Curriculum Vitae

 

Andrew R. Reese

Kansas City, Missouri Area

Phone: 717-395-3063

Email: Andy.Reese@ReeseWeb.Com

CISSP, CISM, CRISC, CPP


Security & Compliance

Security and Compliance Subject Matter Expert: Extensive hands-on experience measuring, assessing, designing, implementing, improving, and managing Information Security Management Systems (ISMS) and Cybersecurity Programs, and Compliance for organizations of all sizes and across many vertical markets, using industry leading security and compliance solutions and tools.


PROFESSIONAL EXPERIENCE


BlueAlly                                                 United States

Chief Information Security Officer (CISO)                 November 2019 – Present


  1. Responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.


CompuCom Systems, Inc.                                   North America

Role: Security and Compliance Practice Leader        January 2005 – November 2019

Managing Principal                                       May 2016 – November 2019

Principal Consultant                                      January 2005 – May 2016


  1. Partner with the leadership team, sales and marketing, to envision and develop a go to market strategy for security and compliance service offerings

  2. Identify and evolve new security and compliance consulting opportunities; assist with scoping, proposal development, project management plans, pricing and costing models, and prospective customer presentations/discussions

  3. Extensive experience leading security and compliance design workshops, in partnership with internal and external client stakeholders and technical SMEs, a consensus builder

  4. Service delivery track record of being able to operate at all levels of an organization, such as: board of directors, executive leadership teams, operations management, internal audit, and tactical technical levels, as well as, experience working in multiple vertical markets

  5. Lead multiple annual pre-registration and internal audits as the lead internal auditor

  6. Versed in Open Compliance and Ethics Group (OCEG) Governance, Risk, and Compliance (GRC) maturity modeling, architectures, and best practices, as well as, the Unified Compliance Framework (UCF) Common Controls Hub and control harmonization

  7. Performed hundreds of security and compliance gap assessments for clients using various industry maturity models, frameworks and standards, such as: Carnegie, Gartner, and CobiT maturity models… SOX, GLBA, HIPAA, NIST CSF and SP 800-53, ISO-27001, PCI-DSS, CIS Top Controls and Configuration Benchmarks, and much more

  8. Recognized for writing clear and compelling deliverables that include specific, tailored, and actionable advice and recommendations (note: award winning published author since 2008)

  9. Guide and advise clients on redesigning their security and compliance policies, standards, baselines, guidelines, processes, procedures, and detailed work instructions, aligning them with legal, regulatory and contractual requirements, as well as, business goals and objectives

  10. Performed numerous business impact and risk assessments of internal and external clients

  11. Experienced and formally trained on business continuity and disaster recovery processes

  12. Lead CompuCom’s security and compliance design and implementation for its first successful ISO-20000 registration, which included alignment with ITIL, ISO-27001, and many other international standards, laws, regulations, and contractual requirements

  13. Lead numerous consulting engagements for assessing, designing, and implementing security and compliance technical controls, such as: firewalls, intrusion prevention systems (IDS/IPS), data center security (DCS) and endpoint protection solutions (EPS), email and network security gateways, VPNs, advance threat protection (ATD/ATP), endpoint detection and response (EDR), security event and incident management (SEIM), data loss prevention (DLP) and data meta tagging, access controls, permissions, and authorizations, network and system vulnerability scanners, configuration checkers, and much more


DynTek, Inc.                                             United States

National Director of Security Consulting                March 2003 – October 2004


  1. Directed, developed and defined security practice methodologies

  2. Directed strategic Virtual CxO and Trusted Advisor consulting services

  3. Developed and defined service reporting templates

  4. Defined security skill requirements and engagement quality assurance

  5. Directed, developed and maintained strategic security partnerships

  6. Lead the most complex security consulting engagements


AimNet Solutions Inc.                                    United States

VP, CISO & Information Security Practice Leader          May 2000 – December 2002


  1. Started venture funded AimNet Solution in 2000

  2. Successfully completed acquisition of several high-tech companies

  3. Expanded managed security services to include network management

  4. Provided Virtual CxO services to guide and lead commercial clients as their CISO, CSO, CRO, CTO, and CIO

  5. Lead the most complex security consulting engagements

  6. In 2007, successfully sold the AimNet Solutions (and ANS, LLC) to Cognizant


Reese Web, Inc.                                          United States

Chief Executive Officer and President                      August 1995 – May 2000


  1. Provide managed security and professional services from SMB to large enterprise companies

  2. Over 800+ commercial customers blanketed the nation from coast to coast

  3. Secured Florida State Negotiated Price Schedule Agreement during his first year of business

  4. Provided security services to SLED, U.S. Military, and Federal Agencies

  5. Created the Virtual CxO service offering to guide and lead commercial clients as their CISO, CSO, CRO, CTO, and CIO

  6. Lead the most complex security consulting engagements

  7. Axent Technologies recognized Reese Web as their #1 Systems Integrator in the State of Florida and their Elite Security Partner

  8. In 2000, started new venture funded company AimNet Solutions and merged Reese Web


The Waldec Group                                         United States

Director, Network and Advanced Network Services       December 1994 – August 1995


  1. Practice leader for professional service delivery teams and service offerings

  2. Profitably grew technical team from 15 to 26 professionals

  3. Identified and implemented strategic vendor relationships

  4. Achieved recognition as Tampa's leading systems integrator

  5. Lead the most complex consulting engagements


Nielsen Media Research                                     Dunedin, FL

LAN Coordinator                                         June 1993 – December 1994


  1. Managed and maintained systems and tech-teams for three groups (Network Management & Internet Services, EDI & Network, and UNIX Systems Administration & Support) for a 90,000+ global user environment

  2. Performed extensive requirements analysis, development, and implementation work around advanced technologies in Internet and system security, multi-protocol network management, multiple email vendor platforms solutions and operating systems (from desktop/laptop, vast list of state-of-the-arts server technology, multiple mainframe vendors)


McDonnell Douglas                                      MacDill AFB, FL

Senior Engineer – Technology                             October 1992 – June 1993


  1. Member of a research team in the Special Operations Command HQ-J2 test lab

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


Halifax Corporation                                      International

European Regional Manager                             January 1989 – October 1992

Account Manager                                          July 1987 – January 1989

Senior Field Service Representative                       August 1986 – July 1987

Field Service Representative                              June 1986 – August 1986


  1. Managed government contracts and multiple component level repair depots

  2. Managed international accounts and started a new international business division

  3. Managed systems and tech-team oversight at international cruise missile planning facilities

  4. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


Eaton Corporation                                        Eglin AFB, FL

Associate Field Engineer                                 January 1985 – June 1986


  1. Served as a resident onsite engineer at the USAF Tactical Air Warfare Center (TAWC) - J2

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


U.S. Navy                                           Submarine SSBN-643

E-6 FTB1(SS)                                          January 1978 – January 1984


  1. Lead a seven man team in launch operations of a Nuclear Trident Ballistic Missile System

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


EDUCATION


American Institute for Computer Science                 Birmingham, AL

Bachelor of Science in Computer Science, February 1992

  1. GPA 4.0/4.0


PROMINENT CERTIFICATIONS


  1. CISSP #25685 (ISC)2 Certified Information Systems Security Professional

  2. CISM #0300317 ISACA Certified Information Security Manager

  3. CRISC #1000038 ISACA Certified in Risk and Information System Controls

  4. CGEIT #0800964 ISACA Certified in Governance of Enterprise Information Technology

  5. CPP #17243 ASIS International Certified Protection Professional

  6. ITILv3 #10060937 Certified Information Technology Infrastructure Library Foundation

  7. Years of Leading Security Vendor Product Certifications and Hands-On Experience


NOTABLE VOLUNTEER WORK


InfraGard National Members Alliance (INMA)                      Remote

Board of Directors Member and Corporate Secretary         February 2019 – Present

North Central Regional Deputy Representative            June 2018 – February 2019


  1. IMNA is a non-profit 501(c)(3) Delaware Corporation, comprised of 79 separate 501(c)(3) InfraGard Member Alliances (IMAs) with a membership of more than 62,000 plus Subject Matter Experts, representing our Nation’s critical infrastructures


InfraGard Kansas City Members Alliance (IMA)          Kansas City Area

Board of Directors Member                            January 2017 – February 2019

Webmaster InfraGard-KC.Org                                 January 2017 – Present


  1. IMA a non-profit 501(c)(3) Missouri Corporation, with a membership of more than 300 plus Subject Matter Experts, representing the Kansas City Area’s critical infrastructures


TESTED SKILLS BY PROMINENT CERTIFICATIONS



  1. Access Management

  2. Asset Security

  3. Business Continuity

  4. Business Principles and Practices

  5. Communications Security

  6. Computer Security

  7. Disaster Recovery

  8. Enterprise IT Governance

  9. Identity Management

  10. Information Risk Compliance

  11. Information Security

  12. Information Security Management

  13. Information Technology

  14. IT Benefits Realization

  15. IT Control Maintenance

  16. IT Governance

  17. IT Governance Framework

  18. IT Governance Principles

  19. IT Resource Optimization

  20. IT Risk Assessment

  21. IT Risk Evaluation

  22. IT Risk Identification

  23. IT Risk Management

  24. IT Risk Monitoring

  25. IT Risk Optimization

  1. IT Systems Control Design

  2. IT Systems Control Implementation

  3. IT Systems Control Monitoring

  4. IT Security

  5. IT Security Incident Manager

  6. IT Security Program Manager

  7. Network Security

  8. Penetration Testing

  9. Personnel Security

  10. Physical Security

  11. Professional Services

  12. Project Management

  13. Risk Management

  14. Security

  15. Security Assessment

  16. Security Audits

  17. Security Engineering

  18. Security Management

  19. Security Operations

  20. Security Principles and Practices

  21. Security Testing

  22. Software Development Security

  23. Strategic IT Management

  24. Vulnerability Assessment



PERSONAL INTEREST



  1. Award Winning Published Author, REESE’S Peanut Butter Cups: The Untold Story

  2. DKI Martial Arts Grandmaster Instructor, 8th Degree Black Belt
    Okinawan Karate, Pressure Point Fighting, and Reality-Based Self-Defense Expert

  3. Music, Playing Guitar, Singing Karaoke

  4. Languages: English and German


OTHER WEBSITE CONTENT



  1. Top Natural Talents/GALLUP StrengthFinder 2.0

  2. Prominent Industry Certifications

  3. Personal Security Pledge

  4. Years of Security Tip Newsletters