This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User:Nathan Smolenski"
KateHartmann (talk | contribs) m (Creating user page with biography of new user.) |
|||
| Line 1: | Line 1: | ||
| − | CISO - | + | CISO - Zurich North America |
10 Years experience in the following areas: | 10 Years experience in the following areas: | ||
Latest revision as of 17:05, 22 November 2013
CISO - Zurich North America
10 Years experience in the following areas: IT Risk Management:
- Implementation of security and risk management strategies
- Implementation and execution of risk assessment and analysis methodologies (COBIT / ITIL / ISO)
- Integration of security process and controls into SDLC and other life cycle processes.
Application Security:
- Development and management of application assurance programs.
- Implementation of dynamic and static analysis tools
- Application vulnerability remediation programs
- Secure SDLC program development
- PCI-DSS
Information Security Governance & Program development:
- Development of information security strategies
- Enterprise Information Security posture assessment
- Implementation of information security governance programs
- Metrics / KPI analysis and development
Program Management:
- Management of large scale Infrastructure projects
- Internal / external resource management
- Project / Program governance and compliance
- Contractual performance / vendor assessment
Incident Management:
- Coordination and execution of DR/BCP testing
- Management of security and operational risk events
- Implementation and management of RCA processes
Training
- Designing and delivering risk management, security awareness and compliance training
Systems Analysis, Business Analysis & Project Management:
- Managing technical projects in varying size and scope
- Leading teams of development and operational staff
- Organizing and managing business and technical JAD sessions.
- Requirements management
- Business process engineering
- Management of software deployments and enterprise level software implementations
- Management of UAT / Testing processes and programs
Specialties Application Security, Information Security Governance, Security Standards, IT Process Engineering, Application Vulnerability Testing, Information Systems Audit, Business Analysis, Systems Analysis, Secure Software Development, Project management Technology within Banking / Investment Management / Brokerage / FX Trading / Annuities, Risk Management, DOI / SOX / ICF / PCI-DSS / HIPAA Compliance
