My background consists of over 20 years of industry experience, with a focus on the IT information security sector both professionally and educationally. With an extensive large systems and networking background, I leverage discipline, systems knowledge and security related skills together to manage, design and implement information security programs.

I have worked with several industries (Banking, Telecom, Oil & Gas, Manufacturing, Finance) to identify and implement security controls used to improve security postures and help attain regulatory mandate compliance (PCI, SOX/CSOX, NERC-CIP, HIPAA, GLB).

Currently I hold ISC(2) CISSP, CIPS ISP and ISACA CISA certifications as well as numerous industry vendor certifications, including Checkpoint and Juniper. I also have a Master of Science in Information Systems – with a thesis topic “Effective SQL Injection Attack Reconstruction using Network Recording”.

I work for HP in their Enterprise Security Products group, which focuses on improving security visibility and enterprise risk management.  Previously I worked with the Alberta electric grid independent system operator (ISO) as their IT Enterprise Security Architect offering expert assistance to grow their IT security program. I am able to provide purist security architecture advice and blend that with pragmatic (near) real-time threat mitigation. It is a challenge focusing simultaneously on both ends of the IT security continuum that has regulatory compliance on one end and real-time information security threat management on the other.

Specifically, I’ve helped clients by managing projects such as:

• development of IT security policies, standards, guidelines and procedures
• development of IT DRP plans
• perform IT security risk assessments
• network segregation and application isolation
• infrastructure security event monitoring (SIEM design and deployment)
• server hardening standards, process and implementation
• user identity management process re-engineering
• application security standards and assessment

Feel free to check out my resume at here for more detail or my LinkedIn page .. although I’m not looking for new job opportunities right now, since I’m pretty happy with the team and technology at HP Enterprise Security Products.

I welcome the opportunity to elaborate on any area of my skills or thesis – please feel free to contact me at 1-512-705-6840 or   a at pomeroy dot us