J. M. Diaz Email and Phone Number

Established and Led the Office of Information SecurityCyber Security Leadership: Spearheaded the cyber security posture for global infrastructure.Security Integration: Integrated product and application security into the development process.Security Architecture: Designed resilient security architecture for corporate and production environments.Team Management: Built and managed geo-diverse teams of security and privacy professionals.Compliance Projects: Led projects to achieve security certifications, including SOC2 and CSA.Privacy Integration: Embedded global privacy and compliance requirements into security design processes.Executive Reporting: Provided comprehensive security and risk reports to the executive leadership team.Awareness Training: Introduced regular security awareness programs covering cyber security, phishing, and privacy.Documentation: Created and maintained security policies, standards, guidelines, and procedures for all corporate locations.Legal Collaboration: Partnered with the legal team to ensure consistent security and privacy contractual language.External Testing: Collaborated with external assessors for regular security, network, and web application testing.Application Security: Guided application security teams on coding security requirements and best practices.DevOps Collaboration: Worked with Development and DevOps teams to address security technical debt.Preventive Security: Introduced preventive security processes as part of the "shift left" on security initiative.Vendor Management: Implemented a vendor risk management framework to ensure supply chain security adherence.Data Protection: Ensured the confidentiality, integrity, and availability of data on corporate systems.AI Governance: Co-authored AI policy and best practices, serving as a founding member of the AI governance committee.AI Tools: Leveraged AI tools like ChatGPT to enhance internal knowledge distribution for information security-related questions.

Responsible for the creation and expansion of LifeWork’s Information Security Office, focusing on strengthening the organization's security posture. Key achievements include:Global Security Design: Developed and implemented the security design for LifeWork’s global cloud infrastructure (AWS).Team Building: Built and managed teams of security professionals in North America and Europe.Privacy and Compliance: Ensured the implementation of global privacy and compliance requirements across the organization’s product lines, leading efforts to achieve GDPR compliance across LifeWork’s multinational presence.Data Privacy Office: Collaborated with the legal team to establish a dedicated Data Privacy Office.Security Architecture and Programs: Created and maintained LifeWork’s security architecture, including security awareness programs and documentation for all global locations.Risk Management: Guided the Privacy and Risk teams in ongoing monitoring, auditing, and assessments.Penetration Testing: Coordinated with penetration testers for annual risk surface and vulnerability assessments.Application Security: Directed application security practices, including secure coding and meeting security requirements.Industry Awareness: Kept abreast of the IT security industry, including new security solutions, improved processes, and emerging threats.Security Tools Implementation: Implemented Static Analysis Security Testing (SAST) and Web Application Scanning (WAS).Data Protection: Ensured the confidentiality, integrity, and availability of data across all systems and repositories.HIPAA Compliance: Maintained HIPAA technical safeguards and ensured up-to-date HIPAA security compliance and standards.Security Reporting: Provided standard security and risk metrics to the leadership team.Security Accreditation: Led internal projects to achieve security accreditations, including ISO certifications and SOC2 reporting.

Create and maintain a LifeWorks’ Business Continuity Plan and Disaster Recovery Plan.Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.Select and acquire additional security solutions or enhancements to existing security solutions to improve overall security as per the enterprise’s existing procurement processes.Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through LifeWorks workstations, servers and other systems and in databases and other data repositories.Collaborate with RFP and sales team regarding HIPAA policies and best practices.Ensure the enforcement of security documents.Supervise all investigations into problematic activity and provide on-going communication with senior management.Supervise the design and execution of vulnerability assessments, penetration tests and security audits.Perform regular security awareness training for all employees to ensure consistently high levels of compliance with security documents.Lead any required investigative projects into privacy or security breach attempts of the LIfeWorks data asset.Ensure the enforcement of security documents.Supervise all investigations into problematic activity and provide on-going communication with senior management.Supervise the design and execution of vulnerability assessments, penetration tests and security audits.Design regular security awareness training for all employees to ensure consistently high levels of compliance with security documents.Lead any required investigative projects into privacy or security incidents or breach attempts of LIfeWorks data assets.

Leverage previous Network and Infrastructure experience in order to better design perimeter and data protection strategies for the organization. Evaluate security access requests for Risk and propose alternate solutions where applicableProvide security recommendations for network and application architectureProvide design validation for new technology and major changes within the organizationEnsure that security process is understood and practiced throughout the organizationResearch and evaluate security products to ensure data and systems are protected from latest threatsCollaborated with Security Lead in design, project coordination and implementation of Vormetric file and application encryption. Evaluate and Implement SIEM solution.Network and Web Architecture design reviews and provide security recommendations.Participate in re-architecture plans of existing infrastructure and security products.Assist plan and coordinate RedTeam engagement for yearly testingParticipate in security practice normalization for new branches \ acquisitions.Security Engineering and evaluation of new Security tools for the enterprise.

Risk assessment for network and production systems with Nessus Cloud and Qualys scanners. Collaborated with Security Lead in design, project coordination and implementation of Vormetric file and application encryption. Planned and deployed F5 LTM load balancers for increased stability, security and response time. Increased resiliency of BC site by upgrading all hosts to ESXi 5.5 and establishing site to site vmotion capabilities. Recreated site-to-site vlans to enable vmotion from Atlanta to Houston leveraging vMware site replication manager (SRM).Implemented the vCloud Suite with a focus in vSphere, vCloud Director, and Site Recovery Manager for the multi-site private cloud.Improved performance and security or Production tier by planning and deploying EMC VNXe 3200’s, redundant Cisco 3850 catalyst and dual Cisco 5545 ASAs. This project also aided in SignUp4’s maintained PCI compliance status.Scripted synthetic transactions for SignUp4 web based SaaS using PowerShell to verify site availability by mimicking user logins. Planned and Implemented ESX environment upgrade from 5.0 to 5.1 on all test, dev, qa, staging and production hosts. Designed and deployed new WFF webfarm to segregate login and other administrative functions from main production webfarm.Planned and deployed failover clusters for enhanced performance and availability of public webservices and windows services.Planned and deployed expanded windows webfarm infrastructure for enhanced performance and reliability leveraging EMC SAN technology and VMWare ESXi 5.0.Planned and built load balanced Web Application servers leveraging WFF for internal webservices.Designed & migrated to multi-server webfarm using WFF with IIS 7.5 with continuous replication and content protectionPlanned and implemented domain infrastructure for Windows 2008 R2 Server domain controllers, web, file, and SQL servers.Oversight of distributed datacenters in Atlanta and Houston to ensure SignUp4's product availability.

Expanded Subnet for Corporate office by implementing supernetting, thus adding over 1000 addresses for devices without incurring any added expense. Migrated from Exchange Server 2007 to Exchange 2010, including Exchange 2010 Edge Server for enhanced email security. Expanded VMware infrastructure and updated to ESXi 5.1, including the addition of a new EquiLogic PS6000 SAN.Microsoft Windows 2008 R2 Cluster creation and deployment.Assisted with expansion of Production environment to double speed and capacity planning for growth and scalability. Enacted use of CSIRT and CSERT teams as a means of Incident preparedness and Response.Responsible for the setup, maintenance and administration of all windows 2003 and 2008 servers for the corporate location, the production environment and the DR\BC location. Setup, maintain and administer VMware environment, while logically segregating resources pools according to appropriate business tier.Upgraded Virtual systems to Vsphere Server 4.1Deployed updates to production environment while minimizing impact on website availability and performance. Setup and administration of Array Networks APV load balancers. Re-designed Disaster Recovery plan and procedure. Established Sharepoint 2010 portal for internal corporate use. Responsible for setup and administration of Microsoft IIS 7.0 servers. Instituted the company blog using Wordpress while integrating it to our main site. Documented formal processes and procedures and brought to date existing documentation. Administration of Hurricane devices, barracuda Spam & malware prevention devices, Mcafee EPO and IDS administration.Converted SignUp4's public WordPress sites to full SSL behind APV load balancers.

Responsible for the monitoring of all Cox Enterprises systems, including the Windows Server environment, UNIX server environment, as well as Cox internal and external websites. Maintained the existing MOM 2005 infrastructure while planning for a migration strategy to BMC’s ProactiveNet Analytics. Setup monitoring of websites using BMC’s TM ART for site performance metrics, availability, performance degradation, and usability synthetic transactions across multiple cross divisional sites. Developed an agentless strategy for monitoring over 350 windows servers to minimize impact on managed servers performance. Designed cross domain model of monitoring while maintaining a small bandwidth footprint over the network. Ensured that monitoring setup became part of the Enterprise’s change management procedure. Established and created clear lines of communications across divisions and departments to ensure that success of central monitoring system.

Administered 224 servers, running a combination of Windows 2003 server, and Windows 2000 serverResponsible for IIS web servers with (NLB) and\or Cluster configurations on our external webfarm running on Win 2003 servers. Maintenance ISA 2000 and 2004 firewalls. Administered up to 18 Domain Controllers running DHCP, DNS, and AD, Multi-site replication.Assisted in the planning DR\BC planUtilized WSUS servers to manage and deploy patches, security fixes and updates throughout the domains.Assisted in administration of SQL 2000 and SQL 2005 clustered database servers, as well as database maintenance plans. Administered VPN Domain based on a segregated domain model Responsible for implementing Network performance monitoring through MOM 2005, and Dell Open ManageMaintained exchange 2003 clustered servers. Maintained three external mail gateways, running McAfee Groupshield for IDS and SPAM filtering. Administered Blackberry Enterprise server with over 500 devicesResponsible for administration of multiple Domain Controllers running DHCP, DNS, and AD, Multi-site replication.Setup and administer WSUS servers to manage and deploy patches, security fixes and updates throughout the domains from a central management point.

Administer twenty nine servers, running a combination of Windows 2003 server, advanced server, and Windows 2000 server. Administer Hewlett Packard Clustered Domain Controllers, Exchange 2003, and SQL 2000 Servers.Responsible for maintenance of Symantec corporate Antivirus, Spyware control, and intrusion detection.Responsible for Network Backups utilizing Arcserve 2000 and Veritas Backup. Disaster recovery planning. Administer the DNS, DHCP, Exchange, SQL and IIS servers. Performing maintenance, and planning for expansion. Active directory organization, implementation, and expansion. Designing, and setting up Group Policies and other security implementation tools with 100% uptime goal.Managed Exchange 2003 Enterprise server, and GFI intrusion detection tools for optimal email performance, 99% uptime.Support of on-the-road, sales staff, providing web company email, POP3 and VPN services.