Strategically focused information assurance & data security director
benchmarking the necessary technology governance and processes to avert information security risk and profit loss
FSO Training: Preparing for Business GrowthClearanceJobs
Facility Security Officers must support NISPOM requirements over a growing enterprise. Classified information must be protected through adding security personnel and/or expanding facilitates.
FSO Training: Preparing for Business GrowthClearanceJobs
Facility Security Officers must support NISPOM requirements over a growing enterprise. Classified information must be protected through adding security personnel and/or expanding facilitates.
Comprehensive integrated reporting fei article by david phillips mike willis ...Workiva
Financial executives are responsible for managing a wide range of information regarding organizational
strategic objectives, governance, risk and performance. It’s a complex task.
To ensure security, it is important to build-in security in both the planning and the design phases and adapt a security architecture which makes sure that regular and security related tasks, are deployed correctly. Security requirements must be linked to the business goals. We identified four domains that affect security at an organization namely, organization governance, organizational culture, the architecture of the systems, and service management. In order to identify and explore the strength and weaknesses of particular organization’s security, a wide range model has been developed. This model is proposed as an information security maturity model (ISMM) and it is intended as a tool to evaluate the ability of organizations to meet the objectives of security.
Niveles y tipos de lenguajes de programaciónJafet Duran
Descripción de los tipos de lenguaje por nivel de abstracción y por su clasificación por paradigmas, se incluyen ejemplos, lenguaje maquina, ensamblador, alto nivel, C++, C, C#, LabView, Wolfram, SQL, MatLab, assembler, etc.
El estres laboral o estrés en el trabajo es un tipo de estrés propio de las sociedades industrializadas, en las que la creciente presión en el entorno laboral puede provocar la saturación física o mental del trabajador, generando diversas consecuencias que no sólo afectan a su salud, sino también a la de su entorno más próximo.
El estrés laboral aparece cuando las exigencias del entorno superan la capacidad del individuo para hacerlas frente o mantenerlas bajo control, y puede manifestarse de diversas formas. Algunos de sus síntomas más frecuentes van desde la irritabilidad a la depresión, y por lo general están acompañados de agotamiento físico y/o mental.
Comprehensive integrated reporting fei article by david phillips mike willis ...Workiva
Financial executives are responsible for managing a wide range of information regarding organizational
strategic objectives, governance, risk and performance. It’s a complex task.
To ensure security, it is important to build-in security in both the planning and the design phases and adapt a security architecture which makes sure that regular and security related tasks, are deployed correctly. Security requirements must be linked to the business goals. We identified four domains that affect security at an organization namely, organization governance, organizational culture, the architecture of the systems, and service management. In order to identify and explore the strength and weaknesses of particular organization’s security, a wide range model has been developed. This model is proposed as an information security maturity model (ISMM) and it is intended as a tool to evaluate the ability of organizations to meet the objectives of security.
Niveles y tipos de lenguajes de programaciónJafet Duran
Descripción de los tipos de lenguaje por nivel de abstracción y por su clasificación por paradigmas, se incluyen ejemplos, lenguaje maquina, ensamblador, alto nivel, C++, C, C#, LabView, Wolfram, SQL, MatLab, assembler, etc.
El estres laboral o estrés en el trabajo es un tipo de estrés propio de las sociedades industrializadas, en las que la creciente presión en el entorno laboral puede provocar la saturación física o mental del trabajador, generando diversas consecuencias que no sólo afectan a su salud, sino también a la de su entorno más próximo.
El estrés laboral aparece cuando las exigencias del entorno superan la capacidad del individuo para hacerlas frente o mantenerlas bajo control, y puede manifestarse de diversas formas. Algunos de sus síntomas más frecuentes van desde la irritabilidad a la depresión, y por lo general están acompañados de agotamiento físico y/o mental.
El capitalismo es un sistema socioeconómico en el cual los medios de producción y distribución son de propiedad privada y con fines de lucro.
Las decisiones relativas a la oferta, la demanda, el precio, la distribución y las inversiones no son tomadas por el gobierno. Los beneficios se distribuyen a los propietarios que invierten en empresas y a través de estas los salarios se pagan a los trabajadores. El capitalismo es dominante en el mundo occidental desde el fin del feudalismo en el siglo XVII en Inglaterra, y se rige por el dinero, la economía de mercado y los capitales.
El capitalismo es el sistema socioeconómico basado en el reconocimiento de los derechos individuales, donde toda propiedad es de carácter privado y el gobierno existe para prohibir el inicio de violencia humana. En una sociedad capitalista, el gobierno tiene tres órganos competentes: la policía, el ejército y los tribunales de justicia.
En la lógica del capitalismo está el aumento de los ingresos. Estos pueden ser concentrados como distribuidos sin que esto tenga nada que ver con la esencia misma del sistema. La concentración y la distribución de los ingresos capitalistas dependen mucho más de las condiciones particulares de cada sociedad.
El capitalismo sólo puede funcionar cuando hay medios sociales y tecnológicos suficientes para asegurar el consumo y acumular capitales, por ejemplo, tiene que existir el empleador, quien posee los recursos y el capital y, busca la maximización del beneficio propio por medio de la acumulación y producción de los recursos; también los empleados, quienes venden su trabajo (el salario) a su empleador; y, por último, los consumidores, quienes buscan obtener la mayor satisfacción o utilidad adquiriendo lo que quieren y necesitan en función a la calidad del producto o la cantidad de su precio. Cuando esto sucede, el sistema se ha mantenido e incluso aumenta la capacidad económica para producir riqueza.
I. ¿QUÉ SON LOS PRIMEROS AUXILIOS?
Los primeros auxilios son los cuidados básicos que se dan de manera inmediata a una persona que ha sufrido una urgencia, emergencia o enfermedad súbita.
Consisten en un conjunto de medidas básicas que sostienen a la persona hasta que reciba una asistencia más compleja. Tienen como finalidad contribuir a conservar la vida, evitar complicaciones físicas y psicológicas, y siempre que sea posible asegurar su traslado a un centro asistencial para que reciba atención médica.
Objetivos:
Conservar la vida.
Evitar complicaciones físicas y psicológicas.
Ayudar a la recuperación.
Asegurar el traslado de los accidentados a un centro asistencial.
PRIMER RESPONDIENTE
La primera persona que decide participar en la atención de un lesionado. Puede o no ser un profesional de la salud. Es el encargado de evaluar la escena, comenzar la revisión del lesionado y activar al servicio médico de urgencia, conocido en los medios urbanos como Sistema de Atención Médica Pre hospitalaria de Urgencias o Servicio Metropolitano de Urgencias.
Las obligaciones del primer respondiente son:
• Tener el primer contacto con el lesionado.
• Pedir ayuda porque no siempre se puede trabajar adecuadamente solo.
• Realizar la evaluación primaria del paciente. (Revise)
• Solicitar el apoyo de los cuerpos de emergencia adecuados. (Llame)
• Liberar la vía aérea. (Atienda)
• En caso necesario iniciar RCP (básico).
• Dar datos del padecimiento o atención a los servicios de Emergencia al llegar.
PRIMEROS AUXILIOS
1. conserve la calma
2. revise el lugar y asegure eliminando los riesgos tanto para el accidentado como para el primer respondiente.
3. verificar el nivel de conciencia de la persona golpeando los hombros y con el llamado de la voz.
4. active la alarma de emergencia llamando al 123 dando las indicaciones del lugar del accidente, condiciones de la persona y pidiendo un desfibrilador manual.
5. Inicio RCP
Resume of Alan Leal, Global Technology Licensing Executive with critical expertise in IP licensing, technology transfer and monetization of emerging technologies
Business continuity management fundamentals updateExo Futures
BCM is a holistic management process
that identifies potential impacts that threaten an organisation
and provides a framework for building resilience with the capability for an effective response
that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
BIA is a process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that may result if an organization was to experience a disruption from a disaster event.
A simpler definition, BIA is a survey that shows how soon you need to have something and do something in order to not ruin your reputation, not lose a lot of money, and not go out of business.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
1. Learn about the evolving role of the chief risk officer (CRO) both before and during the current global economic crisis.
2. Develop an understanding of the complementary aspects of the CRO and chief audit executive (CAE) roles, as well as the potential conflicts to avoid.
3. Discover strategies and critical success factors for an effective CRO and CAE partnership.
Information Security is becoming a focus for the entire enterprise, not just IT. This need to align both business and technology is forcing IT to move Information Security from afterthought to forethought. Architects now ponder how Information Security can be integrated into the broader topic of Enterprise Architecture. This session shows how to make the integration happen. You will learn how to integrate assets and define trusts and threat models as a part of your overall EA plan. You will also understand how Information Security is traced all the way from business architecture to the technology implementation. Participants will understand the components of an Integrated EA and Information Security framework and ensuring the traceability between business goals and IT security solutions delivered from the framework.
Key Issues:
-Understand the need to think early about Information Security
-Learn to incorporate Information Security into your EA blueprint and roadmap
-Integrate Informatoin Security Goals, objectives and capabilities with your EA view of strategy
-Integrate security policies, services and mechanisms with your EA view of solutions
-Integrate security mechanisms, standards, and guidelines into your implementations
1. (321) 501-1380
thomas@thomasdelaine.com
www.thomasdelaine.com
www.linkedin.com/in/thomasdelaine
Currently reside in Melbourne, FL.
STRATEGICALLY FOCUSED INFORMATION ASSURANCE & DATA SECURITY DIRECTOR
benchmarking the necessary technology governance and processes to avert information security risk and profit loss
executive summary
Critical-thinking technology strategist and Certified Information Systems Security Professional (CISSP) with Top Security
Clearance and master-level expertise in information assurance (IA) and information security (IS). Consistently called
upon to solve the most complex technology issues surrounding operational effectiveness, cost, and risk. Trusted,
respected advisor to leadership teams, integral in establishing and maintaining enterprise vision, strategy, programs and
solutions to prevent internal and external security breaches and compliance issues. Well versed in diverse regulatory
touch points for defense, government and commercial organizations. Person of action, adept at maximizing resources
on complex, mission-critical projects and rallying success-focused teams around a unified vision of achievement.
critical skill set
Strategic Business Planning 7-Figure Budget Management Test Development/Management
Operations Leadership Team Leadership Training Development
Governance/Policy Making Disaster Recovery Planning IS Risk & Gap Analysis
Business Continuity Planning Auditing/Compliance Logistics Planning
Project/Program Management Incident Management Executive Client Engagement
professional employment history
IT SECURITY GOVERNANCE ANALYST 2011 – Present NOTES
ability, accommodate, accountability, accountable, accreditation,
adapt, advisor, align, aligned, analytical, analyze, assessment, asset,
JetBlue Airways assets, assurance, audit, awareness, bachelor's degree, business,
capability, certification, certified, challenging, CISSP, clarifying,
collaborate, collaborative, communicate, communicating,
communication, compliance, computer science, computing,
concept, conceptual, confidentiality, configure, configured,
consensus, consultant, continuity, control, coordinate,
Engaged to entrench Payment Card Industry Data Security Standards (PCI-DSS) culture across coordinating, coordination, create, culture, database, datum, day-
to-day, deadline, define, defining, demonstrate, demonstrated,
department of defense, detection, develop, developing, director,
DOD, drive line, effectively, effectiveness, employee, enable,
enabling, encryption, engage, enhancement, ensure, enterprise,
the enterprise and overcome 4-year history of non-compliance. Immediately strengthened environment, evaluation, evolve, experience, expertise, familiarity,
functional, governance, guideline, HIPPA, identify, implement,
implementation, industry, information, information system,
information technology, information assurance, infrastructure,
initiative, innovative, integrate, integrated, interact, interpersonal,
PCI environment with new governance, controls, documentation management system and ISO 27001, lead, leadership, level, leveraging, line of business,
manage, management, master's degree, metric, metrics, mitigation,
monitor, monitoring, morale, motivate, motivated, NIST, on-going,
operation, operations, organize, outreach, oversee, oversight, PCI-
information security training program—crucial to preventing additional tens of thousands in
DSS, personnel, PII, plan, policy, practice, presentation, privacy,
prioritize, proactive, problem solving, process, proficiency,
program, proven, provide, regulatory, relate, related, report,
reporting, require, requirement, resource, responsible, responsible
for, risk, role, savvy, scorecard, security, security department,
bank fines and shielding sensitive customer information assets across all enterprise networks. security measure, security measures, security system, senior,
service, services, skill, solution, solve, solving, SOX, spoken
communication, standard, statues, steering committee, strategic,
strong, system, tactical, TCP, TCP/IP, team, technical, technology,
timely, translate, training, understand, understandable,
understanding, update, vendor, vulnerability, work load
Set foundation for enterprise-wide PCI-DSS compliance by creating and formalizing
document management system for 10 separate information security domains and
outlining policies, standards and procedures to simplify process management reporting.
Authored Corporate Information Security Policy, 9 supporting information security policies
and 30 information security standards in adherence with stringent PCI-DSS requirements.
Positioned company to meet statutory privacy laws and information security and PCI-DSS
regulatory requirements by restructuring and standardizing upgraded information security
training program.
Thomas P. DeLaine, Jr. | Page 1 of 3
2. SENIOR CONSULTANT 2000 – 2011
A&N Associates, Inc. NOTES
Recruited to assist this $3M public-sector technical consulting firm to penetrate Department of
Defense (DoD) and Federal markets based on TS Clearance and previous DoD and 22-year
Communications Security (COMSEC) experience. Applied skill in cryptologic key management,
policy/standard development, training development and documentation management across
varied assignments during tenure. Forged long-term industry relationships with vendors to
include Raytheon and General Dynamics. Select projects and enterprise impact:
Assumed role as key liaison to U.S. Defense Department program management offices
(PMOs) in various capacities—from IT transition, ITIL-based system engineering and
acquisition management to risk/gap/economic analysis, testing strategy and database
implementations.
Overcame critical gaps in DoD COMSEC accounting system, realized $224K cost savings in
test development and cut redesign time 75% by overhauling data collection process and
creating new test report template for key management system.
Met 9-month deadline for Analysis of Alternatives (AoA) development project for DoD
Public Key Infrastructure (PKI) program by combating issues of DoD identity management
infrastructure impacting entire DoD.
Proved instrumental in shaping policy and technical development strategy in pivotal areas
including digital signatures, network policy and software certificate usage as advisor to
U.S. Army Chief Information Officer/G6 Cyber Directorate (headquarters).
Ensured DoD-wide compliance with strict HIPAA requirements as human identity
verification source.
COMMUNICATIONS SECURITY OFFICER 1998 – 2000
U.S. Navy Washington, DC
Counseled Chief of Naval Operations on information assurance strategy while overseeing 20-
strong team, $600K budget as well as technical operations and related projects. Select
projects and enterprise impact:
Solved prevailing data translation issues and coordinated efforts of National Security
Agency and service teams, ensuring zero disruption to mission-critical operations across
900+ sites during DoD-wide migration of legacy system to COMSEC accounting system.
Launched first-ever U.S. Navy user certification program.
Called in at the eleventh hour to conduct mandatory security assessment and generate
inspection report for U.S. Naval Postgraduate School. Met aggressive 3-week target with
18 days to spare and advised on shaping systems integration plan to incorporate
information security as a key priority.
additional career history
SIGNALS WARFARE OFFICER USS LAKE ERIE (CG 70)
Optimized $400K budget and performance of 16 staff while carrying out highly classified cryptologic key management,
electronic warfare and signal intelligence projects for DoD. Advised key leadership on USS LAKE ERIE and battle group
accountable for Persian Gulf theater of war operations.
Thomas P. DeLaine, Jr. | Page 2 of 3
3. LOGISTICS SUPPORT DIVISION OFFICER Naval Security Group Activity, Pearl Harbor, HI
Prompted $3.5M annual cost savings for Fleet Electronic Support Department by consolidating calibration lab facilities
and refurbishing equipment. Saved $25K+ per year in testing by collaborating with Naval Magazine Lualualei to initiate
test equipment calibration. Trimmed excess equipment holdings 32% by recycling $900K+ in obsolete electronic
equipment and supplies to support foreign military efforts, key to winning “Best Large Maintenance Activity” recognition.
“[T.J.’s] distinctive accomplishments, unrelenting perseverance and steadfast devotion to duty reflected credit upon himself
and were in keeping with the highest traditions of the United States Naval Service.”—Commander in Chief, U.S. Pacific Fleet
ENLISTED EDUCATIONAL ADVANCEMENT PROGRAM (EEAP) DIVISION OFFICER Naval Station, Pearl Harbor, HI
Juggled full-time work and academic priorities while raising training commitment of 37-member EEAP team enrolled in 5
state bachelor programs. Established division-wide scholastic precedent and compelled 56% of crew to earn 3.8 GPA or
higher by earning both BA and MBA in 2 years, maintaining personal GPA requirements and graduating Magna Cum
Laude with Leadership Distinction. Influenced policy decisions as Student Body President and Strategic Planning
Committee member.
credentials and technology skills
MBA, Human Resources Management, Magna Cum Laude with Leadership Distinction, Chaminade University of
Honolulu, School of Business, Honolulu, HI
BA in Business Administration, Chaminade University of Honolulu, School of Business, Honolulu, HI
Certified Information Systems Security Professional (CISSP) - ISC (#120222)
2
Provisional Auditor, Information Security Management Systems Scheme (ISO 27001) - RABQSA International
(#110754)
—Technical Snapshot—
MS Active Directory, X.500, X.509, Online Certificate Status Protocol (OCSP), Certificate Revocation List (CRL), PKCS #7,
PKCS #12, and Lightweight Directory Access Protocol (LDAP).
Information Technology Infrastructure Library (ITIL) framework in systems engineering and acquisition management
support.
U.S. Defense Department PMO Environments: user requirement; concept of operations; analysis of operational
effectiveness, cost, risks of proposed material/non-material solutions to gaps and shortfalls; economic analysis,
capability development and test/evaluation documentation.
PCI-required Controls: access management, network security, system security, risk assessment, data security and
management, incident response, network monitoring, testing and information security.
contact
(321) 501-1380
thomas@thomasdelaine.com
www.thomasdelaine.com
www.linkedin.com/in/thomasdelaine
Currently reside in Melbourne, FL. Open to relocation within Central Florida and 30% business travel.
Thomas P. DeLaine, Jr. | Page 3 of 3