Profiles search

Tomas Mendez, CISSP, GICSP

Sr. Leader of ICS/IT Security and Infrastructure
Houston, TX, United States

Details

Experience: • Accountable for developing, publishing and continual improvement of ICS, IT and Cloud security policies, standards and procedures

• Establishing a strategic cybersecurity program, conduct a posture assessment of IT, OT and Cloud environments and develop a resource and technical roadmap

• Plan, scope and lead the execution of projects to close security gaps in ICS and IT global environments

2022 : Present

PEMEX

Manager, IT Cybersecurity

• Consult with client to gain a complete understanding of drivers, needs and expectations, conduct site surveys and review existing documentation

• Provide recommendations on architecture, configuration and deployment of IT security and network solutions

• Create SOW (Statement of Work), project plans, all necessary documentation and ensure project is delivered as stated, within budget and on time

• Coordinate purchase of all equipment, build configurations, install equipment and ensure proper testing and client acceptance is obtained

• Follow up with clients to ensure solutions delivered are continuing to functions as architected and expected.

2014 :

PNSCG

Sr. Consultant, Security and Network Solutions

• Accountable for developing, publishing and continual improvement of ICS, IT and Cloud security policies, standards and procedures enterprise-wide

• Established a strategic cybersecurity program, concluded a posture assessment of IT, OT and Cloud environments and developed a resource and technical roadmap

• Plan, scope and lead the execution of projects to close security gaps in ICS and IT global environments

2020 : 2022

Modec International Inc.

Global IT/OT Cybersecurity Lead

• Responsible for the strategic planning and execution of Industrial Control System (ICS), Information Technology (IT) and Cloud security and ensuring initiatives lineup with the business requirements and strategy, reduce security risk and don’t negatively impact safety and reliable operations

• Accountable for developing, publishing and continual improvement of ICS, IT and Cloud security policies, standards and procedures enterprise-wide, utilizing ICS cyber security frameworks and standards such as NIST, ISA/IEC and ISO

• Collaborated and partner with business leaders, enterprise IT, DevOps and OT teams to ensure effective cyber security solution delivery

• Reviewed existing cybersecurity program and concluded a posture assessment of IT, OT and Cloud environments and established a strategic roadmap to increase maturity of overall cybersecurity program

• Conducted security awareness training and phishing testing

• Participated in threat risk assessments of new and existing products during the SDLC process

• Coordinated response to potential threats and vulnerabilities using information received from threat intelligence channels

• Oversaw 3rd party penetration testing and coordinated remediation efforts for discovered vulnerabilities

2019 : 2019

Nabors Industries

Director, IT/OT Security

• Responsible for the strategic planning and execution of Industrial Control System (ICS) security, while ensuring initiatives reduce risk and don’t negatively impact pipeline safety and reliable operations

• Direct execution of a roadmap for ICS security, by defining the business requirements and with guidance of the published policies and standards

• Collaborate with cross-functional enterprise IT and OT teams to ensure effective ICS cyber security solution delivery

• Accountable for the planing, architecture and delivery of ICS network segregation program

2004 : 2019

Enbridge Energy (US)

Manager, ICS Security
Company: PEMEX
Years of Experience: 30
Spoken Language: English, Spanish

Skills

active directory, Analytical Skills, cisco systems products, cisco technologies, CISSP, Communication, computer security, data center, Data Privacy, disaster recovery, Energy, firewalls, GICSP, Governance, Risk Management, and Compliance (GRC), green energy, ics security, Information Security, information security management, Infrastructure, Integration, itil, it management, it operations, it service management, leadership, Local Area Network (LAN), Management, Network Administration, network architecture, network design, networking, network security, Project Management, renewable energy, scada, Security, servers, Service Delivery, Solar Energy, Strategic Business, Strategy, Team Management, telecommunications, telephony, troubleshooting, vendor management, virtual private network (vpn), vmware, vpn, windows server, IT Strategy, UPS systems

About

Over 18 years in IT with 12+ years of building and leading highly effective teams that deliver and support solutions for highly critical operational and business environments. Purpose architected cyber and physical security, threat intelligence, incident response, network communications, telephony, datacenter and server infrastructure services.



APPROACH - People, Process and Technology



 Learn the strengths and weaknesses of the team and its members to provide necessary tools, training, motivation and coaching to ensure they are in a position to succeed

 Actively seek ways to reduce cost; i.e., contract negotiations, new technology and consolidations, while fostering innovation and operational excellence

 Extensive knowledge of infrastructure, ICS, physical and application security and best practice designs

 Proactively research technology to determine the benefits or risks introduced to the organization and respond accordingly

 Communicate in business terms with various levels of management within and outside of IT utilizing my ability to translate technical jargon to non-technical audience

 Commitment to work hand-in-hand with team has attributed to proven solution delivering track record