Marc Bercier has over 25 years of experience in IT, including cybersecurity. He holds a Bachelor's degree in Electrical Engineering and is a Certified Information Systems Security Professional (CISSP). He currently works as an IT security consultant for Shared Services Canada, providing expertise on security operations, standards development, and strategic planning initiatives. Previously, he worked for over 10 years at CGI, where he managed security operations centers and led projects implementing security solutions for government and private clients.
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
DHS Cybersecurity Analyst details the US Department of Homeland Security Services for all businesses to build cyber resilience at the Technology Association of Louisville's CyberSecurity Summit on June 14, 2019.
A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic. It can impact the plant’s operations, finances, damage reputation and even threaten lives. A resilient cyber security programme is essential in order to mitigate against potential cyber attacks. To help ensure that your plant is fully prepared to defend against potential cyber attacks, we provide a range of ICS Cyber Security services, each customised for your plant’s unique requirements, based on the latest international cyber security standards and best practice. Pöyry is active in designing, assessing and supervising the implementation of ICS cyber security programmes to both operating and greenfield facilities.
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
With cybersecurity threats continuing to grow faster than security budgets, CISOs, CIOs and SecOps teams are left at a dangerous disadvantage.
Even enterprises running their own Security Operations Centers (SOCs) find the perennial shortage of skills, tools, and other resources stops them from realizing the full value of investments. Rather than struggle to find – and hang on to – top talent with hands-on experience across network and cloud security, mid-sized enterprises are instead opting for SOC-as-a-Service offerings.
the Defense Department and General Services Administration report on improving cyber security and resilience through acquisition. This report, developed as part of the President’s Executive Order on Cyber Security, forms the baseline for a fundamental shift in federal procurement policy. In short, going forward cyber security is going to be a core consideration in federal procurements. Contractors will likely find cyber security obligations embedded in their contracts, and may even find themselves excluded from the procurement process if certain cyber security benchmarks are not met.
The report spells out six key recommendations:
1) Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions
2) Address Cybersecurity in Relevant Training
3) Develop Common Cybersecurity Definitions for Federal Acquisitions
4) Institute a Federal Acquisition Cyber Risk Management Strategy
5) Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, in Appropriate Acquisitions
6) Increase Government Accountability for Cyber Risk Management
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
DHS Cybersecurity Analyst details the US Department of Homeland Security Services for all businesses to build cyber resilience at the Technology Association of Louisville's CyberSecurity Summit on June 14, 2019.
A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic. It can impact the plant’s operations, finances, damage reputation and even threaten lives. A resilient cyber security programme is essential in order to mitigate against potential cyber attacks. To help ensure that your plant is fully prepared to defend against potential cyber attacks, we provide a range of ICS Cyber Security services, each customised for your plant’s unique requirements, based on the latest international cyber security standards and best practice. Pöyry is active in designing, assessing and supervising the implementation of ICS cyber security programmes to both operating and greenfield facilities.
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
With cybersecurity threats continuing to grow faster than security budgets, CISOs, CIOs and SecOps teams are left at a dangerous disadvantage.
Even enterprises running their own Security Operations Centers (SOCs) find the perennial shortage of skills, tools, and other resources stops them from realizing the full value of investments. Rather than struggle to find – and hang on to – top talent with hands-on experience across network and cloud security, mid-sized enterprises are instead opting for SOC-as-a-Service offerings.
the Defense Department and General Services Administration report on improving cyber security and resilience through acquisition. This report, developed as part of the President’s Executive Order on Cyber Security, forms the baseline for a fundamental shift in federal procurement policy. In short, going forward cyber security is going to be a core consideration in federal procurements. Contractors will likely find cyber security obligations embedded in their contracts, and may even find themselves excluded from the procurement process if certain cyber security benchmarks are not met.
The report spells out six key recommendations:
1) Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions
2) Address Cybersecurity in Relevant Training
3) Develop Common Cybersecurity Definitions for Federal Acquisitions
4) Institute a Federal Acquisition Cyber Risk Management Strategy
5) Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, in Appropriate Acquisitions
6) Increase Government Accountability for Cyber Risk Management
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...PECB
While Blockchain technology creates strong cryptographic controls securing the integrity of data, successful, cooperative Blockchain networks must establish trust between a varieties of independent entities to create overall trust. In this presentation, Scott Perry and Drummond Reed will discuss how trust is created in Blockchain systems and the varying layers (i.e. ledger, agent, credential exchange and governance) that add trust within interoperable parties and reliance to external Blockchain’s within the web of trust. As active members of the Sovrin Governance Working Group, including the first robust trust assurance model for Blockchain’s, our presenters will discuss how all Blockchain’s networks can add accountability within stakeholder roles to ensure that Blockchain’s are trustworthy above the embedded cryptographic trust assertions.
The target of this webinar is leaders and participants in the industry who are seeking greater acceptance and assurance in the trustworthiness of their network.
This session will help you learn which role systems auditors, cybersecurity professionals, and risk management experts will have to play to ensure trust must be built and maintained when adopting such cutting-edge technologies.
The webinar covers:
• How Digital Trust is created
• How Blockchain’s novel attributes contribute to digital trust
• Blockchain’s beneficial use cases
• Deeper Dive into Self Sovereign Identity as a unique Blockchain use case
Date: March 18, 2019
Recorded Webinar: https://youtu.be/1lcuf9bJFBQ
Isaca career paths - the highest paying certifications in the industryInfosec
ISACA certifications are among the most in-demand in the industry. CISA, CISM, CRISC and CGEIT regularly top lists of highest-paying IT and security certs with average salaries ranging from $103,000 to $133,000 — and a new certification is now available, Certified Data Privacy Solutions Engineer (CDPSE).
Check out the session here: https://www.infosecinstitute.com/webinar/isaca-career-path/
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Private sector cyber resilience and the role of data diodesOllie Whitehouse
This whitepaper intended for enterprise architects and cyber security professionals looks at the role of data diodes in modern network design and operation.
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
When weighing options for increasing enterprise computing capabilities or seeking ways
to improve IT operational efficiency, the prevailing method is to integrate an external IT
services vendor, commonly referred to as a cloud service provider (CSP). There is a
high probability that audit clients will engage this CSP service to manage their IT needs.
Learn how to cope with the audit and risk assessment challenges related to this
emerging technology trend in this key session.
•Understanding the various Cloud Service Levels and Implementation Types
•Identifying Compliance, Service Level Agreement and other Important Duties each
party must perform
•Understand the Complexities of Auditing internal controls, data security, privacy and
performancerelated to cloud
•Mitigating the underlying Business Risks associated with adopting a cloud-based IT model
Solar winds supply chain breach - Insights from the trenchesInfosec
On December 13 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products” as they were being actively exploited by malicious actors.
Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach and mitigate any potential damage. Join him as he discusses:
-What we know about the breach so far
-How his clients have responded to the incident
-What to look for in your environment to see if you’ve been affected
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
The Challenge For Log Analysis
Log Management vs SIEM vs NextGen SIEM
Security Analytic + Storage + Actionable Intelligence
NexGen Security Operation Center For Smart Cities
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
"Like any information security processes, there should be an adequate and"
"reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes."
"These controls are supported by appropriate metrics and indicators for"
"security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework"
"and COBIT 5 for Information Security as a baseline."
CompTIA CASP+ | Everything you need to know about the new examInfosec
Want to be an advanced cybersecurity practitioner? Then CompTIA’s CASP+ certification may be the perfect fit for you. The popular certification is getting an overhaul heading into 2022 to ensure it validates the most relevant and in-demand skills — from security architecture and operations to engineering and governance.
DevOps Indonesia "How Security with DevOps can Deliver more secure software"
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - Remediation) by Mr. Faisal Yahya
Implementing a Security Management FrameworkJoseph Wynn
Given at the Pittsburgh ISSA April 2017 chapter meeting.
This presentation discussed how to improve the success of your information security program by organizing it using a security management framework.
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...PECB
While Blockchain technology creates strong cryptographic controls securing the integrity of data, successful, cooperative Blockchain networks must establish trust between a varieties of independent entities to create overall trust. In this presentation, Scott Perry and Drummond Reed will discuss how trust is created in Blockchain systems and the varying layers (i.e. ledger, agent, credential exchange and governance) that add trust within interoperable parties and reliance to external Blockchain’s within the web of trust. As active members of the Sovrin Governance Working Group, including the first robust trust assurance model for Blockchain’s, our presenters will discuss how all Blockchain’s networks can add accountability within stakeholder roles to ensure that Blockchain’s are trustworthy above the embedded cryptographic trust assertions.
The target of this webinar is leaders and participants in the industry who are seeking greater acceptance and assurance in the trustworthiness of their network.
This session will help you learn which role systems auditors, cybersecurity professionals, and risk management experts will have to play to ensure trust must be built and maintained when adopting such cutting-edge technologies.
The webinar covers:
• How Digital Trust is created
• How Blockchain’s novel attributes contribute to digital trust
• Blockchain’s beneficial use cases
• Deeper Dive into Self Sovereign Identity as a unique Blockchain use case
Date: March 18, 2019
Recorded Webinar: https://youtu.be/1lcuf9bJFBQ
Isaca career paths - the highest paying certifications in the industryInfosec
ISACA certifications are among the most in-demand in the industry. CISA, CISM, CRISC and CGEIT regularly top lists of highest-paying IT and security certs with average salaries ranging from $103,000 to $133,000 — and a new certification is now available, Certified Data Privacy Solutions Engineer (CDPSE).
Check out the session here: https://www.infosecinstitute.com/webinar/isaca-career-path/
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Private sector cyber resilience and the role of data diodesOllie Whitehouse
This whitepaper intended for enterprise architects and cyber security professionals looks at the role of data diodes in modern network design and operation.
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
When weighing options for increasing enterprise computing capabilities or seeking ways
to improve IT operational efficiency, the prevailing method is to integrate an external IT
services vendor, commonly referred to as a cloud service provider (CSP). There is a
high probability that audit clients will engage this CSP service to manage their IT needs.
Learn how to cope with the audit and risk assessment challenges related to this
emerging technology trend in this key session.
•Understanding the various Cloud Service Levels and Implementation Types
•Identifying Compliance, Service Level Agreement and other Important Duties each
party must perform
•Understand the Complexities of Auditing internal controls, data security, privacy and
performancerelated to cloud
•Mitigating the underlying Business Risks associated with adopting a cloud-based IT model
Solar winds supply chain breach - Insights from the trenchesInfosec
On December 13 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products” as they were being actively exploited by malicious actors.
Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach and mitigate any potential damage. Join him as he discusses:
-What we know about the breach so far
-How his clients have responded to the incident
-What to look for in your environment to see if you’ve been affected
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
The Challenge For Log Analysis
Log Management vs SIEM vs NextGen SIEM
Security Analytic + Storage + Actionable Intelligence
NexGen Security Operation Center For Smart Cities
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
"Like any information security processes, there should be an adequate and"
"reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes."
"These controls are supported by appropriate metrics and indicators for"
"security goals and factual security risk. This session will share the cybesecurity self assessment program in carrying out an audit or self- assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework"
"and COBIT 5 for Information Security as a baseline."
CompTIA CASP+ | Everything you need to know about the new examInfosec
Want to be an advanced cybersecurity practitioner? Then CompTIA’s CASP+ certification may be the perfect fit for you. The popular certification is getting an overhaul heading into 2022 to ensure it validates the most relevant and in-demand skills — from security architecture and operations to engineering and governance.
DevOps Indonesia "How Security with DevOps can Deliver more secure software"
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - Remediation) by Mr. Faisal Yahya
Implementing a Security Management FrameworkJoseph Wynn
Given at the Pittsburgh ISSA April 2017 chapter meeting.
This presentation discussed how to improve the success of your information security program by organizing it using a security management framework.
Bugs (or) Vulnerabilities in the application software may enable cyber criminals to exploit both Internet facing and internal systems. Organizations do all they can to protect their critical cyber assets, but they don’t always systematically test their defences.
We do quality pen tests much faster and cost effective than the traditional approach. Our consultants achieve this by combining their advanced technical skills. You can get an accurate security posture of your web application and actionable recommendations for improving it. Our testing services would scrutinize the security loopholes in your application, at various levels and reports would be shared..
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
As we approach the new year, the importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 27035 and their key components
• Key Components of a Resilient Cybersecurity Strategy
• Best practices for building a resilient cybersecurity strategy in 2024
Presenters:
Rinske Geerlings
Rinske is an internationally known consultant, speaker and certified Business Continuity, Information Security & Risk Management trainer.
She was awarded Alumnus of the Year 2012 of Delft University, Australian Business Woman of the Year 2010-13 by BPW, Risk Consultant of the Year 2017 (RMIA/Australasia) and Outstanding Security Consultant 2019 Finalist (OSPAs)
Rinske has consulted to the Department of Prime Minister & Cabinet, 15 Central Banks, APEC, BBC, Shell, Fuji Xerox, NIB Health Funds, ASIC, Departments of Defense, Immigration, Health, Industry, Education, Foreign Affairs and 100s of other public and private organizations across 5 continents.
She has been changing the way organizations ‘plan for the unexpected’. Her facilitation skills enable organizations to achieve their own results and simplify their processes. She applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to BCM, Security, and Risk.
Her 'alter ego' includes being a lead singer in SophieG Music and contributing to the global charity playing for Change, which provides music education to children in disadvantaged regions.
Loris Mansiamina
A Senior GRC Professional consultant for Small, Medium and large companies. Over 10 years, Loris has been assisting clients in both public and private sectors about various matters relating to Gouvernance, Risk Management and Compliance (GRC), Digital transformation, cyber security program management, ISO 27k & ISO 20k implementation, COBIT & ITIL implementation, etc.
Date: December 19, 2023
Tags: ISO, ISO/IEC 27001, ISO/IEC 27035, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
ISO/IEC 27035 Information Security Incident Management - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/yT8gxRZD_4c
Information Security Analyst- Infosec trainInfosecTrain
The information has more exceptional value in today's highly competitive world. It helps organizations in many ways. From making accurate decisions to set up strategies to achieve their business goals, organizations rely extensively on the information system.
10+ years of overall IT experience out of which 8+ years is in IT Governance, Risk and
Compliance, Information Security solution Design, Develop, Deploy, Systems Audit, advisory
and consultancy to large clients across globe
Experience of working Vulnerability Assessment, Penetration Testing (VA/PT), IT Risk
Assessment, Business impact analysis (BIA) and Regulatory Compliance activities.
Experience in to Design, Develop, Implement, Review and Fine-tune, Information
Security/ BCM (BCP/DR) Solutions, Policies, Controls, Standards, Procedures and
Organizational Information Security Posture
Want to learn about the latest NIST Cybersecurity Framework (CSF) 2.0?
We've just uploaded a recording of our 2-hour training workshop organized by the ISC2 El Djazair Chapter and delivered by cybersecurity instructor Bachir Benyammi.
In this workshop, you'll gain insights on:
- NIST CSF 2.0 components (Core, Tiers, and Profiles)
- Implementing the framework for your specific needs
- Improving your organization's cybersecurity posture
- Assessing your cybersecurity maturity
- Examples of assessment tools
Watch the full workshop on our YouTube channel: https://lnkd.in/dXEbp8QM
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
OT Security Architecture & Resilience: Designing for Security Successaccenture
Resiliency is the new imperative for OT environments. This track provides valuable insights for building a security architecture to meet the business challenge. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. https://accntu.re/36gMaWm
Build your career with top cyber security jobs in 2022?InfoSec4TC
Which cyber security job is right for you? What skills do you need to fill the job? Before we answer these questions, let’s have a glimpse of why there has been an increase in the number of cyber security jobs. According to the University of Maryland, hackers attack an average of 2,244 times a day. Making it a necessity for firms to invest in cyber security, thus opening doors for individuals who want to build a cyber-security career.
Top cybersecurity certifications in 2022.pptxinfosec train
Cyber security practices involve preventing malicious attacks on computers, servers, mobile devices, electronic systems, networks, and data. It is also called information technology security or electronic information security.
https://www.infosectrain.com/courses/comptia-network-certification/
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cybersecurity USA October 6th and 7th
Sacramento California USA
Identify, protect, detect, respond and recover.
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy and Water Sector.
IT Governance will help you shift the state of your cyber security by improving your defences against a broad range of attacks, and reducing the risk and impact of incidents.
Didiet Kusumadihardja - Cybersecurity Consultant Portfolio. Qualification, affiliation, list of services offered and related experience. Language: English.
Didiet Cybersecurity Consultant Portfolio - English
RESUME - Marc Bercier - Long
1. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 1 of 11
IT Related Experience 25 years +
Security Clearance Top Secret Level issued by PWGSC.
File Number: 95365640-0001535588
Expiry Date: Jan. 23, 2019
Languages Fully fluent in English and French (written and spoken)
Education Bachelor of Applied Sciences, Electrical Engineering with
Computer Option, University of Ottawa, 1990
Professional
Development
Exercising ITSG-33 Security Control Profiles and the HTRA to
Support IT Projects, Security Mindset, 2014
International Information Systems Security Certification
Consortium (ISC)2 Certified Information System Security
Professional (CISSP), 2008
ITIL Practitioner Level Certification: Managing the Changing
IT Infrastructure According to ITIL Best Practices, Pink
Elephant, 2005
ITIL Practitioner Level Certification: Measuring, Reporting
and Improving the IT Infrastructure According to ITIL Best
Practices, Pink Elephant, 2004
ITIL Foundation Level Certification: ITIL IT Service
Management Essentials, Pink Elephant, 2003
Professional
Affiliations
Member of the Information Systems Security Association
(ISSA)
Volunteer
Experience
Secretary of the Ottawa chapter of Information Systems
Security Association (ISSA), 2014 to present
PROFILE
Mr. Bercier has over 25 years of practical experience in Information Technology including the
fields of telecommunications, and cyber-security. He has a strong background in business
management which includes managing people (staff, clients), projects and processes.
Over the past 10 years, Mr. Bercier has gained expertise in the field of cyber-security as a
proven leader in IT security operations, process improvement and customer care. During that
time, he has attained and maintained the industry recognized status of Certified Information
Systems Security Professional (CISSP).
Since 1991, Mr. Bercier has evolved within ITIL focused organizations where he was able to
gain knowledge and practical experience as an ITIL process expert capable of developing new
processes or improving existing ones to the benefit of both the organizations and the clients
they served. He has attained practitioner level certifications in change and configuration
management and in measuring and reporting.
2. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 2 of 11
In 2014, Mr. Bercier created InTechSec Ltd. focusing his core competencies in order to provide
professional IT security consulting services to government and private enterprises.
Mr. Bercier is a recognized people leader who is able to motivate and encourage teams to
work together to achieve a stated purpose. He has demonstrated this ability as a direct
manager and in a matrix organization. As a project manager, he has been able to deliver
quality project deliverables by leveraging architecture, deployment, IT support and IT security
operations teams. Mr. Bercier has also positively contributed to the bottom line of his
organization by, for example, organically growing revenues from the existing client base by
more than $2 million while at CGI.
Mr. Bercier is fully bilingual with the ability to help clients in both official languages via spoken
and written communications.
RELEVANT WORK EXPERIENCE
Project #10
Shared Services Canada
Cyber and IT Security (CITS) Transformation Services
Information Technology Security Consultant
June 2014 to present (2 Years and 6 months)
Description: Working within the Cyber and IT Security (CITS) Transformation Services and
the Security Operations groups of Shared Services Canada, Mr. Bercier is involved with several
IT strategic security planning initiatives applicable to the Security Operations Centre (SOC)
transformation. Mr. Bercier’s roles, responsibilities and objectives for this position included
the following:
Maturity Assessment: Mr. Bercier developed a maturity model with the long term goal of
assessing and improving SSC’s security operations. Using available information from
existing maturity models, he developed a self-assessment questionnaire that SSC SOC
managers are able to leverage to determine their current operational maturity. Mr. Bercier
has performed an analysis of answers provided and produced a report explaining the
finding and providing recommendations that, when implemented, will lead SSC’s security
operations to higher operational maturity.
Standards Development: Mr. Bercier has produced the following standard documentation
of SSC’s security operations:
o Incident Management Standard
o Vulnerability Management Standard
Assessment of current SSC Security Operations practices, providing recommendations for
improvement.
Disaster recovery and service continuity planning: Mr. Bercier performed a thorough
analysis of disaster recovery and service continuity models for the SSC SOC 43
government partners (departments and agencies). He provided recommendations based
on the requirements of SSC and its partners.
SOC Consolidation: Mr. Bercier provided recommendations on the approach to consolidate
the 12 partner facilities providing IT security services into a single SOC, ensuring that the
level of service provided to the 43 partners remain the same or better than the current
situation.
Security Service Definition: Mr. Bercier worked with CITS and Security Operations staff to
define the end-state IT security services that will be offered by the SSC SOC. As part of
this initiative, Mr. Bercier took the lead in writing the Service Definition document. Mr.
3. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 3 of 11
Bercier defined the use cases that describe these end-state services. He lead the
development of Request for Proposals (RFPs) that will be used to setup supply
arrangements with multiple vendors to enable the SSC SOC to provide state of the art IT
security monitoring and security management (SM&SM) services. Mr. Bercier’s expertise
helped SSC define the following services:
o Event Logging and Auditing Service (ELAS)
o Security Incident Management Service (SIMS)
o Compliance, Threat and Vulnerability Management Service (CTVMS)
Security Service Improvement Initiatives: Mr. Bercier has lead several improvement
opportunities to measure and improve SSC’s operation security service delivery, including:
o Security Operations Maturity Model Development
o Security Operations Metrics and KPI development
o Security Readiness Reporting Development
Application Security: Mr. Bercier provided a recommendation to SSC on the need to offer
application security services to ensure layered defence of the government of Canada
infrastructure.
Mr. Bercier developed the first version of the CITS program reporting dashboard to ensure
a harmonised progress reporting mechanism across SSC CITS.
Mr. Bercier has been part of the quality control team for several CITS publication including:
o Data Protection Service Definition Document
o Data Centre Zoning Standard
o Security Monitoring and Security Management Statement of Sensitivity
o ITSG-33 Security Controls related to Security Monitoring and Security Management
o Infrastructure Protection Statement of Sensitivity
o Privacy Protection within IT Security Standard
o Vulnerability Management Strategy
o Network Security Zoning Guidelines
o Security Log Standards
o Privilege Access Management (PAM) Framework
Mr. Bercier has acted as the chair of the CITS & Security Operations Working group,
leading discussions and logging minutes and actions.
Project #9
CGI
Global Managed Security Services
Project Manager and Member of the ISO 27001 Compliance Initiative
January 2013 to present (2 years and 3 months)
Description: Working within the Global Managed Security Services group of CGI, Mr. Bercier
provided management guidance to IT security specialists integrated within cross-functional
teams, including architecture, deployment, IT support and security monitoring to implement
large and medium security products and services into operational environments including:
Intrusion Detection (network, host and wireless), Log Management and Continuous
Vulnerability Management services for a national securities regulator.
Log Management, Continuous Vulnerability Management and Strong Authentication
services for a large financial institution.
Network Intrusion Detection and Log Management services for a satellite communication
service provider with offices worldwide.
Network Intrusion Detection service for a credit union.
Log Management service for 2 large financial institutions.
Host Intrusion Detection Service for Canada Post Corporation (CPC)
4. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 4 of 11
The projects managed by Mr. Bercier represented total revenues of over $8.5 million for CGI.
Mr. Bercier applied the CGI Client Partnership Management Framework (CPMF) methodology
which is based on the Project Management Book of Knowledge (PMBOK) and includes the
following knowledge areas: Project Integration Management, Project Scope Management,
Project Time Management, Project Communications Management, Project Cost Management,
Project Quality Management, Project Risk Management, and Project Procurement
Management. Mr. Bercier’s roles, responsibilities and objectives for this position included the
following:
Contract Review including analysis of requirements.
Gap analysis between proposed and contracted solutions.
Current Situation Analysis / Due Diligence based on validated assumptions after contract
awards.
Created Project Management Plans including:
o Work Breakdown Structures using MS Project 2010
o Risk Management Plans
o Issues Management Plans
o Procurement Management Plans
o Communication Management Plans
o Requirement Management Plans
o Quality Management Plans
o Measurement Plans
o Change Request Management Plans
o Project Status Reports
Maintenance of the WBS, Risk, Issues and Change Registers and other project
documentation.
Mobilized resources at the start of each project and managed project resources for efficient
delivery, balancing time, scope, cost, and quality.
Vendor and Procurement management.
Change Request Management including keeping a change register.
On-going project communication including chairing meetings and producing meeting
minutes, status reports and updated work breakdown structures.
In addition to his project management role, Mr. Bercier has been involved in other initiatives
within CGI’s Global Managed Security Services (GMSS), including:
Process Creation and Improvement: Mr. Bercier has lead several initiatives to improve the
efficiency of CGI’s Managed Security Services group. He has proposed several changes to
the Operational Readiness Review process which have been adopted. He has improved
the request procedure used by Project Managers to implement Web reports for new
services or new clients.
Mr. Bercier successfully led a business growth initiative resulting in organic growth of $1
million over 4 years.
Mr. Bercier has provided assistance to CGI’s GMSS compliance officer to become ISO
27001 compliant. Specifically, he has:
o Written the Information Security Management System (ISMS) Manual
o Written the first version of the Metrics and Key Performance Indicators (KPI)
Strategy document
o Revised and corrected the Asset Management Policy
Mr. Bercier has written the first draft of the CGI GMSS Project Handbook.
Mr. Bercier is part of the senior leadership team providing input to the strategic direction
of CGI's Global Managed Security Services division.
5. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 5 of 11
Project #8
CGI
Global Managed Security Services
Security Operations Centre (SOC) Manager
November 2007 to December 2012 (5 years and 2 months)
Description: Working within the Global Managed Security Services group of CGI, Mr. Bercier
was accountable for planning and overseeing the day-to-day operational delivery of security
and technology monitoring and support services on IT security infrastructure and applications
solutions, while providing management guidance to technical and IT security specialists
integrated within cross-functional teams to ensure support of IT security services and
solutions in the production environment. Mr. Bercier led interactions with IT Architecture and
service deployment specialists to ensure an ongoing understanding of issues emerging from
technology and security monitoring and support services delivery, and to support the planning
of changes in the IT environment that result in optimized levels of technology performance.
He was responsible for establishing and ensuring that policies, protocols, processes and
controls were implemented and adhered to in regard to all security monitoring, technology
monitoring and support services.
Mr. Bercier’s roles, responsibilities and objectives for this position included the following:
Oversaw the day-to-day operational management, scheduling and delivery of a combined
Security and Network Operations Centre (SOC & NOC) staffed 365/24/7 with 10+ Security
Analysts and 3 Senior Security Analysts providing security monitoring, technical
monitoring and security incident response to CGI’s 50+ Managed Security Services clients.
Oversaw the day-to-day scheduling and delivery of an Infrastructure Protection Centre
(IPC) staffed 365/24/7 with 7 Security Analysts providing security monitoring and security
incident response in a dedicated Public Works and Government Services Canada (PWGSC)
environment.
Oversaw the day-to-day operational management, scheduling and delivery of the CGI
Security Incident Response Team (SIRT) in providing security analysis and
recommendations and taking actions to protect CGI’s 50+ clients subscribing to Managed
Security Services.
Oversaw the day-to-day operational management, scheduling and delivery of a team of
20+ Security Infrastructure Support Specialists providing 365/24/7 on-call support to
CGI’s dedicated and shared Managed Security Services Infrastructure. The team under
Mr. Bercier’s responsibility provided support for hardware, Windows, UNIX, Linux and
VMWare Operating Systems (OS), database and security applications.
Led a team of IT support and Cyber Security professionals providing Managed Security
Services to Government of Canada departments and agencies, including:
o Canada Post Corporation
o Canada Revenue Agency
o Canada School of Public Service
o Canadian International Development Agency (CIDA)
o Canadian Payment Association
o Department of Finance
o Department of Foreign Affairs and International Trade Canada (DFAIT)
o Department of Justice
o Federal Treasury Board
o Health Canada
o Heritage Canada
o Industry Canada
o Library and Archives Canada
6. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 6 of 11
o National Research Council
o Parks Canada
o Public Health Agency
o Public Works and Government Services Canada (PWGSC)
o Shared Services Canada
o Supreme Court
o Transport Canada
o Transport Safety Board
o Treasury Board
o Workplace Safety and Insurance Board (WSIB)
The security services provided under Mr. Bercier’s responsibility included:
o Network Intrusion Detection and Protection Service (NIDS and NIPS) using
SourceFire (Snort), Cisco, Enterasys Dragon, IBM ISS and Juniper.
o Host Intrusion Detection and Protection Service (HIDS and HIPS) using TrendMicro,
McAfee and IBM ISS.
o Wireless Intrusion Detection using Motorola Air Defense.
o Log Management service using ArcSight and Splunk.
o Mail filtering (anti-spam) service using Cisco Ironport, McAfee and Postini.
o Host Anti-Virus service using McAfee and Symantec
o Mail and gateway anti-virus service using McAfee
o Web Content Filtering service using BlueCoat and WebSense.
o Strong Authentication (two-factor authentication) service using RSA SecurID.
o Continuous Vulnerability Management using Rapid7 and Nessus.
o File Integrity Management service using TripWire.
o Web Application Firewall (WAF) service using Imperva and InfoSphere Guardium.
o Database Access monitoring (DAM) service using Imperva.
o Firewall Management service using Cisco and Checkpoint firewalls
o VPN Management using Cisco ASA.
o Security Surveillance and Monitoring service using ArcSight Security Event and
Incident Management (SEIM) tools.
Provided oversight and technical guidance to the 365/24/7 management of incidents and
problems related to the IT security services and solutions delivered by CGI GMSS, and
managed the provision of the necessary distance or field support requirements. Led the
definition and implementation of the incident responses and corrective measures
necessary to address problems in such areas as IT security, infrastructure, applications
and services, including the escalation of incident resolution to the security architecture
team or other CGI support teams.
Oversaw the implementation of performance metrics pertaining to monitoring and
support activities to ensure compliance to Service Level Agreements and other aspects
tied to service delivery.
Process Creation and Improvement: Mr. Bercier led several initiatives to improve the
efficiency of CGI’s Managed Security Services group.
o He was instrumental in ensuring the viability and stability of the Operational
Readiness Review Process. As a result, the operational support teams he managed
were confident that all the required information was available during after hour
incident management.
o Mr. Bercier worked with his team to establish a patching strategy for the systems
they managed ensuring that all systems and applications were properly secured as
new vulnerabilities emerged.
o Mr. Bercier spearheaded the improvement of the security incident process and
ensured alignment to the SANS Institute (System Administration, Networking, and
Security Institute) best practice by developing and clarifying the classification of
7. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 7 of 11
security incidents along with the required response to meet the Service Level
Agreement (SLA) of CGI’s clients.
o He collaborated with the other MSS teams to improve the Change Management
process ensuring that all changes to the managed infrastructures were logged and
documented according to ITIL best practices.
o Mr. Bercier improved the efficiency of the Technical Incident process by directing
his team to avoid duplicate incident records across the multiple incident
management systems used by CGI and ensuring consistent incident record quality
and completeness of information.
Audits and Compliance: Mr. Bercier provided leadership to ensure continued annual
compliance during PCI and 5970 audits. Mr. Bercier directed his team in the development
of reporting used as evidence of SOX compliance. To maintain compliance Mr. Bercier:
o Reviewed control objectives and assigned resources to provide evidence of
compliance
o With respect to non-compliant items, developed and led action plans to ensure
future compliance
Developed annual resource and training plans supporting the operational delivery of
security and technology monitoring and support services, and developed inputs to financial
budgeting and forecasting requirements.
Human Resources: Mr. Bercier was responsible to interview and hire candidates for the
available positions within CGI’s Managed Security Service group. His responsibilities
included suggested starting salaries and increases. He was responsible for annual
performance assessments including the setting of goals and objectives and compensation
review. Mr. Bercier initiated performance improvement plans resulting in focusing the
impacted team members to start performing up to the level that Mr. Bercier knew they
could reach. As part of his responsibility he terminated members who could not function
at the level required for the position. Mr. Bercier worked with the CGI HR department to
follow all the appropriate process and due diligence to protect CGI and ensure that affected
members were clearly informed of the requirements of the performance improvement
plan.
Mr. Bercier was part of the senior leadership team providing input to the strategic direction
of CGI's Global Managed Security Services division.
Project #7
CGI
Global Managed Security Services
Senior Client Service Manager
May 2006 to November 2007 (1 year and 6 months)
Description: Mr. Bercier was responsible for the customer care of CGI’s Managed Security
Services’ clients to which he was assigned. Mr. Bercier’s roles, responsibilities and objectives
for this position included the following:
Close involvement in the day to day operational management of his client’s expectations
along with ensuring a superior level of service for the CGI operational delivery teams
within MSS. Mr. Bercier’s assigned clients included:
o 3 large financial institutions
o Canada Post Corporation (CPC)
o Canadian International Development Agency (CIDA)
o World Anti-Doping Agency (WADA)
Operational escalation point during service issues in which the resolution was not meeting
the client’s expectations.
8. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 8 of 11
Provide guidance and direction to the CGI MSS Operational teams involved in delivery of
services to his clients.
Organic growth of his existing client base. Mr. Bercier increased organic revenue by $1.2
million over 3 years.
Project Management: Mr. Bercier successfully managed implementation of several security
related projects including:
o Web content filtering, host anti-virus and e-mail filtering services for a major
Canadian courier company
o Web content filtering and host intrusion detection services for a large financial
institution
o Strong authentication service for an international foundation
o Web content filtering for a Government of Canada agency
o Intrusion detection (network, host) and anti-virus services for a large financial
institution
Project #6
MTS Allstream (Formerly AT&T Canada)
Managed Network Services
Process Consultant
September 2004 to February 2006 (1 year & 5 months)
Description: Mr. Bercier’s responsibilities included the development of ITIL processes to
support the operations of MTS Allstream Managed Network Services group. The scope of his
responsibilities included configuration management, service level management and key
performance indicators. Mr. Bercier’s roles, responsibilities and objectives for this position
included the following:
Designed a working scalable Configuration Management Process to meet the requirements
of ITIL implementation across the entire Managed Services Division.
Created Operational Level Agreements (OLA) with internal suppliers in compliance with
signed Service Level Agreements (SLA) for continued effective customer support across
all groups at Allstream.
Ensured the effective long term measuring and improving of existing ITIL processes
(Incident, Problem, Change, Configuration and Service Level Management Processes) by
determining Key Performance Indicators (KPI) for eac h process and producing monthly
KPI reports with common-sense actionable recommendations.
Project #5
Allstream (Formerly AT&T Canada)
Managed Network Services
Operations Manager
April 2003 to September 2004 (1 year & 5 months)
Description: Led a team of 1st level support specialists by coaching and directing with a
focus on minimizing downtime and improving customer service. Mr. Bercier’s roles,
responsibilities and objectives for this position included the following:
Reduced daily incident review and correction process by managers from 1.5 hours to 15
minutes daily.
Contributed to the increase of customer satisfaction during escalations by listening to
customers or Customer Service Managers concerns and acting in quick, decisive ways to
ensure that issues were resolved in a timely manner.
Initiated and created training material for 1st level specialists to enable new staff to
transition into position quickly and effectively.
9. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 9 of 11
Led a project team in aligning procedures and toolset configuration between the Ottawa
and Toronto Enterprise Management Centers (EMC) that resulted in quick responsibility
transfer during backup situations and seamless management of customer networks.
Human Resources Management: Led performance reviews, shift scheduling in a 7/24
environment, interviewing, selecting and hiring network resources.
Prioritized technical incidents and tasks.
Provided guidance to network operation members.
Ensured new networks were ready for ongoing operations.
Continually focused on improving ITIL processes for ongoing service delivery excellence.
Project #4
AT&T Canada
Managed Network Services
Solutions Engineer
September 2002 to April 2003 (7 months)
Description: As part of a team of Network Solutions Engineers, Mr. Bercier was responsible
to design and implement new Cisco based IP networks comprised of routers and switches. He
was also responsible for providing 3rd level support to existing networks and clients. Mr.
Bercier’s roles, responsibilities and objectives for this position included the following:
Developed comprehensive templates to empower the Engineering team to deliver clear
and effective Customer Network Analysis Reports.
Analyzed client requirements and designed internetworks based on those requirements.
Contributed to the success of implementing, on time and on budget, a network of over
200 nodes.
Documented the network and procedures for the support team and the field technicians
including procedures, configuration information and network diagrams.
Configured network devices and troubleshooting during implementation.
Trained 2nd and 1st level support staff to enable them to support new networks.
Implemented wide-area network security by using access lists in Cisco routers.
Implemented secure authentication methods for dial-up networking in Cisco routers.
Configured ISDN backup in Cisco routers.
Project #3
AT&T Canada
Managed Network Services
Internetworking Consultant (2nd level support)
September 2000 to September 2002 (2 years)
Description: Mr. Bercier was responsible to provide 2nd level support to existing Cisco based
IP networks for several large and medium clients. Mr. Bercier’s roles, responsibilities and
objectives for this position included the following:
Pioneered the production of Customer Network Analysis Reports, which became part of
AT&T Canada’s standard service offering.
Presented Network Analysis Reports to customers and service managers.
Ensured client satisfaction by resolving incidents quickly or escalating to 3rd level in a
timely manner.
Implemented wide-area network security by using access lists in Cisco routers.
Implemented secure authentication methods for dial-up networking in Cisco routers.
Configured ISDN backup in cisco routers.
Configured and troubleshot Cisco routers and switches.
10. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 10 of 11
Project #2
AT&T Canada
Managed Network Services
Internetworking Specialist (1st level support)
May 2000 to September 2000 (4 months)
Description: Mr. Bercier was responsible to provide 1st level support to existing Cisco based
IP networks for several large and medium clients. Mr. Bercier’s roles, responsibilities and
objectives for this position included the following:
As a result of a merger of two AT&T clients, Mr. Bercier worked with the client to migrate
their two networks into one.
Ensured client satisfaction by resolving incidents quickly or escalating to 2nd level in a
timely manner.
Configured and troubleshot Cisco routers and switches.
Project #1
NAV Canada / Transport Canada, Aviation
Network Engineering
Life Cycle Engineer
August 1991 to May 2000 (8 years & 10 months)
Description: Mr. Bercier was responsible to manage the day-to-day activities of the NAV
Canada Intranet (NCI) WAN. Mr. Bercier’s roles, responsibilities and objectives for this
position included the following:
Successfully led a project to secure funds for the purchase of equipment to migrate sites
from dial-up to Frame-Relay connectivity increasing performance and user satisfaction.
Successfully led a project resulting in the implementation of a Metropolitan Area Network
(MAN) interconnecting three NCI sites in Ottawa.
Trained NAV Canada field technicians ensuring that they could effectively maintain
deployed equipment.
11. Marc Bercier, CISSP, ITIL marc.bercier@intechsec.com
Last Updated: December 5, 2016 Page 11 of 11
SUMMARY OF SKILLS
Cyber Security
Governance and Risk Management (GRM)
Policies
Security Incident Response Team (SIRT)
Security Operations Centre (SOC)
Infrastructure Protection Centre (IPC)
Log Management
Network Intrusion Detection/Prevention
Host Intrusion Detection/Prevention
Wireless Intrusion Detection/Prevention
Anti-Virus
Web Content Filtering
Mail Filtering
Security Events and Incident
Management (SEIM)
SANS Institute Best Practices
Audits and Compliance
ITSG-33
PCI compliance
ISO 27001 compliance
SOX compliance
5970 compliance
Documentation
Requests for Proposal
Service Definitions
Procedures
Service Delivery Maturity
ITIL Service Management
Incident Management
Problem Management
Change Management
Configuration Management
Service Level Management
Key Performance Indicators (KPI)
Remedy Action Request System
Project Management
PM Book of Knowledge (PMBOK)
MS Project 2010
Office Automation Applications
MS Office: Excel, Word, PowerPoint,
Visio, Access
Operating Systems
Windows 3.11, 95, 98, 2000, NT, XP, 7,
8
MS-DOS
Network Equipment & Technologies
Network Operations Centre (NOC)
Cisco Routers
Cisco Switches
Ethernet
Token Ring
Frame Relay
Wide Area Networks
Metropolitan Area Networks
Wireless Networking
Asynchronous Transfer Mode (ATM)
Multiprotocol Label Switching (MPLS)
Integrated Services Digital Network
(ISDN)
Soft Skills
People Management and HR
Team Leadership
Strategic and Tactical Planning
Performance Management
Operational Planning
Client Service Management
Process Management
Troubleshooting / Problem Solving
Individual Contributor & Team Player
Documentation
Fully Bilingual