4
Daniel Goldsworthy Cumming, GA 30040 Email: [email protected] SENIOR INFORMATION SECURITY MANAGER Phone (706) 338-1161 With 11 Years of Security Operations and Threat Management Experience Results driven Senior Information Security Manager with expertise building and leading highly talented teams to achieve an exceptional level of corporate information security assurance. Continuous learner with a passion for innovation in security research and risk management to drive bottom-line business contributions (optimize security investments, avoid losses from security incidents, improve customer retention, enhance business decision-making, reduce corporate liability). Inspiring leader with proven ability to recruit, develop, and retain top talent. Exceptional levels of integrity, work ethic, and drive to achieve. Core areas of expertise include: Leadership Information Security Information Technology Team Building Security Operations IT Governance and Best Practices Strategic Planning Threat Detection/Preventio n Vendor & Contract Negotiations Budgeting and Cost Control Security Research Disaster Recovery / BCP Program Development & Continuous Improvement Security Technologies and Markets Technology Architecture and Integration Professional Experience Jack Henry & Associates (formerly Gladiator Technology Services, Inc.) Dec. 2003 - Present $1 billion provider of computer systems and electronic payment solutions for financial institutions Gladiator division provides managed security services to over 1,000 financial institutions Director of Research & Development – Jan. 2011 - Present Direct information security program and strategy, including information risk management, threat intelligence, information security operations, infrastructure and applications, incident response, and capital/expense budget of $3+ million. Work closely with executive team on key strategies for employing effective security controls to protect against advanced threats in a risk based methodology. Direct security research and development team of 24 responsible for initiatives involving identification and analysis of emerging cyber threats and rapid development of countermeasures and solutions in support of internal security and the security of over 1,000 financial institution customers nation-wide.

Daniel Goldsworthy Professional Resume

Embed Size (px)

Citation preview

Page 1: Daniel Goldsworthy Professional Resume

Daniel Goldsworthy Cumming, GA 30040Email: [email protected]

SENIOR INFORMATION SECURITY MANAGER Phone (706) 338-1161With 11 Years of Security Operations and Threat Management Experience

Results driven Senior Information Security Manager with expertise building and leading highly talented teams to achieve an exceptional level of corporate information security assurance. Continuous learner with a passion for innovation in security research and risk management to drive bottom-line business contributions (optimize security investments, avoid losses from security incidents, improve customer retention, enhance business decision-making, reduce corporate liability). Inspiring leader with proven ability to recruit, develop, and retain top talent. Exceptional levels of integrity, work ethic, and drive to achieve. Core areas of expertise include:

Leadership Information Security Information Technology Team Building Security Operations IT Governance and Best Practices Strategic Planning Threat Detection/Prevention Vendor & Contract Negotiations Budgeting and Cost Control Security Research Disaster Recovery / BCP Program Development &

Continuous Improvement Security Technologies and

Markets Technology Architecture and

Integration

Professional Experience

Jack Henry & Associates (formerly Gladiator Technology Services, Inc.) Dec. 2003 - Present$1 billion provider of computer systems and electronic payment solutions for financial institutionsGladiator division provides managed security services to over 1,000 financial institutions

Director of Research & Development – Jan. 2011 - Present Direct information security program and strategy, including information risk management, threat

intelligence, information security operations, infrastructure and applications, incident response, and capital/expense budget of $3+ million.

Work closely with executive team on key strategies for employing effective security controls to protect against advanced threats in a risk based methodology.

Direct security research and development team of 24 responsible for initiatives involving identification and analysis of emerging cyber threats and rapid development of countermeasures and solutions in support of internal security and the security of over 1,000 financial institution customers nation-wide.

Coordinate security management and governance across corporate IT, internal audit, corporate security and Gladiator business unit.

Direct Security Software Engineering team in execution of security technology integration projects and design and development of cutting-edge solutions that the security markets don’t have a product for.

Notable Achievements : Designed, evangelized and implemented an Advanced Malware Prevention service that leverages a

proprietary threat intelligence-based cloud DNS architecture. Grew the solution to consume as much threat intelligence data as Google Safe Browsing and provide a sustained 95% reduction in malware infections.

Developed a strategy to detect and disrupt Advanced Persistent Threats by rebalancing the organization’s detection/prevention/remediation ratio and incorporating a leading-edge Indicators of Compromise Analytics (IOC) technology that is capable of detecting covert (slow-and-low) attacks and blocking associated Command and Control activity with an exceptionally low false-positive rate.

Sponsored and directed initiative to overhaul a proprietary Raw Traffic Analysis tool that is capable of searching terabytes of log data for patterns of malicious activity. Updates included incorporation of expanded search capabilities using custom regex and automated threat intelligence data import capabilities. The enhancements produced an immediate three-fold increase in the incident detection rate.

Coordinated and led a cross-functional initiative to consolidate malware analysis and threat intelligence efforts across 3 business units, improving information sharing and creating operational efficiencies.

Renegotiated contracts with 3 strategic vendors, producing a savings of more than $1 million in security expenses over a 3 year period.

Security Operations Manager – Apr. 2005 – Jan. 2011 Managed a team of 18 security operations specialists responsible for protecting over $100 Billion in assets

across a base of 1,000 banking customers with networks consisting of a combined 65,000 devices. Oversaw successful performance of all security monitoring, security consulting, infrastructure management

and customer support services.

Page 2: Daniel Goldsworthy Professional Resume

Recruited, developed and retained a team of top security experts with each member maintaining industry-standard credentials (CISSP, CISM, GCIA, CISM) and 5+ years of full-time, exclusive security experience.

Worked closely with Security Research Team to identify emerging attack methods and patterns and ensure that appropriate controls were implemented internally and for managed security services customers.

Developed incident handling procedures that served as the Security Operations Center standard. Oversaw Project Management process for security monitoring service implementations. Developed Security Operations procedures to maintain regulatory compliance in accordance with

prescriptive FDIC/FFIEC control recommendations. Implemented and maintained training and certification program for Security Operations staff to accelerate

learning and personal growth within the team. Key member of Disaster Recovery Team, Solution Design Team, Service Assurance Committee and

Security and Governance Committee.

Notable Achievements : Key contributor to the design of a proprietary Online Banking Fraud Detection and Core Banking Security

solutions which revolutionized the company’s managed service offering and generated over $4 million in new revenue in the first 2 years.

Formed a Technical Product Management department of 4 senior engineers to perform security technology research and refinement projects. Resulted in more rapid and cost effective integration of new technologies, consistent double-digit annual improvements in the company’s incident detection rate and a 40% reduction in support cases due to the implementation of improved security solutions.

Championed a new contract support billing process that increased net income by $150,000 annually and allowed the business to scale to meet growing support demands while maintaining target margins.

Maintained 95% employee retention rate over a 6 year period by cultivating an excellent work culture, providing flexible career paths via mentorship programs and investing in employee development initiatives.

Managed the performance of a customer support team that achieved a 99% Service Level Standard success rate and consistently achieved customer support survey responses that led 17 other corporate divisions over a 6 year period.

Senior Information Security Engineer – Dec. 2003 – Apr. 2005

Monitored and assessed customers network security events and provided incident handling guidance and root cause analysis.

Served as third tier escalation point for security issues including data breaches, malware infections, phishing scams and financial fraud.

Reviewed customer networks to determine appropriate security architecture and performed all configuration and deployments of security infrastructure including Firewall, Network IPS, Host IPS, server event log and secure email solutions.

Notable Achievements: Worked closely with management and development staff to create custom event correlation rules for

the company’s proprietary SIEM, significantly improving security incident detection and response times and decreasing incident ticket volume by 45%, reducing operations costs by $200k annually.

Assisted with the development of a proprietary method of analyzing firewall data to identify malware infections, providing malware detection at a rate 90% more effective than antivirus software.

Designed a SharePoint knowledge portal, greatly improving team collaboration and increasing the speed and accuracy of incident response and customer support delivery.

Assessment Plus, Inc. | Technical Analyst July 2003 – Dec 2003Performed IT functions including server upgrades, patch management and network vulnerability remediation.

Education & Professional Profile

UNIVERSITY OF GEORGIA – Athens, GA: BBA in Management Information Systems

Professional Certifications Include: Professional Associations Include: CISM: Certified Information Security Manager ISACA Atlanta Chapter CISSP: Certified Information Systems Security Professional FS-ISAC CRISC: Certified Risk and Information Systems Control SSCP: Systems Security Certified Practitioner