Michael Carroll Email & Phone Number
@truist.com
3 phones found area 404 and 866
LinkedIn matched
Who is Michael Carroll? Overview
A concise factual answer block for searchers comparing this professional profile.
Michael Carroll is listed as Director | The Intersection of Enterprise Security Architect and BISO | Building Teams and Things | Cyber Leadership and Strategy at Capital One, based in Woodstock, Georgia, United States. AeroLeads shows a work email signal at truist.com, phone signal with area code 404, 866, and a matched LinkedIn profile for Michael Carroll.
Michael Carroll previously worked as Director, Cyber Architecture at Capital One and Part-time Faculty at Kennesaw State University. Michael Carroll holds Masters Of Science, Information Systems from Kennesaw State University - Michael J. Coles College Of Business.
Email format at Capital One
This section adds company-level context without repeating Michael Carroll's masked contact details.
AeroLeads found 3 current-domain work email signals for Michael Carroll. Compare company email patterns before reaching out.
About Michael Carroll
Personal Purpose: Empower others with empathy and kindness to develop into better versions of themselves through continuous improvement and pursuit of shared goals.Specialties:-Information Security Leadership-Information Security and Assurance Program Management and Development -Information Security Architecture and Engineering-Cyber Security Strategy and Strategic Planning -Control Design and Implementation-Cyber Risk Frameworks (e.g. ISO, NIST) and Reference Architectures (e.g. NIST, CSA)-Information Security and IT Governance, Risk and Compliance (GRC) -Cloud Security-Risk Management and Assessment-Threat Modeling, Security Assessments, Maturity Assessments-Coaching, mentoring and university level instruction and teachingSELECTED LEADERSHIP & PERFORMANCE HIGHLIGHTS:•As part of the Merger of Equals between SunTrust and BB&T to create Truist, my team and I created and implemented a security focused strategy to facilitate the integration of the two heritage banks. Our approach allowed the firm to manage the information risks and threats while enabling the business to move forward. This was a unique experience with the mergers and acquisitions (M&A) process to create one of the top banks in the United States while managing the cyber risk. •Successfully rebuilt previously negative business relationship between cybersecurity and a C-Level executive and their team. This allowed us to reestablish trust and regain a “seat at the table” in making decisions. •Became an ISC(2) Official Training Provider (OTP) in order to provide Certified Information Systems Security Professional (CISSP) training to the organization. This resulted in dramatic cost reduction in the training for the cybersecurity organization. •Developed cybersecurity strategies, solutions and ecosystems to address threats and reduce risk for the enterprise (inclusive of business to business, business to customer, and business to employee).•Complete redesign and implementation of all information security policies, standards, procedures and default security contract language to modernize the cybersecurity practices, organizational intent and direction. This includes gaining alignment with Legal, Human Recourse, Audit, Risk, IT, and business stakeholders.
Listed skills include Information Security, Information Security Management, Security, Computer Security, and 39 others.
Michael Carroll's current company
Company context helps verify the profile and gives searchers a useful next step.
Michael Carroll work experience
A career timeline built from the work history available for this profile.
Part-Time Faculty
CurrentKennesaw State University is one of the largest public research universities in the state of Georgia. I am honored to be a member of the part-time faculty teaching information systems and cyber security at the undergraduate and graduate level in the Department of Information Systems within the Coles College of Business.Undergraduate Courses include: Introduction to Information Security and Assurance (ISA 3100), Management of Information Security in a Global Environment (ISA 3300), Management of Digital Forensics and eDiscovery (ISA 4350), Information Systems Management (IS 3100), and Introduction to Information Systems and Business Communication (IS 2200). Graduate Courses include: Management of Cybersecurity (CYBR 7300).
Senior Vice President, Cyber Security Architecture
I was responsible for the well-being and performance of two teams. - Cyber Security Architecture - Responsible for designing and curating cyber security solutions to fit the business’ needs and that are integrated into the business (i.e. client facing and enterprise) ecosystems. This is in support of efforts to reduce risk and fulfill our commitment to our clients regarding security as stated in Truist’s mission. The team is responsible for leading solution selection, creating cyber architectural designs, reference architectures, design patterns and building blocks, design standards, and solution roadmaps.- Threat Modeling – Responsible for decomposing business applications and solutions from an adversary’s perspective to inform the development process. The exercises use frameworks, tools, detailed analysis, and intelligence collected from other groups to inform application security risk. This function serves as an integration point between Architecture, Vulnerability Management, Penetration Testing, Business Information Security and Governance Risk and Compliance.
(Isc)2 Authorized Instructor
The International Information System Security Certification Consortium, or (ISC)², is a non-profit organization which specializes in training and certifications for cybersecurity professionals.It was an honor and a pleasure to facilitate courses to help people grow, learn, stretch and achieve their certification goals.I was authorized to facilitate the following two certification courses for (ISC2)- Certified Information Systems Security Professional (CISSP)- Certified Cloud Security Professional (CCSP)
Head Of Cyber Security Solution Architecture
Led a team of talented Cybersecurity Solution Architects that ensure cybersecurity solutions and business driven capabilities have security “built in” to support building the premier financial institution.The team was accountable for the solution designs for security investment projects, maturity of existing capabilities as well as ensuring business driven projects take into account sound security practices, controls, designs, and patterns. Cybersecurity solutions examples include items such as replacements/additions of the Web Security Gateway, Email Security Gateway, Intrusion Prevention and Detection, Data Loss Prevention, Security Logging and Monitoring, Cloud Security Capabilities and Identity Suites. Business driven projects examples include designing controls for the file sharing ecosystem, migration to Office 365, and merger and acquisition activities. The group was also charged with supporting the Cyber Enterprise Architecture function by contributing to policy, procedures, guidelines, patterns, Architecture Working Groups, roadmaps, reference architectures and augmenting the Enterprise Architecture function as a whole. To achieve success, the team engaged multiple levels of the organization including business sponsors (often senior leaders in the organization) as well as other domain architects, engineers, analyst, developers, operations personnel and production support. As such, the skills required in the team included the technical knowledge and the business acumen in order to influence and drive the correct solution and reduce risk.
Data Protection Manager
(Department effectively dissolved and was recast later as part of a reorganization)Charged with establishing a Center of Excellence of Information & Data Protection staffed with talent & equipped with resources to solve for business challenges, needs & demand. Functions include driving strategy, creating capabilities, implementing frameworks, governance structures, developing & executing risk treatment strategies as well as reporting aligned to business objectives.
Executive & Platform Security Advisor
Senior-level information security consultant and relationship manager supporting the Chief Data Officer as well as the Chief Technology Officer for the Enterprise Data Organization. In this role, I serve as the dedicated thought leader in designing and imbuing cyber security best practices into the way we use data for the betterment of the company and our clients. I act as a trusted advisor in building positive and lasting relationships between our security organization and the senior IT leaders I support. A large portion of my function is devoted to facilitating the execution of my constituent’s initiatives while building security into their processes, practices, operations, and technology stack in order to support our “Client First” focus.
Information Security Architect / Program Manager
As the functional head of the company’s Information Security Program, I was responsible for managerial, operational and technical controls that drive a balanced risk approach. This includes governance and oversight functions such as policies, standards and procedures as well as technical controls, safeguards, and protection mechanisms. This strategy is driven from the company’s risk and business-centric Information Security Roadmap for which I had ownership and accountability.Responsible for designing, implementing, and maintaining processes, technologies and controls to enhance the security posture of the organization. This also enabled various regulatory and legal, and contractual requirements (e.g. Payment Card Industry (PCI), Sarbanes-Oxley (SOX), etc.). Established and maintained a monitoring and reporting (scorecard and dashboard) program for metrics tracking, trending, and health checks. Responsible for managing and forecasting the information security function’s budget including capital (CAPEX) and operational (OPEX) expenditures. Built, fostered and maintained strategic relationships with business stakeholders and support departments such as Legal/General Counsel, Internal Audit, Human Resources, Marketing, and Finance.
Security Operations Manager
Promoted to fill a leadership gap & provide direction for the Security Operations group. This group was responsible for managing the security posture by identifying threats and vulnerabilities, detecting and responding to potential incidents and delivery of key performance indicators (KPI) and key risk indicators (KRI). This was included both the internal and externally facing environments. This is accomplished by an appropriate balance of people, processes, & technology.In this capacity, my role was charged with the following: • Enhancing Travelport’s ability to correlate security events with new data sources• Deliver meaningful intelligence to the Incident Response group regarding events• Develop proactive & defensive measures to reduce information risk & balance the needs of the business• Evaluation of change controls that impact network security & logical administrative access to environments • Support PCI, SOX, & ISO 27001 compliance & certifications• Support the SDLC process (Waterfall & Agile) & track remediation of gaps & deficiencies• Increasing automation & visibility, enhance cross departmental collaboration, & develop baseline metrics to demonstrate improvement
Sr. Cyber Security Consultant
Senior-level security consultant responsible for embedded security in the system development lifecycle (SDLC) to include standards and control development and then ensuring implementation on development efforts for both internal applications and those consumed by customers. This also included ensuring that security criteria and requirements prescribed were implemented as appropriate (platforms included mobile, web, cloud, service oriented architecture (SOA) and mainframe environments).Part of this role meant leading efforts and being an advocating for bridged gap between the Business, Information Technology, Legal, Privacy, Procurement and Security. In these efforts my role called for first understanding the business and finding solutions to unique challenges that would in turn enable profit centers. Compliance efforts including driving components of PCI and Safe Harbor compliance and the pursuit of ISO 27001 compliance. Architected, implemented, and administered various solutions (on premised and off premised (e.g. cloud-based)) designed to safeguard the enterprise and customer data and systems.
Security Solutions Officer And Information Security Officer
Senior-level security strategist and consultant charged with managing relationships with technology partners to deliver solid solutions that enable and promote the business objectives while ensuring security is embedded into the system development lifecycle (SDLC). Solutions varied from very narrow tactical products designed to solve for a very specific challenge to a very broad strategic initiatives meant to address systemic or enterprise challenges.As part of this role, I also served as an Information Security Officer for various functions and lines of business (profit centers). This role meant being charged as information security leader and advocate responsible for bridging the gap between the business, information technology, and security. This includes frequent engagement and awareness efforts between internal business partners, external suppliers, investors, and regulators within the banking and financial services realm.
Information Security Officer
Charged with being an information security leader and advocate responsible for bridging the gap between the business and security. This includes frequent engagement and awareness efforts between internal business partners, external suppliers, investors, and regulators within the banking and financial services realm.The above is accomplished by building and nurturing positive and lasting business relationships that foster an appropriate risk-based environment with frequent engagements of information security.The above is augmented by being responsible for the risk assessment and risk management of a portfolio consisting of applications, systems, business processes and projects. Auxiliary responsibilities also include acting as a consultant for business partners on a variety of challenges and forming solutions to enable the success of the individual and the business. Such solutions include encryption technology, secure data transmissions, embedding security into the system development lifecycle, and the on-boarding of new business acquisitions into the corporate enterprise.
Information Security Engineer And Program Manager
My role at the University during this time frame was as a Sr Information Security Engineer and Program Manager. My role was a hybrid technical and program role. As a Sr Information Security Engineer, I led the delivery, maintained and auditing of safeguards and controls utilizing various Information Security and IT Governance frameworks such as NIST and ISO 27001/27002 and other industry guidance including IT Audit Guidance and SANS Roadmaps. Examples include infrastructure security capabilities such as antivirus, patching, firewall operations, intrusion prevention and detection, monitoring, alerting, etc.I led the Computer Incident Response Team (CIRT) for incidents, digital forensics, and eDiscovery investigations.As Program Manager, I developed, implemented and maintained strategies, processes, and technologies to effectively manage risk as a part of the risk management process. I also improved the metrics and reporting program including Key Performance Indicators (KPs) and Key Risk Indicators (KRIs). I was also the principal for establishing and managing a program designed to address security concerns within the Security and System Development Lifecyle for products, systems and services.
Information Systems Security Officer
My role was as a Information Systems Security Officer (ISSO) and Information Assurance Officer (IAO) supporting flagship Lockheed Martin Aeronautics products for the Department of Defense (DoD). This includes system security, audit, control and compliance in accordance with regulatory and contractual requirements for multiple systems of varying size, complexity and geographic distribution.I developed System Security Plans, Plan of Action and Milestones (POAM) and Continuity of Operations Plans (CO-OP) for my areas of responsibility. I also performed digital forensic and eDiscovery investigations as a member of the Computer Incident Response Team (CIRT). Investigations were facilitated by the usage of both open source and commercial tools (FTK, EnCase, Helix, etc).
Information Security Interin
Internship with the Information Security Office performing engineering and research.
Michael Carroll education
Masters Of Science, Information Systems
Bachelor Of Science, Information Security And Assurance
Frequently asked questions about Michael Carroll
Quick answers generated from the profile data available on this page.
What company does Michael Carroll work for?
Michael Carroll works for Capital One.
What is Michael Carroll's role at Capital One?
Michael Carroll is listed as Director | The Intersection of Enterprise Security Architect and BISO | Building Teams and Things | Cyber Leadership and Strategy at Capital One.
What is Michael Carroll's email address?
AeroLeads has found 3 work email signals at @truist.com for Michael Carroll at Capital One.
What is Michael Carroll's phone number?
AeroLeads has found 3 phone signal(s) with area code 404, 866 for Michael Carroll at Capital One.
Where is Michael Carroll based?
Michael Carroll is based in Woodstock, Georgia, United States while working with Capital One.
What companies has Michael Carroll worked for?
Michael Carroll has worked for Capital One, Kennesaw State University, Truist, (Isc)², and Suntrust.
How can I contact Michael Carroll?
You can use AeroLeads to view verified contact signals for Michael Carroll at Capital One, including work email, phone, and LinkedIn data when available.
What schools did Michael Carroll attend?
Michael Carroll holds Masters Of Science, Information Systems from Kennesaw State University - Michael J. Coles College Of Business.
What skills is Michael Carroll known for?
Michael Carroll is listed with skills including Information Security, Information Security Management, Security, Computer Security, Cissp, Network Security, It Audit, and Intrusion Detection.
Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.
Start free trial