Intellex Acquires Expert by Big Village

We're thrilled to announce that Intellex has acquired Expert by Big Village, effective March 22, 2024. This strategic move enhances our capabilities and strengthens our commitment to delivering exceptional solutions to our customers.

Stay tuned for more updates on how this acquisition will benefit our clients and experts.

For inquiries or more information, please contact us at info@intellex.com.

×

Expert Details

Information Security Management, Business Risks, Compliance Issues

ID: 736055 Canada

Request Expert

A business and technically focused information security management professional. Expertise in security program development for organizations within any industry. Strong background with multiple IT security disciplines such as Governance process development, Risk assessments, Compliance program development, Cyber Security Testing, Vulnerability management, malware analysis, incident response, and organizational security program development.

Professional Summary:
Information Security Management professional with 8 years of experience comprising of an extensive background identifying business risks, as well as compliance issues and addressing the gaps by designing effective solutions using existing resources. Strong
ability to align business security objectives with pragmatic security controls and manage technical teams to deliver security outcomes.

Skills:
 Security log management and aggregation
 SIEM environment design, implementation and maintenance
 Security Incident Response (IR) process development and incident coordination
 Third-Party vendor risk management
 Security monitoring and alerting development
 Compliance program development, implementation, and maintenance
 Security team leadership, teamwork, and collaboration
 IT security service management
 Python and BASH scripting for vulnerability management and malware analysis
 Vulnerability management program development
 Information Security systems and process development
 Threat Modelling
 Risk Assessments
 Indicator of Compromise analysis and signature creation
 Security awareness training development
 Information Security Reporting
 Network and Web Application penetration testing
 Red-teaming and social engineering
 Coaching and mentorship
 Windows systems administration
 Linux systems administration

Accomplishments
 Created role playing game style incident response table top exercises that focused on learning fundamentals of security incident response, addressing common pitfalls, and conceptualizing the capital expenditures of a security incident within an organization. This also provided engaging security awareness activities for participants with varying skill sets that led to teamwork based creative problem solving.
 Produced and presented monthly webinars on security topics such as Social Engineering and Security Career Development designed to foster a culture of security awareness within all business units.
 Developed a malware analysis for incident response methodology, and validated the efficacy with a local energy company client afflicted with ransomware, which resulted in
decreased incident response time, decreased business production downtime, and more efficient asset recovery.
 Built challenges for BSides Calgary security conference capture-the-flag competitions, as well as assisted with conference facility setup, audio-visual setup, and volunteer support that resulted in a seamless and professional experience for attendees.
 Assisted in the development of a low cost open source DNS monitoring solution designed for businesses with limited information security budget looking to improve their network visibility
 Delivered a conference talk of a technical nature at Derbycon which offered technical information in an accessible manner to any audience

Education

Year Degree Subject Institution
Year: 2013 Degree: Bachelor Subject: Computer Information Systems w/ Minor in Business Administration Institution: Mount Royal University
Year: 2009 Degree: Diploma Subject: General Business Administration Institution: Mount Royal College

Work History

Years Employer Title Department
Years: 2019 to Present Employer: Undisclosed Title: Adjunct Instructor Department: School of ICT/ISS
Responsibilities:
 Delivered classroom style lectures for over 20 diploma program students per semester covering various security disciplines including malware analysis, PCI Compliance, and Social Engineering
 Provided coaching and guidance to students on assigned course material including Python script troubleshooting and attacker methodologies in the context of malware analysis to improve student understanding of course outcomes.
 Updated course material and created new assignments to align with current industry standards, while ensuring lessons achieved course objectives provided by school administration
 Defined and articulated course learning outcomes, including measurements of success, performance metrics, and feedback to improve promote effective learning and knowledge retention
Years Employer Title Department
Years: to Present Employer: Undisclosed Title: Security Consultant Department:
Responsibilities:
 Conducted offensive security tests against client environments which were modeled after credible threat vectors and resulted in comprehensive testing of client security controls.
 Produced strategic remediation plans from completed PCI gap assessments, which allowed clients to quickly identify deficiencies and allocate resources effectively within IT security budgets
 Provided security program development services to clients in various industries who were pursuing PCI Compliance through self-assessment
 Developed BASH scripts to automate single vulnerability
validation efforts that resulted in fast, effective confirmation of patching, while minimizing costs of follow up validation efforts
 Created client specific policies and procedures to maintain standardization of technical infrastructure as well as maintaining compliance
 Maintained vulnerability management programs and conducted active vulnerability testing for clients of various sizes with between 100 to 25,000 users, which minimized potential attack surfaces and enabled client compliance mandates
Years Employer Title Department
Years: 2017 to 2018 Employer: Long View Systems Title: Team Lead Department: Integrated Global Services, Security Operations Center(SOC)
Responsibilities:
 Assisted with Security Operations Centre (SOC) service
transition from project design and implementation phases into technical operations as part of service realization efforts
 Interacted with internal governance teams to develop operations policies and procedures for multi-tenant security operations services with more than 10 clients to ensure service standardization that would lead to decreased costs and more effective security monitoring
 Completed on-boarding of new clients into security operations centre infrastructure to increase service portfolio of customers
 Researched publicly reported vulnerabilities, and created threat intelligence briefings to inform clients and internal business units of potential security flaws that may be exploited by threat actors
 Provided operational support and assisted with remediation during declared security incidents for internal corporate infrastructure, as well as managed services client’s environments, which allowed for more focused incident response activities that would reduce labour hours for remediation, while minimizing potential lost production revenue
 Reviewed violations of information security and developed mitigation plans to diminish potential impact of future incidents
 Provided coaching for junior team members through career life planning sessions, which led clarity and direction of growth efforts for team members to advance their information security careers
 Developed unique monitoring and alerting capabilities based on known threat actor desired outcomes to ensure security logging was effective while reducing alarm fatigue within a multi-tenant logging environment.
 Conducted malware analysis during incident response to discover indicators of compromise, which decreased overall labor hours required for identifying affected assets.
 Provided assistance with internal PCI remediation activities originating from gaps identified by third-party assessors to ensure compliance success.
Years Employer Title Department
Years: 2015 to 2017 Employer: Trustwave Holdings Title: Security Consultant Department: Compliance Delivery
Responsibilities:
 Conducted assessments for PCI level one service providers through remote analysis and onsite assessment methods to determine if security controls in place met standards of payment card compliance requirements.
 Assisted clients with completion of PCI self-assessment
questionnaires by providing insight into requirement
specifications, and compensating controls within their
environment that would allow them to maintain PCI compliant status.
 Developed policy and procedure documents for multiple clients with user bases ranging from 25 to 500 employees within different industries, who had unique security objectives which allowed operational tasks to be repeatable, and tracked for compliance audit activities.
 Completed information threat risk assessments for clients using common methodologies, including Open FAIR, RCMP TRA, and OCTAVE Allegro, for clients with PCI requirements, or seeking to understand potential information security risks and their impact to business operations.
Years Employer Title Department
Years: 2012 to 2015 Employer: Long View Systems Title: Security Consultant Department: Shared Services
Responsibilities:
 Provided security incident response assistance to managed services clients experiencing security breach situations, which resulted in effective response and minimized business downtime.
 Assisted with pre-sales proposal completion efforts to generate new business for security services.
 Developed client facing material describing service offerings, aligning service benefits to client requirements, and working with proposal teams which resulted in thorough as well as accurate responses.
 Directed any client requirements gathering for signed security projects and services so that identified outcomes aligned with client needs and expectations.
 Coordinated security architecture projects to ensure deliverable artifacts were produced on time and on budget.
 Created statements of work, project charters, work breakdown structures, as well as managing status meetings between project resources and vendors for information security projects involving teams of 5-25 client and internal stakeholders.

Career Accomplishments

Licenses / Certifications
2019: SANS Global Information Assurance Certification Calgary, Alberta Certified Incident Handler (GCIH)
2016: International Information System Security Certification Consortium (ISC) 2 Calgary, Alberta Certified Information Systems Security Practitioner (CISSP)
2014: Information Technology Infrastructure Library (ITIL) Calgary, AB Foundations V3

Fields of Expertise

security risk assessment, Information Governance, information technology compliance, information security management, Cyber Incident Response, open source software, cyber security

Request Expert

Dev Tool:

Request: expert/information-security-management-business-risks-compliance-issues
Matched Rewrite Rule: expert/([^/]+)(?:/([0-9]+))?/?$
Matched Rewrite Query: experts=information-security-management-business-risks-compliance-issues&page=
Loaded Template: single-experts.php