Profiles search

Ernie R.

CISSP l CEH l CISO Governing Board Member | Enterprise-Wide Cybersecurity Strategies l Risk Mitigation l Data Protection l Business Continuity l Vulnerability Remediation l Early Intrusion Detection

New York, NY, United States

Details

Education: Master of Science (MS)

Cybersecurity - Intelligence and Forensics

Utica College

2010 : 2012

Bachelor of Science (BS)

Cybersecurity and Information Assurance

Utica College of Syracuse University

2007 : 2010

Experience: 2022 : Present

Evanta, a Gartner Company

CISO Governing Board Member

• Lead 3-person team to manage risk by identifying vulnerabilities & establishing robust information security architecture

• Develop ongoing global Security & Compliance policies enterprise-wide to assess threats & implement enhancements

• Perform ongoing risk assessments on vendors & service providers to ensure robust cybersecurity is in place while ensuring inclusion of cybersecurity practices in Service Level Agreements

• Achieve senior management buy-in for annual cybersecurity budget

• Conduct ongoing updates to Incident Response Plan & table-top exercises

• Deliver training throughout organization to cultivate good cyber hygiene, as well an understanding of ISO 27001, GDPR, CCPA, PCI requirements

• Conduct cyber due diligence for mergers & acquisitions

• Present health of enterprise-level cybersecurity to Audit Committee

• Prepare multi-year security hardening strategy & budget to support its requirements

• Conduct cybersecurity audits & controls

• Lead investigations into security incidences & manage 3rd party assessments, pen-testing, red team engagements, tabletop exercises & remediation planning

2017 :

G-III Apparel Group

Global Head of Cybersecurity and Compliance

• Managed 2-person IT operations team responsible for network, telecommunications & enterprise technology with >$1M budgetary oversight across 2 venues

• Conducted incident prevention, detection/analysis, containment, eradication & recovery across IT systems

• Trained non-IT departments to prepare for SAQ-D PCI-DSS audits

• Conducted business impact analysis for vital functions & document recovery priorities for key processes, applications & data

• Established disaster recovery testing methodologies

• Coordinated recovery testing & business resumption procedures to ensure restoration of key IT resources within a set timeframe

• Conducted security checks required by PCI-DSS, Sarbanes-Oxley, & government regulations

• Monitored security of critical systems & adjusted highly sensitive computer security controls

• Designed wireless network with secure access points using WPA-2 encryption

2017 : 2017

Marriott International

Director Of Information Technology

• Managed day-to-day IT security operations via daily back-ups & migration following best practices for compliance & security standard protocols

• Implemented business continuity & disaster recovery technology

• Reviewed vendor contracts to ensure current certification & compliance with corporate requirements

• Prepared detailed procedures on technical processes to establish enhanced standards for assessment & monitoring of security & remediation of vulnerabilities

2001 : 2017

Starwood Hotels & Resorts Worldwide, Inc.

Manager of Information Systems

Company: Evanta, a Gartner Company

Years of Experience: 22

Spoken Language: English

Skills

Cybersecurity, Hospitality Management, Information Security, Python Enthusiast, Security

About

As a CISSP and CEH certified cybersecurity executive and a member of the New York CISO Governing Body, I establish the vision for enterprise security with a progressive roadmap to fulfil cybersecurity goals and data protection initiatives by building a robust information security architecture. This vision has resulted in the successful mitigation of risks from vulnerabilities in infrastructure, system design and applications to ensure business continuity.

I implement multiple security tools to protect assets and employ a micro-segmentation strategy that mitigates lateral attacks that include the following:

• Immediately reduced risks from compromised passwords by installing Identity Access Manager tool & mandating password customization

• Implemented enterprise data security application to comply with GDPR regulations & PCI DSS standards in coordination with legal, audit, HR & IT

• Implemented Security Incident Event Manager (SIEM) solution to centralize log collection, filter large data sets & prioritize early detection of security incidents

• Installed Active Directory auditing tool to ensure compliance with security policies as well as Privileged Access Management application to safeguard privileged domain accounts

• Reduced vulnerabilities by 95% for Marriott using MVM & EPO Rogue Reports, Security Information & SIEM, Intrusion Detection & Prevention (IDS/IPS), Data Leakage Prevention (DLP), forensics, sniffers & malware analysis tools

Forensics & Vulnerability Tools

Foremost; Cyoshash; SSdeep; Jafat LNK; lnk-parse-1.0 lslnk.pl; Autoruns; Sqliteman; Epoch Unix Time Converter; Exiftool; Forensic Toolkit-FTK; Grep; Windows File Analyzer & Registry Viewer; Kali Linux; Network Security Toolkit; FTK Imager; Data Access; Event Viewer; Web Historian; Notepad++; Helix; Steganography; Keylogger; Snort; Wireshark; LogRhythm, Varonis, Netwrix, Cisco FMC, Cisco ISE, Cisco Threat Intelligence, Cisco Email Security, AMP for Endpoints, Cisco Umbrella.