Resume of Andrew Reese

SUMMARY:

SKILLS:

• Strategic cybersecurity vision development
• Enterprise information security and IT risk management program implementation and monitoring
• Partnership with executive management, Enterprise Risk Management, Compliance, Internal Audit, and external Regulators and audit personnel
• Collaboration with stakeholders including counterparts, regulators, and governing agencies
• Leadership of the enterprise's information security organization
• Interaction with business, corporate, and technology disciplines to ensure consistent application of policies and standards
• Awareness raising of risk management concerns
• Planning and execution of vulnerability audits, penetration testing, and forensic IT audits and investigations
• Integration of new IT systems development with overall IT, data, and information security policies
• Compliance monitoring with the organization's information security policies and procedures
• Data loss and fraud prevention policy effectiveness and advisement on vendor risk and data/fraud exposure
• Security breach investigation and forensic execution
• Cybersecurity team leadership for security process automation
• Staying abreast of emerging security threats and technologies
• Preparation and delivery of Info Sec updates and materials for the Board and executive team
• Collaboration with the CISO community to share standard methodologies
• Knowledge of common information security and information risk management frameworks
• Knowledge of cloud-based services and related cybersecurity best practices
• Management of varied key stakeholders, both internal and external
• Software development practices experience
• Integration of functional security metrics into an enterprise risk management context
• Working in a highly regulated entity
• Departmental budget management
• Contract and vendor negotiations and management including managed services
• Innovative thinking and leadership
• Effective communication with and influence on senior-level management and key stakeholders
• Excellent written, verbal, and inter-personal communication skills
• Personal integrity

 

EXPERIENCE:

• Identifying, evaluating, managing, and executing strategic customer opportunities.
• Driving SOWs for security-relevant solutions environments with the software and cloud teams, focusing on the Enterprise segment.
• Ensuring awareness and execution within the technical organization of partner margin-enhancing programs.
• Serving as the initial escalation point for technology-related issues relating to the security-relevant solution environment portfolio.
• Partnering with the software and cloud sales team to proactively develop plans for professional services with strategic accounts.

• Freelance Work
• Any legal business activity.

• As an independent consultant, assisted MSPs in transforming and building their capabilities using hyper-scale cloud services.
• Consulting and auditing services on behalf of Microsoft, AWS, Google, and Oracle for Cloud Managed Service Providers (MSP) to transform and build sustainable, profitable service organizations.
• Management Consultant providing advisory services on digital and business transformation, ICT/Business Strategy, Organizational Change, Go-To-Market Strategies, Business Process Improvement & Expansion into New Markets/Geographies.

• Reported to the Executive Chairman and was responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies were adequately protected.
• Implemented and led BlueAlly’s Information Security Management System (ISMS).
• Implemented and aligned the ISMS with legal, regulatory, industry frameworks and standards, and contractual control requirements.
• Helped prepare the organization to meet control requirements for a SOC 2 Type II audit.
• Successfully completed a 12-month SOC 2 Type II audit with no findings or exceptions.

• Reported to the Chief Administrative Officer, responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies were adequately protected.

• Partner with the leadership team, sales and marketing, to envision and develop a go to market strategy for security and compliance service offerings.
• Identify and evolve new security and compliance consulting opportunities; assist with scoping, proposal development, project management plans, pricing and costing models, and prospective customer presentations/discussions.
• Extensive experience leading security and compliance design workshops, in partnership with internal and external client stakeholders and technical SMEs, a consensus builder.
• Service delivery track record of being able to operate at all levels of an organization, such as: board of directors, executive leadership teams, operations management, internal audit, and tactical technical levels, as well as experience working in multiple vertical markets.
• Led multiple annual pre-registration and internal audits as the lead internal auditor.
• Versed in Open Compliance and Ethics Group (OCEG) Governance, Risk, and Compliance (GRC) maturity modeling, architectures, and best practices, as well as the Unified Compliance Framework (UCF) Common Controls Hub and control harmonization.
• Performed hundreds of security and compliance gap assessments for clients using various industry maturity models, frameworks and standards, such as: Carnegie, Gartner, and CobiT maturity models… SOX, GLBA, HIPAA, NIST CSF and SP 800-53, ISO-27001, PCI-DSS, CIS Top Controls and Configuration Benchmarks, and much more
• Recognized for writing clear and compelling deliverables that include specific, tailored, and actionable advice and recommendations (note: award winning published author since 2008)
• Guide and advise clients on redesigning their security and compliance policies, standards, baselines, guidelines, processes, procedures, and detailed work instructions, aligning them with legal, regulatory and contractual requirements, as well as business goals and objectives.
• Performed numerous business impact and risk assessments of internal and external clients.
• Experienced and formally trained on business continuity and disaster recovery processes.
• Led CompuCom’s security and compliance design and implementation for its first successful ISO-20000 registration, which included alignment with ITIL, ISO-27001, and many other international standards, laws, regulations, and contractual requirements.
• Led numerous consulting engagements for assessing, designing, and implementing security and compliance technical controls, such as: firewalls, intrusion prevention systems (IDS/IPS), data center security (DCS) and endpoint protection solutions (EPS), email and network security gateways, VPNs, advance threat protection (ATD/ATP), endpoint detection and response (EDR), security event and incident management (SEIM), data loss prevention (DLP) and data meta tagging, access controls, permissions, and authorizations, network and system vulnerability scanners, configuration checkers, and much more.

• Directed, developed and defined security practice methodologies.
• Directed strategic Virtual CxO and Trusted Advisor consulting services.
• Developed and defined service reporting templates.
• Defined security skill requirements and engagement quality assurance.
• Directed, developed and maintained strategic security partnerships.
• Led the most complex security consulting engagements.

• Licensed Private Investigator in the State of Florida.
• Performed detailed background checks.
• Performed numerous investigations with a team of licensed investigators.

• Started venture funded AimNet Solutions in 2000.
• Successfully completed acquisition of several high-tech companies.
• Expanded managed security services to include network management.
• Provided Virtual CxO services that guided and led commercial clients as their CISO, CSO, CRO, CTO, and CIO.
• Led the most complex security consulting engagements.
• In 2007, successfully sold AimNet Solutions (and ANS, LLC) to Cognizant.

• Provide managed security and professional services from SMB to large enterprise companies.
• Over 800+ commercial customers blanketed the nation from coast to coast.
• Secured Florida State Negotiated Price Schedule Agreement during his first year of business.
• Provided security services to SLED, U.S. Military, and Federal Agencies.
• Created the Virtual CxO service offering that guided and led commercial clients as their CISO, CSO, CRO, CTO, and CIO.
• Led the most complex security consulting engagements.
• Axent Technologies recognized Reese Web as their #1 Systems Integrator in the State of Florida and their Elite Security Partner.
• In 2000, started new venture funded company AimNet Solutions and merged with Reese Web.

• Practice leader for professional service delivery teams and service offerings.
• Profitably grew technical team from 15 to 26 professionals.
• Identified and implemented strategic vendor relationships.
• Achieved recognition as Tampa's leading systems integrator.
• Led the most complex consulting engagements.

• Managed and maintained systems and tech-teams for three groups (Network Management & Internet Services, EDI & Network, and UNIX Systems Administration & Support) for a 90,000+ global user environment.
• Performed extensive requirements analysis, development, and implementation work around advanced technologies in Internet and system security, multi-protocol network management, multiple email vendor platforms solutions and operating systems (from desktop/laptop, vast list of state-of-the-arts server technology, multiple mainframe vendors).

• Member of a research team in the Special Operations Command HQ-J2 test lab.
• Maintained a Top Secret (SBI, w/SCI) Military Security Clearance.

• Managed government contracts and multiple component level repair depots.
• Managed international accounts and started a new international business division.
• Managed systems and tech-team oversight at international cruise missile planning facilities.
• Maintained a Top Secret (SBI, w/SCI) Military Security Clearance.

• Served as a resident onsite engineer at the USAF Tactical Air Warfare Center (TAWC) - J2.
• Maintained a Top Secret (SBI, w/SCI) Military Security Clearance.

• Maintained 3M office products in the States of Florida and Georgia.
• Completed numerous product certification courses in electronic mechanical technologies.
• Products such as: 3M Copiers and Microfiche Viewers, and Lanier Word Processors.

• Submariner: USS George Bancroft SSBN-643 (Blue Crew)
• Led a seven-man team in launch operations of a Nuclear Trident Ballistic Missile System.
• Maintained a Top Secret (SBI, w/SCI) Military Security Clearance.

VOLUNTEER WORK:

• Member, Janury 2004 to Present

• Chairman, CISO Cross-Sector Council, Feb 2021 – Feb 2023
• Board of Directors Member and Corporate Secretary, Feb 2019 – Jul 2021
• Chairman, Enterprise Risk Management Committee, Sept 2020 – Jul 2021
• Vice Chairman, InfraGard History Committee, Feb 2019 – Jul 2021
• Vice Chairman, CISO Cross-Sector Council, Oct 2020 – Feb 2021
• North Central Regional Deputy Representative, Jun 2018 – Feb 2019

• Board of Directors Member, Jan 2017 – Feb 2019
• Webmaster InfraGard-KC.Org, Jan 2017 – Sept 2019

• Member, 2016 to 2017

• Member, 2006 to 2015

 

• Connected Teachers and Speakers: (http://speakstem.org/)
• Teachers were in need of thought-provoking leaders in the Science, Technology, Engineering and Math (STEM) industries to help motivate and inspire students towards a career in STEM.

  

• Provided mentorship to our country's returning military veterans who are seeking employment in the hi-tech security industry.

 

• The Center for Cyber Safety and Education, formerly (ISC)2 Foundation, is a non-profit charity formed by (ISC)2 in 2011 as a conduit through which its members could reach society and empower students, teachers, and the general public to secure their online life with cybersecurity education and awareness programs in the community. The Center was formed to meet these needs and to expand altruistic programs such as Safe and Secure Online, the Information Security Scholarship Program, and Industry and Consumer Research—the three core programs of the Center.

 

• Dates: Dec 2000 - Jan 2005

 

• Dates: Feb 1998 - Dec 2000

 

• Dates: Jan 1998 - Mar 2003

 

• Dates: Dec 1996 - Feb 1998

 

EDUCATION:

• Degree: Bachelor
• Major: Computer Science
• Institution Name: American Institute for Computer Science (AICS)
• Address: 2101 Magnolia Avenue South, Suite 200, Birmingham, Alabama 35205
• Graduation Date: February 13, 1992
• GPA: 4.0

 

CERTIFICATIONS:

• CISSP #25685 – (ISC)2 Certified Information Systems Security Professional (2001-2025)
• CISM #0300317 – ISACA Certified Information Security Manager (2003-2024)
• CRISC #1000038 – ISACA Certified in Risk and Information System Controls (2010-2025)
• CGEIT #0800964 – ISACA Certified in Governance of Enterprise Information Technology (2008-2024)
• CPP #17243 – ASIS International Certified Protection Professional (2013-2026)
• ITIL v3 #10060937 – Certified Information Technology Infrastructure Library Foundation (2008)
• ISO-27001:2013 #8070631-37617 BSI Lead Auditor (TPECS) (2014)
• AZ-900 #H701-2485 – Microsoft Azure Fundamentals (2021)
• CLF-C01 #HCVNX49JKJ4EQCWN – AWS Certified Cloud Practitioner (2021-2024)

• Security Management
• Risk Management
• Security Strategy
• Business Process Controls & Internal Audit
• External Compliance
• Business Continuity
• Disaster Recovery Planning

• IT Governance
• IT Strategy
• erformance Management
• IT Management & Policies
• nnovation
• takeholder Relations

• Availability & Capacity Management
• Operations Management
• Change Management
• Configuration Management
• Release Management
• Incident & Problem Management
• Service Desk
• Asset Management
• Software Asset Management
• Hardware Asset Management

• Enterprise Architecture
• Service Management
• Quality Management
• Managed Service Catalogs

• Application Portfolio Management
• Enterprise Application Selection & Implementation
• Application Development Throughput
• Application Development Quality
• Application Maintenance

• Portfolio Management
• Project Management
• Requirements Gathering
• Organizational Change Management

• Human Resources Management
• IT Organizational Design
• Knowledge Management
• Leadership, Culture, and Values

• Business Value
• Cost & Budget Management
• Vendor Management
• Cost Optimization

• Business Intelligence & Reporting
• Data Architecture
• Data Quality

• Preparing for Policy Management Change (2019)
• Building the Business Case for Better Policy Management (2019)
• Where Policy Management Fits in the GRC ECO System (2019)
• Re-evaluating Policies, Methods for Maintaining Effectiveness (2019)
• Keeping Up with Change That Impacts Policies (2019)
• Engaging Employees, The “Now Generation” of Interactive Policies (2019)
• The Policy Enforcement Team, Roles and Responsibilities (2019)
• Beyond the Shelf, Ensuring Policy Understanding with Communication and Training (2019)

100+ Security Vendor Product and Subject Matter Certifications and Certificates of Completion

 

PROFESSIONAL AFFILIATIONS:

• InfraGard – Partnership for Protection
• ISACA
• (ISC)2
• ASIS International
• Open Compliance & Ethics Group (OCEG) – Governance, Risk, and Compliance (GRC)

  

PUBLISHED BOOKS:

• Rising Star Award
• Publisher’s Choice Award

  

VIDEO PRESENTATIONS:

• Building a Zero Trust Roadmap (44m : 35s)
• VPN to ZTNA: Managing the Transition (45m : 56s)
• Learning to be Cyber Vigilant (34m : 07s)

  

PUBLISHED ARTICLES:

• My 20-Second Pitch (2020)
• Ever assess your natural talents? (2016)
• Windows AtomBombing Injection Attack (2016)
• Security Professional Income & Reality (2016)
• True Hacker Story (2016)
• ISMS: High-Level Process Activities (2016)
• REESE'S Peanut Butter Cups: The Untold Story (2016)
• Obtaining and Maintaining a Security Professional Status (2016)
• Technical Writing Skills (2016)
• Security & Time Cost Money (2016)
• Going the Extra-Mile (2016)
• Make the Security Pledge! (2016)
• The Art of Learning InfoSec (2016)
• Mentoring New InfoSec Professionals (2016)