Curriculum Vitae


Andrew R. Reese

Kansas City, Missouri Area

Phone: 717-395-3063

Email: Andy.Reese@ReeseWeb.Com


Security & Compliance

(Andrew R. Reese CV - PDF Version)


Nationally known as a highly respected security industry professional delivering subject matter expertise with extensive hands-on experience measuring, assessing, designing, implementing, improving, and managing Information Security Management Systems (ISMS) and Cybersecurity Programs for organizations of all sizes and vertical markets. Talent areas include: Security Strategy, Cybersecurity Thought Leader, “C” Suite and Board of Director Communication, Complex Security Topic Translation to Business Audiences, Enterprise Information Security, Emerging Security Threats, Consensus Builder, Executive Collaboration, Enterprise IT Risk Management, Global Regulatory Compliance, Security Management Program Development, Business Unit Collaboration, Business Analysis, Security Awareness, Security Policies / Security Procedures, Budgeting, Data Privacy, Gap Analysis, Incident Response, Business Continuity and Disaster Recovery Planning, and Data Governance.

Professional Experience

CompuCom Systems, Inc.                                                                                                      2005 to Present

CompuCom is a $10.8B global service company that supports 5.15-million users, 6.4-million devices, with 11-thousand employees, 100-thousand certifications, 6-thousand technicians. We resolve more than 90% of service desk calls on the first contact. 70% if IT services revenue is from recurring annuity clients. 97% of our revenue comes from repeat clients. Who are our clients: 6 of the top 10 Fortune 500 companies, 7 of the top 10 retailers in North America, 6 of the top 10 financial services firms in North America.

   Security Practice Leader                                                                                                   Jan 2005 to Present

   Managing Principal                                                                                                             May 2016 to Present

   Principal Consultant                                                                                                           Jan 2005 to May 2016

Security Strategy: See and understand security concerns others may not see. Translate complex cyber security topics to business audiences. Helped hundreds of companies successfully align their security strategy, people, processes, technology and culture. Extensive experience with security technology implementations that decrease the time to detect indicators of compromise using infrastructure and endpoint security instrumentation and decrease the time to respond to events with artificial intelligence and automation.

Cybersecurity Thought Leader: Personally led hundreds of security workshops, providing needed security education and knowledge transfer. Helped numerous organizations improve the maturity and quality of their Security Management processes and controls, security.

“C” Suite and Board of Director Communication: Well-versed in many communication tools. Skilled in keeping the message short and to the point. Advised various Executive Committees and Board of Directors on risk issues that are related to information security and recommended actions in support of their organization’s wider risk management program.

Complex Security Topic Translation to Business Audiences: Led professional security practices performing security-consulting engagements across multiple vertical markets. Honed skills in translating complex cyber security topics to business audiences.

Enterprise Information Security: Certified ISO/IEC-27001 Lead Auditor of security, with extensive knowledge of industry frameworks and architectures, standards, benchmarks, guidelines and best practices. Significant professional consulting experience working with organizations from small to medium size businesses (SMB), to large global enterprise companies.

Emerging Security Threats: Active board member of the local FBI Infragard chapter for protecting our nation’s critical infrastructure. Maintain frequent contact with security industry leaders, numerous early warning systems, as well as receive alerts and notifications of critical infrastructure threats. Lead global threat intelligence networks, databases and threat feeds.

Consensus Builder: Assisted organizations to build and document consensus, such as, but not limited to: interactive onsite or remote consensus building workshops, information security management forums or steering committees, information security management system (ISMS) benchmarks and more.

Executive Collaboration: Worked with corporate officers, legal counsel, human resources, and facilities / physical security relative to difficult security and privacy issues. Worked with executive teams to inform them of current and future risks, understand their perspectives on organizational risk, risk decisions and priorities, compliance requirements, security budget and more.

Enterprise IT Risk Management: Developed, implemented and monitored a comprehensive enterprise information security and risk management program.  The program included the process of planning, organizing, leading and controlling risk management activities, defining and documenting legal, regulatory and contractual security requirements, performing business impact and risk assessments, applying methods for limiting and managing different levels of risks tolerance and exposure.

Global Regulatory Compliance: Well-versed in security control harmonization and the tools from the Unified Compliance Framework. Assisted clients to harmonize their security processes and controls, implemented scoped statement of applicability documents, and more.

Security Management Program Development: Implemented and improved the lifecycle of client’s information security management system/program (ISMS). Developed tools and methodologies used during professional engagements for measuring and benchmarking the maturity of security processes and controls across global organizations. Performed many professional ISMS benchmark engagements for large global enterprise organizations. Strategically road mapped short, medium and long-term plans, level of work effort, resource requirements and costing, and then successfully executed to plan, on time and on budget.

Business Unit Collaboration: Experienced in articulating security requirements and soliciting business unit collaboration on global, regional and local policies, standards, benchmarks, guidelines, processes and procedures. Well versed on how to document roles and responsibilities across a global organization; such as, how to identify who is accountable, responsible, consulted, informed, sponsors, and supports various security controls, based upon well-defined scopes and statements of applicability, memorandums of understanding, operational level agreements, service level agreements and under pinning contracts.

Business Analysis: Developed, provided knowledge transfer and directed technical teams of numerous organizations in how to implement continuous process and operational improvements in their security management systems.

Security Awareness: Worked with human resources and legal teams to ensure compliance with legal and regulatory requirements, as well as, maintain end-user security awareness and understanding via customized communication tools, learning management system training systems, strategically positioned posters and plaques, security tip newsletters and more.

Security Policies / Security Procedures: Designed security policy architecture and flow.  Formulated and wrote policy content, compliance mapping and linking, reviews and approvals, access and permission controls. Created security processes and procedures with decision points, inputs, outputs, documentation requirements and compliance mapping and linking.  Used the Unified Compliance Framework.

Budgeting: Established resource staffing requirements and project budgets on a weekly basis for service engagements. Worked with clients across North America to provide security solutions to solve their problems in a cost effective manner.  Delivered services and implemented technologies per the terms and budget of contractual agreements.

Data Privacy: Leveraged cryptography technologies for data at rest and in motion; the application of masking, controlling access to, minimize exposure by devaluing the data through encryption and tokenization and more.

Gap Analysis: Performed gap assessments including: legal, regulatory, and contractual requirements assessments; business impact and risks assessments; network vulnerability, application static binary and dynamic secure coding practices, and manual penetration test assessments; information security management system (process and control) maturity benchmarking assessments; compliance gap assessments; configuration benchmark assessments; and more.

Incident Response: Experienced with Security Information Event Management (SIEM) technologies.  Performed forensic analysis, recovery and reviews of lessons learned. Skilled in instrumenting the network infrastructure and endpoint systems with technology that reduces the time to detect indicators of compromise, gather evidence, and to respond to incidents.  Strategically applied artificial intelligence and automation to minimize impacts.

Business Continuity and Disaster Recovery Planning: Helped numerous organizations with strategic vision and evolution by developing and designing high availability, capacity, business continuity and disaster recovery plans for their critical IT assets.  Orchestrated periodic testing and demonstrated recovery using various scenarios.

Data Governance: Assisted numerous clients with creating well-written policies, highlighting data sensitivity for end-user awareness, applying appropriate processes and technologies for inventorying what data is stored where, applying the right data classification and meta-tagging, sensitivity handling while in transit and at rest, data loss prevention, reduction of sensitive data sprawl, retention requirements, permission and access management, authenticity, non-repudiation, chain of custody, data integrity, much more.

InfraGard National Members Alliance (INMA)                                                           Feb 2019 to Present

Corporate Secretary and Board of Directors Member (Appointed)

InfraGard is a partnership between the U.S. Federal Bureau of Investigation (FBI) and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

InfraGard National Members Alliance (INMA) is a non-profit 501(c)(3) Delaware Corporation. The INMA is comprised of 79 separate 501(c)(3) InfraGard Member Alliances (IMAs) with a membership of more than 50,000 plus Subject Matter Experts, representing our Nations critical infrastructures.

InfraGard National Members Alliance (INMA)                                                         Jun 2018 to Feb 2019

North Central Regional Deputy Representative (Appointed)

The purpose of INMA Regional Representatives is to assist in the improvement of operational efficiency and the facilitation of consistency of the InfraGard mission, in partnership with the Federal Bureau of Investigation, Department of Homeland Security, and other national partners.

InfraGard Kansas City Members Alliance (IMA)                                                         Jan 2017 to Feb 2019

Board of Directors Member (Elected)

InfraGard Kansas City Members Alliance (IMA) is a non-profit organization serving as a public-private partnership among U.S. businesses, individuals involved in the protection and resilience of U.S. critical infrastructures, and the Federal Bureau of Investigation.

InfraGard Kansas City Members Alliance (IMA)                                                           Jan 2017 to Present

Webmaster InfraGard-KC.Org (Appointed)

DynTek, Inc.                                                                                                                    Mar 2003 to Oct 2004

National Director of Security Consulting and Virtual CxO

Reese Web Security, Inc.                                                                                              Jan 2003 to Dec 2004

Vice President, Florida Licensed Private Investigation Company (Co-Owner)

AimNet Solutions Inc.                                                                                                  May 2000 to Dec 2002

Vice President, Chief Security Officer, and Information Security Practice Leader (Co-Owner)

Reese Web, Inc.                                                                                                            Aug 1995 to May 2000

Chief Executive Officer & President (Owner) – National Security Company

The Waldec Group                                                                                                        Dec 1994 to Aug 1995

Director of Network and Advanced Network Services

Nielsen Media Research                                                                                               Jun 1993 to Dec 1994

LAN Coordinator

McDonnell Douglas                                                                                                       Oct 1992 to Jun 1993

Senior Engineer - Technology

Halifax Corporation                                                                                                       Jun 1986 to Oct 1992

Field Service Representative to European Regional Manager

Eaton Corporation                                                                                                         Jan 1985 to Jun 1986

Associate Field Engineer

Enfield’s 3M Business Products                                                                                  Apr 1984 to Jan 1985

Customer Service Representative

U.S. Navy                                                                                                                        Jan 1978 to Jan 1984

USS George Bancroft SSBN 643 Blue Crew

Fire Control Technician Ballistic Missile First Class E-6 (Submarine Service) - FTB1(SS)

Industry Involvement

  1. Wounded Warrior Project – Mentor to U. S. Military Veterans

  2. Safe & Secure Online by (ISC)2 – Authorized Volunteer (Presenter/Speaker)

  3. InfraGard, ASIS International, ISACA, (ISC)2, and OCEG – Active Member

  4. Years of Security Industry Articles and Security Tip Newsletters

  5. Technical Advisory Board Experience for Many Leading Security Technology Vendors Since 1995
    Symantec, Axent Technologies, Raptor Systems, Content Technologies, and more….

  6. Security Clearance: 1978-1996 TS/SCI (SBI)

Prominent Certifications

  1. CISSP #25685 -- (ISC)2 Certified Information Systems Security Professional

  2. CISM #0300317 -- ISACA Certified Information Security Manager

  3. CRISC #1000038 -- ISACA Certified in Risk and Information System Controls

  4. CGEIT #0800964 -- ISACA Certified in Governance of Enterprise Information Technology

  5. CPP #17243 -- ASIS International Certified Protection Professional

  6. ITIL v3 #10060937 -- Certified Information Technology Infrastructure Library Foundation

  7. Years of Leading Security Vendor Product Certifications and Hands-On Experience


Bachelor of Computer Science, American Institute for Computer Science (AICS)

Tested Skills By Prominent Certifications

  1. Access Management

  2. Asset Security

  3. Business Continuity

  4. Business Principles and Practices

  5. Communications Security

  6. Computer Security

  7. Disaster Recovery

  8. Enterprise IT Governance

  9. Identity Management

  10. Information Risk Compliance

  11. Information Security

  12. Information Security Management

  13. Information Technology

  14. IT Benefits Realization

  15. IT Control Maintenance

  16. IT Governance

  17. IT Governance Framework

  18. IT Governance Principles

  19. IT Resource Optimization

  20. IT Risk Assessment

  21. IT Risk Evaluation

  22. IT Risk Identification

  23. IT Risk Management

  24. IT Risk Monitoring

  25. IT Risk Optimization

  1. IT Systems Control Design

  2. IT Systems Control Implementation

  3. IT Systems Control Monitoring

  4. IT Security

  5. IT Security Incident Manager

  6. IT Security Program Manager

  7. Network Security

  8. Penetration Testing

  9. Personnel Security

  10. Physical Security

  11. Professional Services

  12. Project Management

  13. Risk Management

  14. Security

  15. Security Assessment

  16. Security Audits

  17. Security Engineering

  18. Security Management

  19. Security Operations

  20. Security Principles and Practices

  21. Security Testing

  22. Software Development Security

  23. Strategic IT Management

  24. Vulnerability Assessment

Personal Interest

  1. Award Winning Published Author, REESE’S Peanut Butter Cups: The Untold Story

  2. DKI Martial Arts Grandmaster Instructor, 8th Degree Black Belt
    Okinawan Karate, Pressure Point Fighting, and Reality-Based Self-Defense Expert

  3. Music, Playing Guitar, Singing Karaoke

  4. Languages: English and German

Hyperlinks to more Information on this website:

  1. Top Natural Talents/GALLUP StrengthFinder 2.0

  2. Prominent Industry Certifications

  3. Personal Security Pledge

  4. Years of Security Tip Newsletters