Martin Redmond, Executive Management Developer in Atlanta, United States
Martin Redmond

Executive Management Developer in Atlanta, United States

Member since January 16, 2023
Martin is a cross-functional executive with expertise in risk management and process improvement, data privacy laws, cyber security products, security program leadership, IT Ops, cloud computing and migration, digital transformation, product, service, innovation management, mobility, big data analytics, DevSecOps, ITILv4, SOC, fraud, APT, forensic, malware, IIoT, CoT and contract and vendor negotiations. Martin has also experience in achieving compliance with multiple risk management frameworks.
Martin is now available for hire

Portfolio

Experience

  • Executive Management 20 years
  • Technical Program Management 15 years
  • Enterprise Risk Management (ERM) 15 years
  • NIST 10 years
  • Strategic Planning & Execution 10 years
  • SOC 2 10 years

Location

Atlanta, United States

Availability

Part-time

Preferred Environment

NIST, FFIEC, PCI DSS, SOC 2, SOX, GDPR, California Consumer Privacy Act (CCPA), Financial Services, DevSecOps

The most amazing...

...experiences I've held comprise 20+ years of experience building and managing enterprise security risk management across the board rooms of multiple businesses.

Employment

  • CISO

    2021 - PRESENT
    Infinera
    • Established an enterprise security risk management program within one year across the global multi-national technology and manufacturing organization.
    • Rolled out ISO 27001 and ISO 27701 certifications for R&D and Manufacturing organizations within 1.5 years, five years ahead of schedule.
    • Launched a third-party risk management program as part of the product procurement and vendor management program.
    Technologies: IT Security, IT Management, Policy Development, Security Policies & Procedures, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI
  • CEO | CIO, CISO, CRO, CCO Consultant

    2013 - PRESENT
    Analytic Risk Intelligence Management
    • Founded an IT ops, security, and risk management consulting company through which I built consulting teams for HP, GDIT, and KPMG to perform DevSecOps, audits, and risk assessments.
    • Expanded the service portfolio offering to include 25 services in global risk and compliance, information assurance, and IT operations and executed eight contract engagements through teaming agreements with KPMG, HP, IBM, and GDIT.
    • Transformed John Deere's SDLC process to a Scrum-at-Scale lifecycle, reducing the release cycle from 6 months to 4 weeks. Led its international security RA process adding security standards and best practices that reduced security code faults by 76%.
    • Achieved FISMA certification for GDIT-Health organization cloud deployment and HITRUST certification of WorkTerra at CareerBuilder. Awarded a $2 billion contract transforming the IT DevSecOp at Wolter Kluwer.
    • Reduced $80 million in IT ERM exposure by implementing data loss protection, IdAM, IoT management, and Blockchain for supply chain management and increased risk awareness with ERM processes documenting $50 million in risk at Smithfield Foods.
    • Produced RA reports that identified $100 million in privacy and data exposure risk for funding justification for the California Department of Technology (CDT).
    • Reduced the third-party risk management process cost by $1 million and operational risk of $20 million for non-compliance to PCI-DSS at the Navy Federal Credit Union.
    • Implemented risk scoring and reporting capability to reduce $20 million in operational risk and improve response time by 60% at Verisk Analytics and DLP tools at Alison Transmission, which also completed SOC-2 certification.
    • Owned customer voice in deploying managed security services offerings at GDIT and HP. At HHS, I reduced risk by $20 million and IT operational costs by $10 million by implementing SaaS GRC integration.
    • Rolled out VISA's big data platform reducing fraud detection time by 300%, and Capital One's big data analytic platform, improving the operational efficiency of creditworthiness by 400%.
    Technologies: Risk Models, Enterprise Risk Management (ERM), DevSecOps, Cloud, Agile, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Executive Management, IT Security, IT Management, Policy Development, Security Policies & Procedures, Financial Services, Fintech, Fintech Consultant, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Banking & Finance, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI
  • CISO | CRO | Senior Cyber-intel Managing Director

    2005 - 2013
    BAE Systems
    • Spearheaded 120 people and four programs at the Department of Defense (DoD), Intelligence Community, Department of Homeland Security, and Security and Exchange Commission.
    • Grew BAE Systems' cyber operations business to a $300 million business with 40 contracts.
    • Built partnerships with vendors and the supply chain for a unified partnering ecosystem that provided the best value proposition for commercial and government contract awards.
    • Took responsibility for building and running security programs for five agencies.
    • Owned the voice of the customer for cyber reveal and net reveal development.
    • Took accountability for the voice of the customer for ESRI flight planning and mapping for the intelligence drone program.
    • Transformed Security Operations Center (SOC) processes by integrating threat intelligence from Information Sharing and Analysis Centers (ISAC) into the incident response processes.
    • Developed and implemented programs for information warfare, computer network defense, computer network exfiltration, and computer network attacks.
    Technologies: Executive Management, Contract Negotiations, Program Management, Portfolio Management, Cross-functional Team Leadership, Acquisitions, Procurement, Strategic Planning & Execution, Technical Program Management, IT Security, IT Management, Policy Development, Security Policies & Procedures, Financial Services, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI
  • CIO | CISO | Program Managing Director

    2003 - 2005
    Raytheon
    • Managed 65 people and reported directly to the CIO at the DoD.
    • Developed and implemented a security strategy for the GiG bandwidth to the Edge (BE) program for the warfighter.
    • Reduced the Defense Information Systems Agency (DISA) GiG-BE program operating costs by 6% by implementing stronger encryption and more efficient hardware.
    Technologies: Strategic Planning & Execution, Strategic Partnerships, Portfolio Management, Execution, Technical Program Management, IT Security, IT Management, Policy Development, Security Policies & Procedures, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI
  • CIO | CISO | Program Engineering Director

    2001 - 2003
    Lockheed Martin
    • Led 40 people and reported directly to the CIO of the FAA.
    • Developed and implemented a security strategy for securing weather radars and navigation beacons across the US.
    • Provided presentation style, hands-on technical training, and knowledge transfer for enterprise security offerings.
    Technologies: Program Management, Technical Program Management, Strategic Planning & Execution, Strategic Partnerships, IT Security, IT Management, Policy Development, Security Policies & Procedures, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, PCI

Experience

  • S&P Global

    S&P Global provides a subscription service that offers financial and industry data, research, news, and analytics to investment professionals, government agencies, corporations, and universities worldwide to an estimated one million subscriptions. I consulted with S&P Global to help with software-as-a-service source selection and identity access management (IdAM), data loss protection (DLP), and cloud access security broker (CASB) technology.

    I reviewed the identity access management products and facilitated a team consensus. We selected SailPoint's cloud-based identity-as-a-service (IDaaS) as their service can scale to meet the company's one million international users. It also provided identity governance to meet international compliance requirements and reduced pricing by recapturing the investment in on-premise SailPoint servers. Additionally, SailPoint-as-a-service integrates with the current privilege access management system (CyberArk).

    Further, I reviewed the IT investment in data loss protection (DLP) and cloud access security broker (CASB) technology. I also built data loss protection use-case and business requirements that required forwarding proxy, reverse proxy, and API proxy capabilities.

  • Smithfield Foods

    A key step in building a repeatable risk management process is to leverage a GRC tool. Limited CapEx funding and IT staff to support the implementation of new tools mandated the selection of an eGRC software-as-a-service tool that could be funded as part of an OpEx budget. We selected the ProcessGene SaaS solution because the software provided GRC processes for risk management, compliance, IT governance, and audit. Besides, it offered a business process modeling capability to document and capture the Smithfield missing business processes needed for the enterprise architecture, change management, process improvement, ERP rollout, mergers, and acquisitions.

    The second key gap was the lack of an information security architecture and the use of standards in the service design phase of the service delivery lifecycle (SDLC). To help mature the SDLC, I facilitated the introduction of DevSecOps tools as outlined in the Verisk Analytics tools stack. Jira was implemented along with a formal requirement tracking module from Deviniti.

    As an implementation example, I introduce the mobile device security reference architecture, additionally with BYOD and IoT functional architecture review and mapping to compliance standards.

  • Verisk Analytics

    The following is the developed DevSecOps tool framework in which risk scoring is used to provide governance of the continuous integration/continuous development (CI/CD) environment. The risk scoring and policy governance will allow CI/CD to deploy without needing configuration control board approval.

    The governance allows deployment if the risk score is below an agreed-upon level. The risk score is calculated from input from multiple sources, such as DevSecOps tools, requirements, system architecture, development team skill level, and more.

  • VISA Card Processing

    Because of the NDA with VISA, I cannot disclose the components of their back-end processing systems. It was implemented on a big data analytics platform which acted as a highly transactional, operational data store. One of the use cases implemented was Visa's mobile location confirmation and Finsphere, which works through mobile banking apps offered by participating financial institutions and focuses solely on international transactions. Once a cardholder opts in, their location can be determined using their mobile phone network, Wi-Fi, or GPS. Those options are especially important for international travelers who prefer Wi-Fi over GPS, which relies on expensive data roaming services. I was responsible for implementing security controls, such as privacy, identity, authorization, encryption, data isolation, and more.

  • General Dynamic Health Solutions

    The Security Operations Center (SOC) for General Dynamics Health System was based on a cloud-distributed clustered deployment of SPLUNK, with forwarders placed at multi-customer sites. I helped achieve SOC-2 services certification.

  • Hewlett Packard

    “Best value” security architecture for each customer engagement where implemented using the customer's IT investment in software products. The challenge was making sure the various security services would work together. As a security service integrator, working with vendors and achieving product integration was imperative. The following is a list of each of the products used per service area:
    • Asset management: ServiceNow, BMC, ManageEngine, MMSoft, Opsgenie, Asset Panda, SysAid
    • Vulnerability management: Rapid7, Qualys, Beyond Trust, Tenable, Symantec, Tripwire, Retina
    • Endpoint Protection: Symantec, CrowdStride, Sophos, Trend Micro, Carbon Black, Trend Micro
    • Patch management – SCCM, Intune, BigFix, Ivanti, SysAid, ITarian, Cld Mgn St, MngEgn, SolarWinds
    • Risk management – MetricStream, RSA, IBM, ServiceNow, LogicManager, RiskConnect, RSAM

    HP's Hadoop, Anatomy, Vertica, Enterprise ArcSight, and N-applications platform (HAVeN) was deployed for complex strategic big data applications. The reference architectures below were used for HP's anti-money laundering (AML), SOC, and insider threat detection products which were applications built to run on the HAVeN platform.

Skills

  • Languages

    C++, Java
  • Tools

    Cloudera
  • Paradigms

    DevSecOps, Agile, HIPAA Compliance
  • Platforms

    AWS IoT, Blockchain
  • Industry Expertise

    IT Security, Security, Cybersecurity, Banking & Finance, Telecommunications
  • Other

    NIST, FFIEC, PCI DSS, SOC 2, SOX, GDPR, California Consumer Privacy Act (CCPA), Executive Management, Certified Information Systems Security Professional, Risk Models, Enterprise Risk Management (ERM), Cloud, Software Development Lifecycle (SDLC), Manufacturing, Research, Contract Negotiations, Program Management, Portfolio Management, Cross-functional Team Leadership, Procurement, Strategic Planning & Execution, Technical Program Management, Strategic Partnerships, Execution, Global Project Management, Information Security, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privilege Access Management system(PAM), IT Management, Policy Development, Security Policies & Procedures, Financial Services, Fintech, Fintech Consultant, Policies & Procedures Compliance, Risk Management, IT, Security Architecture, Vulnerability Assessment, Architecture, PCI, Acquisitions, Business Services, IT Systems Architecture, Business Process Automation, Business Process Modeling, GRC, Artificial Intelligence (AI), Neural Networks, Deep Neural Networks, Optical Networks, IPsec, Signal Encryption, Operational Data Stores, High Speed transaction Processing, Analytics, Big Data, Security Operations Centers (SOC), System Integration, Global Risk, Compliance, Fraud Prevention, ISO 27001, ISO 31000
  • Libraries/APIs

    Ruby on Rails API
  • Frameworks

    COBIT

Education

  • Master's Degree in Electrical Engineering
    1998 - 1999
    University of Virginia - Charlottesville, VA, USA
  • Bachelor's Degree in Electrical Engineering
    1994 - 1998
    North Carolina State University - Raleigh, NC, USA
  • Bachelor's Degree in Computer Engineering
    1994 - 1998
    North Carolina State University - Raleigh, NC, USA

Certifications

  • Cloudera Certified Hadoop Developer (CCHD)
    SEPTEMBER 2012 - PRESENT
    Cloudera
  • Certified Chief Information Security Officer (CISO)
    JUNE 2011 - PRESENT
    EC-Council
  • Certified in Risk and Information Systems Control (CRISC)
    OCTOBER 2010 - PRESENT
    ISACA
  • Certified Information Systems Auditor (CISA)
    MARCH 2009 - PRESENT
    ISACA
  • Program Management Professional (PgMP)
    MAY 2008 - PRESENT
    Project Management Institute (PMI)
  • Project Management Professional (PMP)
    OCTOBER 2007 - PRESENT
    Project Management Institute (PMI)
  • Certified Information Security Manager (CISM)
    MARCH 2006 - PRESENT
    (ISC)²
  • Certified Information Systems Security Professional (CISSP)
    APRIL 2005 - PRESENT
    (ISC)²

To view more profiles

Join Toptal
Share it with others