Dave Richkun
Details
Computer Systems Analysis/Programming
Red River College
1993 : 1995
Information Technology
Information Systems
Red River College Polytechnic
1990 : 1993
2021 : Present
EY
Manager OT Cybersecurity
Responsible for development and oversight of enterprise-wide ICS Cyber Security Program overseeing several dozen geographically distributed Supervisory Control and Data Acquisition (SCADA), localized Distributed Control Systems (DCS), Physical Access Control Systems (PACS), Energy Management Systems (EMS), and Building Management Systems (BMS).
Develop, implement, and administer security policies, technical procedures, and technical guidelines pertinent to a diverse collection of ICS environments
Develop and maintain test environments for evaluating operating system upgrades, software patches, utilities, and custom scripts, assessing their impact prior to release to production environments
Develop customized tools for obtaining detailed system baseline information and system monitoring capabilities for deployment in the field; tools significantly reduces man-hours of field personnel responsible for collecting system baseline data; use results of data collected to identify and remediate anomalies, and implement improvements of ICS security posture to hosts, network devices, and controllers
Conduct internal security assessments against ICS and apply risk-based analysis for remediating identified vulnerabilities
Continual consultation with field security personnel, engineers, and field technicians often serving as liaison between Information Technology (IT) and Operational Technology (OT)
2016 : 2021
U.S. Department of the Interior
ICS Cyber Security Technical Lead
An executive leader within a technical consulting organization providing professional services in cyber security, information assurance, project management, infrastructure, and engineering services.
- Accountable for timely, profitable delivery of superlative IT security services, including remediation of identified security deficiencies, and implementing creative, low-cost solutions that improve organization's security posture.
- With management peers, cultivate business development and growth, co-leading the expansion of regional Colorado office.
- Deliver professional security assessment and security consulting services corresponding to IT governance and regulatory standards including PCI DSS, HIPAA HITRUST, ISO 27001, ITIL, and FISMA/NIST.
- Implement proven project management practices with creative, cost effective technical solutions that satisfy customer requirements and adhere to scheduling and budget conditions.
- Develop winning technical business proposals that expand IT security service offerings
- Grow and lead a professional security team.
- Provide leadership, guidance, and support to technical team members, and provide challenging opportunities for skill enhancement and career development.
2015 : 2016
Link Technologies
Executive Director of Security Services
Provide professional cyber security and information technology services to clients, and via partnerships, professionally represent a wide array of organizations, ranging from Fortune 500 companies to small businesses.
Develop and deliver value-add solutions, and serve as a trusted resource dedicated to helping organizations efficiently, effectively and continuously operate, manage, and improve their information security programs and cyber security programs.
Identify gaps in IT security and IT governance programs and deliver solutions to improve an organization's security posture and meet applicable industry regulatory requirements. Perform in depth vulnerability assessments and penetration tests as well as operational and procedural reviews.
- From ground up, planned, implemented, managed, and continually improved cyber security and information technology programs for mission critical networks, applications, and ICS distributed throughout western United States responsible for protecting facilities that produce revenue in excess of $1B annually within the Energy sector
- Successfully developed and deployed consistent, enterprise-wide solutions and tools that measurably improved security posture, administrative operations, and saved 800+ man-hours per month
- Developed and implemented automated solutions that enabled immediate generation and comparison of security baseline metrics needed to satisfy the organization’s Continuous Diagnostics and Mitigation (CDM) requirements and NERC-CIP evidence requirements
- Selected, trained and mentored technical personnel
- Led security teams accountable for conducting technical vulnerability assessments and security evaluations on major information systems.
- Assessed security implementation and operational procedures for significant number of data centers and cloud providers located across US
2003 : 2015
RCI Technology
Principal, Owner
An executive leader in an organization specifically supporting the behavioral health industry and a front-runner in delivery of internet accessible electronic patient records and internet-based medical billing systems.
- Accountable for overall design, development, architecture, scalability, security, and performance of mission critical, enterprise, web-based and back office applications.
- Managed, supported, and mentored team of application programmers and information system professionals.
- Implemented and monitored secure application authentication, encryption and data access methods. - Implemented consistent secure coding standards, source code management practices, and code review practices
- Ensured that information technology systems conformed to government legislated security and patient protection laws (HIPAA), including operational procedures, application and data security, and secure data transportation
- Generated business analytics and statistics on web application usage, customer growth, revenue, and other business metrics.
- Negotiated very favorable external hosting and service agreement with co-location provider and managed systems at co-location facility.
- Supported, trained, and provided knowledge-base content for frequently asked questions requested from Service Desk team.
- Delivered performance metrics and performed presentations to Board of Directors and investors.
1999 : 2003
Psyquel, Inc.
Director of Research and Development
Skills
Application Security, C&A, CISA, CISM, CISSP, Computer Forensics, Computer Security, DIACAP, Disaster Recovery, Enterprise Architecture, FISMA, GCIH, GLBA, GPEN, IDS, Information Assurance, Information Security, Information Security Management, Information Technology, Intrusion Detection, IT Security Assessments, Management Consulting, Networking, Network Security, NIST, PCI DSS, Penetration Testing, Security, Security Architecture Design, Security Audits, Security Awareness, Security Policy, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning
About
An ambitious, adaptable and experienced cyber security and information security professional with accomplished technical, managerial and business skills. A proven problem solver with a demonstrated history of high-profile achievements.
A demonstrated leader with 20+ years of experience in the IT industry and 15+ years planning, building, implementing, managing, testing, and improving information security and information technology programs. Proven success in leading technical and management teams. Committed to delivering superior customer service and satisfaction.
Skilled and professionally trained in both offensive (penetration testing, vulnerability assessments) and defensive (vulnerability and risk management, system hardening, incident detection and response, threat intelligence analysis, network and system monitoring) cyber security techniques and practices. Certifications and training include: GICSP, GCIH, GPEN, GWAPT, GCFA, CISSP, PCI QSA, DRI BCP, LPI, MCSD, MCDBA. Proficient in significant number of open source and commercial security tools designed for penetration testing, vulnerability scanning, log management/SIEM, intrusion detection/prevention, network traffic monitoring and wireless device management and detection
Extensive experience in risk management based on 12+ years of combined experience in implementing solutions for, and assessing systems against industry standards including FISMA/NIST, NERC-CIP, PCI, HIPAA, ISO, and SOX.
A daily reader of industry publications, online articles informed of emerging threats and trends, attack techniques, evolutions in technology, and expectations and wants of business leaders. An experienced deliverer of visual presentations to senior executives, directors, and program leaders, communicating risk and business impact, recommending solutions, and illustrating industry trends.
Profile Photo
