Brian Freedman Email and Phone Number

• Responsible for the planning, development, and oversight of technology to be used within Security Risk Solutions and its clients.• Supporting the State of West Virginia Office of Technology Chief Information Security Officer and team to develop a statewide cybersecurity framework, create a process for all state agencies to perform a cyber risk assessment, and assisting with implementing a Governance, Risk, and Compliance application.• Working with The Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Disease Control (CDC) Immunization Gateway project augmenting the project's IT Security team. Assisting project team to help the Immunization Gateway application to obtain an Authorization to Operate (ATO). To support the CDC ATO process, have performed NIST 800-53, Revision 4 security controls review, external penetration tests, development of necessary procedures, and other documentation as required.• Performed Information Assurance Vulnerability and Penetration tests for various customers assessing web applications and networks using tools such as Kali Linux, Tenable Nessus Professional, OWASP ZAP (Zed Attack Proxy), and Burp Suite Professional.

Teaches Linux Administration courses for the Online Campus of ECPI. Awarded ECPI Online Faculty of the Year in 2021.

• Implemented and maintained NorthShore's Cybersecurity program.• Oversaw, managed, coached, and developed the Cybersecurity team and processes.• Conducted ongoing security risk assessments and offered mitigation strategies.• Prepared department-level presentations to communicate security maturity and risk to senior leaders.• Worked with Operations and Learning & Development teams to raise security awareness.• Supported business operations while improving security controls.• Conducted Security committee meetings.• Contributed to the annual Security Plan, created project plans, and maintained project deadlines.• Made recommendations for policy changes about Information Security as business needs were changed and applications were enhanced.• Recommend viable solutions to improve systems and processes.• Acted as the Incident Response team lead.• Evaluated medical devices to ensure proper security requirements were met.• Researched national and global security issues for emergency triage planning.• Completed appropriate security documentation to comply with policies and meet internal and external auditor's expectations.

• Ensures credit union procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines and standards.• Conducts assessments, audits, and testing of credit union systems. Provides recommendations and overall enterprise technical security management, develops recommendations for standardized Credit Union wide information security practices, policies and procedures.• Performs analysis of network security needs and contributes to design, integration, and installation of hardware and software.• Evaluates product and/or procedures to enhance productivity and effectiveness of information security across the organization.• Performs day-to-day operations of the in-place security solutions and implementation of new security solutions. • Works with other areas of the organization and IT to develop mitigation plans and remediate issues when necessary.• Troubleshoots network access problems that point to potential security violations.• Develops and help implement network security policies and procedures. Identifies, reports, and resolves security violations.• Works with internal and external auditors/examiners to ensure the timely completion of security reviews and that remediation steps are taken in response to any findings.• Provides data security training to employees, management and volunteers. • Monitors systems for alerts that might indicate a security incident or violation.• Collaborates with vendors, colleagues, management and agencies to detect and halt security issues that pose a threat to the credit union and its membership.

Mr. Freedman supported the Defense Health Agency (DHA) Cybersecurity and Operations Readiness Assessment (CORA) performing in-depth on-site cybersecurity reviews at several US Army and US Navy Hospitals globally based on the DISA Command Cyber Readiness Inspection (CCRI) program. The cybersecurity reviews helped to improve information security and readiness through the enforcement of standards through inspection of the health and security of the hospital’s IT infrastructure and physical security.While supporting McKesson’s Information Security and Risk Management division, Mr. Freedman and his team performed application risk assessments for four of McKesson’s major business units and over 15 Information Systems developed by McKesson. During the risk assessment process, the team reviewed McKesson’s policies and procedures supporting the HIPAA Security Rule, performed technical assessments on the individual information systems, and reviewed compliance status against the HIPAA Security Rule. Helping to refine the HIPAA Risk Assessment Process for McKesson, a mapping process was developed which mapped HIPAA Implementation Specifications, to NIST 800-53 revision 4 Security Controls, and McKesson Information Security Policies and Procedures.Mr. Freedman was the Project Lead for a large State of West Virginia HIPAA Security Risk Assessment effort for WV CHIP and PEIA. This effort involves a deep HIPAA Security Rule assessment on behalf of multiple State agencies in order to ensure compliance and program maturity. He helped to design and develop solutions that allowed the State of West Virginia to manage diverse risks through a consistent, coordinated, and sustainable strategy. Additionally he:• Performs HIPAA Security Risk Assessments and HIPAA compliance audits.• Provides Information Assurance Penetration testing using tools such as Metasploit, Nessus, and others to ensure web based applications and networks are compliant and secure.

• Was responsible for coordination and oversight of all operational and technology functions across PPCP’s 33 clinics and corporate office.• Held additional role of HIPAA Compliance Officer who rewrote all related policies and procedures for final rule and also developed the HIPAA training program for 650 employees. Lead annual risk assessment process and investigated all potential HIPAA violations.• Managed team of system administrators and application specialists who support IT needs of company and supports electronic medical record / practice management system.• Developed Disaster Recovery and Business Continuity Plan and failover data center.• Worked with C level officers and Physician Owners to propose and gain approval for technical solutions.

Worked as a consultant providing project management for Cisco VoIP projects for AT&T's contract with General Motors globally. Had to manage many small projects, as well as large migration projects from legacy PBX systems to Cisco VoIP. Had to interface with both remote and local staff supporting the systems at the various GM offices worldwide.

• Managed projects with total annual budget of over $30 million for SPAWAR Department of Veterans Affairs program.• Supervised project deadlines, tasks, and progress for projects involving over seventy contractors and employees.• Produced Agile Integrated Development Environment (AIDE) as mix of Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) for VA software development including IBM Jazz Rational Tools, MS SharePoint, and virtualized servers in cloud computing environment—AIDE supported the entire Software Development Lifecycle using Agile SCRUM methodology.• Managed production and development support team for applications of the number-two IT initiative at VA.• Provided support for project implementing MS Dynamics CRM and Integrated Voice Response system using Genesys IVR platform.• Developed and executed contract strategies for multiple government contracting companies and created Statements of Work (SOW) and Performance Work Statements (PWS) to manage contract projects.• Traveled to train groups of two to four hundred, lead on-site meetings, and perform internal project reviews.• Maintained Department of Defense Top Secret Clearance.

• Managed team for Enterprise Service Operations Center (ESOC) supporting over seventy sites worldwide and over 55,000 users for US Navy Medicine.• Supervised teams supporting Microsoft Office SharePoint Server 2007, system and network monitoring, Microsoft SQL Server, database administration, engineering, system backups, hardware, and virtualization using VMware for the enterprise.• Provided support for all functional areas including Active Directory, Group Policy development/management, Exchange, Blackberry Enterprise Server, Systems Management Server, and Public Key Infrastructure (PKI).• Served as voting member of Navy Medicine Technical Review Board for all enterprise infrastructure changes.• Migrated fifty public-facing sites to central data center using Microsoft SharePoint Server 2007 and VMware.• Directed Microsoft Systems Management Server Deployment deploying SMS to all twenty-seven facilities for software deployment, patching, and compliance reporting.• Created a Navy Medicine VPN mesh for all hospitals and clinics to improve hardware equipment standards, implement IP addressing at facilities, and contribute more proactive support from the ESOC.

Contributing Author - PCI compliance: Implementing effective PCI data security standards http://books.google.com/books?id=8L1uiaOmD5ECTechnical Editor - The It Regulatory and Standards Compliance Handbook:: How to Survive Information Systems Audit and Assessments http://books.google.com/books?id=RizmpbOHvf4C&dq

• Managed Infrastructure Services and Security Group, including help desk, system administration, networking, facilities, security, and compliance.• Created and maintained $2 million IT budget for entire company and approved all hardware and software purchases.• Devised and executed plan to move corporate headquarters to new facility with zero downtime.• Designed build-out of entire infrastructure of new facility including but not limited to data center, security and fire systems, HVAC, power reliability (UPS and generator systems), and network cable plant.• Performed periodic risk analysis and network penetration testing to ensure network system's safety and integrity.• Managed all network/systems operations including setup and maintenance of firewalls, routers, switches, telecommunications, building control/automation, and servers in two production data centers and local offices.• Consolidated 300 physical servers to 48 3-chassis blade servers running VMware ESX server.• Planned and implemented Cisco voice over IP phone system for two locations including entire network redesign to support growth of company.• Developed virtual private network solution using two-factor authentication tokens for remote associates and site-to-site VPNs between all locations.

• Designed and implemented local-area and wide-area networks based on Cisco routers, firewalls, and switches.• Worked with statewide clients to design and support networks using Active Directory, Exchange Server, SQL Server, Terminal Services, Internet Information Server, and backup/recovery solutions via Veritas Backup Exec.• Set up numerous Citrix Metaframe 1.8/XP installs that included use of Nfuse Citrix web application portal.• Performed system audits for clients and created extensive documentation for their systems and networks.

*Worked as an independent contractor with numerous clients on projects dealing with network design, security consulting, server integration, database design, and database administration. *Provided comprehensive computer support services to local area businesses. Services include: Windows 2000/NT server installations, installation of Microsoft BackOffice products (Exchange, SQL Server, Internet Information Server, Proxy Server), network design, wide area network implementation, firewall integration, virtual private networks, security services (penetration testing, policy creation, risk analysis, Disaster Recovery Planning), backup and recovery solutions, software selection, and creation of database applications utilizing both Microsoft SQL Server and Microsoft Access.*Managed contractors for several projects dealing with web site design, database driven e-commerce applications, and custom application development utilizing Visual Basic, ASP, Perl, Access97/2000, Microsoft SQL Server, and JavaScript.

• Deployed several Microsoft NT networks using Microsoft Exchange, SQL Server, and Proxy Server.• Designed, implemented, and maintained wide-area networks for clients and incorporated Citrix Metaframe for remote application deployment.• Implemented databases and software packages and provided wide variety of daily IT support for clients.• Taught week-long Systems Boot Camp focusing on Novell Netware and Microsoft NT.

• Designed and managed large-scale database and data warehouse projects including database design, data handling, query building, and report generation as well as planned and executed extensive networking projects.• Trained clients on-site to use variety of applications.

• Managed technical support, customer service, and sales departments.• Provided on-site service and training to major corporations including network troubleshooting, terminal adapters, routers, and firewalls.• Streamlined operations by installing a Windows NT File Server, creating technical support documents, training employees, and working with corporate clients to provide Internet solutions.

• Assisted attorneys with technical issues and performed on-site services, support, and technical solutions.• Served as panelist for Internet Seminar for Lawyers, alpha tester for new software, and technical writer.