the planning and implementation of hardware
and software.
• Maintained a broad knowledge of state-of-the-art information technology
security equipment, and systems.
• Instrumental in the facilitation of the Information Technology operational
change management program.
In my CIO role my responsibilities included:
• Responsible for student ERP, network, security, financial services, and all
5. student support systems.
• Architected and project managed the IT infrastructure development and
installation for new Dental College and Orthodontic College.
• Designed and project managed the medical college IT infrastructure
development. Project managed and led IT and technology infrastructure
development of Roseman University’s three campuses.
• Managed all IT project management, IT infrastructure processes including but
not limited to networking maintenance and design, telecommunications,
classroom technology systems, data processing, program development,
network security, helpdesk, web, applications management, disaster
recovery, backups, security, encryption and security of data.
• Responsible for all HIPPA Security measures and policies.
• IT risk management.
• Development of technology for all health science programs, Dental Medicine,
Nursing, Pharmacy, Orthodontics, and Medicine.
• Created IT infrastructure designs for the College of medicine.
• Designed College of Orthodontics and College of Dental Medicine.
• Redesigned full technology classrooms, introduction of iPads and MacBook
Airs into to classroom and teaching environment.
• Established the university KIOSK and AV presentation systems.
• Redesigned the website for the university.
Present Department of Defense
Reserve Commander of IT (CIO/CTO/CSO/CISO)-1986 to present-retiring
In my roles with the Department of Defense I have been responsible for:
• Supervised information technology processing for units, installations, and
activities within the United States area of responsibility in Bosnia-
Herzegovina, Iraq, Afghanistan, and Kuwait.
• Advised commanders and staff on computer information systems policy, IT
security policies, and technical matters.
• Planned and managed the integration of hardware, software and data
communications at the user interface level.
• Supervised the installation, operation, and administration of all computer
systems and local area networks at all organizational levels to include
combined, joint and service agencies.
• Translated mission needs into computer systems requirements and helped to
define functional requirements.
• Evaluated and optimized efficiency of computer network resources.
• Performed economic analysis, planned, programmed, and budgeted for
information systems resource requirements (equipment, people, and
facilities).
• Developed and implemented procedures for the local procurement, storage,
and distribution, and control of commercial computer system products.
• Managed computer information systems resources, maintenance programs,
and logistics support.
• Established procedures for effective and efficient use of computer systems
resources.
• Hospital and medical clinic security, software, and IT risk management.
• Developed, implemented and managed data base management systems and
local area networks.
• Established and prioritized computer systems goals and objectives.
• Wrote and maintained security accreditation plans for computer systems.
• Developed and managed information security procedures.
6. • Configured and maintained security firewalls.
• Provided networking security for the largest WAN in the world.
• Developed and coordinated procedures for contingency operations during
system emergencies, outages and degraded operations, or downtime for
maintenance.
• Designed and maintained the installation of web sites at major organizations
and commands.
• Developed and conducted customer education programs.
• Certified all Department of Defense Intelligence Information Systems.
• Provided security for the largest forwarded deployed headquarters.
• Drafted intelligence systems security policies and procedures for operations
within a multi-national environment.
• Analyzed foreign intelligence cyber threats against sensitive Department of
Defense agencies.
• Identified operational information systems vulnerabilities and applied
necessary fixes.
July 2007- June 2008
VP of IT and Interim VP of Finance- CRT Hospital Las Vegas, NV
• Provided executive leadership as head of Technology and Information
Services and network services section.
• Provided principal direction for all aspects of strategic IT planning,
implementation and support network wide as an integral component of the
hospital business plan.
• Engineered the turnaround of the network services performance and service
levels.
• Prepared technical briefings and presented them to enterprise senior
leadership.
• Transformed network services into a strategic business partner.
• Managed and delivered multiple large scale projects on time and within
budget.
• Hospital and medical clinic security, software, and IT risk management.
• Directed all budgeting activities, design and support of all technology.
• Successfully managed an Operations and Capital Budget totaling over $3.5
Million dollars for an IT services department.
• Provided budgetary control and cost reduction in information systems in
excess of $200,000 dollars annually.
• Supported the mission and goals of CRT in a dynamic, evolving environment,
while supporting a strategic vision/plan for information technology.
• Established credibility with the Senior Management Team and executives
across the health system.
• Supported business growth, add value and improve the information systems
environment by managing numerous information technology projects
• Developed and implemented a project methodology and coordinate projects
across all departments.
• Developed a technically competent, proactive, customer-service oriented,
high-performance team.
• Created teams that are technically perceptive and have a solid understanding
of business processes.
• Established vision and built consensus for information technology endeavors
• Functioned as a partner with the Chief Operating Officer, assisting and
collaborating as appropriate.
• Maintained oversight and coordinated the day-to-day operations of the
information technology systems and Network, including application
development and support, all health care operations for data and software
for hospitals and clinics, operations, and data networks.
• Worked in collaboration with others to ensure smooth and effective
operations across the system.
7. • Led the deployment and maintenance of all enterprise hardware our
Network.
• Developed and fostered a culture of responsive customer oriented services
and internal accountability.
• Taught and mentored project managers and staff on how to apply standards,
tools, and methodologies while delivering high quality business focused
customer service.
• Provided technical expertise on systems, market trends, technology
directions, and product directions.
• Established performance measures to ensure project managers and staff are
accountable and compliant in project planning, risk and issue management,
processes and procedures, and change management.
• Planned, developed and deployed our first 802.11 wireless network.
• Managed the activities of 22 full-time employees - Project Managers,
Telecommunications Support Technicians, Network Engineers, Systems
Analyst, Computer Support Specialists and Help Desk.
Director of Enterprise Services - College of Southern Nevada
(SUNGARD)
• Managed all enterprise applications and project-managed development of
new applications.
• Architected and project managed the new enterprise applications
environment for CSN.
• Designed and developed IT standards and architecture for new CSN campus.
Developed and implemented IT/Network Security policies and practices.
• Provided strategic IT planning and direction to the College Administrators
including College President and Vice Presidents. Led IT governance group.
Jan 2006 thru Oct 2006 Interim Director of Technical Services - College of Southern
Nevada
(SUNGARD)
• Developed and lead the strategic plan and implementation process for
Banner ERP.
• Project management and redesigned network and all IT infrastructures,
including creation of new data center.
• Developed and implemented the College’s first IT security master plan and
implemented security policies.
• Managed the network team, the telecommunications team, web services,
the server team, and the applications team infrastructure projects.
• Stabilization and redesign of the network, creation of backups and disaster
recovery planning, planning for the IT infrastructure for all new buildings and
particularly our new campus, replacement and redeployment of server
infrastructure, managing the development of the new college website,
management of the college applications and redevelopment of the
applications, reviewing the telecommunications resources, and development
of the wireless network, amongst all the other startup tasks. Interact with
academic technology applications director and user services director as
required to achieve customer satisfaction.
• Developed Presidential communication system. Strategic planning director.
• Provided strategic IT project management planning, as well as direction to
the College Administrators including College President and VPs In the role of
Startup Technical Director.
• POC with vendors related to above projects.
8. SunGard Executive Director of IT and Strategic Planning Director at Tulane
University - 2001 to 2006
• Extreme Project management experience with disaster recovery following
hurricane Katrina.
• Lead university through strategic planning process.
• Upgraded and managed the Oracle E-Business Suite Financials Applications
and management of Student Information Systems, network and
telecommunications.
• Brought campus back up after Hurricane Katrina.
Tulane University New Orleans, LA
Adjunct Professor/Instructor – Tulane University College
Taught in the Organizational Information Technology program. Taught Computing
Ethics, Training for Information Technology Organizations. I have also taught
Information Technology Management, IT Project Management, Oracle 9i Database
Management, Oracle Developer and Reports, network security and Operations
Management.
SunGard HE
Community of Practice Leader
Developed of COP and provided leadership for Collegis Oracle site teams developing
methodologies and best practices for Oracle Applications at our sites. Transitioned
group from Competency Center to Community of Practice.
InfraGard Representative (FBI Critical Infrastructure Guidance and Alliance)-2003 to
present
University interface with Department of Homeland Security to secure IT infrastructure
at the university and surrounding community.
CSC Edwards, CA
Oracle E-Business Suite Financials Applications Manager and Business Infrastructure
Manager
Installed Oracle E-Business Suite 11i Applications and maintenance of Oracle 8i and 10
G DB in a grid-computing environment. Developed transition to Oracle Financials and
Oracle web based financial system with Oracle 11i.
CSC Edwards, CA
Manager of Business Systems
Responsibilities: Managed DBAs and programmer analysts to maintain Oracle
database and accounting system.
9. Consultant Los Angeles, CA
Acting Controller/IT Manager
Responsibilities:
• Orchestrated entrance into Asian markets that increased earning 23%.
• Managed $12 million of assets.
• Managed IT section, Network and IBM mainframe.
Jakarta/ U.S.A. Los Angeles, CA
Financial Manager / IT Business Systems Manager
Responsibilities:
Managed resort and hotel accounting systems development and
implementation. Developed security practices for IT. Set IT strategic vision.
Managed all cost reporting and corporate financials, U.S.A. Installed and
managed Oracle financial applications. Worked with international vendors on
logistics. Worked on developing customized CRM.
Academic Positions
Tulane University New Orleans, LA
Adjunct Professor/Instructor – Tulane University College
Taught in the Organizational Information Technology program. Taught Computing
Ethics, Training for Information Technology Organizations. I have also taught
Information Technology Management, IT Project Management, Oracle 9i Database
Management, Oracle Developer and Reports, network security and Operations
Management.
University of California, Riverside, CA
Associate In Environmental Sciences
Responsibilities:
• Taught three courses each academic term.
• Received Outstanding Teaching Award.
• Developed new internships for senior students.
Research Associate
Responsibilities:
• Developed and collected data for BLM Desert Land Use Plan.
• Developed data collection update process for BLM.
• Developed database for BLM interviewing over 500 groups.
Special Skills Command Pilot with instrument and airline transport pilot commercial rating.
10. 7th
degree black belt and instructor certificate in Karate.
Languages English, French, Spanish, Vietnamese, Italian, DLI Arabic and Farsi
Education
§ B.S., Environmental Sciences
§ Masters of Administration/MBA,
§ CIO Pocket MBA
§ MBA Cybersecurity Studies
§ Doctor of Divinity