Andrew R. Reese

Kansas City Metropolitan Area

Phone: 717-395-3063

Email: Andy.Reese@ReeseWeb.Com


IT Security Consultant,

Trusted Advisor, vCISO, and
Independent Contractor (1099)

Security and Compliance Subject Matter Expert: Extensive hands-on experience measuring, assessing, designing, implementing, improving, and managing Information Security Management Systems (ISMS) and cybersecurity programs. Well versed in aligning organizational controls with legal, regulatory, and contractual requirements, as well as, business goals and objectives. Consulting experience working with hundreds of organizations, of all sizes and across major vertical markets, using well-documented industry best practices and methodologies.

PROMINENT CERTIFICATIONS (Acclaim Digital Badge Verification)

  1. CISSP #25685 (ISC)2 Certified Information Systems Security Professional (2001 - 2023)

  2. CISM #0300317 ISACA Certified Information Security Manager (2003 - 2022)

  3. CRISC #1000038 ISACA Certified in Risk and Information System Controls (2010 - 2023)

  4. CGEIT #0800964 ISACA Certified in Governance of Enterprise Information Technology (2008 - 2024)

  5. CPP #17243 ASIS International Certified Protection Professional (2013 - 2023)

  6. ITILv3 #10060937 Certified Information Technology Infrastructure Library Foundation (2008, No Exp.)

  7. AZ-900 #H701-2485 Microsoft Azure Fundamentals (2021, No Exp.)

  8. Years of Leading Security Vendor Product Certifications and Hands-On Experience


ReeseWeb LLC                                             United States

IT Security Consultant                                     January 2021 – Present

  1. If you need an IT Security Consultant, Trusted Advisor, or a Virtual Chief Information Security Officer (vCISO) to help you with your security program, ReeseWeb LLC is here to help you.

  2. We demonstrate credibility (trustworthiness, reliability, dependability, integrity, and character) in the security industry every day.

  3. As an Independent Contractor, we deliver professional services to our strategic business partners' clients.

ISSI (Information Security Systems International)           Worldwide

Management Consultant                                     February 2021 – Present

  1. Consulting and auditing services on behalf of Microsoft, AWS, Google, and Oracle for Cloud Managed Service Providers (MSP) to transform and build sustainable, profitable service organizations.

  2. As an independent consultant assist MSPs in transforming and building their capabilities using hyper-scale cloud services.

  3. Management Consultant providing advisory services on digital and business transformation, ICT/Business Strategy, Organizational Change, Go-To-Market Strategies, Business Process Improvement & Expansion into New Markets/Geographies.

BlueAlly                                                 United States

Chief Information Security Officer (CISO)           November 2019 – November 2020

  1. Reported to the Executive Chairman, and was responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies were adequately protected.

  2. Implemented and led BlueAlly’s Information Security Management System (ISMS).

  3. Implemented and aligned the ISMS with legal, regulatory, industry frameworks and standards, and contractual control requirements.

  4. Helped prepare the organization to meet control requirements for a SOC 2 Type II audit.

  5. Successfully completed a 12-month SOC 2 Type II audit with no findings or exceptions.

Urgently Roadside Assistance (BlueAlly Contract)         United States

Virtual Chief Information Security Officer (vCISO)   November 2019 – October 2020

  1. Reported to the Chief Administrative Officer, responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies were adequately protected.

CompuCom Systems, Inc.                                   North America

Role: Security and Compliance Practice Leader        January 2005 – November 2019

Managing Principal                                       May 2016 – November 2019

Principal Consultant                                      January 2005 – May 2016

  1. Partner with the leadership team, sales and marketing, to envision and develop a go to market strategy for security and compliance service offerings

  2. Identify and evolve new security and compliance consulting opportunities; assist with scoping, proposal development, project management plans, pricing and costing models, and prospective customer presentations/discussions

  3. Extensive experience leading security and compliance design workshops, in partnership with internal and external client stakeholders and technical SMEs, a consensus builder

  4. Service delivery track record of being able to operate at all levels of an organization, such as: board of directors, executive leadership teams, operations management, internal audit, and tactical technical levels, as well as, experience working in multiple vertical markets

  5. Led multiple annual pre-registration and internal audits as the lead internal auditor

  6. Versed in Open Compliance and Ethics Group (OCEG) Governance, Risk, and Compliance (GRC) maturity modeling, architectures, and best practices, as well as, the Unified Compliance Framework (UCF) Common Controls Hub and control harmonization

  7. Performed hundreds of security and compliance gap assessments for clients using various industry maturity models, frameworks and standards, such as: Carnegie, Gartner, and CobiT maturity models… SOX, GLBA, HIPAA, NIST CSF and SP 800-53, ISO-27001, PCI-DSS, CIS Top Controls and Configuration Benchmarks, and much more

  8. Recognized for writing clear and compelling deliverables that include specific, tailored, and actionable advice and recommendations (note: award winning published author since 2008)

  9. Guide and advise clients on redesigning their security and compliance policies, standards, baselines, guidelines, processes, procedures, and detailed work instructions, aligning them with legal, regulatory and contractual requirements, as well as, business goals and objectives

  10. Performed numerous business impact and risk assessments of internal and external clients

  11. Experienced and formally trained on business continuity and disaster recovery processes

  12. Led CompuCom’s security and compliance design and implementation for its first successful ISO-20000 registration, which included alignment with ITIL, ISO-27001, and many other international standards, laws, regulations, and contractual requirements

  13. Led numerous consulting engagements for assessing, designing, and implementing security and compliance technical controls, such as: firewalls, intrusion prevention systems (IDS/IPS), data center security (DCS) and endpoint protection solutions (EPS), email and network security gateways, VPNs, advance threat protection (ATD/ATP), endpoint detection and response (EDR), security event and incident management (SEIM), data loss prevention (DLP) and data meta tagging, access controls, permissions, and authorizations, network and system vulnerability scanners, configuration checkers, and much more

DynTek, Inc.                                             United States

National Director of Security Consulting                March 2003 – October 2004

  1. Directed, developed and defined security practice methodologies

  2. Directed strategic Virtual CxO and Trusted Advisor consulting services

  3. Developed and defined service reporting templates

  4. Defined security skill requirements and engagement quality assurance

  5. Directed, developed and maintained strategic security partnerships

  6. Led the most complex security consulting engagements

Reese Web Security, Inc.                                Clearwater, FL

Co-Owner, Vice President                             January 2003 – December 2004

  1. Licensed Private Investigator in the State of Florida

  2. Performed detailed background checks

  3. Performed numerous investigations with a team of licensed investigators

AimNet Solutions Inc.                                    United States

VP, CISO & Information Security Practice Leader          May 2000 – December 2002

  1. Started venture funded AimNet Solution in 2000

  2. Successfully completed acquisition of several high-tech companies

  3. Expanded managed security services to include network management

  4. Provided Virtual CxO services that guided and led commercial clients as their CISO, CSO, CRO, CTO, and CIO

  5. Led the most complex security consulting engagements

  6. In 2007, successfully sold the AimNet Solutions (and ANS, LLC) to Cognizant

Reese Web, Inc.                                          United States

Chief Executive Officer and President                      August 1995 – May 2000

  1. Provide managed security and professional services from SMB to large enterprise companies

  2. Over 800+ commercial customers blanketed the nation from coast to coast

  3. Secured Florida State Negotiated Price Schedule Agreement during his first year of business

  4. Provided security services to SLED, U.S. Military, and Federal Agencies

  5. Created the Virtual CxO service offering that guided and led commercial clients as their CISO, CSO, CRO, CTO, and CIO

  6. Led the most complex security consulting engagements

  7. Axent Technologies recognized Reese Web as their #1 Systems Integrator in the State of Florida and their Elite Security Partner

  8. In 2000, started new venture funded company AimNet Solutions and merged Reese Web

The Waldec Group                                         United States

Director, Network and Advanced Network Services       December 1994 – August 1995

  1. Practice leader for professional service delivery teams and service offerings

  2. Profitably grew technical team from 15 to 26 professionals

  3. Identified and implemented strategic vendor relationships

  4. Achieved recognition as Tampa's leading systems integrator

  5. Led the most complex consulting engagements

Nielsen Media Research                                     Dunedin, FL

LAN Coordinator                                         June 1993 – December 1994

  1. Managed and maintained systems and tech-teams for three groups (Network Management & Internet Services, EDI & Network, and UNIX Systems Administration & Support) for a 90,000+ global user environment

  2. Performed extensive requirements analysis, development, and implementation work around advanced technologies in Internet and system security, multi-protocol network management, multiple email vendor platforms solutions and operating systems (from desktop/laptop, vast list of state-of-the-arts server technology, multiple mainframe vendors)

McDonnell Douglas                                      MacDill AFB, FL

Senior Engineer – Technology                             October 1992 – June 1993

  1. Member of a research team in the Special Operations Command HQ-J2 test lab

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance

Halifax Corporation                                      International

European Regional Manager                             January 1989 – October 1992

Account Manager                                          July 1987 – January 1989

Senior Field Service Representative                       August 1986 – July 1987

Field Service Representative                              June 1986 – August 1986

  1. Managed government contracts and multiple component level repair depots

  2. Managed international accounts and started a new international business division

  3. Managed systems and tech-team oversight at international cruise missile planning facilities

  4. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance

Eaton Corporation                                        Eglin AFB, FL

Associate Field Engineer                                 January 1985 – June 1986

  1. Served as a resident onsite engineer at the USAF Tactical Air Warfare Center (TAWC) - J2

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance

Enfield’s 3M Business Products                        Jacksonville, FL

Customer Service Representative                         April 1984 – January 1985

  1. Maintained 3M office products in the States of Florida and Georgia

  2. Completed numerous product certification courses in electronic mechanical technologies

  3. Products such as: 3M Copiers and Microfiche Viewers, and Lanier Word Processors

U.S. Navy                                           Submarine SSBN-643

E-6 FTB1(SS)                                          January 1978 – January 1984

  1. Led a seven man team in launch operations of a Nuclear Trident Ballistic Missile System

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


InfraGard National Members Alliance (INMA)                      Remote

Board of Directors Member and Corporate Secretary         February 2019 – Present

Chairman of the CISO Cross-Sector Council                 February 2021 – Present

Chairman of the Enterprise Risk Management Committee     September 2020 – Present

Vice Chairman of the InfraGard History Committee          February 2019 – Present

Vice Chairman of the CISO Cross-Sector Council       October 2020 – February 2021

North Central Regional Deputy Representative            June 2018 – February 2019

  1. InfraGard is a partnership between the U.S. Federal Bureau of Investigation (FBI) and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

  2. IMNA is a non-profit 501(c)(3) Delaware Corporation, comprised of 77 separate 501(c)(3) InfraGard Member Alliances (IMAs) with a membership of more than 74,000 plus Subject Matter Experts, representing our Nation’s critical infrastructures.

  3. As the National Secretary, is responsible for keeping the minutes of Board of Directors meetings; oversees that all notices are duly given in accordance with the provisions of organizational Bylaws or as required by law; is the custodian of the corporate records and of the seal of the Corporation; and in general perform all duties incident to the office of Secretary and such other duties as from time to time may be assigned by the President or by the Board of Directors.

  4. As Chairman, oversees that the CISO Cross-Sector Council provides an opportunity for InfraGard members who have an executive leadership positions in Information Security, in order to collaborate both at the chapter, region and national level. CISOs exist with expertise in every sector. There is a need to strengthen information Security in America and enhance the workforce ensuring we keep our competitive edge. We will succeed at this through our members’ strengths and collaborating with effective partners.

  5. As Chairman, oversees the performance of Enterprise Risk Management Committee's Data Gathering, Reviews and Assessments, Reports, and Assists the Board of Directors with effective Planning and Leadership of InfraGard National Membership Alliance (INMA).

  6. As Vice Chairman, assist the Chairman with the research of InfraGard History and review of corporate records.

InfraGard Kansas City Members Alliance (IMA)          Kansas City Area

Board of Directors Member                            January 2017 – February 2019

Webmaster InfraGard-KC.Org                          January 2017 – September 2019

  1. InfraGard Kansas City Members Alliance (IMA) is a non-profit organization serving as a public-private partnership among U.S. businesses, individuals involved in the protection and resilience of U.S. critical infrastructures, and the Federal Bureau of Investigation.

  2. IMA is a non-profit 501(c)(3) Missouri Corporation, with a membership of more than 300 plus Subject Matter Experts, representing the Kansas City Area’s critical infrastructures.


American Institute for Computer Science                 Birmingham, AL

Bachelor of Science in Computer Science, February 1992

  1. GPA 4.0/4.0


  1. Access Management

  2. Asset Security

  3. Business Continuity

  4. Business Principles and Practices

  5. Communications Security

  6. Computer Security

  7. Disaster Recovery

  8. Enterprise IT Governance

  9. Identity Management

  10. Information Risk Compliance

  11. Information Security

  12. Information Security Management

  13. Information Technology

  14. IT Benefits Realization

  15. IT Control Maintenance

  16. IT Governance

  17. IT Governance Framework

  18. IT Governance Principles

  19. IT Resource Optimization

  20. IT Risk Assessment

  21. IT Risk Evaluation

  22. IT Risk Identification

  23. IT Risk Management

  24. IT Risk Monitoring

  25. IT Risk Optimization

  1. IT Systems Control Design

  2. IT Systems Control Implementation

  3. IT Systems Control Monitoring

  4. IT Security

  5. IT Security Incident Manager

  6. IT Security Program Manager

  7. Network Security

  8. Penetration Testing

  9. Personnel Security

  10. Physical Security

  11. Professional Services

  12. Project Management

  13. Risk Management

  14. Security

  15. Security Assessment

  16. Security Audits

  17. Security Engineering

  18. Security Management

  19. Security Operations

  20. Security Principles and Practices

  21. Security Testing

  22. Software Development Security

  23. Strategic IT Management

  24. Vulnerability Assessment


  1. Award Winning Published Author, REESE’S Peanut Butter Cups: The Untold Story

  2. DKI Martial Arts Grandmaster Instructor, 8th Degree Black Belt
    Okinawan Karate, Pressure Point Fighting, and Reality-Based Self-Defense Expert
    USA Martial Arts Hall of Fame Inductions:
       2006 - Master of the Year
       2010 - Karate Grandmaster of the Year

  3. Music, Playing Guitar, and Love Singing Karaoke

  4. Languages: English and German


  1. Top Natural Talents/GALLUP StrengthFinder 2.0

  2. Prominent Industry Certifications

  3. Personal Security Pledge

  4. Years of Security Tip Newsletters


Download: CV in PDF Format