CISSP certified security solutions architect and PCI QSA with extensive experience in secure application development, solution architecture in various IT environments, development management, and Big 4 consulting. Thorough understanding of information security standards (ISO 27000, NIST, PCI DSS, HIPAA, and financial institution Shared Assessments) and how to apply them. Due to my combined security and application development background I am highly knowledgeable in all aspects of the Software Development Life Cycle, Secure coding techniques (Microsoft SDL, OWASP, among others), the Identity Management (IdM) life cycle, and the e-Discovery Reference Model (EDRM).

Director, Cybersecurity & Privacy @ Performed and lead high-level program assessments of both client and client’s third-party acquisition’s security programs against the ISO 27002 information security framework, identifying gaps and developing remediation roadmaps. Performed and lead high-level program assessments of both client and client’s third-party security programs against the PCI Data Security Standard (DSS), identifying gaps, developing remediation roadmaps, and assisting with remediation. Performed and lead high-level program assessments of client’s SDL programs against the ISO 27034, NIST 800-63, Microsoft SDL and OpenSAMM secure coding guidelines. Performed a high-level program assessment of a client’s third-party acquisition’s security program policies and procedures against the ISO 27002 information security framework prior to initial integration. One of PwC's representatives at the NIST cybersecurity initiative workshops aimed at developing a new cybersecurity Framework for critical infrastructure in response to President Oboma's Cybersecurity Executive Order. Developed a new Secure-Software Development Life Cycle process incorporating multiple business unit SDLC methodologies (Waterfall and Agile) for a large transportation client. This process was developed from a combination of industry standards including but not limited to the Microsoft SDL and OWASP secure coding guidelines. Conducted the pilot implementation of a secure code scanning tool which included vendor selection and development of the guidelines for using the chosen solution. Conducted a cybersecurity market analysis using collected research and knowledge to provide a cross-enterprise assessment of demand drivers, market size, and growth with key attention given to types of offerings (hardware, software, security services), providers, and industry & geographic dimensions. From January 2013 to Present (3 years) Orange County, California AreaApplication Security Specialist, CISSP @ Created an Application and System Risk Assessment program to allow the organization to systematically and accurately evaluate the risk profile and map that risk (and track compliance) back to policy. Performed application architecture reviews for legacy applications and new development with special emphasis on data loss prevention, production environment configuration, and development methodology. Conducted architecture reviews of enterprise and COTS applications to identify and mitigate exposure through risk assessment, penetration testing, code reviews, and third party code review where appropriate. Developed Secure-SDLC guidance incorporating “build security in” principles into existing business unit SDLC methodologies. This guidance was developed from a combination of industry standards including but not limited to the Microsoft SDL and OWASP secure coding guidelines. e-Discovery. Implemented, integrated and utilized multiple platforms and tools (HP IAP, Digital Forensics’ FRED, Guidance EnCase, Clearwell E-Discovery Platform, Exterro Fusion Legal Hold, Exterro Genome) to build an effective EDRM process service while significantly reducing costs. Performed vulnerability management and malware remediation utilizing various tools including an enterprise data encryption platform (for data both in transit and at rest), brand protection monitoring, and a malware protection system beyond anti-virus to augment the existing IDS/IPS and assist in identifying APTs. Conducted Incident Response Training scenarios and developed training artifacts. Experience in establishing mobile device policy and implementing mobile device management solutions addressing BYOD. Established policy exception procedures as part of an information security governance program. Reviewed/Updated existing and established new IT security policies, standards, and guidelines, including the Secure Application Development Policy and Standards. From October 2008 to September 2012 (4 years) Orange County, California AreaIT Manager: Identity Management, Fraud Prevention @ My team developed an identity theft and fraud prevention application for participants in the title and escrow real estate transaction. This system integrated third party identity checking services with internal systems developed by my team to look for fraudulent patterns in transactions across multiple brands, allowing for the flagging of suspicious activity and identities throughout the process. My team created, integrated, and managed a centralized IdM solution for more than 15,000 employees and federated the identities for external customers across multiple heterogeneous systems. This centralized web-based, LDAP solution integrates identities and application access across multiple enterprise systems (AD, Oracle HR, Exchange, corporate Intranet, external web sites, etc.) to create an integrated authentication and RBAC authorization engine. This system manages identities throughout the IdM Life Cycle. Authored an Enterprise Identity Management (IdM) framework to unify the management of identity information (employees, customers, and business partners) and its interaction (authorization) with FNF IT products. This framework included permission and policy management, security, directory services, user authentication/authorization, user provisioning/deprovisioning, and workflow. Implemented coding standards and best practices including the use of continuous integration to produce fully automated and reproducible builds. Responsible for all directory services (LDAP) development, including the creation and management of a directory service based IdM system and Identity Fraud detection systems. These projects required the direct management of my own dedicated development team and the coordination of several diverse teams, including Directory Services, Messaging, Network, and the BCO. Managed department budgets, employee reviews, strategic direction, project management, various development/QA/production environments, and disaster recovery preparations. From October 2001 to October 2008 (7 years 1 month) Orange County, California AreaApplication Architect @ Assessed the system architecture, code base, and development (SDLC) processes for applications acquired during several M & A acquisitions prior to their acquisition. From October 2000 to October 2001 (1 year 1 month) Orange County, California AreaSenior Associate @ Engagement Lead for several development efforts including eCommerce. From August 1995 to September 2000 (5 years 2 months) Orange County, California AreaLecturer @ Lecturer for an extended education course called Client/Server Systems Analysis and Design and for an extended education course called Database Design that taught relational theory using SQL Server. From June 1996 to June 1998 (2 years 1 month) Orange County, California AreaSenior Systems Consultant @ Lead developer in Client server Powerbuilder development From February 1994 to March 1995 (1 year 2 months) Orange County, California AreaSenior MIS Analyst @ Senior Database designer and application developer for supporting systems to the Space Station Freedom. From September 1992 to January 1994 (1 year 5 months) Orange County, California AreaEngineer/Scientist @ Database and GUI designer, ‘C’ consultant, and GIS specialist for an Object Oriented C/Oracle client/server Emergency Operations Center commercial software project From November 1989 to August 1992 (2 years 10 months) Orange County, California Area

CIS, Information Systems @ California State Polytechnic University-Pomona From 1980 to 1985 California State University-Long Beach Mike CISSP is skilled in: Risk Management, Information Security, Application Security, Security, CISSP, SDLC, Secure SDLC, Computer Security, Governance, Compliance, Computer Forensics, Incident Response, Integration, Litigation Support, Vulnerability Assessment