Embed Size (px)
Citation preview
Curriculum
Vitae
Dave Sweigert, M.Sci.Information Security,Subject Matter Expert
INDEX
ContentsSUMMARY................................................................................................................................................3
PARTIAL LIST OF INDUSTRY CERTIFICATIONS...............................................................................4
AREAS OF EXPERTISE............................................................................................................................4
EDUCATION & PARTIAL LISTING OF TRAINING..............................................................................4
PARTIAL LIST OF ARTICLES & PUBLICATIONS...............................................................................5
PARTIAL LIST OF RECENT PROJECTS.................................................................................................6
SUMMARYOver twenty-five (25) years of experience in issues related to information security, governance, regulatory oversight, project management and other areas in infrastructure development and operation. This includes baseline design, implementation and operation of critical infrastructure (server hardening, security appliances, monitoring, malware protection, etc.), sensitive classified systems, and regulated environments, etc.
Private sector. Provide technical leadership and oversight in areas related to digital key management and key issuance for Public Key Infrastructure (PKI) (Lawrence Livermore National Lab (LLN)); use of digital certificates to authenticate high-value transactions with electronic signatures (EuroSignCard); developing security architecture for multi-user web-based portals used in the auto financing industry (see Route One, Chrysler, General Motors and Ford combined portals); provide assessment for healthcare entities (Kaiser-Permanente) to comply with $800 Million grant funds under the HiTECH-ARRA program, perform, analyze and certify audit results for federal government auditors; certify assessments for Payment Card Industry (PCI) compliance of 800 server node network (J2 Global) processing more than $300 million in subscriber fees authorized by Master Card/VISA/Discover to include infrastructure security, administrative/operational and technical controls, intrusion monitoring, etc.; consultant to MERCK, LTD to prototype a document authentication system relying on digital signatures to authenticate New Drug Applications (NDAs) submitted to the food and drug administration.
Public sector. Served as cryptological technician to perform field-level and depot-level maintenance of crypto equipment used to secure voice communications for the U.S. Air Force (assigned to A.F. Cryptological Support Center (AFCSC)); designed secure electronic messaging system relying on the CCITT (now International Telecommunications Union) X.400 standard to transport crypto keys to active duty military forces over a SECRET-HIGH network on behalf of AFCSC (while consulting to Group Technologies, Inc.); managed the commercialization of the U.S. National Security Agency’s (NSA) Certificate Authority Workstation (CAW) (on behalf of General Dynamics); provided overall design of directory schema and replication of CCITT (ITU) X.500 servers for the Kennedy Space Center (NASA) prototype of a secure X.400 e-mail system for use by 15,000 NASA associates; designed, implemented and operated a work flow system for the U.S. Special Operations Command (USSOCOM) consisting of 15 UNIX servers and 400 secure (classified) workstations to enable SECRET classified support traffic during DESERT SHIELD and DESERT STORM; represented interests of the NSA National Information Assurance Partnership (NIAP) at joint federal working committees developing the information security administrative implementing regulations for the Health Insurance Portability and Accountability Act (HIPAA) of 1996; served as the Statewide Information Security Policy Officer for the State of Ohio to develop information security policies that had a direct impact on sixty (60) agencies serving a population of 15 million citizens; consulted to the California Office of Health Information Integrity (CalOHII) to develop a 251 question assessment matrix to appraise the HIPAA compliance for forty (40) state agencies serving a population of 35 million citizens.
PARTIAL LIST OF INDUSTRY CERTIFICATIONS California Emergency Management Specialist (CEMS) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Health Care Information Security and Privacy Practitioner (HCISPP) Project Management Professional (PMP) CompTIA Security+ (SEC+)
AREAS OF EXPERTISE Governance and compliance frameworks to reduce risk (HIPAA, PCI, FISMA, COBIT) Regulatory certifications and audits to demonstrate compliance with frameworks Developing administrative/operational/technical controls pursuant to Sarbanes-Oxley Act HIPAA Privacy and Security Rule risk assessments, corrective action plans, etc. PCI Data Security Standard (DSS) Reports of Compliance (RoC) for external auditors PCI DSS enterprise vulnerability assessments, infrastructure scanning, risk prioritization Business Continuity Planning Incident Command System (ICS) response, recovery, etc. Continuity of Operations Planning (COOP) for business continued operations Technical security: server hardening, administration, network weaknesses, etc. Security management of the enterprise (ISO 27001) Deployment of Certification Authorities with Public Key Infrastructure (PKI) SAS-70 Type I and II and SSAE Type I and II reports and attestations of security controls Policy, procedures and standards development to demonstrate compliance Anti-phishing, anti-key-loggers, prevention of financial crimes directed at comptrollers
EDUCATION & PARTIAL LISTING OF TRAINING 51 hours technology, server, security courses, Las Positas College, 2012-2014 Incident Command System Instructor, Federal Emergency Management Agency, 2013 Incident Management Team certified, Federal Emergency Management Agency, 2013 Professional Development Series (PDC), Federal Emergency Management Agency, 2012 Masters of Science-Information Security, Capella University, 2004 Masters-Project Management, Florida Institute of Technology, 1992 Bachelor of Business Administration, Texas A&M University, 1985 Associate of Applied Science, State University of New York, 1983
PARTIAL LIST OF ARTICLES & PUBLICATIONS Surviving a HIPAA Audit: Jump Start Guide , 1/2015, ASIN: B00SOXZ5U0, 200 page
bookPublicly available white papers by Dave Sweigert on SLIDESHARE.NET
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“CADRA”), 8/15, 280 views
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter , 11/14, 1461 views
What every CEO needs to know about California's new data breach law , 10/14, 646 views
Is 2014 the year for Cyber Militias?, 1/14, 641 views Are NIST standards clouding the implementation of HIPAA security risk assessments?
9/13, 546 views Preparing for the Cyber Pearl Harbor with increased situational awareness, 9/13, 664
views Introduction of project risk in an information assurance environment, 7/23, 1068 views Building on incident management metrics to support Executive Order 13636, 7/23, 568
views Integrating disaster recovery metrics into the NIST EO 13636 Cybersecurity
Framework, 7/13, 489 views Integration of cyber security incident response with IMS -- an approach for E.O. 13636,
6/23, 600 views Cybersecurity Framework for Executive Order 13636 -- Incident Command System,
6/2013, 675 views
PARTIAL LIST OF RECENT PROJECTS 9/15 to present. Fortune 100 health care insurance company. Senior Information
Technology (I.T.) Security Strategist. Assist senior I.T. security staff with direction and guidance to manage security operations impacting more than 15,000 stakeholders. Review enterprise vulnerability assessments to plan PCI/HIPAA/NIST remediation efforts.
6/15 to 9/15. The MSA Card, LLC. Support PCI and HIPAA compliance efforts for pre-market self-administration tool. Act as Internal Security Assessor to manage dialogue with the Payment Card Industry (PCI). Collect operational and design evidence to demonstrate compliance of MSA Card product for external auditors.
12/14 to 6/15. California Office of Health Information Integrity. Provide expert guidance and consultant to the office with administrative responsibility for the implementation of the HIPAA Privacy and Security Rules at a statewide level. Conduct audit of CalPERS, state employee retirement fund, for HIPAA compliance. Prepare audit report package. Develop HIPAA assessment tools to ascertain “audit readiness” of over forty (40) state agencies.
3/14 to 12/14. Privately owned Pharmacy Benefit Management organization. Manage the implementation of security administrative, operational and technical controls for 150 employees that managed over three (3) million health records. Work with I.T. technical staff to develop controls that would produce artifacts to support the demonstration of compliance with HIPAA and PCI DSS.
9/12 to 3/14. Sabbatical at Los Positas College. Completed 51 hours of technical training courses to refresh skills, knowledge and experience in the field of ethical hacking, or white hat hacking. Coursework included penetration studies, vulnerability scanning, preparation of technical audit material (for PCI type reports), server administration, network protocol operation, etc.
9/12 to 3/14. Sabbatical with the Urban Area Security Initiative (UASI) for the Bay Area. Funded by the U.S. Department of Homeland Security, UASI provides a wide spectrum of counter-terrorism, disaster preparation, emergency operations management, medical emergency coordination, etc. Obtain 1,000 of leadership training in simulation and modeling workshops to include certifications as: Type 3 Incident Management Team qualified (FEMA), California Emergency Management Specialist (Cal. Office of Emergency Services, Office of the Governor).
3/11 to 9/12. Kaiser-Permanente. Led audit team to evaluate HIPAA compliance for three (3) regional data centers. Leverage PCI audit results and conduct new assessment activities to collect artifacts that demonstrate compliance with the risk assessment requirements promulgated by the HITECH-ARRA award of $800 million to the organization. Mange assessment team of 4-5 auditors that identified
880 issues requiring remediation. Manage the corrective action plan (CAP) management for these findings.
![[PPT]Beauty of Risk Presentation - ISACA · Web viewABC Soup & Street Cred CISSP, HCISPP, CSM, CCSK, CISA, CIPP/G, CFE, ITIL V3, CVE, QGVM, blah blah blah… Over 20 years experience](https://img.dokumen.tips/doc/110x75/5ad49efa7f8b9a48398c940b/pptbeauty-of-risk-presentation-viewabc-soup-street-cred-cissp-hcispp-csm.jpg)
![CISSP Planning Kit - [SAFEWAY]safewayconsultoria.com/wp-content/uploads/2017/06/global-cissp... · CISSP ® Planning Kit. Have questions? ... CISSP Study Guide, 7th Edition CISSP](https://img.dokumen.tips/doc/110x75/5b7bf36b7f8b9a4c4a8daafb/cissp-planning-kit-safeway-cissp-planning-kit-have-questions-cissp.jpg)
![[eBook][Computer][Security][CISSP]CISSP Telecom and Network](https://img.dokumen.tips/doc/110x75/577cda811a28ab9e78a5ca3b/ebookcomputersecuritycisspcissp-telecom-and-network.jpg)
![[eBook][Computer][Security][CISSP]CISSP telecom and network.ppt](https://img.dokumen.tips/doc/110x75/577cc4781a28aba711996c01/ebookcomputersecuritycisspcissp-telecom-and-networkppt.jpg)
