Stephen Alexander

Stephen E Alexander

Simsbury, CT
(860) 682-2002
steve@salexander.com

PROFILE
Senior IT security evangelist with over 25 years of cybersecurity experience within Fortune 100 corporations, security domain advocate and internal corporate consultant with over 25 years of cybersecurity experience within Fortune 100 / 200 corporations. Cybersecurity focused on email and data protection, connectivity, policy, and procedures across all levels of management for internal and external business partners. Drawing on diverse abilities of individuals across the corporation and partner organizations to negotiate the best outcome; establish an advocacy for bringing security principles into the forefront of the corporate culture.

  • CISSP since 2004 (#54142)
  • Consulting & Advising
  • Vulnerability & Risk Analysis
  • Project Vision & Leadership
  • Analytical Research
  • Leveraging Relationships

PROFESSIONAL EXPERIENCE
MASSMUTUAL Springfield, MA 05/2008 – present

Technical Lead, Trusted Email Program 12/2019 – present

  • Leading the Trusted Email Program through the implementation of multiple technologies used to thwart email initiated attacks on the corporation
  • Aligning an advanced, layered system of tools utilizing AI to protect company email users from phishing, business/vendor email compromise, and other email attacks
  • Working with internal and external resources to protect corporate domains using authentication standards through industry-leading and new, niche technology solutions through alignment with current DMARC and other email authentication standards
  • Providing improved delivery rates while protecting company domains from misuse including the lockdown of defensive domains

Business Information Security Manager (BISO) 11/2018 – 12/2019

  • Helping business leaders across various lines of business to understand the top information risks for their line of business and the company
  • Working to support sales efforts through customer consultations of the protections in place to protect their employee data
  • Acting as the single point of contact for the lines of business to Enterprise Information Risk Management and other IT areas

Information Risk Manager 08/2016 – 11/2018

  • Reducing risk through evaluation of projects, suppliers, policies
  • Information risk liaison with internal business partners
  • Managing risk acceptances through evaluation of compensating controls
  • Resource cost forecasting, reporting metrics

Information Risk Consultant 03/2015 – 08/2016

  • Leading daily team huddle, metrics discussion
  • Heading efforts to secure access to key corporate financial assets
  • Helping secure company and client confidential data

Business Change Agent 06/2014 – 03/2015

  • Working with Lean principles to address the opportunity for improvements across various Information Technology departments
  • Facilitating workshops to gather value streams for current processes across the solution delivery life cycle (SDLC)
  • Through the collection of empirical data, seeking to reduce pain points, waste, cost of doing business

Enterprise Architecture, Solutions Architect, Security Domain Advocate 09/2011 – 06/2014

  • Create Solution Architecture designs for assigned projects including Architectural Vision, Architecture Design Document, and Enterprise Reference Architecture; 1 large project and 2-3 small concurrent projects
  • Lead architect for Active-Active Data Center project ($2MM est.)
  • Create and maintain Architecture Patterns to promote re-use rather than re-work
  • Facilitate the Architecture Community of Practice (COP) weekly meetings (40 – 60 members)
  • Founded and facilitated the company’s Security Community of Expertise (CoE)
  • Engaged across the architect teams (Enterprise Technology Organization, US Insurance Group, Retirement Services) as the security domain advocate for projects; represent the entire Architecture community in weekly project triage meetings
  • Provide guidance for required access in a secure manner; protect data with appropriate MassMutual policies and standards, support legal requirements
  • Engage with senior management in risk-based approach for available options to solve business problems and facilitate projects
  • Maintain effective relationships across lines of business; work as a conduit to get in front of ideas before they become concrete projects; provide pre-project guidance
  • Consult with Legal, HR, Compliance, and line of business leaders as a data security subject matter expert (SME)

Information Security Consultant, 05/2008 – 09/2011

  • Direct report to Chief Information Security Officer (CISO); represented CISO as requested
  • Provided internal, risk-based consulting services to Enterprise Technology Organization projects to secure data in use, in flight, at rest; advised on best practices for assigned projects; guided project leads on adhering to regulations regarding data encryption
  • Created Security Architecture Documents relating to new security patterns (authentication, authorization, access, connectivity, protection of data)
  • Provided guidance during project initiation phases (triage, discovery meetings)
  • Represented department on Security Roundtable, Firewall Request Review Board, Remote Computing Services team
  • Worked with Enterprise Architect team to create, update Reference Architecture documents

CIRCUIT CITY STORES, INC. Richmond, VA 02/1998 – 05/2008
Senior Data Security Architect 2006 – 2008
Senior Information Security Analyst 1999 – 2006
Project Manager, Data Networking 1998 – 1999

  • Primary conduit to senior management and C-levels for all aspects of data security, data leakage, issue resolution; primary counsel to Legal and HR teams in regard to data preservation and access controls for use in litigation
  • Identified security vulnerabilities and prioritization across all information technology (IT) projects; advised principals of the means and methods to adhere to new and existing security policies and standards; provided support for security architecture development and design, system and software requirement analysis
  • Led investigator for data leakage and information security-related matters including triage efforts; engaged as subject matter expert across information security and data protection efforts; materially participated in external and internal audits and mitigation efforts
  • Evaluated new and emerging security technologies; provided peer reviews of new system and program architectures and network design; researched, developed responses to emerging information security threats
  • Established advocacy for security principles within the corporation; established guidelines for data shared with third-party vendors
  • Led support in the selection of data loss protection (DLP) solution, wireless intrusion detection system (AirDefense); key support for Sarbanes-Oxley, PCI 1.0 and 1.1, and Chase (private label credit cards) controls; customer advisory council for AirDefense
  • Defined and validated system security requirements definition using standards (ISO 17799, COBIT, ITIL)
  • Authored corporate information security policies and standards; provide feedback to Legal and HR partners for corporate-wide policies
  • Oversaw 10-15 technical network analysts and administration team for user IDs for Windows AD, Postini (spam), Cognos, and MicroStrategy; personally managed access to insider information and insider trading lists including senior corporate officers
  • Provided peer reviews for new architecture and data sharing projects; architectural risk assessment for software development projects
  • Assisted with budget preparation and cost projections for information security projects; coordinated and presented funding proposals to senior management

VANSTAR CORPORATION Tempe, AZ 1989 – 1998
Senior Systems Engineer 1997 – 1998
Director of Information Systems 1994 – 1996 (dba Dataflex Corporation)
Technical Sales Support Manager 1989 – 1994 (dba Sunland Computer Services)

  • Presented new technology solutions to DoD, government, private clients through executive-level technology sales briefings
  • Managed installation of corporate WAN, web, email servers; supported western US network and email networks over 6 locations
  • Designed, installed, managed secure inter-company communications during two acquisitions
  • Designed, implemented, and maintained national, multi-platform WAN for clients and internal use: Windows NT, AS/400, Novell, and various UNIX systems, routers

EDUCATION
SHIPPENSBURG UNIVERSITY Shippensburg, PA
Bachelor of Science in Business Administration, Marketing

PROFESSIONAL DESIGNATION
ISC(2) Certified Information Systems Security Professional CISSP # 54142, granted January 2004 (current)

steve

,