Ace Swerling
Details
NeoSystems LLC
Senior Principal Consultant - Cybersecurity
• Developed a model to track business value, risk, cost, and capability related to security. This grounds the IT security activity in reality and facilitates communication between business leaders and the security team.
• Acting CISO for a power coop in Southwest Colorado.
• Assisting DoD contractors and Critical Infrastructure organizations achieve and maintain CMMC, ITAR, DFARS, and NERC compliance so it enables their business and isn't simply a tax. We're making IT security easier by taking on up to 87% of organizations' burden. We're doing the hard work of vetting solution options so our clients can select from a simple menu of options and we'll guide them to implementation. It's the short path to compliance and helps protect business along the way.
• Defining packaged offerings balancing business capability, security, regulatory compliance, and cost to adopt NIST 800-171 and CMMC controls in a sustainable way. Working closely with MSPs, MSSPs, and other providers to provide a complete solution.
• Assisting organizations to secure their business by protecting computing environments by balancing organizational goals, available funding, risk tolerance, threat, regulatory/legal obligations, workstyle, and ability to execute.
• Built an operational security framework as a backbone to encompass all security/compliance/protection requirements. This represents a superset of items represented in frameworks like NIST 800-171, PCI, HIPAA, SoX, C2M2, and CIS. The framework describes security in business terms and facilitates oversight by executive leadership.
2020 : 2022
CORTAC Group
Director of Security Solutions
• Led transition from a protection-based security posture to a business-enablement-based posture.
• Defined the security architecture and controls for a green-field AWS environment supporting a customer portal.
• Defined an identity and access management architecture to integrate security across a hybrid cloud environment, including aspects of identity, authentication, and authorization at network, infrastructure, application, and device levels.
• Defined a customer privacy architecture to protect sensitive data and enable the right to be forgotten.
• Applied security frameworks and regulatory requirements : CIS, CSA, and HIPAA to ensure compliance with best practice.
• Ensured consistent application of security controls, especially to close coverage gaps.
• Evaluated risk and modeled threats to prioritize action. Facilitated security-related conversations across the organization to align priorities.
• Defined SecOps requirements, selected MSSP vendor, and facilitated implementation to ensure consistent monitoring of and response to security events.
• Defined security event response process.
2018 : 2019
Delta Dental of Washington
Security Architect
• Delivered $1M in revenue in first two months on the job.
• Led six-person cybersecurity team focused on IT security strategy, hybrid cloud, identity & access management, and regulatory compliance & security frameworks.
2018 : 2018
Unify Consulting
Security Capability Lead
• Solution Architect for a multi-year Agile-based Identity and Access Management program at a large non-profit organization. Developed “right data at the right time” concept to drive identity-based collaboration. Project included educating the customer on IAM concepts and processes, evaluating and prioritizing business need, calculating business benefit, coordinating effort across the organization, marketing internally, improving process, defining requirements, selecting product, and overseeing the technical implementation.
• Architect and program manager for Office 365 and Windows rollouts at finance and higher education clients. Included user story collection, requirements prioritization, sequencing, scheduling, communications, and implementation.
• Led business value assessments enabling businesses via collaboration and security. Used sound Agile project management techniques. These Agile-based projects entailed interviewing stakeholders to understand use cases, which were then prioritized and sequenced based on business value and risk. Deliverables included process documentation, cost estimation, product selection, and implementation planning.
• Led programs at two clients to evaluate, select, and implement Identity as a Service for an Azure-based customer portals. Included implementing Okta for federated authentication and authorization with a custom user interface supporting internal and external users.
• Managed the security compliance team for a large hospital. Team responsibilities included regulatory compliance monitoring, security breach detection & forensics, risk management, and technical configuration enforcement. Worked with architecture teams on identity and access management and regulatory compliance reporting. Initiated a program to adopt a security framework to help ensure a more supportable and protected environment.
2012 : 2017
Slalom Consulting
Enterprise Security Lead
About
Check out my blog at https://imagineidentity.com/.
Specialties: Identifying, justifying, and executing on revenue opportunities by allowing different organizations to collaborate and connect; Helping organizations identify third wave application opportunities; Building large abstracted computer applications; Strong experience building large Microsoft platform architecture environments that include Windows, Exchange, Security, Identity Management, Cloud Computing. 20+ years doing Windows and Exchange projects.
I enjoy helping people take advantage of IT security to achieve business value, either as top-line revenue growth or as bottom-line productivity improvement. I believe that IT security should primarily focus on helping people work with computers as opposed to keeping them out. In this way, organizations facilitate legitimate use while preventing and detecting illegitimate use.
I have a strong conceptual understanding of business and technical issues and combine this with teaming, leadership, communication, sales, and project management experience. I also have directory services, messaging, collaboration, systems management, security, and cross-platform integration skills. I work best in roles that combine leadership, technology, business prioritization, architecture, and implementation to take advantage of this interdisciplinary approach to computing.
Profile Photo
