improvement of all processes through each tom held · time tracking / billing, computerized...
TRANSCRIPT
Tom Held312.772.3396
Resume | CV
Career Objectives
For over 25 years, I have worked with law
firms, healthcare providers, financial
institutions, engineering consultants, data
centers, critical facilities, and universities,
helping them to utilize and manage technology
while protecting sensitive information and
ensuring critical system availability and
resiliency.
I have been privileged to work with many
knowledgeable professionals and to gain a
very broad experience in technology and the
underlying risks and business objectives.
My goal is to help you get the most from
technology, while avoiding the risks that all
technologies possess.
Career Summary
I altered course during my college career to
intern and work in the music industry. Ironically,
it was the music industry that brought me back
to computers and technology.
Since then, I have held positions in
network/telecom, software development, IT risk
management, and chief technology officer
(CTO). Although I have worked with highly
confidential information and critical systems my
entire career, the rising concern over
information security in recent years has shifted
my career focus in that direction.
Career Philosophy
I believe in the ideals of leadership and
teamwork. Both internal and external forces
will always challenge these ideals, but a team's
success lies in its willingness to return to the
pursuit of these ideals when such unforeseen
forces disrupt that pursuit.
I believe that success in business lies in the
improvement of all processes through each
iteration. Exceptional teams are made up of
members who welcome this challenge and
encourage one another to meet this challenge.
These team members utilize business
intelligence to make informed decisions for the
improvements for each iteration.
I believe in making things simple. Simplicity in
processes allows for true agility. True agility
allows businesses to shorten the time required
to meet ever changing demands. And meeting
changes in demand is key to financial success.
Finally and foremost, I believe in respect for all
persons, for all team members. All of the
qualities of healthy working relationships are
derived from this underlying respect. Respect
should be nurtured and maintained, not reliant
on universal agreement and regardless of
personal differences. Respect also
encourages members to compete as a team,
not as an individual.
Resume | CV312.772.3396
Tom Held
Senior Security Consultant
Austin, TX
February, 2015 to September 2015
Risk assessments for a range of technologies. Working
with compliance issues relating to GLBA, FFIEC,
HIPAA, and PCIDSS. Responsible for monthly
security oversight reports and business continuity and
disaster recovery planning for several financial services
clients. Development of online security awareness
training program.
Solis Security
DuCare SecuritySenior Security Consultant
Chicago | Nashville
August, 2015 to Present
Involved in all aspects of cyber security and
information security consulting, including, Technology
Risk Assessments, Service Provider Risk
Assessments, Penetration Testing, Threat Modeling,
Social Engineering / Phish Testing,
Employee/Executive Awareness and Training, Disaster
Recovery and Incident Response Planning; using
several security standards, such as, NIST SP800,
HIPAA, PCIDSS, NERC/CIP, ISO27k, along with
regulation requirements from authorities such as
FFIEC, SEC, and FINRA. and tracking industry
awareness through groups such as InfraGard (FBI),
FSISAC, ICSCERT, and OWASP.
Employment History
Owner | CTO
Information and Technology Management Consultant
Milwaukee | Chicago | Nashville
January 2006 to February 2015
Helping small and medium sized businesses with
technology utilization, information security, and risk
management. Technology solutions for team
management and IT cost management, including content
management and knowledge management solutions.
Utilization, cyber security, and risk management for
cloud migrations. Information security and risk
management using standards such as NIST SP800
series, HIPAA, SEC, NERC/CIP, and PCIDSS, as well
as recent knowledge from sources such as Idaho and
Sandia Labs and the FBI's InfraGard program.
The Oakland Group
CTO | Senior Technology Consultant
Milwaukee, WI
April, 2002 to December, 2006
Oversight of all technology, including software
development for cloud applications and data center
SCADA systems. Management and risk assessment of
IT operations. Technology use and risk management
consultant. Project oversight included private cloud
timesheet/billing application, critical work authorization
and change management application, maintenance and
asset management applications, data analysis software,
as well as hybrid cloud SCADA applications. Experience
dealing with critical and confidential information for
internal, small business consulting firm, as well as their
high profile, large enterprise customers. Many projects
dealing with highly critical data centers.
Miller Engineering
Information Technologies Group
(2002 present)
Miller Engineering
Information Technologies GroupSoftware Development Team Lead
Milwaukee, WI
April, 1998 to October, 2002
Design and development for client and inhouse
SCADA, Embedded Control Systems, and Cloud
Applications, including electrical switchboard controls,
Data Center Infrastructure Management (DCiM,
SCADA), electrical and acoustical spectrum analysis,
time tracking / billing, computerized maintenance
management systems, critical area work authorization,
change management. Using Microsoft and Linux/Unix
platforms with IIS, Apache, and MySQL.
Programming in Basic, Visual Basic, C, C++, LabView
G, PERL, PHP, HTML/CSS, and Javascript.
Tom Held312.772.3396
Resume | CV
Employment History
Miller Engineering
Information Technologies GroupNetwork / Telecommunications Consultant
Milwaukee, WI
April, 1995 to April, 1998
Coordination of network and telecommunications
requirements for client build/moves. Coordinating
resources and troubleshooting scenarios dealing with
DSL, T1, Ethernet, TokenRing, PBX, Centrix, Fiber,
and cabling standards (TIA568, etc). Communicating
between workgroups, IT, property owners, and
contractors to meet workgroup requirements and
assure ontime delivery of technology resources.
(1994 2002)
Tom Held312.772.3396
Resume | CV
Skillsets Information Technology
Information Risk Management (20 yrs)Information Security, Technology Use and Risk Management, Disaster
Recovery Planning, Business Continuity Planning, Penetration Testing,
Web Application Security, Technology Risk Assessments, Vendor and
Third Party Service Provider Risk Assessments, Incident Response
Planning, Threat Modeling, Employee/Executive Awareness and Training
Studies in CISSP CBK and CRISC toward certification, knowledge of
standards and compliance requirements, including, NIST 800 Series, ISO
27001/27002, HIPAA, PCIDSS, FFIEC, FINRA, SEC, Model Rules of
Professional Conduct (ABA), NERC/CIP, FISMA, FIPS, general knowledge
of federal and state laws regarding data breach and cyber crime including
CFAA/CAAA, COPAA, and others.
SCADA / ICS Technology (10 yrs)SCADA / ICS hardware, software, and systems design, SCADA System
Security, Embedded Systems, Alarm Management, State Machines and
Artificial Intelligence,, PLCs, Ladder Logic, SCADA System
Resiliency,Basic, Visual Basic, C languages, Serial RS232/422/485,
FieldBus, ModBus, National Instruments, Labview, Allen Bradley
Web Application Development (6 yrs)HTML/CSS, Javascript, Linux, Apache, MySQL, Perl/PHP (LAMP Stack),
JSON/XML APIs, MS IIS, Git, Web Application Security, SDLC, CMM,
applications for time management, billing, asset and maintenance
management, work authorization, project management, SCADA, etc.
Networking, Telecom, and Information Systems (15 yrs)Networks: Firewalls, Routers, Managed Switches, VLAN, VPN, VoIP,
Token Ring Ethernet, Cat. 37 cabling, RS 232/422/485, FieldBus, etc.,
Telecom: POTS, PBX, ISDN, ADSL/SDSL/VDSL, T1, Frame Relay, MAN,
SONET, etc., Information Systems: Windows, Exchange, Office 365, IIS,
AD, Linux, Apache, MySQL, RAID, NAS, etc.
Management
Resume | CV312.772.3396
Tom Held
Skillsets
Project Risk Management, Project Scheduling and Estimates,
Contractor/Vendor Management, Team Management, using concepts from
Capability Maturity Model (CMM), Agile/Scrum
Project Management (8 yrs)
Version Control, Code Reuse, Team Management, using Software
Development Life Cycle (SDLC) process.
Development Team Lead (5 yrs)