Anthony Pereira Email and Phone Number

Responsible for overseeing the information security fucntion with a large focus on cross functional and customer collaboration. Direct influence on all data security, data privacy and contractual requirements both internally and with external parties. Heavy focus on IaaS, SaaS and PaaS technologies and services. Negotiation and influence is a critical component of my role.

Oversee MindHealthy P.C. which is a behavioral health business focused on providing telehealth services via the Collaborative Care Model. This role also encompasses responsibilities as the VP of Technology. Within this role I have lead the expansion of our services into multiple states, grown the business through credentialing with major payors, expanding services and leverage analytics to drive improvements leading to over 100% revenue growth within the last 4 months. I manage staff ranging from clinical, program/account management, outreach and billing.

Oversee IT and Cybersecurity for C3 Healthcare to include data analytics and product management. Lead development of an EHR platform that will integrate multiple healthcare business functions to allow for end-to-end patient management and analytics of outcomes. Data analytics work has lead to efficiency gains within Behavioral Health and Medication Management functions and revenue growth.

• Organizational Leadership: Led GRC activities for global organization. This included divesture activities from parent company BAE Applied Intelligence. Key member of SilverSky’s COVID-19 pandemic committee. • Strategic Planning: Implemented a security strategy which moved security operations from reactive to proactive. Moved to cloud EDR solution prior to COVID-19 ensuring management of all end-point devices regardless of network state. Enhancements to monitoring and reporting capabilities provided greater threat transparency and identification. • Risk Management: Implemented Risk Management Program to define organizational and IT risk, categorize assets and services and effectively track remediation plans/actions. Program included: Risk Management policy and framework, risk identification and remediation practices, risk acceptance processes and transparency to senior management. • Compliance: Led SilverSky through independent assessments and examinations including FFIEC, SOC 2, HIPAA and PCI. Applied additional governance and oversight to close 2 ECRAs (formally MRA) identified during FFIEC examination. • Vulnerability Management: Developed a comprehensive Vulnerability Management Program including policies, procedures, defined patching and compliance SLAs, monthly metrics and 3rd party independent assessments. Improved operational processes and reporting to exceed compliance expectations. Actions taken addressed deficiencies identified during FFIEC examination. • Vendor Management – Provide governance to Vendor Management practices. Developed Vendor Management Policy, high risk Vendor Security questionnaire, contract review and language updates. Actions taken improved SilverSky’s standing with FFIEC examiners. • EOL/EOS – Provided governance of EOL/EOS processes to include enhancements of technology, inventory management, EOL/EOS asset and project tracking. Actions taken improved Silversky’s standing with FFIEC examiners.

• Identity and Access Management: Product Manager for MetLife Identity Access Management platforms (Sailpoint, Hitachi and in-house developed) providing identity lifecycle and certification services for over 1 million identities world-wide. • Strategic Planning: Responsible for strategic planning of IAM future state. Future state included operating cost reductions through platform consolidation and retirement of legacy technologies and reallocation of development and support personnel. • Fraud: SME/Lead for the Online Fraud project established to enhance customer authentication security through MFA (multi-factor authentication) and adaptive identity verification (ID DataWeb) for all customer-facing applications globally. • 3rd Party Management: Managed and maintained the relationship with 3rd party Adaptive Authentication provider. This includes managing product enhancements, deliverables and other milestones.

• Leadership: Provide leadership to team of 30+ associates responsible for functions ranging from Monitoring as a Service, DevOps and incident management. The team focused on horizontal efforts in support technologies facilitating Capital One Credit Card servics. • Collaboration: Established relationships across the line of business to drive compliance initiatives, process enhancements and improve architecture and technical solutions across the LoB.• Strategy: Developed US Card LoB Monitoring Strategy and technical roadmap and established the MaaS platform. Agile was used to manage the development activities for the MaaS platform. Capabilities included end-to-end view of transactions and metrics (in real-time) and anomaly identification (behavioral, utilization and event). Reduced Time to Detect (TTD) from 5 minutes to <2 min and Time to Resolve (TTR) from 2.2 hrs to <35 minutes for incidents of high criticality. • Incident Response: US Card Line-of-Business incident response. Responsibilities included managing cross-functional resources through remediation, presenting to executives regarding incident themes, metrics for high severity incidents and holding the LoB accountable for addressing root cause. • Product Development: Managed development of the internally branded Monocle reporting infrastructure for Critical Transactions. The product is centered on real-time data analytics and metric presentation for critical credit card measurements. Leveraged InfluxDB open framework components including BI and machine learning components. Monocle became a replacement for Tableau and provides greater flexibility to reporting teams.

• Build Information Security Program for a $1 billion organization: Developed program scope, staffing projections and ensured a structure complete with “quick wins” to foster confidence in the security program. Collaborated and obtained buy-in from executive leadership and showed value through notable metrics. Information Security integrates with all departments and consults on all critical business initiatives. Increased business collaboration has led to a decrease of security incidents by approximately 55%. • Reduce Telecommunications Cost by 50%: Reduced network utilization on primary network provider to the minimum allowed, while implementing a second network carrier, drastically reducing costs. Primary provider phased out at contract end. Purchased redundant telecom cloud service (increasing system availability) leveraging a portion of the initial telecom savings. • Reduce per Server Costs by 82% through Virtualization: Reduced per server costs, utilization footprint and energy consumption through virtualizing 96% of the server environment. This included the establishment of a virtual test infrastructure for all production servers through system repurposing. • Program Development and Leadership: Established the organization’s Information Security Program, Technical Program Management Office, Enterprise Architecture and Department Cost Center functions. Provide oversight to all areas of the department while integrating with business areas resulting in greater business outcomes; decreased time to resolve incidents by 2 days, decreased spending waste by approximately 15% and increased on-time project completion by 19%. • Leadership: Stabilized teams and projects by providing focus through planning and clear communication of desired results, monitoring, mentoring employees and taking measures to ensure team harmony. Strategic and innovative leader leveraged as the creative resource for the Information Systems Department and organization.

Experience with the development of the 5 year strategic plan and tactical milestones for the Identity and Access Management program.Experience with program and project management planning including program and project artifacts, program and project scoping, resource budgeting and estimations, project Work Breakdown Structures, etc Led project team during planning phases of multiple projects where execution plans were developed. This ensured there were no misunderstandings regarding the execution of major activities. Led project teams consisting of contractors and employees (25+) from across the Federal Reserve System to build the Treasury Credentialing Service. ITIL Service Strategy, Service Design and Service Transition processes where applied. Led the assessment of Federal Reserve Enterprise Identity and Access Management processes, including interviewing customers, requirements gathering, documentation of processes, and providing an executive report to Senior Management. Led negotiations between internal service providers and the service owner group regarding SLAs and OLAs and worked with the PMO office to develop documentation. Worked with the customer and stakeholders to understand business problems, develop business requirements and business case for justification of projects. Led project members and proctored discussions leading to the development and weighting of functional, non-functional and technical requirements.Developed conceptual, logical and physical IT engineering designs that support the infrastructure requirements of large/complex business application projects. This includes the conceptual, high-level and detailed design specifications for build, implementation and support of business solutions.Showed the ability to negotiate and influence without direct authority

Led teams of technologist with various backgrounds to implement and monitor technical and logical security mechanisms for the United States Patent and Trade Office (USPTO).Led the development of System Security Plans for several USPTO enterprise systems. Develop Plan of Action and Milestones for areas of weakness within the information systems including dates, recommended actions, impact levels and budgetary figures.Performed assessments to validate IV&V team findings and provide recommendations according to SP 800-53 Rev 2 “Recommended Security Controls for Federal Information Systems”.Audit documentation such as Continuity Plans, Configuration Management Plans, Disaster Recover Plans, Standard Operating Procedures and System Security Plans for correctness and continued revisions and updates. Mentor junior team members.

Subject Matter Expert (SME) for the Joint Consolidated Operation Network (JCON) / PMO office at the Department of Justice (DoJ). Lead certification and accreditation of JCON environment by establishing formal security requirements that are documented through the Security Requirements Traceability Matrices and authorized by the system owner. Criteria established through the use of NIST SP 800-53 Security Controls for Federal Information Systems and NIST SP 800-37 Applying the Risk Management Framework to Federal Information Systems. Liaison between JCON/PMO and external DoJ divisions for all Information Security issues.Lead the evaluation and redevelopment of JCON contingency and disaster recovery plans.Provide recommendations to management for expanding of services offered by the JCON/PMO client services.Member of the DoJ Cyber Defense Operation Council which is responsible for monitoring and mitigating cyber threats to the Department of Justice. Member of the DoJ IT Security Council, which strategically plans, develops and implements, policy and initiatives that shape the IT Security practice for the department.