Director Of Information Security Services
San Jose, California, Us
In this role, I was part of a highly motivated team of security professionals dedicated to delivering innovative solutions to the unique security challenges being posed by cloud, mobile and other emerging technologies. In May of 2016, we reorganized the Information Security organization. Multiple teams with varying levels of maturity were pulled under the same leadership chain. Since then we expanded headcount and function. The current organization includes Security Engineering, Network Security, Identity & Access Management, Incident Response, Vulnerability Management, GRC (Governance, Risk & Compliance), Security Architecture, Disaster Recovery and Business Continuity. As we grew the team we were working on maturing across the functions. Some were established, some were partially mature and some were completely rebooted and started over. The risk appetite had decreased dramatically in the past few years. Our security posture had changed from a fairly open BYOD environment to a far more tightly managed and exponentially more secure environment. I was directly accountable for the isolation of approximately 1/3 of the total network into secured development space. I was also accountable for projects to deploy Network Access Control, to migrate users to a hardened endpoint, to deploy DLP, to completely retool the Incident Response team with new SIEM and other technologies, to migrate contractors to heightened security environments and to completely insource all SOC and VM functions by establishing a follow the sun operations center. At one time or another across the the decade, I managed and had been directly accountable for Network Security Engineering, Architecture, Operations, Identity & Access Engineering and Operations, Incident Response, Vulnerability Management, Forensics, Security Governance, Risk & Compliance, and the best part of all, management of a great team of professionals.