Owner | IT Security Architect2015 - PRESENTInfoSec Assured
Technologies: Security Architecture, Threat Modeling, Threat Risk Assessment (TRA), Privacy Impact Assessment (PIA), Vulnerability Assessment, Penetration Testing, Compliance, PCI DSS, NERC, ISO 27001, Security Design
- Performed various security architectural (cloud and on-premise) reviews and architectural designs of major projects for clients; worked with various teams including product managers, scrum masters, developers (front- and back-end), and cloud experts.
- Conducted vulnerability assessments for many clients while often working with Agile teams; also reviewed CI/CD pipelines and recommended security measures.
- Composed IT security framework documentation which included a set of policies, definitions that covered roles and responsibilities, awareness and training schedules, data classification guidelines, and so on.
- Spoke publically on the following topics: “Security Projects Sanity Check” at BSides Vancouver (May 21) and "GDPR Challenges & Quick Wins” at InfoSec Train (May 19).
Senior IT Security Analyst2012 - 2013Aritzia
- Developed the ISMS framework including the security policies, procedures, and guidelines.
- Performed as the security SME (subject matter expert) on all projects with a security impact.
- Implemented PCI requirements and guided the vendors throughout their responsibilities.
- Handled all security operations including any security investigation and incident handling.
Senior IT Security Associate2011 - 2012Grant Thornton LLP
Technologies: Threat Risk Assessment (TRA), Privacy Impact Assessment (PIA), Information Security Management Systems (ISMS), Security Planning, Security Roadmap
- Provided detailed threat risk assessment for many clients including the government and public and private companies.
- Created detailed privacy impact assessments for many clients including the government and public and private companies.
- Generated detailed security roadmaps based on identified threats for many clients including the government and public and private companies.
- Developed the ISMS framework for many clients including the complete suite of documentation, policies, procedures, and guidelines.
- Documented disaster recovery and business continuity plans for many clients.
IT Security Officer2010 - 2011Accenture
Technologies: Security Operations Centers (SOC), Incident Response, Administration, Security, Security Administration
- Handled the security operations including managing incidents.
- Administered the security infrastructure for several projects, solutions, and applications.
- Performed as a security SME (subject matter expert) on a few projects for a client.
Security Analyst2005 - 2008ALA Enterprises
Technologies: Security Incident Handling, Administration, Security, Security Administration
- Provided clients with incident handling expertise.
- Oversaw security operations for a client and developed policies and procedures for them.
- Administered the security infrastructure and solutions for a client.