Skip to toolbar
Principal Job Title
Identity Management and Security Specialist
1 Line Summary
Provide IT security, identity and access management, and IT risk management expertise to CISO and other C-level executives at large organizations in all industries, worldwide.
Availability & Rates

You must be registered and logged in to see this information.

Log in or Join
Ratings

HiveRank: (85)
Closest Town / City
Jackson Hole, WY USA
Member since: 12-08-2015
My Background Details
Provide forward-looking C-level leadership consulting services in the areas of IT security, identity and access management, and IT risk management to organizations around the globe. Bring more than 30 years of experience in IT security, risk management and identity and access management (IAM). Performed hundreds of engagements as the subject matter expert, focused solely on IT security, risk management and IAM.
Current Role Details
Identity management solution architect.

GDPR / privacy solution architect
CASE STUDIES
INFORMATION PROTECTION POSTURE ASSESSMENT - Case Study: 1 of 2.

Situation
A major U.S. Health Care Provider wanted an independent assessment of its information security program to determine if it is in alignment with that of its peers and prevailing good practices. The goal of the assessment was to help the organization strengthen its information security posture and reduce operational risks across 14 components of its information security program, including People, Process and Technology areas.

Task
Conduct a through information security assessment in order to ensure the organization was supporting its key business drivers:
- Protect sensitive information of all types within the extended enterprise, including information pertaining to employees, contractors, physicians, patients and their families
- Consistently and systematically comply with all applicable federal, state, local and industry information protection requirements
- Securely enable the use of sensitive information within the enterprise where appropriate to enhance patient care, research and administrative functions
- Rationalize and normalize information protection policies and practices as appropriate throughout the entire enterprise


Action
Using my self-developed information capture tool, I independently assessed the organization's enterprise security program and developed a thorough 3-year roadmap for strengthening and sustaining the security program into the future. The actions undertook to accomplish this included:
- an analysis of the current state
- the completion of a gap analysis / mitigation plan
- the development of a future state roadmap
- the development recommendations along with facilitated discussions to garner stakeholder buy-in on a prioritized set of actions to address short and long term opportunities to strengthen and sustain an appropriate organization-wide security program and one that addresses threats, vulnerabilities, technological and procedural controls and data access.


Results
All of the recommendations were coalesced into the following seven broad initiatives, with each initiative consisting of one or more discrete projects:
- Security Program, Policy, and Organization: activities that address Security Program Governance, Security Policy Program, Security Awareness & Training, and Personnel
- IT Risk Management and Compliance: activities that address IT Risk Management, Risk Assessments, Compliance, and Metrics
- Security Operations and Monitoring: activities that address Data Loss Prevention, Disaster Recovery, Security Information and Event Monitoring, Security Incident Response, and Vulnerability, Configuration and Patch Management
- Infrastructure Security: activities that address Network Zoning, Network Admission Control, System Placement, Malware Protection, and Endpoint Protection
- Business Continuity Management/Disaster Recovery (BCM/DR), Asset Management, and Change Management: activities that address Business Impact Analysis, Business Continuity, Change Management, Patch Management and IT Asset Management
- Secure Software Development and Management: activities that address Application Security, Application Risk Management, Encryption, Externalized Authorization
- Identity Life Cycle Management: activities that address Identity Governance, IAM solution deployment, Privileged access management, Authentication/Reduced Sign-on, and Authorization

MAJOR GLOBAL RETAILER WANTS TO MODERNIZE AND IMPROVE THEIR IDENTITY MANAGEMENT INFRASTRUCTURE - Case Study: 2 of 2.

Show / Hide Full Details


Situation
One of the world’s leading retailers, with well over 300,000 employees and thousands of stores around the globe, the company also provides additional services beyond retailing, including pharmacies, health clinics and financial services. Due to the nature of the businesses it maintains, the company experiences a high volume of employee turnover, especially during holiday seasons. This fact, coupled with a continuing aggressive growth strategy resulted in a very pressing need to strengthen its IT-security related identity management strategy.

Task
In order to establish and document comprehensive requirements, I worked with a ‘core team’ from the company’s IT and architecture group to identify a broad group of business and IT stakeholders across the company to interview. After interviewing nearly 50 stakeholders, I developed an overview of the Current State of their IAM infrastructure and key supporting processes. From this, I established a Gap Analysis between the current state and the key business drivers and functional requirements captured during the interviews. Using the Gap Analysis as input, I established a Future State Architecture and Strategy, including a roadmap to help the company begin deployment based on risk, market demand and other criteria specific to the company.

Action
The recommended architecture and migration strategy incorporated the input of several key corporate IT infrastructure and application groups across the enterprise. The key business objectives and technical requirements for enhancing the existing identity management infrastructure were captured from this input.
The resulting deliverable also included initial recommendations of the vendors and their products that may support the recommended architecture.

Results
The proposed conceptual identity management architecture positioned the Retailer to significantly improve the level of service it provides to internal and external users of its IT infrastructure, while maintaining security and audit-ability in an ever-expanding security and access control environment.




Doug Simmons

Profile picture of Doug Simmons

@dougsimmons

active 3 months, 2 weeks ago