Stephen B Weltman
Verified Expert in Engineering
IT Security Developer
Steve is a battle-tested business-focused security compliance executive, board advisor, vCISO, and ISMS implementation expert. He's led the security compliance program strategy at Imperva; he is the founder of the certification compliance center of excellence for Verizon and Yahoo Paranoids, where he led the security certification programs. He is an alum of CSA LA. Steve has over 18 years of information security, IT, and compliance program leadership and advisory in large-scale projects.
Portfolio
Experience
Availability
Preferred Environment
Slack, Jira, Confluence, MacOS, Ubuntu, Google Workspace
The most amazing...
...project I've been involved in are self-teaching Go and Docker. I've also built a Raspberry Pi cluster to run MicroK8s.
Work Experience
Partner
Aletheia Security Consulting
- Advised a large global medical device manufacturer on ISO 27001 ISMS program implementation.
- Analyzed and modified enterprise information security policies to reflect actual security control capabilities.
- Collaborated with international counterparts to drive a single security scope certification program to the boards of directors within the company.
Infrastructure, Cloud, and Operations Security Compliance Program Executive
Imperva
- Supported the parallel evolution of the strategic security vision and partially implemented cross-team robust information security practices.
- Influenced the adoption of ownership of information security posture improvement at the executive level in several key areas that are pivotal to security framework compliance efforts.
- Performed extensive discovery, documentation, and remediation plans for numerous significant gaps in security risk management (RM) practices, infrastructure buildout, design, and operational RM practices.
- Provided dexterous guidance, insight, and collaboration to every project and group, performing as a stakeholder and advisor in several strategic security initiatives.
- Remediated programmatic privileged access management, security policy creation, vulnerability program management, patch and update program management, vendor RM program design, and customer security response program management.
- Designed and built a monthly management risk forum, delivering improved risk visibility for the top business leadership at Imperva to make data-driven, informed decisions.
- Built a review and assignment process for an observed and documented business affecting security risks and action items identified during the prior reporting period.
Global Security Compliance Program Strategist
Imperva
- Requested that my role be moved within the CISO team as the strategy for security compliance program improvements.
- Created and partially executed a vision and strategy to build collaboration across technical and business pillars to remediate regulatory compliance issues.
- Authored and internally marketed a global OKR for security controls compliance efforts and systems resilience risk remediation as a multi-year and multi-stage objectives-connected program.
- Aligned key results in each objective with business management's stated priorities and external security framework requirements. This OKR improves system resilience, security posture, and predictability of service load.
- Drove Imperva’s 2022 cloud WAF PCI recertification program successfully, from 50 days out to receiving a passing report on compliance (ROC) and an attestation of compliance (AOC).
Enterprise Security Compliance Program Director
Verizon Media
- Built capacity, tracked metrics, and oversaw the operation of an information security risk management program for the Edgecast property of Verizon Media (formerly Yahoo's Edgecast).
- Implemented the abovementioned program with an impact stated by management at over $50 million in annual recurring revenue. The scope included ISO 27001, PCI DSS, CSA STAR, and SOC 2 Type 2 certifications and reports.
- Facilitated a monthly senior leadership risk review with technical and C-level business executives while delivering on strategic initiatives and implementing managerial priorities for risk management.
- Directed teams of up to eight contractors, three employees, and several indirect reports. I consulted, oversaw, and managed the work for compliance with annual certification programs: ISO 27001, CSA STAR, PCI DSS, and SOC 2 Type 2.
- Guided the design and implementation of a new PCI delivery region on the global Edgecast's CDN product, handling readiness exams, supporting remediation efforts, and planning and delivering a certification timeline within one year.
- Directed and supported the legal team with the contractual review of security terms and conditions for the company's most critical customers and vendors.
- Managed, oversaw, and attended all security audits as the business unit's security compliance management representative. I also provided the context of control operations and defended SME boundaries, as needed, to external parties.
Experience
ISMS for a Company With 5,000 Employees
Certifications
Certified Information Systems Security Professional (CISSP)
(ISC)²
Skills
Tools
Slack, Jira, Confluence
Paradigms
Change Management, DevOps
Industry Expertise
Cybersecurity
Platforms
MacOS, Ubuntu, Amazon Web Services (AWS)
Languages
Go
Other
Certified Information Systems Security Professional, Information Security Management Systems (ISMS), ISO 27001, Security Policies & Procedures, Security Assessment, Risk, PCI DSS, Star Schema, Business Continuity & Disaster Recovery (BCDR), Risk Management, IT Security, Communication, Vulnerability Remediation Tracking, Security Architecture, CISO, People Management, Security Audits, NIST, Security Management, Google Workspace, Security, Leadership, Cloud Security, Application Security, Cloud Architecture, Architecture, Threat Modeling, Compliance, Enterprise Risk Management (ERM), SOC 2, Internal Audits, Auditing, Information Security
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring