Stephen B Weltman, Developer in Torrance, CA, United States
Stephen is available for hire
Hire Stephen

Stephen B Weltman

Verified Expert  in Engineering

IT Security Developer

Location
Torrance, CA, United States
Toptal Member Since
January 25, 2023

Steve is a battle-tested business-focused security compliance executive, board advisor, vCISO, and ISMS implementation expert. He's led the security compliance program strategy at Imperva; he is the founder of the certification compliance center of excellence for Verizon and Yahoo Paranoids, where he led the security certification programs. He is an alum of CSA LA. Steve has over 18 years of information security, IT, and compliance program leadership and advisory in large-scale projects.

Security Policies & ProceduresSecurity ArchitectureNISTSecurityCloud SecurityCloud ArchitectureApplication SecurityMacOSJiraConfluenceCybersecuritySlackAmazon Web Services (AWS)UbuntuDevOpsInformation SecurityISO 27001

Portfolio

Aletheia Security Consulting
Information Security Management Systems (ISMS), ISO 27001...
Imperva
Information Security Management Systems (ISMS), ISO 27001, PCI DSS...
Imperva
PCI DSS, Security, Compliance, Information Security Management Systems (ISMS)...

Experience

Security Policies & Procedures - 20 yearsISO 27001 - 15 yearsSecurity Assessment - 12 yearsInformation Security Management Systems (ISMS) - 10 yearsRisk - 10 years

Availability

Full-time

Preferred Environment

Slack, Jira, Confluence, MacOS, Ubuntu, Google Workspace

The most amazing...

...project I've been involved in are self-teaching Go and Docker. I've also built a Raspberry Pi cluster to run MicroK8s.

Work Experience

Partner

2022 - PRESENT
Aletheia Security Consulting
  • Advised a large global medical device manufacturer on ISO 27001 ISMS program implementation.
  • Analyzed and modified enterprise information security policies to reflect actual security control capabilities.
  • Collaborated with international counterparts to drive a single security scope certification program to the boards of directors within the company.
Technologies: Information Security Management Systems (ISMS), ISO 27001, Security Policies & Procedures, Security Assessment, Risk Management, Change Management, Risk, IT Security, Security, Security Architecture, CISO, Cloud Security, Application Security, Cloud Architecture, DevOps, Amazon Web Services (AWS), People Management, Security Audits, Threat Modeling, NIST, Security Management, Cybersecurity

Infrastructure, Cloud, and Operations Security Compliance Program Executive

2021 - 2022
Imperva
  • Supported the parallel evolution of the strategic security vision and partially implemented cross-team robust information security practices.
  • Influenced the adoption of ownership of information security posture improvement at the executive level in several key areas that are pivotal to security framework compliance efforts.
  • Performed extensive discovery, documentation, and remediation plans for numerous significant gaps in security risk management (RM) practices, infrastructure buildout, design, and operational RM practices.
  • Provided dexterous guidance, insight, and collaboration to every project and group, performing as a stakeholder and advisor in several strategic security initiatives.
  • Remediated programmatic privileged access management, security policy creation, vulnerability program management, patch and update program management, vendor RM program design, and customer security response program management.
  • Designed and built a monthly management risk forum, delivering improved risk visibility for the top business leadership at Imperva to make data-driven, informed decisions.
  • Built a review and assignment process for an observed and documented business affecting security risks and action items identified during the prior reporting period.
Technologies: Information Security Management Systems (ISMS), ISO 27001, PCI DSS, Change Management, Enterprise Risk Management (ERM), IT Security, Security, Security Architecture, CISO, Cloud Security, Application Security, Cloud Architecture, DevOps, Amazon Web Services (AWS), People Management, Architecture, Security Audits, Threat Modeling, NIST, Security Management, Cybersecurity

Global Security Compliance Program Strategist

2021 - 2022
Imperva
  • Requested that my role be moved within the CISO team as the strategy for security compliance program improvements.
  • Created and partially executed a vision and strategy to build collaboration across technical and business pillars to remediate regulatory compliance issues.
  • Authored and internally marketed a global OKR for security controls compliance efforts and systems resilience risk remediation as a multi-year and multi-stage objectives-connected program.
  • Aligned key results in each objective with business management's stated priorities and external security framework requirements. This OKR improves system resilience, security posture, and predictability of service load.
  • Drove Imperva’s 2022 cloud WAF PCI recertification program successfully, from 50 days out to receiving a passing report on compliance (ROC) and an attestation of compliance (AOC).
Technologies: PCI DSS, Security, Compliance, Information Security Management Systems (ISMS), IT Security, Security Architecture, CISO, Cloud Security, Application Security, Cloud Architecture, DevOps, Amazon Web Services (AWS), People Management, Architecture, Security Audits, Threat Modeling, NIST, Security Management, Cybersecurity

Enterprise Security Compliance Program Director

2017 - 2021
Verizon Media
  • Built capacity, tracked metrics, and oversaw the operation of an information security risk management program for the Edgecast property of Verizon Media (formerly Yahoo's Edgecast).
  • Implemented the abovementioned program with an impact stated by management at over $50 million in annual recurring revenue. The scope included ISO 27001, PCI DSS, CSA STAR, and SOC 2 Type 2 certifications and reports.
  • Facilitated a monthly senior leadership risk review with technical and C-level business executives while delivering on strategic initiatives and implementing managerial priorities for risk management.
  • Directed teams of up to eight contractors, three employees, and several indirect reports. I consulted, oversaw, and managed the work for compliance with annual certification programs: ISO 27001, CSA STAR, PCI DSS, and SOC 2 Type 2.
  • Guided the design and implementation of a new PCI delivery region on the global Edgecast's CDN product, handling readiness exams, supporting remediation efforts, and planning and delivering a certification timeline within one year.
  • Directed and supported the legal team with the contractual review of security terms and conditions for the company's most critical customers and vendors.
  • Managed, oversaw, and attended all security audits as the business unit's security compliance management representative. I also provided the context of control operations and defended SME boundaries, as needed, to external parties.
Technologies: Information Security Management Systems (ISMS), ISO 27001, SOC 2, Star Schema, PCI DSS, Internal Audits, Auditing, Risk, Information Security, Business Continuity & Disaster Recovery (BCDR), Risk Management, IT Security, Security, Security Architecture, CISO, Cloud Security, Application Security, Cloud Architecture, DevOps, Amazon Web Services (AWS), People Management, Architecture, Security Audits, Threat Modeling, NIST, Security Management, Cybersecurity

ISMS for a Company With 5,000 Employees

This project involved acting as the vCISO for a startup and assisting its leadership in implementing an ISO 27001 security framework. It also entailed expediting the adoption of a security-first, higher maturity security compliant mindset in the company's culture.
APRIL 2014 - PRESENT

Certified Information Systems Security Professional (CISSP)

(ISC)²

Tools

Slack, Jira, Confluence

Paradigms

Change Management, DevOps

Industry Expertise

Cybersecurity

Platforms

MacOS, Ubuntu, Amazon Web Services (AWS)

Languages

Go

Other

Certified Information Systems Security Professional, Information Security Management Systems (ISMS), ISO 27001, Security Policies & Procedures, Security Assessment, Risk, PCI DSS, Star Schema, Business Continuity & Disaster Recovery (BCDR), Risk Management, IT Security, Communication, Vulnerability Remediation Tracking, Security Architecture, CISO, People Management, Security Audits, NIST, Security Management, Google Workspace, Security, Leadership, Cloud Security, Application Security, Cloud Architecture, Architecture, Threat Modeling, Compliance, Enterprise Risk Management (ERM), SOC 2, Internal Audits, Auditing, Information Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring