Philip Bandy, CISSP, CISM, CPP

Highlights include create strategic security plan, security architecture, and project management (PGP based laptop and data encryption, Cisco ASA VPN, PIX firewall, secure e-mail, access controls, key management, identity management, policy & procedures, and associated technical and administrative user training).

Hayflakes Sanctuary (http://Hayflakes.org) is a 501(c)3 non-profit organized to ensure the survival and promote the welfare of animals beyond help of other shelters and for those who can be, rehabilitate them for adoption.

I help connect those who want their life to really make a difference to those people and places who need someone who can really help them.

Highlights include development of content for software tool assessing compliance with GLBA, HIPAA, SOX 404, ISO17799, PCI, FDIC, NIPC, COBIT, NIST, DOD, DOJ, DOE, SAS 70, SB1386, SAM, FISMA, FACTA, FCRA, FDIC and FFIEC requirements, vulnerability assessments, and developing the security program for one of the credit bureaus, including the threat monitoring program, incident response team, computer forensics lab, and conducting internal cyber investigations.

Served as part of the design team providing direction to improve security of system computers / networking, managing system installations, and conducting vulnerability risk assessments. Highlights include physical security, security systems, and counterterrorism.

Advanced IT security and availability consulting services, specialized in enterprise vulnerability risk assessments, network security, Internet security, business continuity and disaster recovery planning, computer forensics, risk assessments, anti-virus consulting, security policies and procedures, security training, security architecture, and security awareness programs. Highlights include acting as Security Director for Universal Studios where we focused on directing the upgrades to the e-commerce security and global internal infrastructure based on previous audit findings, conducted new audits, developed the security controls program (policies, governance, procedures, response teams), and protection of intellectual property. Also conducted vulnerability assessments, designed security remediation plans, and supported cyber investigations, audits, and forensic analysis for clients.

Provided advanced networking consulting services with specialty areas in information security. As senior member of the security consulting team for the West Coast, served as subject matter expert for secure technologies. Provided security consulting resulting in secure networks for clients. Specialized in risk assessment and security architecture services with a substantial number of vulnerability assessments in a team member leadership capacity, as a technician (scanners & server analysis), and as project lead on security architecture projects (evaluating and designing controls). Addition skills include security policies, risk assessments, security management, and intrusion detection.

Netsourcing provider, focused on providing secure e-commerce solutions for enterprises. Highlights of accomplishments include building the team and development of the program that managed the security for national e-commerce customers. Team functions included monitoring nationwide networks, three data centers each with multiple CheckPoint firewalls, NetRanger intrusion detection systems, ESM and ITA host protection, and analysis / response tools. Also monitored for policy compliance, supervised Guards, Facilities Managers, Systems Engineers for security functions, and operated all physical security access control and CCTV systems.

Advanced Information Technology contractor, focused on providing integrated information technology security solutions for large corporate enterprises. Highlights of tenure include spearheading a 15-member software engineering team in the design, implementation and operation of an integrity monitoring software application responsible for safeguarding a 12,000-node Windows network for a major, international financial institution.

Consultant/contractor specializing in system security solutions for commercial clients. Developed and managed new program of information and system security services. Lead the consulting service team. Conducted hands-on evaluations of commercial security products, including installation and extensive functional testing and design review of firewalls. Conducted comparative studies of hundreds of commercial security products.

[Space Information Systems Division] Responsible for safeguarding 32 networks that support the NASA Mission Control Center. Reviewed all new system designs, all software, and the conduct of all system testing. Operated the five center firewalls, administered access to 1,200 computers by 12,000 users. Monitored network operations, and directed the Incident Response Capability and Security Awareness Programs.