Martin Redmond
Verified Expert in Engineering
Executive Management Developer
Martin is a cross-functional executive with expertise in risk management and process improvement, data privacy laws, cyber security products, security program leadership, IT Ops, cloud computing and migration, digital transformation, product, service, innovation management, mobility, big data analytics, DevSecOps, ITILv4, SOC, fraud, APT, forensic, malware, IIoT, CoT and contract and vendor negotiations. Martin has also experience in achieving compliance with multiple risk management frameworks.
Portfolio
Experience
Availability
Preferred Environment
Financial Services, DevSecOps, Artificial Intelligence (AI), Business Process Automation, Digital Innovation, Risk Management, Strategic Initiatives, IT Operations Management (ITOM), Executive Support, IT Product Management
The most amazing...
...experiences I've held comprise 20+ years of experience building and managing enterprise security risk management across the board rooms of multiple businesses.
Work Experience
Deputy CISO | Senior GRC Director
Hearst - Information Security Office
- Supported the CISO at a multi-national conglomerate with 368 companies in eight global industries: entertainment and media, financial rating, transportation, health care, software and product development, real estate, magazines, and newspapers.
- Established a governance, risk, and compliance (GRC) program, which included onboarding a GRC senior director and senior manager for each area (i.e., governance, risk, and compliance).
- Led my team in establishing and implementing collaboration across the 368 businesses. The team established a uniform adherence to the information security governance framework and established policies and procedures.
- Implemented new information security policies and procedures that mandated adherence to corporate security policies. These new policies significantly strengthened the organization and affected all 368 business units supporting the CISO.
- Established the IT enterprise risk management process, which included onboarding a risk management service provider and using risk management tools.
- Transformed the third-party risk management process by implementing CyberGRX. The use of the exchange reduced compliance report costs for all 386 businesses by 90% based on the share compliance model of the exchange.
- Identified risks in the security posture of the publicly facing websites and led the transformation of the DevOps process into a DevSecOps process, which addresses security controls as part of the application lifecycle process.
- Facilitated the integration and standardization of cloud-based architecture across cloud providers (AWS, Azure, Google).
CEO | CIO, CISO, CRO, CCO Consultant
Analytic Risk Intelligence Management
- Founded an IT ops, security, and risk management consulting company through which I built consulting teams for HP, GDIT, and KPMG to perform DevSecOps, audits, and risk assessments. Implemented business process automation.
- Expanded the service portfolio offering to include 25 services in global risk and compliance, information assurance, and IT operations and executed eight contract engagements through teaming agreements with KPMG, HP, IBM, and GDIT.
- Transformed John Deere's SDLC process to a Scrum-at-Scale lifecycle, reducing the release cycle from 6 months to 4 weeks. Led its international security RA process adding security standards and best practices that reduced security code faults by 76%.
- Achieved FISMA certification for GDIT-Health organization cloud deployment and HITRUST certification of WorkTerra at CareerBuilder. Awarded a $2 billion contract transforming the IT DevSecOp at Wolter Kluwer.
- Reduced $80 million in IT ERM exposure by implementing data loss protection, IdAM, IoT management, and Blockchain for supply chain management and increased risk awareness with ERM processes documenting $50 million in risk at Smithfield Foods.
- Produced RA reports that identified $100 million in privacy and data exposure risk for funding justification for the California Department of Technology (CDT).
- Reduced the 3rd-party risk management process cost by $1 million and operational risk of $20 million for non-compliance to PCI-DSS at the Navy Federal Credit Union.
- Implemented risk scoring and reporting capability to reduce $20 million in operational risk and improve response time by 60% at Verisk Analytics and DLP tools at Alison Transmission, which also completed SOC-2 certification.
- Owned customer voice in deploying managed security services offerings at GDIT and HP. At HHS, I reduced risk by $20 million and IT operational costs by $10 million by implementing SaaS GRC integration.
- Rolled out VISA's big data platform reducing fraud detection time by 300%, and Capital One's big data analytic platform, improving the operational efficiency of creditworthiness by 400%.
CISO
Infinera
- Established an enterprise security risk management program within one year across the global multi-national technology and manufacturing organization.
- Rolled out ISO 27001 and ISO 27701 certifications for R&D and manufacturing organizations within 1.5 years, 5 years ahead of schedule.
- Launched a 3rd-party risk management program as part of the product procurement and vendor management program.
CISO | CRO | Senior Cyber-intel Managing Director
BAE Systems
- Spearheaded 120 people and four programs at the Department of Defense (DoD), Intelligence Community, Department of Homeland Security, and Security and Exchange Commission.
- Grew BAE Systems' cyber operations business to a $300 million business with 40 contracts.
- Built partnerships with vendors and the supply chain for a unified partnering ecosystem that provided the best value proposition for commercial and government contract awards.
- Took responsibility for building and running security programs for five agencies.
- Owned the voice of the customer for cyber reveal and net reveal development.
- Took accountability for the voice of the customer for ESRI flight planning and mapping for the intelligence drone program.
- Transformed security operations center (SOC) processes by integrating threat intelligence from Information Sharing and Analysis Centers (ISAC) into the incident response processes.
- Developed and implemented programs for information warfare, computer network defense, computer network exfiltration, and computer network attacks.
CIO | CISO | Program Managing Director
Raytheon
- Managed 65 people and reported directly to the CIO at the DoD.
- Developed and implemented a security strategy for the GiG bandwidth to the Edge (BE) program for the warfighter.
- Reduced the Defense Information Systems Agency (DISA) GiG-BE program operating costs by 6% by implementing stronger encryption and more efficient hardware.
CIO | CISO | Program Engineering Director
Lockheed Martin
- Led 40 people and reported directly to the CIO of the FAA.
- Developed and implemented a security strategy for securing weather radars and navigation beacons across the US.
- Provided presentation style, hands-on technical training, and knowledge transfer for enterprise security offerings.
Experience
S&P Global
I reviewed the identity access management products and facilitated a team consensus. We selected SailPoint's cloud-based identity-as-a-service (IDaaS) as their service can scale to meet the company's one million international users. It also provided identity governance to meet international compliance requirements and reduced pricing by recapturing the investment in on-premise SailPoint servers. Additionally, SailPoint-as-a-service integrates with the current privilege access management system (CyberArk).
Further, I reviewed the IT investment in data loss protection (DLP) and cloud access security broker (CASB) technology. I also built data loss protection use-case and business requirements that required forwarding proxy, reverse proxy, and API proxy capabilities.
Smithfield Foods
The second key gap was the lack of an information security architecture and the use of standards in the service design phase of the service delivery lifecycle (SDLC). To help mature the SDLC, I facilitated the introduction of DevSecOps tools as outlined in the Verisk Analytics tools stack. Jira was implemented along with a formal requirement tracking module from Deviniti.
As an implementation example, I introduce the mobile device security reference architecture, additionally with BYOD and IoT functional architecture review and mapping to compliance standards.
Verisk Analytics
The governance allows deployment if the risk score is below an agreed-upon level. The risk score is calculated from input from multiple sources, such as DevSecOps tools, requirements, system architecture, development team skill level, and more.
VISA Card Processing
General Dynamic Health Solutions
Hewlett Packard
• Asset management: ServiceNow, BMC, ManageEngine, MMSoft, Opsgenie, Asset Panda, SysAid
• Vulnerability management: Rapid7, Qualys, Beyond Trust, Tenable, Symantec, Tripwire, Retina
• Endpoint Protection: Symantec, CrowdStride, Sophos, Trend Micro, Carbon Black, Trend Micro
• Patch management – SCCM, Intune, BigFix, Ivanti, SysAid, ITarian, Cld Mgn St, MngEgn, SolarWinds
• Risk management – MetricStream, RSA, IBM, ServiceNow, LogicManager, RiskConnect, RSAM
HP's Hadoop, Anatomy, Vertica, Enterprise ArcSight, and N-applications platform (HAVeN) was deployed for complex strategic big data applications. The reference architectures below were used for HP's anti-money laundering (AML), SOC, and insider threat detection products which were applications built to run on the HAVeN platform.
Deputy CISO - Executive Management Consultant
I was first tasked with establishing a governance, risk, and compliance (GRC) program, which included onboarding a GRC senior director and senior manager for each area (i.e., governance, risk, and compliance). Collaborating across the 368 businesses, My team and I established a uniform that adheres to the information security governance framework and established policies and procedures. Next, we developed and implemented shared information security services (SaaS security) that address security control for all 368 business units, which included NIST, ISO28001, HiTrust, PCI, and SOX. The CLO, GC, COO, CIO, and CISO were crucial stakeholders. The SaaS security services included threat intel and incident management, risk management, vulnerability and patch management, 3rd-party risk and contract management, external posture assessment, compliance automation, continuous posture assessment, and AI automation.
The outcome was a CMMI level 3.5 rating for all SaaS security.
Skills
Languages
C++, Java, VB.NET, VBScript, SQL, SAML, Regex, C#.NET, C#, DYNAMO, Bash, Python, Go, YAML, GraphQL
Frameworks
.NET, ASP.NET Identity, .NET Micro, Jakarta Server Pages (JSP), COBIT
Libraries/APIs
SOAP APIs, Microsoft HPC, Visual Studio SDK, Azure Blob Storage API, Azure Cognitive Services, Azure Computer Vision API, AWS Amplify, Ruby on Rails API
Tools
Cloudera, Confluence, Jira, VPN, System Center Configuration Manager (SCCM), Microsoft Intune, MS Exchange, SQL Server BI, Microsoft Transaction Server (MTS), C#.NET WinForms, Microsoft Power BI, Power BI Mobile, Microsoft AI, SAP Business One SDK, Azure MFA, Azure IoT Hub, Azure Key Vault, Azure Virtual Network Gateway, Visual Studio, Visual Studio .NET, Azure Web Application Firewall, Azure App Service, GitHub, Azure Kubernetes Service (AKS), Microsoft Power Apps, Azure IoT Suite, Microsoft Dynamics, Microsoft Dynamics CRM, Microsoft Dynamics AX, Microsoft Teams, Microsoft Copilot, McAfee, Bitbucket, McAfee Endpoint Security, OWASP Zed Attack Proxy (ZAP), AWS Cloud Development Kit (CDK), GCP Security, Terraform, OpenVPN, SailPoint, Checkmarx, Google Kubernetes Engine (GKE)
Paradigms
DevSecOps, Agile, HIPAA Compliance, Data-driven Testing, Automation, .NET Security Model, Business Intelligence (BI), Azure DevOps, Agile Project Management, Penetration Testing, DevOps
Platforms
AWS IoT, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Mobile, Keychain, SharePoint, Azure PaaS, Azure IaaS, Microsoft Power Platform, QualysGuard, Vanta, AWS Lambda, Duo, Docker, Kubernetes, Blockchain, Rapid7, Azure AI Studio
Industry Expertise
Cybersecurity, Enterprise Security, Network Security, Security Advisory, Banking & Finance, Telecommunications
Storage
Azure Cloud Services, Azure Active Directory, IIS SQL Server, SQL Server 2017, Microsoft Entra ID, Microsoft DBA, SQL Server DBA, SAS SQL, Azure SQL, Azure Cache, Amazon DynamoDB
Other
NIST, PCI DSS, SOC 2, SOX, GDPR, California Consumer Privacy Act (CCPA), Executive Management, Certified Information Systems Security Professional, Risk Models, Enterprise Risk Management (ERM), Cloud, Software Development Lifecycle (SDLC), Manufacturing, Research, Contract Negotiations, Program Management, Portfolio Management, Cross-functional Team Leadership, Procurement, Strategic Planning & Execution, Technical Program Management, Strategic Partnerships, Execution, Global Project Management, Information Security, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), Security Operations Centers (SOC), System Integration, IT Security, IT Management, Policy Development, Security Policies & Procedures, Financial Services, Fintech, Fintech Consultant, Security, Policies & Procedures Compliance, Risk Management, IT, Security Architecture, Vulnerability Assessment, Architecture, PCI, Compliance, ISO 27001, Acquisitions, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, Digital Innovation, Strategic Initiatives, IT Operations Management (ITOM), Executive Support, IT Product Management, Application Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), CI/CD Pipelines, Release Management, IT Project Management, IT Program Management, Privacy, Scrum Master, CISO, SaaS Security, Project Management, Security Audits, Risk Assessment, CyberArk, AWS Certified Solution Architect, Data Governance, Chief Security Officer (CSO), Data Risk Assessment (DRA), data-encryption methods, Internet Protocols, Cloud Security, Architecture Assessment Report, Dynamic Analysis, Data Migration, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, Azure Cloud Security, MCSE, MCSD, MCSA, LDAP, Secure Storage, Power Shell Commands, Patches & Updates, DeviceNET, IoT Security, MDM, Sentinel 2, Microsoft Defender Antivirus, XD to HTML, Remote Desktop, Remote Desktop Protocol (RDP), Identity, Federated Sign-in, SOAP, IIS 10, SAML-auth, Single Sign-on (SSO), C# Operators, Teams, MCSE | Business Intelligence, CAN Bus, Business to Business (B2B), Microsoft 365, Linux on Azure, SAP BW on HANA, Azure VDI, Azure AI Custom Vision, Azure Virtual Desktop, Azure Virtual Networks, Azure Virtual Machines, Microsoft Business Intelligence (MBI), Azure Compute Services, Microsoft Azure Cloud Server, Microsoft Dynamics 365, Microsoft Dynamics Great Plains (GP) ERP, Microsoft Dynamics 365 Customer Engagement, Windows 11, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, Cryptography, OWASP, OWASP Top 10, FedRAMP, Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Software Project Management, IT Projects, ISO Compliance, Communication, Organization, Project Management Professional (PMP), Education Technology (Edtech), Consulting, Compliance, SOC 2, IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), Managed Services, Infrastructure, Advisory, Artificial Intelligence (AI), Neural Networks, Deep Neural Networks, Transactions, Analytics, Big Data, Business Services, Endpoint Detection and Response (EDR), IDS/IPS, SIEM, Vulnerability Management, Infrastructure as Code (IaC), Data Privacy, Legal Technology (Legaltech), Data Product Management, Threat Modeling, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Code Review, Bitdefender, Cloudflare, AWS Cloud Security, Okta, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, BlackLine, Technical Writing, IT Systems Architecture, Business Process Automation, Business Process Modeling, GRC, Optical Networks, IPsec, Signal Encryption, Operational Data Store (ODS), Global Risk, Fraud Prevention, ISO 31000, Control4
Education
Master's Degree in Electrical Engineering
University of Virginia - Charlottesville, VA, USA
Bachelor's Degree in Electrical Engineering
North Carolina State University - Raleigh, NC, USA
Bachelor's Degree in Computer Engineering
North Carolina State University - Raleigh, NC, USA
Certifications
AWS Solutions Architect Associate
AWS
AWS Certified Security Specialist
AWS
Microsoft Certified Solutions Developer
Microsoft
Cloudera Certified Hadoop Developer (CCHD)
Cloudera
Certified Chief Information Security Officer (CISO)
EC-Council
Certified in Risk and Information Systems Control (CRISC)
ISACA
Certified Information Systems Auditor (CISA)
ISACA
Program Management Professional (PgMP)
Project Management Institute (PMI)
Project Management Professional (PMP)
Project Management Institute (PMI)
Certified Information Security Manager (CISM)
(ISC)²
Certified Information Systems Security Professional (CISSP)
(ISC)²
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring