Ben Tomhave Email & Phone Number

Raleigh, North Carolina, US

Doing security stuff.

As a solo consulting practice, providing cybersecurity professional services to multiple industries. Project work includes content development, security architecture, security product strategy and development, high-level security assessment and advisory services, specialized security training, and DevOps/DevSecOps architecture. Engagements include.

San Francisco, CA, US

• First full-time security hire for the company. Brought in to build out security program and security architecture roadmap, as well as to assist with completing critical audits and implementing various security.
• Core Security Program Design: Designed and created a roadmap for the build-out of core security program capabilities, including vulnerability management, risk management, data security, application and product.
• Critical Security-Related Processes: Designed and began implementing critical security processes through cross-team collaboration, including identity lifecycle, access management, routine security testing, vendor.
• Security Tooling, Services, and Architecture: Identified security capability needs, designed solutions, evaluated vendors, and shepherded associated budget requests through review and approval. Solutioning included.

Madison, Wisconsin, US

Time was split between providing security architecture leadership, participating as an Enterprise Architect (EA) within the Engineering Board, participating in and helping evolve the Technology Adoption Process, and overall providing technical leadership for the organization. Additional EA support was also provided to the internal team responsible for user.

Atlanta, GA, US

Security EA assigned to cover SSDLC and container security, as well as other DevSecOps-related topics as they arise.

Atlanta, GA, US

Performed security reviews of project designs to evaluate adherence to security technical requirements and for appropriateness of security controls and practices, including ensuring that a proper data flow diagram was in place and assisting teams with threat modeling during the project lifecycle. Assisted project teams with security solutioning when.

Cincinnati, Ohio, US

Provided technical security leadership within the CloudOps team and across the Technology division. Day-to-day responsibilities included working with software development project teams to ensure proper cloud security measures were in place and maintained, leading tooling evaluations (e.g., log management, container and serverless security tools), leading.

Mclean, VA, US

Provided security architecture and strategy guidance to projects and teams on a variety of topics, including DevSecOps, application security testing, secure coding, secure application and system design, cloud and container security, and enterprise security. My day-to-day activities included reviewing or advising project designs, working within internal.

London, GB

Provided front-line management of a team of security engineers and architects responsible for identity and access management (IAM), multi-factor authentication (MFA), cloud security, container security, and data security (including encryption and certificate management). Provided technical leadership for the IAM and MFA initiative, including support for.

San Francisco, CA, US

Served in a variable role performing research, product management of in-house development projects, and conducting business development. Efforts included creation of materials around the "Lean Security" methodology, development of presentations for conferences, and writing copy for sales collateral, blog posts, and byline articles. New Context has a focus.

Reston, VA, US

Evaluated current security processes, tools, and practices as a member of the information security team reporting directly to the CISO. Charged with evaluating the effectiveness of current solutions and identifying gaps in security protection. Developed a comprehensive security architecture framework to evaluate and manage security architecture strategy.

Herndon, VA, US

As a member of the enterprise architecture team, charged with broad responsibilities to inject security practices into the overall application stack. Reviewed overall environment and developed an incremental roadmap for addressing critical gaps and charting a progressive course to more effective enterprise security over time. Included collaborating with.

Stamford, CT, US

As a member of the Security & Risk Management Strategies team within Gartner for Technical Professionals, I conducted research into topics including risk management, security programs, security planning and management, application security, DLP, and SharePoint security. Additionally, I contributed content as a speaker at several Gartner and non-Gartner.

Overland Park, Kansas, US

Although originally hired to build a professional services team (put on hold due to a change in sales strategy), redeployed as needed to provide a number of value-add services, including customer training (development and delivery of comprehensive product onboarding curriculum); writing (blog posts, articles, and white papers); sales support and public.

Helped deliver security professional services. Assisted with business development.

Performed product implementation and project management work for a security architecture project at a major government agency.

As Director of Security & Compliance, it was my opportunity to establish and build a formal security program for the enterprise.

London, GB

Security consultant (via BT Global Services acquisition of International Network Services) providing professional services to a broad range of organizations. Direct experience with security architecture, access management, privileged identity management, cryptographic key management, Encryption Key Management Infrastructure (EKMI), development of policies.

New York, NY, US

Served in a team leadership role within the security assurance team. Responsibilities included working with project teams to inject security requirements, development and delivery of technical security training, contribution to policy development, and thought leadership within the security organization.

Recruited to take over leadership of a comprehensive network security re-architecture project. Responsible for all aspects of operational security within supported systems, including OS and router hardening, perimeter and internal firewalls, AV maintenance, etc.

Served as lead systems administrator and secondary network administrator for national Internet Services Provider. Responsibilities included supporting dial-up, broadband and DSL customers for connectivity, email and web hosting. Also provided systems administration to systems used for web hosting and portal services.

Mechanicsburg, PA, US

Conducted comprehensive security testing and certification of firewall products. Worked with vendors to coordinate resolution of issues. Testing involved use of common penetration assessment tools, including Nessus, CyberCop, Nmap, hping, nemesis and tcpdump, among others. Testing was conducted in a process-oriented, scientific environment aimed at.

Served as lead systems administrator and secondary network administrator for national Internet Services Provider. Responsibilities included supporting dial-up, broadband and DSL customers for connectivity, email and web hosting. Also provided systems administration to systems used for web hosting and portal services.

San Francisco, California, US

Provided technical project management to a team of 30+ engineers throughout the country. Responsibilities included design review, workflow management, special project leadership, and point-of-contact for regular work requests. Team was responsible for managing 500-600 firewall, web and application servers, based on Sun Solaris, Compaq Tru64, and Windows NT.

Brought onboard to help establish and grow a security consulting practice. Executed engagements, developed collateral, trained sales and technical staff, and assisted in the sale of services. Customer engagements included incident response, security assessments, and the development of security standards for Windows 2000.

London, GB

Participated in and led Information Technology audits, including documenting and providing expert analysis of system and network security. Presented audit and security assessment findings and provided business justification for recommended changes. Involved with both standard IT audits and SAS-70 Type I and Type II reviews.

US

Provided network professional services to a variety of clients in the Chicago, Illinois, and Minneapolis, Minnesota, metropolitan areas. Services included troubleshooting, network design and implementation, and fulfilling numerous other network administration functions on behalf of customers.

Decorah, IA, US

Completed various small-scale technical projects as assigned as a student tech/computer worker.

Decorah, IA, US

As a student worker, performed systems and network administration, including everything from bare metal installation to support and management, on HP/UX, FreeBSD, Novell Netware, and Microsoft Windows platforms. Duties included access management, hardware rack-n-stack (including network card installation, cable pulls and terminations), and supporting.

As an intern, participated in two projects: 1) helping document an in-house software development project to achieve the desired CMM level, 2) providing technical assistance to a client, particularly in support of IBM AIX UNIX.

Lemont, IL, US

Wrote application software using National Instruments LabViEW to do 360-degree image acquisition using a radioactive source (industrial CT-scan system). You can read about the experience here:http://www.secureconsulting.net/Classic/argonne.html

Ms, Engineering Management

Ba, Computer Science, Mathematics (Minor)

Hs, General