Howard F.
Details
Hartford Public High School
- Developed InfoSec & Risk policy/strategy/roadmap/best practices for client risk mitigation
- Architected global WAF, PCI consolidation, web/mobile apps, eCommerce sites, APIs for SaaS emphasizing security, privacy, SEO
- Managed SIEM/investigated incidents to identify breach/hacker/attack vector; augmented detection capabilities
- Integrated/deployed commercial & open source tools via coding/API to achieve InfoSec goals
Tasks
- Performed InfoSec & Cloud Architecture, Audit, PCI/Risk Assessment, SOC, BIA, BCP, DRP,Breach Investigation,Threat Modeling & Intel,Vulnerability Remediation,Penetration Testing/Ethical Hacking,Server Hardening to mitigate breaches,DDoS/bot attacks,email/content SPAM
- Architected cloud migration (AWS, Azure),SaaS,IaaS,PaaS (Boomi,MuleSoft), SSO/MFA/AzureAD/SAML
- Advised on GDPR,HIPAA,ISO,PCI,Privacy Shield,SOX
- Created scripts (Bash,PHP,Python) to leverage threat intel & protect client systems from attack/breach
- Tech : AI,Workday,D365,Collibra,KnowBe4,Rapid7,Qualys,NetWatcher,McAfee ePO,MS Threat Model Tool,RingCentral,QRadar,Linux,Apache,MySQL,Drupal,WordPress,MongoDB,PHP,Perl,Python,Java, Node.js,Bash,JavaScript
Results
- Architected global PCI cloud payment solution for PCI Level 1 Merchant
- Architected CloudSecurityDashboard™ WAF/CDN/GeoDNS subscription SaaS to protect client websites from threats
- Led PCI Level 1 Service Provider through audit; successfully received RoC/AoC
- Created RescueMeUSB™ data recovery/privacy USB device
- Created automation to generate/distribute Let's Encrypt TLS/SSL certificates globally to web/email servers using Bash,Python
- Deployed global Apache/Nginx/MySQL replication SaaS cluster (architecture,coding,hosting) providing load balancing/failover/high availability
- Successfully identified/remediated exploits used by hackers to infect websites,php scripts,CRM etc
2013 : Present
WidWad LLC
Managing Director/Principal Consultant : Cybersecurity, Cloud, Privacy, GRC, PCI, Audit, Threat Intel
- InfoSec Project Lead and regional Subject Matter Expert responsible for 50+ countries & territories / 18,000 employees
- InfoSec Representative for Division President, IT Sr VP, IT VP to corporate Information Security group
Tasks
- SME for PCI Audit, Data Classification, Data Retention, DLP, Encryption, Identity & Access Management, SIEM, Single Sign-On, Vendor Compliance
- Responsible for deploying projects/developing policies & procedures in compliance with corporate InfoSec/GRC goals, to ensure data protection, risk mitigation, vulnerability remediation, PCI DSS & HIPAA compliance, mobile device data loss/theft mitigation
- Interfaced with all groups at all levels to ensure Information Security compliance and to increase InfoSec Awareness while ultimately protecting the FedEx Name, Brand, and Reputation
- Worked extensively with Legal, Corporate Communications, Physical Security to mitigate risks & data loss from breaches & thefts
- Led successful International PCI/Credit Card Audit effort for IT
Results
- Successful receipt of International PCI RoC for Latin America & Caribbean (Level 1 Merchant)
- Managed & led successful Laptop Encryption project (McAfee Endpoint Encryption/SafeBoot)
- Managed & led successful AVERT Vulnerability Remediation effort
- 100% reduction in data loss due to mobile device breaches/theft over previous years
- First two-time recipient of InfoSec Golden Key Award at FedEx
Additional duties
- Responsible for IT department KPI reports to Division President, IT Sr. VP, IT VP
- IT ISO documentation
- Member, Latin America and Caribbean technical Architecture Team
Previous role
- Project Lead for a regional Citrix deployment serving Sales group covering 50+ countries & territories. I suggested the solution to address performance issues in a CRM used by Sales, followed with proof of concept, culminated in full deployment
- Results : 60% average improvement in application performance. Based on project success, it was adopted globally
2004 : 2013
FedEx Express LAC (Latin America & Caribbean)
Project Lead for Information Security and Data Protection
- Chief technologist reporting to the Dean of the College of Arts & Sciences, the largest college at the University
- Managed team effort to secure, maintain, update, and enhance 30+ departmental web sites within the College of Arts & Sciences
2002 : 2004
University of Miami
Sr. Systems Business Analyst and Webmaster
- Managed consulting team as an IBM/Lotus Business Partner specializing in IT/Infrastructure Audit, Information Security, Risk Assessment, Strategic Planning, System Integration, Deployment, Application Development, Web Development & Hosting, System Administration for corporate and academic clients using Lotus Notes/Domino and various web technologies
- Completed numerous projects for corporate & academic clients, including : Association for Computing Machinery, Digital Equipment Corporation / HP, The Gillette Company, Information Access Company, The Leadership Alliance / Brown University, Siemens, Thomson and Thomson, etc
1996 : 2002
Forrester Consulting Group, Inc.
President and CEO
- Technical architecture consultant for IBM/Lotus to their Business Partners/Independent Software Vendors implementing applications integrated with Lotus Notes & Domino through various programming tools & technologies (C API, LotusScript, etc)
- Specifically focused on : Notes/DBMS Integration and Migration, Notes Programmability Tools, Data Warehousing, and integration with various UNIX platforms
1994 : 1996
Lotus Development Corporation (acquired by IBM)
Developer Consultant for Lotus Notes Programmability, DBMS Integration, and Data Warehousing
Skills
Anti-fraud, Anti-spam, Apache, Business Continuity Planning, Business Process Improvement, Cloud Computing, Computer Security, Consulting, CRM, Databases, Data Forensics, Data Privacy, Encryption, Firewalls, Fraud Prevention, Global Server Load Balancing, Identity Theft Prevention, Information Security, Information Security Management, Information Security Policy, Information Systems, Information Technology, Intrusion Detection, iPhone development, IT Management, LAMP, Linux, Lotus Notes, Mobile Applications, Mobile Devices, MySQL, Operating Systems, Perl, PHP, Process Improvement, Project Management, Risk Assessment, SaaS, SEO, Servers, Software Development, SQL, System Administration, Threat & Vulnerability Management, Virtualization, VMware, VoIP, Web Analytics, Web Applications, Windows
About
Current role: Sr. Information Security Architect. Recent contract roles include: Cloud Security Architect, Solution Architect, Lead PCI Audit Consultant, etc.
Why consider me?
1) Experience: 25+ yr successful track record including Cloud & Information Security, Cybersecurity, Governance/Risk/Compliance, Audit, Privacy, Threat Intelligence, Digital Forensics. Diverse portfolio in Project Management, Process Improvement, Policy Development, Architecture, Coding, Integration
2) Certification: CISSP, CISM, CISA, CDPSE
My cert roadmap includes seeking: Amazon AWS Certified Solutions Architect, & IAPP Certified Information Privacy Manager.
3) Leadership: Quintessential problem solver, technology innovator, passionate entrepreneur, with demonstrated leadership skills & extensive IT background in corporate & academic environments working with global teams & users. Strategic/visionary leadership experience & tactical/hands-on technical experience
4) Depth: Experience working with leading organizations, including: Adobe, Aetna, Assurant, Brown University, Claro/Telmex, FedEx, HP/DEC, IBM/Lotus, JM Family, NY Public Library, Oracle/IRI, Thomson & Thomson, University of Miami
5) Breadth: Business acumen, technical expertise, international experience, & excellent communication skills - I can work with senior management, geeks, & end users with equal proficiency
6) Global responsibility: PCI Remediation IT Project Leadership impacting billions of dollars in economic value - PCI Global Level 1 Merchants, Level 1 Service Providers, etc
7) Technical expertise: Architected global PCI Credit Card Payment integration strategy for a Fortune 500 company. Architected/created CloudSecurityDashboard™, a SaaS platform providing SOC Web Application Firewall (WAF), Content Delivery Network (CDN), GeoDNS (failover, loadbalancing, high-availability, business continuity), TLS Certificate Automation, Server Monitoring, Penetration Testing
8) Innovation: Created RescueMeUSB™ data recovery & privacy USB flash device - allows browsing, data recovery, more ... privately, without leaving a trace
9) Discretion: Privacy professional experienced in best practices, advocacy, identity theft remediation
Profile Photo
