Andrew R. Reese

Kansas City Metropolitan Area

Phone: 717-395-3063

Email: Andy.Reese@ReeseWeb.Com

CISSP, CISM, CRISC, CGEIT, CPP, ITIL v3

Chief Architect, Security
Office of the Chief Technology Officer

Download: CV in PDF Format

Security and Compliance Subject Matter Expert: Extensive hands-on experience measuring, assessing, designing, implementing, improving, and managing Information Security Management Systems (ISMS) and cybersecurity programs. Well versed in aligning organizational controls with legal, regulatory, and contractual requirements, as well as, business goals and objectives. Consulting experience working with hundreds of organizations, of all sizes and across major vertical markets, using well-documented industry best practices and methodologies.


Demonstrates credibility (trustworthiness, reliability, dependability, integrity, and character) in the security industry every day.


PROMINENT CERTIFICATIONS (Acclaim Digital Badge Verification)



  1. CISSP #25685 (ISC)2 Certified Information Systems Security Professional (2001 - 2023)

  2. CISM #0300317 ISACA Certified Information Security Manager (2003 - 2022)

  3. CRISC #1000038 ISACA Certified in Risk and Information System Controls (2010 - 2023)

  4. CGEIT #0800964 ISACA Certified in Governance of Enterprise Information Technology (2008 - 2024)

  5. CPP #17243 ASIS International Certified Protection Professional (2013 - 2023)

  6. ITILv3 #10060937 Certified Information Technology Infrastructure Library Foundation (2008, No Exp.)

  7. AZ-900 #H701-2485 Microsoft Azure Fundamentals (2021, No Exp.)

  8. CLF-C01 #HCVNX49JKJ4EQCWN AWS Certified Cloud Practitioner (2021-2024)

  9. Years of Leading Security Vendor Product Certifications and Hands-On Experience


PROFESSIONAL EXPERIENCE



Zones LLC

Chief Architect, Security (OCTO): March 2021 – Present


  1. Lead and execute security relevant solution environment portfolio from technical perspective to ensure alignment and support of overall go-to-market strategies:

  2. Partner with marketing organization to ensure enablement of software and cloud sales organization to support relevant solutions environment portfolio

  3. Enable Solution Architects with repeatable processes and portfolio for technical pre-sales activities (demos, workshops, etc.) and architecting solutions

  4. Assess customer pain points and market demand to help define compelling services and extend solution offerings

  5. Work with Cloud and Security Center of Excellence Director to measure and deliver on solution profitability expectations

  6. Identify strategic and tactical technical partnerships and key players necessary to achieve and sustain thought leadership within the solutions environment portfolio

  7. Understand competitors’ capabilities and be able to articulate those capabilities pertaining to tools, automation, services, pricing and solutions


  1. Achieve professional services margin objectives by ensuring the following:

  2. Identify, evaluate, manage, and execute on strategic customer opportunities

  3. Drive SOW’s for security relevant solutions environments with the software and cloud teams focusing on the Enterprise segment

  4. Ensure awareness and execution within technical organization of partner margin-enhancing programs

  5. Serve as initial escalation point for technology related issues relating to security relevant solution environment portfolio

  6. Partner with software and cloud sales team to proactively develop plans for professional services with strategic accounts


ReeseWeb LLC

IT Security Consultant: January 2021 – March 2021


  1. As an Independent Contractor, delivered professional services to our strategic business partners' clients.


Information Security Systems International (ISSI)

Management Consultant: February 2021 – March 2021


  1. As an independent consultant, assisted MSPs in transforming and building their capabilities using hyper-scale cloud services.

  2. Consulting and auditing services on behalf of Microsoft, AWS, Google, and Oracle for Cloud Managed Service Providers (MSP) to transform and build sustainable, profitable service organizations.

  3. Management Consultant providing advisory services on digital and business transformation, ICT/Business Strategy, Organizational Change, Go-To-Market Strategies, Business Process Improvement & Expansion into New Markets/Geographies.


BlueAlly

Chief Information Security Officer (CISO): November 2019 – November 2020


  1. Reported to the Executive Chairman, and was responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies were adequately protected.

  2. Implemented and led BlueAlly’s Information Security Management System (ISMS).

  3. Implemented and aligned the ISMS with legal, regulatory, industry frameworks and standards, and contractual control requirements.

  4. Helped prepare the organization to meet control requirements for a SOC 2 Type II audit.

  5. Successfully completed a 12-month SOC 2 Type II audit with no findings or exceptions.


Urgently Roadside Assistance (BlueAlly Contract)

Virtual Chief Information Security Officer (vCISO): November 2019 – October 2020


  1. Reported to the Chief Administrative Officer, responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies were adequately protected.


CompuCom Systems, Inc.

Role: Security and Compliance Practice Leader: January 2005 – November 2019

Managing Principal: May 2016 – November 2019

Principal Consultant: January 2005 – May 2016


  1. Partner with the leadership team, sales and marketing, to envision and develop a go to market strategy for security and compliance service offerings

  2. Identify and evolve new security and compliance consulting opportunities; assist with scoping, proposal development, project management plans, pricing and costing models, and prospective customer presentations/discussions

  3. Extensive experience leading security and compliance design workshops, in partnership with internal and external client stakeholders and technical SMEs, a consensus builder

  4. Service delivery track record of being able to operate at all levels of an organization, such as: board of directors, executive leadership teams, operations management, internal audit, and tactical technical levels, as well as, experience working in multiple vertical markets

  5. Led multiple annual pre-registration and internal audits as the lead internal auditor

  6. Versed in Open Compliance and Ethics Group (OCEG) Governance, Risk, and Compliance (GRC) maturity modeling, architectures, and best practices, as well as, the Unified Compliance Framework (UCF) Common Controls Hub and control harmonization

  7. Performed hundreds of security and compliance gap assessments for clients using various industry maturity models, frameworks and standards, such as: Carnegie, Gartner, and CobiT maturity models… SOX, GLBA, HIPAA, NIST CSF and SP 800-53, ISO-27001, PCI-DSS, CIS Top Controls and Configuration Benchmarks, and much more

  8. Recognized for writing clear and compelling deliverables that include specific, tailored, and actionable advice and recommendations (note: award winning published author since 2008)

  9. Guide and advise clients on redesigning their security and compliance policies, standards, baselines, guidelines, processes, procedures, and detailed work instructions, aligning them with legal, regulatory and contractual requirements, as well as, business goals and objectives

  10. Performed numerous business impact and risk assessments of internal and external clients

  11. Experienced and formally trained on business continuity and disaster recovery processes

  12. Led CompuCom’s security and compliance design and implementation for its first successful ISO-20000 registration, which included alignment with ITIL, ISO-27001, and many other international standards, laws, regulations, and contractual requirements

  13. Led numerous consulting engagements for assessing, designing, and implementing security and compliance technical controls, such as: firewalls, intrusion prevention systems (IDS/IPS), data center security (DCS) and endpoint protection solutions (EPS), email and network security gateways, VPNs, advance threat protection (ATD/ATP), endpoint detection and response (EDR), security event and incident management (SEIM), data loss prevention (DLP) and data meta tagging, access controls, permissions, and authorizations, network and system vulnerability scanners, configuration checkers, and much more


DynTek, Inc.

National Director of Security Consulting: March 2003 – October 2004


  1. Directed, developed and defined security practice methodologies

  2. Directed strategic Virtual CxO and Trusted Advisor consulting services

  3. Developed and defined service reporting templates

  4. Defined security skill requirements and engagement quality assurance

  5. Directed, developed and maintained strategic security partnerships

  6. Led the most complex security consulting engagements


Reese Web Security, Inc.

Co-Owner, Vice President: January 2003 – December 2004


  1. Licensed Private Investigator in the State of Florida

  2. Performed detailed background checks

  3. Performed numerous investigations with a team of licensed investigators


AimNet Solutions Inc.

VP, CISO & Information Security Practice Leader: May 2000 – December 2002


  1. Started venture funded AimNet Solution in 2000

  2. Successfully completed acquisition of several high-tech companies

  3. Expanded managed security services to include network management

  4. Provided Virtual CxO services that guided and led commercial clients as their CISO, CSO, CRO, CTO, and CIO

  5. Led the most complex security consulting engagements

  6. In 2007, successfully sold the AimNet Solutions (and ANS, LLC) to Cognizant


Reese Web, Inc.

Chief Executive Officer and President: August 1995 – May 2000


  1. Provide managed security and professional services from SMB to large enterprise companies

  2. Over 800+ commercial customers blanketed the nation from coast to coast

  3. Secured Florida State Negotiated Price Schedule Agreement during his first year of business

  4. Provided security services to SLED, U.S. Military, and Federal Agencies

  5. Created the Virtual CxO service offering that guided and led commercial clients as their CISO, CSO, CRO, CTO, and CIO

  6. Led the most complex security consulting engagements

  7. Axent Technologies recognized Reese Web as their #1 Systems Integrator in the State of Florida and their Elite Security Partner

  8. In 2000, started new venture funded company AimNet Solutions and merged Reese Web


The Waldec Group

Director, Network and Advanced Network Services: December 1994 – August 1995


  1. Practice leader for professional service delivery teams and service offerings

  2. Profitably grew technical team from 15 to 26 professionals

  3. Identified and implemented strategic vendor relationships

  4. Achieved recognition as Tampa's leading systems integrator

  5. Led the most complex consulting engagements


Nielsen Media Research

LAN Coordinator: June 1993 – December 1994


  1. Managed and maintained systems and tech-teams for three groups (Network Management & Internet Services, EDI & Network, and UNIX Systems Administration & Support) for a 90,000+ global user environment

  2. Performed extensive requirements analysis, development, and implementation work around advanced technologies in Internet and system security, multi-protocol network management, multiple email vendor platforms solutions and operating systems (from desktop/laptop, vast list of state-of-the-arts server technology, multiple mainframe vendors)


McDonnell Douglas

Senior Engineer – Technology: October 1992 – June 1993


  1. Member of a research team in the Special Operations Command HQ-J2 test lab

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


Halifax Corporation

European Regional Manager: January 1989 – October 1992

Account Manager: July 1987 – January 1989

Senior Field Service Representative: August 1986 – July 1987

Field Service Representative: June 1986 – August 1986


  1. Managed government contracts and multiple component level repair depots

  2. Managed international accounts and started a new international business division

  3. Managed systems and tech-team oversight at international cruise missile planning facilities

  4. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


Eaton Corporation

Associate Field Engineer: January 1985 – June 1986


  1. Served as a resident onsite engineer at the USAF Tactical Air Warfare Center (TAWC) - J2

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


Enfield’s 3M Business Products

Customer Service Representative: April 1984 – January 1985


  1. Maintained 3M office products in the States of Florida and Georgia

  2. Completed numerous product certification courses in electronic mechanical technologies

  3. Products such as: 3M Copiers and Microfiche Viewers, and Lanier Word Processors


U.S. Navy

E-6 FTB1(SS): January 1978 – January 1984


  1. Led a seven man team in launch operations of a Nuclear Trident Ballistic Missile System

  2. Maintained a Top Secret (SBI, w/SCI) Military Security Clearance


NOTABLE VOLUNTEER WORK



InfraGard National Members Alliance

Chairman of the CISO Cross-Sector Council: February 2021 – Present

Board of Directors Member and Corporate Secretary: February 2019 – July 2021

Chairman of the Enterprise Risk Management Committee: September 2020 – July 2021

Vice Chairman of the InfraGard History Committee: February 2019 – July 2021

Vice Chairman of the CISO Cross-Sector Council: October 2020 – February 2021

North Central Regional Deputy Representative: June 2018 – February 2019


  1. InfraGard is a partnership between the U.S. Federal Bureau of Investigation (FBI) and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

  2. IMNA is a non-profit 501(c)(3) Delaware Corporation, comprised of 77 separate 501(c)(3) InfraGard Member Alliances (IMAs) with a membership of more than 74,000 plus Subject Matter Experts, representing our Nation’s critical infrastructures.

  3. As Chairman, oversees that the CISO Cross-Sector Council provides an opportunity for InfraGard members who have an executive leadership positions in Information Security, in order to collaborate both at the chapter, region and national level. CISOs exist with expertise in every sector. There is a need to strengthen information Security in America and enhance the workforce ensuring we keep our competitive edge. We will succeed at this through our members’ strengths and collaborating with effective partners.

  4. As the National Secretary, was responsible for keeping the minutes of Board of Directors meetings; oversaw that all notices were duly given in accordance with the provisions of organizational Bylaws or as required by law; was the custodian of the corporate records and of the seal of the Corporation; and in general performed all duties incident to the office of Secretary and such other duties as from time to time may have been assigned by the President or by the Board of Directors.

  5. As Chairman, oversaw the performance of Enterprise Risk Management Committee's Data Gathering, Reviews and Assessments, Reports, and Assists the Board of Directors with effective Planning and Leadership of InfraGard National Membership Alliance (INMA).

  6. As Vice Chairman, assisted the Chairman with the research of InfraGard History and review of corporate records.


InfraGard Kansas City Members Alliance

Board of Directors Member: January 2017 – February 2019

Webmaster InfraGard-KC.Org: January 2017 – September 2019


  1. InfraGard Kansas City Members Alliance (IMA) is a non-profit organization serving as a public-private partnership among U.S. businesses, individuals involved in the protection and resilience of U.S. critical infrastructures, and the Federal Bureau of Investigation.

  2. IMA is a non-profit 501(c)(3) Missouri Corporation, with a membership of more than 300 plus Subject Matter Experts, representing the Kansas City Area’s critical infrastructures.


EDUCATION



American Institute for Computer Science (Birmingham, AL)

  1. Bachelor of Science in Computer Science, February 1992
    GPA 4.0/4.0


TESTED COMPETENCIES BY PROMINENT CERTIFICATIONS



  1. Access Management

  2. Asset Security

  3. Business Continuity

  4. Business Principles and Practices

  5. Communications Security

  6. Computer Security

  7. Disaster Recovery

  8. Enterprise IT Governance

  9. Identity Management

  10. Information Risk Compliance

  11. Information Security

  12. Information Security Management

  13. Information Technology

  14. IT Benefits Realization

  15. IT Control Maintenance

  16. IT Governance

  17. IT Governance Framework

  18. IT Governance Principles

  19. IT Resource Optimization

  20. IT Risk Assessment

  21. IT Risk Evaluation

  22. IT Risk Identification

  23. IT Risk Management

  24. IT Risk Monitoring

  25. IT Risk Optimization

  1. IT Systems Control Design

  2. IT Systems Control Implementation

  3. IT Systems Control Monitoring

  4. IT Security

  5. IT Security Incident Manager

  6. IT Security Program Manager

  7. Network Security

  8. Penetration Testing

  9. Personnel Security

  10. Physical Security

  11. Professional Services

  12. Project Management

  13. Risk Management

  14. Security

  15. Security Assessment

  16. Security Audits

  17. Security Engineering

  18. Security Management

  19. Security Operations

  20. Security Principles and Practices

  21. Security Testing

  22. Software Development Security

  23. Strategic IT Management

  24. Vulnerability Assessment



PROFESSIONAL MEMBERSHIPS



  1. ASIS International

  2. InfraGard

  3. ISACA: Information Systems Audit and Control Association

  4. (ISC)2: International Information Systems Security Certification Consortium

  5. OCEG: Open Ethics and Compliance Group


NOTE: InfraGard is a partnership between the U.S. Federal Bureau of Investigation (FBI) and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.


PERSONAL INTEREST



  1. Award Winning Published Author, REESE’S Peanut Butter Cups: The Untold Story

  2. DKI Martial Arts Grandmaster Instructor, 8th Degree Black Belt
    Okinawan Karate, Pressure Point Fighting, and Reality-Based Self-Defense Expert
    USA Martial Arts Hall of Fame Inductions:
       2006 - Master of the Year
       2010 - Karate Grandmaster of the Year

  3. Music, Playing Guitar, and Love Singing Karaoke

  4. Languages: English and German


OTHER WEBSITE CONTENT



  1. Top Natural Talents/GALLUP StrengthFinder 2.0

  2. Prominent Industry Certifications

  3. Personal Security Pledge

  4. Years of Security Tip Newsletters