Simsbury, CT
steve@runct.com

PROFILE

Senior cybersecurity evangelist with nearly 35 years of experience driving security innovation across Fortune 100/200/500 corporations. Leading the implementation and optimization of world-leading email security threat protection solutions. Eliminating brand spoofing, inbound and outbound email threats, providing executive visibility into reduction of email risk vectors.

Continuously refining leading threat detection tools, strategies and protection for users to protect brand trust. Championing email cybersecurity best practices across all levels of the organization.

• CISSP since 2004 (#54142)
• Email deliverability
• World-leading Email Security Protection Tools
• Project Vision & Leadership

PROFESSIONAL EXPERIENCE
MASSMUTUAL Springfield, MA – 2008 – present

Program Owner, Trusted Email Program 12/2019 – present

• Leading the corporate Trusted Email Program through implementation of world-class email protection technologies to thwart email initiated attacks
• Implementing an advanced, layered system of AI/ML tools to protect email users from phishing, business/vendor email compromise, and all email attacks
• Leading internal and partner resources to protect corporate domains using industry-leading technology solutions using DMARC / SPF/ DKIM / BIMI email authentication standards
• Improving email delivery rates, protecting company domains from misuse, lockdown of defensive, non-email domains

Business Information Security Manager (BISO) 03/2015 – 12/2019

• Helping business leaders understand top information risks across lines of business
• Supporting sales efforts via customer consultations showing customer employee data protections
• Single point of contact for business to Cyber Security
• Reducing risk of projects, suppliers, policies
• Liaison to internal business partners
• Managing risk acceptances via compensating controls
• Cost forecasting, reporting metrics

Business Change Agent 06/2014 – 03/2015

• Lean/Six Sigma principle application to improve business functionality
• Workshop facilitation of value stream for current processes across the solution delivery life cycle (SDLC)
• Data collection to reduce pain points, waste, costs

Enterprise Architecture, Solutions Architect, Security Domain Advocate 05/2008 – 06/2014

• Creating Solution Architecture designs for assigned projects including Architectural Visions, Design Documents, and Enterprise Reference Architecture
• Leading Security Community of Expertise (CoE)
• Facilitating corporate Architecture Community of Practice (COP)
• Security domain advocate for projects; represent the entire Architecture community
• Providing guidance for required access in a secure manner; protect data with appropriate MassMutual policies and standards, support legal requirements
• Consulting with Legal, HR, Compliance, and line of business leaders as the data security subject matter expert (SME)
• Representing CISO to corporate projects
• Providing internal, risk-based consulting services

CIRCUIT CITY STORES, INC. Richmond, VA 02/1998 – 05/2008
Senior Data Security Architect 2006 – 2008
Senior Information Security Analyst 1999 – 2006
Project Manager, Data Networking 1998 – 1999

• Primary conduit to senior management and C-levels for all aspects of data security, data leakage, issue resolution; primary counsel to Legal and HR teams in regard to data preservation and access controls for use in litigation
• Identified security vulnerabilities and prioritization across all information technology (IT) projects; advised principals of the means and methods to adhere to new and existing security policies and standards; provided support for security architecture development and design, system and software requirement analysis
• Led investigator for data leakage and information security-related matters including triage efforts; engaged as subject matter expert across information security and data protection efforts; materially participated in external and internal audits and mitigation efforts
• Evaluated new and emerging security technologies; provided peer reviews of new system and program architectures and network design; researched, developed responses to emerging information security threats
• Established advocacy for security principles within the corporation; established guidelines for data shared with third-party vendors
• Led support in the selection of data loss protection (DLP) solution, wireless intrusion detection system (AirDefense); key support for Sarbanes-Oxley, PCI 1.0 and 1.1, and Chase (private label credit cards) controls; customer advisory council for AirDefense
• Defined and validated system security requirements definition using standards (ISO 17799, COBIT, ITIL)
• Authored corporate information security policies and standards; provide feedback to Legal and HR partners for corporate-wide policies
• Oversaw 10-15 technical network analysts and administration team for user IDs for Windows AD, Postini (spam), Cognos, and MicroStrategy; personally managed access to insider information and insider trading lists including senior corporate officers
• Provided peer reviews for new architecture and data sharing projects; architectural risk assessment for software development projects
• Assisted with budget preparation and cost projections for information security projects; coordinated and presented funding proposals to senior management

VANSTAR CORPORATION Tempe, AZ 1989 – 1998
Senior Systems Engineer 1997 – 1998
Director of Information Systems 1994 – 1996 (dba Dataflex Corporation)
Technical Sales Support Manager 1989 – 1994 (dba Sunland Computer Services)

• Technology solution specialist to DoD, government, private clients
• Internal technology manager of corporate WAN, email
• Designed inter-company communications during multiple acquisitions
• Implemented national, multi-platform WAN for clients and internal use: Windows NT, AS/400, Novell, and various UNIX systems, routers

EDUCATION
BSBA Business Administration, SHIPPENSBURG UNIVERSITY Shippensburg, PA

PROFESSIONAL DESIGNATION
ISC(2) Certified Information Systems Security Professional CISSP # 54142, granted January 2004 (current)