British Columbia, Canada
Security Consultant/Engineer with over 25 years experience (combined military and private sector) working on security and system engineering/technical aspects of large system and software projects such as performing Threat Risk Assessments (TRAs), designing system security architecture, audits (specifically PCI DSS) and developing security guidelines/policy as well as providing technical security guidance and project management for several smaller projects. My project management experience also includes some sub-contract management, and leading/participating in Integrated Product Teams (IPTs). In addition: * Over 7 of those years as a qualified communications and electronics officer in the Canadian Forces covering a full range of responsibilities including project engineering, security engineering, and procurement/vendor management * Experience leading small (2-3 people) technical teams on projects and larger (20+ people) teams within a corporate environment University degree: Bachelor of Applied Science (Chemical Engineering) Professional certifications including Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), Payment Card Industry Professional (PCIP), (TELUS) Qualified Security Assessort (QSA), registration as a Professional Engineer (PEng) in Alberta and a Security Management Certificate from University of Calgary Specialties: Affiliations/Certifications: 1. [(ISC)2] Certified Information Systems Security Professional (CISSP) 2. [PMI] Project Management Professional (PMP) 3. [University of Calgary] Security Management certificate 4. [PCI SSC] Qualified Security Assessor (QSA) 5. Payment Card Industry Professional (PCIP) 6. Certified Information Systems Auditor (CISA) 7. Formerly [APEGGA registered] Professional Engineer (PEng) - lapsed as moved from engineering to consulting activities in job role
Project Manager for several smaller TELUS Security Solutions projects in the Western Canada region as well as providing technical security advice and services on some of these projects. Presales support providing technical content for bid responses primarily in Governance, Regulations and Compliance (GRC). Execution of technical aspects of projects - primarily those related to GRC. Includes one year as an IT Security Compliance officer for a customer, PCI gap assessments and formal audits as a QSA for several customers, and security policy writing.
For Suncor managed network services: providing assessment, audit and analysis reporting, as well as advising the operational data network team on best practices
Personal passion for children's literacy. Part time endeavour selling fun and educational children's books
Project management and security consulting
Role encompasses both technical (project lead security engineer) and leadership (spent two years as the information assurance team lead) functions * Supporting corporate engineering initiatives by reorganizing diverse security engineering team to fit into Systems Engineering functional organization * Providing technical and management leadership to pool of security engineering talent * Developing and running CISSP “lunch and learn” series to support corporate security awareness initiatives * Developing project security design aspects such as security architecture, (Common Critieria) evaluation plans, and security impact analyses (TRAs) * Writing statements of work and supervising subcontracts for penetration testing and CC evaluation * Analyzing systems and providing vulnerability assessments * Writing penetration test plans, supervising test teams, overseeing team’s analysis and report * Engineering support to business development, Research & Development, and proposals
System-level security and communications engineering to ensure a satisfactory product based on requirements and customer expections including: * Leading and participating in Integrated Product Teams (IPTs) * Development and execution of System Integration Test Plan and security requirement-related Qualification Test procedures, including overseeing assigned test personnel
* Product-line development including product line synthesis, standards compliance, business plan approach and drafting of product plans * System background/requirements analysis and user needs analysis (Quality Function Deployments) * Development of R&D proposals, management of IR&D funding and resources. * Development of bid proposals throughout the entire Bid Review process, including estimate compilation and liaison with other engineering areas