John Barchie, Developer in Fernley, NV, United States
John is available for hire
Hire John

John Barchie

Verified Expert  in Engineering

Security Software Developer

Fernley, NV, United States

Toptal member since November 2, 2022

Bio

As a senior security manager and consultant, John established, implemented, or audited information security in over 150 institutions. As a certified and practicing trusted advisor with a background in cybersecurity and network engineering, John assists companies in optimizing the benefits of information security programs. Specializing in governance, risk, and compliance, John informs organizations how to evaluate, monitor, and direct information security risk.

Portfolio

Barchie Consulting
Cybersecurity, Risk Management Framework (RMF), Information Security...
Hearst - Information Security Office
Security Architecture, Vulnerability Assessment, Risk Management, IT Management...
8x8
Risk, SOC Compliance, PCI Compliance, HIPAA Compliance, DevSecOps...

Experience

  • Compliance - 20 years
  • Executive Reporting - 20 years
  • Business Continuity & Disaster Recovery (BCDR) - 20 years
  • Audits - 20 years
  • Boards - 20 years
  • Networking - 20 years
  • Security Management - 20 years
  • Governance - 20 years

Availability

Part-time

Preferred Environment

SOC 2, NIST, Security Audits, Security Management, Cybersecurity

The most amazing...

...things I've done are helping NASA Ames Research Center improve their in-house SIEM and helping Visa get ready for their first FFIEC audit.

Work Experience

Principal | Owner

2004 - PRESENT
Barchie Consulting
  • Built out and educated security teams for small, medium, and large companies.
  • Facilitated an understanding with executive and senior management of their responsibilities in their new regulatory environments on rent-a-CISO engagements.
  • Chartered information security programs, including budgeting and team building.
  • Performed radio and newspaper interviews and created articles and other policy positions concerning the regulatory environment surrounding cybersecurity, GDPR, NIST, ISO 27000 series, FFIEC, and FedRAMP.
  • Utilized new measurement techniques for cybersecurity risk, establishing likelihood and impact for risk register events, resulting in the identification of critical projects and creation of a board-level report to present to the board of directors.
  • Prepared the cybersecurity risk assessment for FDA pre-market entry of Glooko cloud-based medical device software. Worked with development teams to analyze vectors of potential attacks and enumerate the controls necessary to mitigate risk.
  • Acted as a trusted advisor working with various state and Fortune 500 organizations to provide board reports, establish GRC functions, perform security assessments, and act on behalf of the organizations in the CISO or DPO role.
  • Prepared organizations for HIPAA and GDPR compliance, established risk management frameworks, created secure software development lifecycles, and integrated cybersecurity into normal business functions.
  • Provided direction on incident response, risk assessment, legal obligations for international regulations, and information security consulting.
  • Conducted external and internal penetration tests, wrote deliverable reports, and presented them to the CIO and his team.
Technologies: Cybersecurity, Risk Management Framework (RMF), Information Security, Compliance, Governance, Risk, Direction, Monitoring, Evaluation, Security, PCI DSS, HITRUST Certification, IT Security, Security Architecture, Risk Management, Risk Assessment, Vulnerability Assessment, Software Architecture, Threat Modeling, Security Testing, GAP Analysis, Solution Architecture, SOC 2, ISO 27002, NIST, Single Sign-on (SSO), Security Audits, GRC, Web Security, Computer Security, Security Management, ISO 27001

GRC Director

2022 - 2023
Hearst - Information Security Office
  • Provided stability to a department affected by key leadership changes.
  • Built out the quarterly and yearly roadmap to meet Hearst's current and future goals.
  • Analyzed ways to make governance, risk, and compliance (GRC) a billable chargeback service.
  • Established the risk management framework utilizing the Lynx risk management tool.
Technologies: Security Architecture, Vulnerability Assessment, Risk Management, IT Management, Architecture, PCI, NIST, HIPAA Compliance, Leadership, SOC 2, ISO 27002, GRC, Computer Security, Security Management, Cybersecurity, ISO 27001

Director and Global Head of Information Security Compliance

2019 - 2022
8x8
  • Developed a global compliance program (FISMA, SOC 2, HIPAA, PCI DSS, GDPR, and ISO) that met regulatory and legal obligations.
  • Attended sales calls and helped knock down cybersecurity-related objections, resulting in an increase in the monthly recurring revenue for 8x8 services.
  • Reviewed over 200 vendor and customer contracts to ensure the cybersecurity obligations could be met by the organization.
  • Expanded the cybersecurity compliance program to Singapore and the UK.
  • Established the cybersecurity risk register for the organization and ensured it was integrated into the enterprise risk management program.
Technologies: Risk, SOC Compliance, PCI Compliance, HIPAA Compliance, DevSecOps, Management Reporting, Zero Trust, Cloud Architecture, Tech Sales, Security, PCI DSS, HITRUST Certification, Amazon Web Services (AWS), IT Security, Security Architecture, Risk Management, Risk Assessment, Vulnerability Assessment, Software Architecture, Threat Modeling, GAP Analysis, Solution Architecture, CISO, Python, SOC 2, ISO 27002, NIST, Security Audits, GRC, Web Security, Computer Security, Security Management, Cybersecurity, ISO 27001

Vice President of Cybersecurity West Coast

2018 - 2019
Tech Mahindra
  • Established a cybersecurity product line for Tech Mahindra in Silicon Valley.
  • Developed training programs and scripts for sales teams to sell cybersecurity products.
  • Established or enhanced information security programs in some of the world's largest and most interesting healthcare, manufacturing, financial, and high-tech companies.
  • Worked with startups to empower their vision of the next generation of cybersecurity tools and integrate them into the Tech Mahindra managed security service platform.
Technologies: Tech Sales, Security, PCI DSS, HITRUST Certification, IT Security, Security Architecture, Risk Management, Risk Assessment, Vulnerability Assessment, Threat Modeling, Solution Architecture, SOC 2, ISO 27002, NIST, Single Sign-on (SSO), GRC, Web Security, Computer Security, Security Management, Cybersecurity, ISO 27001

SOC 2 Type II Audits

I took organizations through different audits, such as SOC 2 Type II, HIPAA, PCI DSS, ISO, FISMA, and NIST, educating their multi-disciplinary departments on their roles and setting up the management review process. I was engaged with the internal and external auditors, preparing teams to be audited, and generally ensured a positive outcome for the organization as they went through their audit program.

Establish Aggregation Network for U.C. Berkeley

I planned an aggregation network for U.C. Berkeley for a better understanding and processing of outgoing student communications to limit student-initiated hacking attempts. Used Gigamon equipment to map to existing U.C. Berkeley infrastructure.

University of the Pacific

I reviewed firewall configurations for conformity with NIST CSF and added RADIUS or other AAA authentication. I verified that lawful intercept standards were met, built out a maintenance plan, ensured a proper risk assessment was performed, and prepared the IT department for a NIST/ISO audit.
1987 - 1989

Associate Degree in Computer Science

San Jose City College - San Jose, CA, USA

1982 - 1985

Coursework Toward Bachelor's Degree in Biology

San Jose State University - San Jose, CA, USA

AUGUST 2010 - DECEMBER 2024

Certified in Risk and Information Systems Control (CRISC)

ISACA

MARCH 2008 - DECEMBER 2024

Certified Information Security Manager (CISM)

ISACA

OCTOBER 2002 - DECEMBER 2024

Certified Information Systems Security Professional (CISSP)

(ISC)2

JUNE 1988 - JUNE 2024

Certified Network Engineer (CNE) | Continuing Education Units (over 120)

Novell

Paradigms

HIPAA Compliance, Security Software Development, DevSecOps

Industry Expertise

Cybersecurity, Network Security

Platforms

Amazon Web Services (AWS)

Languages

Python

Other

Networking, Risk, SOC Compliance, PCI Compliance, Management Reporting, Boards, Business Continuity & Disaster Recovery (BCDR), Audits, Security Management, Security Engineering, Network Operation Centers (NOC), Risk Management, Risk Reporting, Risk Management Framework (RMF), Information Security, Compliance, Governance, Direction, Monitoring, Evaluation, ISO 27001, GDPR, HITRUST Common Security Framework (CSF), Network Architecture, Security, PCI DSS, HITRUST Certification, IT Security, Security Architecture, Risk Assessment, Vulnerability Assessment, Threat Modeling, GAP Analysis, Solution Architecture, Communication, Executive Reporting, Architecture, NIST, Firewalls, Security Assessment, Reporting, CISO, SOC 2, ISO 27002, Security Audits, GRC, Web Security, Computer Security, Tech Sales, Identity & Access Management (IAM), System-on-a-Chip (SoC), SOX, Risk Response, FedRAMP, Software Architecture, Security Testing, Assets, Operations, Programming, Computer Architecture, Zero Trust, Cloud Architecture, IT Management, PCI, Leadership, Network Engineering, Single Sign-on (SSO)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring