Eric Hess Email & Phone Number

San Ramon, CA, US

Assess, design, plan, and execute overall enterprise security program. Program was non-existent prior to my arrival and needed a framework and structure to focus, track, and repeat all existing disparate efforts across the enterprise. Leveraging a risk framework combining NIST CSF, CIS 18, and Secure Controls Framework, the program has a solid direction.

Santa Clara, California, US

• Responsible for maturation and growth of information security and risk programs company-wide, covering compliance initiatives, policies and standards, and day to day operations including: vuln management, monitoring.
• Provide security leadership to the IT organization and be a trusted partner to legal and HR.
• Develop an information security and risk management framework leveraging CIS20, NIST CSF,OWASPSAMM, among others.
• Complete incident response ownership, from detection to postmortem.
• Provide current knowledge and future vision of security technology and systems to IT and the business.
• Develop and monitor a strategic, comprehensive enterprise information security, IT risk management program.

Santa Cruz, CA, US

• Responsible for growing a comprehensive information security program spanning entire global organization. Vulnerability management, policy writing, product security, endpoint protection, incident response/threat.
• Leverage vulnerability scanning and custom tools to assess and investigate network based vulnerabilities across the enterprise, engineering, and production environments.
• Drive remediations of vulnerabilities and pentest findings via business partnerships, policies, reporting, and exploit examples.
• Identify gaps in log/sensor visibility for east/west network traffic and make recommendations to update network and sysadmin configurations and architectures to remediate.
• Manage and guide three direct report interns
• Document and create runbooks for account compromises (including alignment with service desk, log investigation to determine files/networks accessed, etc.), phishing response (including identifying risk/quality of.

Mountain View, CA, US

• Cloud-based DNA sequencing platform hosted in AWS and Azure. My main functions were to improve the efficiency and efficacy of the vulnerability management program, assist with ongoing ISO certification and audit, and.
• Previous attempt to receive authorization resulted in failure, and I took to the 100’s of points of failure and designed and drove a program to achieve FedRAMP moderate authorization, despite disinterest among critical.
• Researched and studied API documentations to create a scripted solution that automated the Qualys vulnerability scanning and management process to include host discovery, inventory maintenance, and scan scheduling in a.

Houston, Texas, US

Working in the CTO office on the Cyber Security PMO, I provided technical program management for multi-disciplinary security projects across the Enterprise Group R&D (~27k people, ~$30bn annual sales). Projects included Environment Hardening (based on Risk Management Framework RMF and NIST 800-53) and Vulnerability Management across hundreds of subnets and.

Houston, Texas, US

Software Defined Networking (SDN), Aruba Clearpass, and Docker Special Projects. Research, examine, and test security and networking features of SDN and Aruba Clearpass for use in shared R&D lab environments, pan-HPE. Partnered with Docker, work to understand security concerns that impact Docker containers and how to manage those risks to better enable.

Houston, Texas, US

Provide networking security expertise and overall engineering leadership and perspective to cross-organization projects, programs, and activities. Work actively with multiple R&D labs to assure the networking security design meets the businesses requirements. Manage the networking security review process working directly with HP-IT Security. Work with.

Ba

Mas, It Management