Rick Johnson
Details
Posit PBC
Senior Director, Information Security
2019 : 2021
Posit PBC
Director, Information Security
Currently managing enterprise-wide programs for multi-national clients, providing education on the importance of secure coding within the application architecture. Key focus areas include : Security program development, CI/CD, DevOps and build process integration, scalability, and remediation guidance.
Consulting with clients on all facets of Vulnerability Management in the SDLC and including static code analysis, dynamic and manual penetration testing, 3rd party components, rigorous process improvements and tracking, developer education, and regular strategic advisory discussions with executive leadership.
Internal focus areas include : New hire training and mentoring. Escalation point for troubleshooting complex issues and working with disgruntled clients. Subject Matter Expert in multiple security, networking and IT infrastructure disciplines.
2013 : 2019
Veracode
Principal Security Program Manager
Promoted from within first to Manager, then Senior Manager, and eventually replaced the Director of Security Consulting Services. Primary duties included oversight and management of all technical security consulting engagements, methodology, and personnel. Tasked with rebuilding consulting team, increasing team morale, boosting sales integration, and refocusing consulting team on strategic services. Supervised 10+ direct reports plus subcontractors and functioned as engagement manager of all associated consulting projects. Delivered key subject matter expertise and tactical planning for consulting projects.
Drove strategic direction for the technical security consulting team delivering internal and external penetration testing, red team assessments, and technical security assessments. Redesigned the technical security consulting methodology to reduce time and increase client satisfaction and retention. Standardized delivery and support, reengineered project assignments, project management, and resource allocation to reduce travel cost. Provided insight for sales integration of security consulting services.
• Spearheaded more than 240 projects and 17,500 billable project hours annually from simple, shorter projects to multi-week and annual, on-site support engagements.
• Increased billable hours, utilization, and revenue over 12 months, along with improving consultants’ work satisfaction, by reengineering project assignments, decreasing time required to spin-up new projects from days to hours, and boosting assignment forecasts from 1-2 weeks to 6-8 weeks.
• Championed consulting culture changes, encouraging internal promotion, expanded training opportunities, identifying and exploiting exceptional talent, recognizing top talent regularly, and encouraging entrepreneurial attitudes.
• Strengthened morale and connected team members spread across US through direct interaction activities, launching a mentorship program and expanding career pathing.
2010 : 2012
Solutionary
Senior Manager, Security Consulting Services
Recruited to perform senior level security consulting services specializing in high profile clients requiring non-standard or special project work. Responsible for Vulnerability Assessment, Penetration Testing, Social Engineering, Red Team, Blue Team, HIPAA/HITRUST Consultation and Auditing, Physical Security Site Assessments, PCI-DSS Compliance Auditing, Architecture Review, and Policy Review projects. Functioned as subject matter expert providing executive-level advisory services for all security-related areas. Services provided to Aerospace, Financial, Heath Care, Federal, State and Local Government, Retail, Utility, Automotive, Legal, Theme Park, Broadcast, and Entertainment industries.
• Executed more than 20 projects in 12-month period, from simple, shorter projects to several month, multi-visit, on-site support engagements.
• Provided services throughout The United States, Europe, Canada and Central America with extensive air travel at times exceeding 50,000 air miles in a 12-month period.
• Repeatedly succeeded at saving client accounts that were in jeopardy of cancelling contracts.
2007 : 2010
Solutionary, Inc.
Senior Security Consultant
About
Forward-thinking information security practitioner with experience spanning application security and vulnerability management, security architecture, program development, consulting, service delivery, and practice management. Repeated success building and overhauling information security and vulnerability management programs. Excel at executing highly complex projects of varying size, scope, and budget. Effectively communicate and build consensus with professionals of all levels, from technical specialists to senior executives. Focused on applying a hands-on approach to team building and leadership by example. Known for developing environments that fuel competitive advantage for professional services, along with coordinating technical strategies that align with business needs.
Scope of mastery includes:
• Security Program Management
• Vulnerability Management
• Security Consulting
• SDLC and DevOps Security Integration
• Risk Assessment and Management
• Threat Modeling and Methodology Development
• Hands-on Training and Instruction
• Audit and Regulatory Compliance
• Team Leadership and Departmental Management
• Vulnerability Assessment
• Penetration Testing and Social Engineering
• Red Team Operations
• IT Security & Strategies
• IT Infrastructure Design
• Needs Assessment
• Operations and Project Management
• Client Relations
Profile Photo
