Profiles search

Susan McMillin

Principal Information Security Consultant at Pegasus ISC, LLC
Denver, CO, United States

Details

Experience: Providing Cybersecurity and Privacy Risk and Compliance Assessments to keep your business in-flight during these risky times. Not only has the risk of cyber attack on businesses of all sizes increased dramatically since the pandemic, but privacy and security regulation and oversight have also increased. If your business does not have basic security and privacy controls, the consequences of a data breach could include fines, penalties and increased government oversight, in addition to business interruption if you have a cyber attack or data breach.

Pegasus ISC can provide the basic assessments to show you where to start to provide the most effective protection for your business based on current security threats and your business goals.

2021 : Present

Pegasus ISC, LLC

Principal Information Security Consultant

Collaborate with client IT, regulatory executives, and stakeholders to create, modernize, and update global information security and cybersecurity operations. Assess current operations, identify frameworks, develop programs, author policies, and launch initial efforts.

2020 :

Pegasus Capital, LLC

Information Security and Program Management Consultant

2022 : 2023

Central Washington University

Chief Information Security Officer

2020 : 2022

Colorado School of Mines

Chief Information Security Officer

Led team of 10 - 16 security professionals to manage and upgrade corporate security projects and programs. Change agent for design and implementation of security governance processes moving security organization to business partners providing risk-based decision support.

ENTERPRISE LEADERSHIP : Supervised team to fulfill mandate : Develop, maintain, and publish globally compliant information security policies and standards; create/manage information security awareness training programs; perform security risk assessments on all new telecommunications and IT products, services, contracts, and infrastructure changes; identify acceptable levels of residual risk.

DIGITAL TRANSFORMATION : Guided interdisciplinary security team through collaborative efforts to develop policies and IT governance processes around CenturyLink digital transformation initiatives, provided security guidance to design teams for customer and internal facing automation projects, and initiated team transition from security gatekeepers to business partners.

US GOVERNMENT CONTRACT COMPLIANCE : Developed, enhanced, and standardized security control requirements to maintain compliance with U.S. government contracts and requirements through integration of 2 global telecom companies. Reduced individual analysis time by several weeks and exception requests by 50%.

2018 : 2020

CenturyLink

Information Security Governance and Risk at CenturyLink, Senior Manager
Company: Pegasus ISC, LLC

About

Senior Cyber Security Director and with demonstrated success creating and driving complex cyber security programs. I identify critical gaps and develop enterprise programs and specific projects to improve organizational cybersecurity practices. My special talent is the ability to share my vision, champion concepts, and gain buy-in of leaders across business organizations. I create long-range plans, manage budgets, and partner with other leaders to drive enterprise efforts.



ENTERPRISE SECURITY CYBER DEFENSE CHIEF OF STAFF (CenturyLink): As first dedicated Program Manager, took ownership of Board-initiated strategic cybersecurity projects across enterprise (global internet backbone, cloud, hosting environment). Expanded program and grew team from 15 to 40+ team members in 2 years. Improved cybersecurity risk score 15%.



BOARD-APPROVED CORPORATE CYBERSECURITY STRATEGY (CenturyLink): Defined program goals, formal policies, standards, budgets, and metrics to create Corporate Cybersecurity Strategy adopted by Board of Directors.



SECURITY RISK REDUCTION (CenturyLink): Improved risk assessment value and awareness resulting in 150% increase in risk assessment requests in first 18 months. Over 60% of risk assessments resulted in risk reducing mitigation plans within business objectives and budgets.



COLORADO INFORMATION SECURITY OPERATIONS CENTER (State of Colorado): Designed/stood up security operations center, implemented State network monitoring, established perimeter firewalls, conducted reviews, and took charge of major incidents. Reduced incident response time and associated network outage by factor of 7X.



SPECIALTIES

Executive & Board Engagement

Security & Cyber Defense Strategy

Enterprise Security Digital Transformation

Program Execution / Leadership

Security Architecture & Process Design

Standards, Metrics, Governance

Risk Assessment / Management

Trends / Benchmarks / LEAN / Agile