Brian Stanek
Verified Expert in Engineering
Security Engineer and Developer
Indianapolis, IN, United States
Toptal member since October 18, 2022
Brian Stanek has been in information technology for over 25 years. He has experience as a full-stack developer, architect, and cybersecurity professional. He holds several cyber certifications and has developed cybersecurity programs and defenses and orchestrated risk assessments and audits. He is currently an information security officer overseeing the cybersecurity teams for a hospital. Brian implements corporate policies and cybersecurity technology and manages all incident responses.
Portfolio
Experience
Availability
Preferred Environment
Windows
The most amazing...
...thing I've created was a cybersecurity program that is HIPAA and PCI certified and has successfully stood up to various threat actors.
Work Experience
Information Security Officer
Community Healthcare System
- Supervised the information security team to ensure best practices.
- Oversaw the cybersecurity program and protected IT assets and digital information.
- Collaborated and coordinated with Corporate Compliance and all activities related to cybersecurity assessments, projects, and audits.
- Managed incident response and disaster recovery plans and incident playbooks to ensure resources' availability across the organization and eliminate or minimize business disruption.
- Coordinated cybersecurity and security incident response training.
ASP.NET Security Architect
First to the Finish Kim and Mike Viano Sports Inc
- Researched potential sources of intrusion for credit card theft.
- Performed risk analysis of current code-based, infrastructure, and application integrations.
- Conducted security code review of existing eCommerce applications for rogue code.
- Developed NIST risk assessment documentation on applications, infrastructure, and cyber environment security assessment.
HIPAA Data Privacy Advisor
Theory of Me
- Researched privacy regulations appropriate for the application, considering local, state, federal, and international regulations.
- Created presentation on privacy concerns concerning PHI, PII, and student data collected by the application.
- Developed and presented options for meeting local, state, federal, and international privacy regulations.
VP of IT and Security
NAMIC Insurance Company, Inc. (NAMICO)
- Acted as the guiding force behind all IT and information security operations.
- Established the company's IT department and separated the network infrastructure from the parent company while creating a new cybersecurity program.
- Served as project manager, lead developer, and data architect, redesigning the proprietary CRM system—for underwriting, quoting, policy administration, and managing claims—data warehouse, and BI metadata models.
- Designed and managed a compliant cybersecurity program for a multi-state insurance company with key components such as policies, incident response, business continuity, disaster recovery plans, risk assessments, and penetration testing.
- Functioned as project manager and data architect for the website, supporting dynamic online applications.
- Developed and managed budgets, overseeing and approving all hardware, technology, and security purchases.
Solutions Architect
Baker Hill (acquired by Riverside Company)
- Drove the development of cutting-edge B2B banking solutions for national and international companies, including spending two years in Australia as lead solutions architect working with consultants to build several new applications.
- Contributed heavily to defining product core components, functional requirements, business rules, and the development roadmap.
- Created a series of enterprise infrastructure assets to enable seamless interfacing between Baker Hill's international solutions and a client's legacy system.
- Engaged as a key member of the technical sales team, delivering GAP analyses for proposals, which highlighted how company solutions would meet clients' current and future needs.
Experience
Cybersecurity Program
The cybersecurity program's key components included cybersecurity policies, incident response, business continuity and disaster recovery plans, cybersecurity risk assessments, penetration testing, and data classification. It complies with the Payment Card Industry Data Security Standard and the National Institute of Standards and Technology and utilizes the CIS SecureSuite standards and best practices.
Policy Administration System
I was the system architect, business analyst, lead developer, and data architect, developing a proprietary CRM system that supported an insurance agency and company. The system included a custom compliance module supporting the live updates to the rates, endorsements, and policy forms.
Certifications
Certified Information Systems Security Professional (CISSP)
(ISC)²
InsightIDR Certified Specialist
Rapid7
InsightVM Certified Administrator
Rapid7
Certified Ethical Hacker (CEH)
EC-Council
Certified Chief Information Security Officer (CCISO)
EC-Council
Skills
Tools
Microsoft Exchange, Apache
Languages
C#, .NET, Visual Basic, VB.NET, SQL, JavaScript, Java, Python
Frameworks
ASP.NET, .NET
Paradigms
Penetration Testing, DevSecOps, Secure Code Best Practices, HIPAA Compliance, DevOps, App Development, Web Architecture, DDoS
Platforms
Dropbox Development, Rapid7, Windows Development, WordPress Development, Azure, Linux, AWS
Industry Expertise
Cybersecurity, Insurance, System Security, Virtual Coaching
Storage
SQL Server, Database Administration (DBA), Database, Database, Azure, MySQL
Other
SAP BusinessObjects (BO), Information Security, NIST, Risk Management, Security Audits, Architecture, IT Security, Security, File Systems, Risk Assessment, Compliance, System Security, Data Security, System Security, Privacy, Data Privacy, Application Security, SOC 2( Service Organization Control), System Security, Certified Information Systems Security Professional, ISO 27001, ISO 27002, SSO Engineering, Governance, Data Integrity Testing, Audits, Disaster Recovery Plans (DRP), Software Implementation, IT Project Management, Best Practices, Database, Web MVC, PCI DSS, Web Development, Incident Response, Business Continuity & Disaster Recovery (BCDR), Data Architecture, CISO, Ethical Hacking, SIEM, Vulnerability Assessment, Functional Design, IT Systems Architecture, Security Architecture, IT Management, LDAP, Threat Modeling, Data Protection, Data-level Security, PCI, System Security, System Security, Technical Writing, Identity & Access Management (IAM), Business Services, Mobile Security, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), System Administration, Antivirus Software, IDS/IPS, Monitoring, Group Policy, IT Governance, Data Science, Security Engineering, OWASP Top 10, Microsoft 365, System Security, CISSP, Endpoint Detection and Response (EDR), Vulnerability Management, Business Continuity, Disaster Recovery Consulting, ISO Compliance, Office 365, Implementation Project Management, Technical Design, Contract Management, Management, Scope of Work (SOW), Staffing, Project Budget Management, Vendor Management, Project Delivery, Client Delivery Management, Regulations, Product Management, Code Review, Source Code Review, Risk Analysis, Root Cause Analysis, SecOps, Email, Network Administration, Budgeting Consulting, Cross-functional Collaboration, OFAC, Containers, Cloud Security, Active Directory Programming, Hacking, Cloudflare, GDPR, Estimations, Requirements, Roadmaps, Data Flows, Design Consulting, GRC, Release Management, Data Breach Response, DevSecOps, APIs, NYDFS
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring