Stephen Czerwinski

Senior Information Security Specialist at Quit Genius

Madison, WI, United States

Details

Education: Bachelor of Science - BS

Information and Communications Technologies

University of Wisconsin-Stout

2013 : 2017

Experience: Pelago, formerly Quit Genius, is the world’s leading virtual clinic for substance use management. Transforming substance use support—from prevention to treatment - for members struggling with substance use, our solution’s cognitive behavioral therapy (CBT) and medication-assisted treatment (MAT) programs deliver convenient, accessible, and effective support that seamlessly integrates with health plans, pharmacy benefit managers, and wellness platforms. Pelago, propelling people forward. Visit www.pelagohealth.com for more information.

2023 : Present

Pelago

Senior Information Security Specialist

As a member of the State of Wisconsin's Cyber Response Team, I participated and assisted in the response to cyber incidents occurring around the state impacting school districts, county governments, private organizations, etc.

2018 : 2023

State of Wisconsin

Incident Responder

Upon the departure of the Chief Information Officer, I was assigned duties as the Information Security Officer at the Commission. I have represented the PSC at statewide CISO working groups, Federal Cyber Security Infrastructure Grant initiative, the State of Wisconsin's Cyber Response Team, and Private and Public Information Sharing committees. I provide expertise and insight as needed to the delegated commissioner for cybersecurity and their policy advisor for the PSC. I have worked with the utilities within the State of Wisconsin to better build their cybersecurity posture.

In 2022, the President of the United States signed into law the Critical Infrastructure Act Water/Wastewater Safety Portion that can provide funding for cyber security in the State of Wisconsin. This allocated to approximately $800 million in funds spread through 50 states over 4 years. I represented the PSC as a member of the tiger team tasked to help build a cybersecurity program for the State of Wisconsin's Water and Waste-Water utilities along with assessing where to allocate those funds within the Critical Infrastructure Act. This Act assists our State, Local, Tribal, and Territorial Governments with managing and reducing systemic cyber risk.

2017 : 2023

Public Service Commission of Wisconsin

Information Security Officer

Designed, installed, and operated a cyber security program designed to protect the confidential data uploaded by the citizens and utilities of Wisconsin. This also was tied into FERC and NERC regulatory requirements. This included a Security information and event management (SIEM) system, IDS and IPS detection mechanisms, Next Generation Anti-Malware solutions, modern data transferring and sharing mechanisms, and more.

Administered and operated monthly vulnerability scans, annual risk assessments, and penetration testing with remediation goals.

Statewide IT policies and standards (PSP) protect the State of Wisconsin data and systems. These PSPs were created under the National Institute of Standards and Technology (NIST) 800-53r5 guidelines and set the rules in how we handle and manage data, the policies and standards protect the security and integrity of Wisconsin citizens' personal and confidential information.

Provided security input into the design of a new Grants Management system to support $125 million in broadband expansion grants for the agency. Conducted security pre/post-deployment vulnerability scans and penetration tests to protect confidential data being entered into the system.

2017 : 2022

Public Service Commission of Wisconsin

IT Security and Servers Specialist

Assisted in maintaining a Security information and event management (SIEM) system. Integrated and assisted within the internal Cyber Threat Operations team with penetration testing, vulnerability scanning, risk assessing and mitigation techniques.

2016 : 2016

Northwestern Mutual

Infrastructure Security - Intern

Company: Pelago

Years of Experience: 9

Spoken Language: English

Skills

Backup & Recovery Systems, Customer Service, Cybersecurity Incident Response, Federal Energy Regulatory Commission Compliance, ITIL Service Desk, IT Risk Management, Linux System Administration, Microsoft Dynamics CRM, Network Security, NIST Cybersecurity Framework, North American Electric Reliability Corporation Regulations, Penetration Testing, Policies & Procedures Development, Powershell, Project Management, Python, Security Information and Event Management (SIEM), VMware, Windows System Administration

About

I am an international award-winning Cybersecurity professional with experience in protecting regulated data and responding to cyber incidents affecting government entities at various sizes. I've built and maintained a cybersecurity program from the ground up to fit regulatory requirements (such as FERC and NERC). From a business perspective, my risk-based analysis ensures that I'm thorough when conducting Vulnerability Scans, Penetration Testing, Patch Management, and Security Compliance Audits.

Demonstrated the ability to collaborate at all levels to promote new ideas, gain buy-in, and build consensus. Possesses the ability to continuously adapt and assume additional projects, tasks, and responsibilities related to cyber security.

Currently hold a certification for Certified Ethical Hacking (CEH) from EC-Counsel. And have earned a BS in Information and Communications Technologies from the University of Wisconsin – Stout.

SPECIALTIES: Zero-Trust Architecture & Development Frameworks | Security Architecture & Engineering | Identity & Access Management | Threats Assessment | Vulnerability Management | Enterprise IT & Cybersecurity Operations | Regulatory Management | Cloud Security | DevOps & Security Integration

Experience in the following Compliance/Frameworks: NIST CSF, GDPR, ISO 27001, and SOC-2