Brian Stanek, Developer in Indianapolis, IN, United States
Brian is available for hire
Hire Brian

Brian Stanek

Verified Expert  in Engineering

Bio

Brian Stanek has been in information technology for over 25 years. He has experience as a full-stack developer, architect, and cybersecurity professional. He holds several cyber certifications and has developed cybersecurity programs and defenses and orchestrated risk assessments and audits. He is currently an information security officer overseeing the cybersecurity teams for a hospital. Brian implements corporate policies and cybersecurity technology and manages all incident responses.

Portfolio

Camp Network, LLC
Security, Cloud Security, PHP, MySQL, Amazon RDS, AWS Cloud Security, AWS WAF
Community Healthcare System
Business Continuity & Disaster Recovery (BCDR), Incident Response...
Open Possibilities...
IT Security, Google Workspace, Email, Security

Experience

  • Cybersecurity - 12 years
  • Web Development - 10 years
  • C# - 10 years
  • App Development - 10 years
  • Data Architecture - 10 years
  • CISO - 8 years
  • Information Security - 8 years
  • Incident Response - 8 years

Availability

Part-time

Preferred Environment

Windows

The most amazing...

...thing I've created was a cybersecurity program that is HIPAA and PCI certified and has successfully stood up to various threat actors.

Work Experience

App Security Consultant

2025 - PRESENT
Camp Network, LLC
  • Conducted a comprehensive security assessment of a PHP-based application.
  • Identified and mitigated vulnerabilities to protect against security attacks.
  • Provided recommendations for strengthening MySQL and RDS database security.
  • Developed recommendations for secure application architecture.
  • Collaborated with stakeholders to ensure compliance with security best practices.
Technologies: Security, Cloud Security, PHP, MySQL, Amazon RDS, AWS Cloud Security, AWS WAF

Information Security Officer

2022 - PRESENT
Community Healthcare System
  • Supervised the information security team to ensure best practices.
  • Oversaw the cybersecurity program and protected IT assets and digital information.
  • Collaborated and coordinated with Corporate Compliance and all activities related to cybersecurity assessments, projects, and audits.
  • Managed incident response and disaster recovery plans and incident playbooks to ensure resources' availability across the organization and eliminate or minimize business disruption.
  • Coordinated cybersecurity and security incident response training.
Technologies: Business Continuity & Disaster Recovery (BCDR), Incident Response, Cybersecurity, Budgeting, Information Security, PCI DSS, IT Systems Architecture, Cross-functional Collaboration, Insurance, CISO, HIPAA Compliance, Security Architecture, NIST, Risk Management, Security Audits, Architecture, Security, Risk Assessment, Threat Modeling, DevSecOps, Data Protection, Data-level Security, Compliance, PCI, Security Policies & Procedures, Technical Writing, Identity & Access Management (IAM), Cloud Security, Data Security, Privacy, Data Privacy, Application Security, Mobile Security, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), DDoS, System Administration, SOC 2, Certified Information Systems Security Professional, ISO 27001, ISO 27002, Single Sign-on (SSO), Rapid7, Antivirus Software, IDS/IPS, Monitoring, Windows, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, OWASP Top 10, GRC, Threat Intelligence, Data Integrity Testing, Secure Code Best Practices, Release Management, Endpoint Detection and Response (EDR), Vulnerability Management, Audits, Business Continuity, Disaster Recovery Consulting, Disaster Recovery Plans (DRP), Project Management, Office 365, Contract Management, IT Project Management, Management, Scope of Work (SOW), Staffing, Project Budget Management, Vendor Management, Project Delivery, Regulations, Best Practices, Data Breach Response, Product Management, Database Security, Risk Analysis, SecOps, Database Architecture, Email, Metrics, Sentinel, Cybersecurity Automation, Cybersecurity Operations, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Palo Alto Networks, NMap, Microsoft Defender Antivirus

Cybersecurity Specialist

2024 - 2025
Open Possibilities, a California Nonprofit Public Benefit Corporation dba Possibility Labs
  • Performed a full-scale security audit of a Google Workspace tenant post-migration from Office 365.
  • Identified and remediated vulnerabilities, ensuring robust security configurations.
  • Established best practices for email encryption and secure file-sharing protocols.
  • Advised on compliance with insurance security standards and regulatory requirements.
  • Strengthened access control policies through role-based security configurations.
  • Provided expert guidance on risk mitigation strategies for data-sharing environments.
  • Ensured security settings aligned with industry best practices and organizational needs.
Technologies: IT Security, Google Workspace, Email, Security

HIPAA Compliance Expert

2024 - 2024
Montgomery Psychiatry, P.C.
  • Conducted thorough codebase reviews to identify and resolve security vulnerabilities.
  • Provided actionable feedback and recommendations for enhanced system security.
  • Advised on secure coding methodologies for development teams.
  • Assisted in preparing security documentation and internal policies.
Technologies: HIPAA Compliance, IT Security, Security, JavaScript, Cybersecurity, Data Privacy, Data Protection, DevSecOps, DevOps

HIPAA Compliance Expert

2023 - 2024
Montgomery Psychiatry, P.C.
  • Conducted thorough codebase reviews to identify and resolve security vulnerabilities.
  • Provided actionable feedback and recommendations for enhanced system security.
  • Advised on secure coding methodologies for development teams.
  • Assisted in preparing the security documentation and internal policies.
Technologies: HIPAA Compliance, IT Security, Security, JavaScript, Cybersecurity, Data Privacy, Data Protection, DevSecOps, DevOps

ASP.NET Security Architect

2023 - 2023
First to the Finish Kim and Mike Viano Sports Inc
  • Conducted an incident response exercise to diagnose payment security vulnerabilities.
  • Identified and remediated malicious code injection affecting desktop transactions.
  • Examined Windows-hosted application servers for potential security threats.
  • Strengthened payment processing security within PayPal and credit card workflows.
  • Provided recommendations to improve overall eCommerce transaction security.
Technologies: ASP.NET, Windows, Architecture, IT Security, Security, Security Audits, Data Integrity Testing, Secure Code Best Practices, Audits, Best Practices, Code Review, Source Code Review, Risk Analysis, Root Cause Analysis, SecOps, .NET, Email, Cybersecurity Operations, Vulnerability Scanning

HIPAA Data Privacy Advisor

2023 - 2023
Theory of Me
  • Conducted a preliminary review of HIPAA and GDPR compliance for a health wellness app.
  • Performed a privacy impact assessment (PIA) to define data security requirements.
  • Provided expert guidance on risk management for health-related applications.
  • Assisted in developing privacy policies and compliance roadmaps.
  • Ensured compliance with industry standards for safeguarding athlete wellness data.
Technologies: HIPAA Compliance, Data Privacy, Compliance, Risk Management, General Data Protection Regulation (GDPR), IT Security, Security, Estimations, Requirements, Roadmaps, Data Flows, Consulting, Security Audits, Threat Intelligence, Amazon Web Services (AWS), Audits, Office 365, Best Practices, Cybersecurity Operations

VP of IT and Security

2007 - 2022
NAMIC Insurance Company, Inc. (NAMICO)
  • Acted as the guiding force behind all IT and information security operations.
  • Established the company's IT department and separated the network infrastructure from the parent company while creating a new cybersecurity program.
  • Served as project manager, lead developer, and data architect, redesigning the proprietary CRM system—for underwriting, quoting, policy administration, and managing claims—data warehouse, and BI metadata models.
  • Designed and managed a compliant cybersecurity program for a multi-state insurance company with key components such as policies, incident response, business continuity, disaster recovery plans, risk assessments, and penetration testing.
  • Functioned as project manager and data architect for the website, supporting dynamic online applications.
  • Developed and managed budgets, overseeing and approving all hardware, technology, and security purchases.
Technologies: Cybersecurity, C#, Web MVC, SQL Server 2014, SAP BusinessObjects (BO), Information Security, PCI DSS, NIST, Web Development, App Development, Penetration Testing, Incident Response, Business Continuity & Disaster Recovery (BCDR), Network Administration, CISO, Database Administration (DBA), Data Architecture, C#.NET, HIPAA Compliance, Security Architecture, Risk Management, Security Audits, IT Management, Architecture, OFAC, IT Security, Security, LDAP, Dropbox, File Systems, Risk Assessment, Threat Modeling, DevOps, Containers, Data Protection, Data-level Security, Compliance, Visual Basic 6 (VB6), Visual Basic .NET (VB.NET), Data Encryption, Database Security, Secure Coding, Security Policies & Procedures, Technical Writing, Identity & Access Management (IAM), Data Security, Web Security, Web Architecture, WordPress, JavaScript, Insurance, Privacy, Data Privacy, Application Security, Business Services, Active Directory Programming, Microsoft Exchange, Mobile Security, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), System Administration, Java, Azure, Azure Active Directory, SQL, Network Security, Web App Security, Certified Information Systems Security Professional, Cloudflare, ISO 27001, ISO 27002, Python, Amazon Web Services (AWS), Single Sign-on (SSO), Linux, MySQL, Apache, Rapid7, Antivirus Software, IDS/IPS, Monitoring, Windows, ASP.NET, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, OWASP Top 10, Microsoft 365, Threat Intelligence, Data Integrity Testing, Secure Code Best Practices, Endpoint Detection and Response (EDR), Vulnerability Management, Audits, Business Continuity, Disaster Recovery Consulting, Disaster Recovery Plans (DRP), Project Management, Office 365, Implementation Project Management, Software Implementation, Technical Project Management, Contract Management, IT Project Management, Management, Scope of Work (SOW), Staffing, Project Budget Management, Vendor Management, Project Delivery, Client Delivery Management, Regulations, Best Practices, Product Management, Database Security, DevSecOps, APIs, Code Review, Source Code Review, Risk Analysis, Root Cause Analysis, SecOps, .NET, Database Architecture, Email, Cybersecurity Automation, Cybersecurity Operations, Security Information and Event Management (SIEM), Vulnerability Scanning, BitLocker, Metasploit, NMap

Solutions Architect

2003 - 2007
Baker Hill (acquired by Riverside Company)
  • Drove the development of cutting-edge B2B banking solutions for national and international companies, including spending two years in Australia as lead solutions architect working with consultants to build several new applications.
  • Contributed heavily to defining product core components, functional requirements, business rules, and the development roadmap.
  • Created a series of enterprise infrastructure assets to enable seamless interfacing between Baker Hill's international solutions and a client's legacy system.
  • Engaged as a key member of the technical sales team, delivering GAP analyses for proposals, which highlighted how company solutions would meet clients' current and future needs.
Technologies: C#.NET, SQL Server 2014, Data Architecture, Database Administration (DBA), DevOps, Visual Basic 6 (VB6), Visual Basic .NET (VB.NET), Data Encryption, Database Security, Secure Coding, Technical Writing, Data Security, System Administration, SQL, Linux, MySQL, Windows, ASP.NET, Data Integrity Testing, Secure Code Best Practices, Office 365, Implementation Project Management, Software Implementation, Technical Project Management, Contract Management, IT Project Management, Management, Scope of Work (SOW), Project Delivery, Client Delivery Management, Regulations, Best Practices, Product Management, Database Security, APIs, Code Review, Source Code Review, Root Cause Analysis, .NET, Database Architecture

Experience

Cybersecurity Program

NAMICO became subject to cybersecurity regulations after the NY CCR 500 was passed, establishing new cybersecurity requirements for financial services companies. I performed the initial risk assessment and developed a new secure network infrastructure separate from the parent company's network. At the same time, I implemented a multi-state cybersecurity program that met state and federal regulations.

The cybersecurity program's key components included cybersecurity policies, incident response, business continuity and disaster recovery plans, cybersecurity risk assessments, penetration testing, and data classification. It complies with the Payment Card Industry Data Security Standard and the National Institute of Standards and Technology and utilizes the CIS SecureSuite standards and best practices.

Policy Administration System

A policy administration, underwriting, quoting, and claims system for a multi-state insurance company.

I was the system architect, business analyst, lead developer, and data architect, developing a proprietary CRM system that supported an insurance agency and company. The system included a custom compliance module supporting the live updates to the rates, endorsements, and policy forms.

Certifications

MAY 2023 - APRIL 2026

Certified Information Systems Security Professional (CISSP)

(ISC)²

MARCH 2020 - PRESENT

InsightIDR Certified Specialist

Rapid7

OCTOBER 2019 - PRESENT

InsightVM Certified Administrator

Rapid7

JULY 2018 - PRESENT

Certified Ethical Hacker (CEH)

EC-Council

DECEMBER 2017 - PRESENT

Certified Chief Information Security Officer (CCISO)

EC-Council

Skills

Tools

Sentinel, BitLocker, Metasploit, Microsoft Exchange, Apache, NMap, Google Workspace

Languages

C#, C#.NET, Visual Basic 6 (VB6), Visual Basic .NET (VB.NET), SQL, JavaScript, Java, Python, PHP

Frameworks

ASP.NET, .NET

Paradigms

Penetration Testing, DevSecOps, Secure Code Best Practices, HIPAA Compliance, DevOps, App Development, Web Architecture, DDoS

Platforms

Dropbox, Rapid7, Windows, WordPress, Azure, Linux, Amazon Web Services (AWS)

Industry Expertise

Cybersecurity, Insurance, Project Management

Storage

SQL Server 2014, Database Administration (DBA), Database Architecture, Database Security, Azure Active Directory, MySQL

Other

SAP BusinessObjects (BO), Information Security, NIST, Risk Management, Security Audits, Architecture, IT Security, Security, File Systems, Risk Assessment, Compliance, Security Policies & Procedures, Data Security, Web Security, Privacy, Data Privacy, Application Security, SOC 2, Web App Security, Certified Information Systems Security Professional, ISO 27001, ISO 27002, Single Sign-on (SSO), Governance, Data Integrity Testing, Audits, Disaster Recovery Plans (DRP), Software Implementation, IT Project Management, Best Practices, Database Security, Security Information and Event Management (SIEM), Vulnerability Scanning, Web MVC, PCI DSS, Web Development, Incident Response, Business Continuity & Disaster Recovery (BCDR), Data Architecture, CISO, Ethical Hacking, SIEM, Vulnerability Assessment, Functional Design, IT Systems Architecture, Security Architecture, IT Management, LDAP, Threat Modeling, Data Protection, Data-level Security, PCI, Data Encryption, Secure Coding, Technical Writing, Identity & Access Management (IAM), Business Services, Mobile Security, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), System Administration, Network Security, Antivirus Software, IDS/IPS, Monitoring, Group Policy, IT Governance, Data Governance, Security Engineering, OWASP Top 10, Microsoft 365, Threat Intelligence, CISSP, Endpoint Detection and Response (EDR), Vulnerability Management, Business Continuity, Disaster Recovery Consulting, ISO Compliance, Office 365, Implementation Project Management, Technical Project Management, Contract Management, Management, Scope of Work (SOW), Staffing, Project Budget Management, Vendor Management, Project Delivery, Client Delivery Management, Regulations, Product Management, Code Review, Source Code Review, Risk Analysis, Root Cause Analysis, SecOps, Email, Metrics, Cybersecurity Automation, Cybersecurity Operations, Certified Ethical Hacker (CEH), Network Administration, Budgeting, Cross-functional Collaboration, OFAC, Containers, Cloud Security, Active Directory Programming, Hacking, Cloudflare, General Data Protection Regulation (GDPR), Estimations, Requirements, Roadmaps, Data Flows, Consulting, GRC, Release Management, Data Breach Response, DevSecOps, APIs, NYDFS, Palo Alto Networks, Microsoft Defender Antivirus, Amazon RDS, AWS Cloud Security, AWS WAF

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring