Profiles search
Alfonso Salgado EnCE, GCFA, ACE
Vice President, IT Information Security Operations Director
Dallas, TX, United States
Details
Experience:
2021 : Present
Hilltop Holdings
Vice President, IT Information Security Operations Director
Director of Information Security / Head of Cybersecurity
• CISO Chief of Staff overseeing 10MUSD annual operational and capital expenditures
• Chief CISO advisor regarding security initiatives
• Key contributor in organization’s successful multi-year effort to attain GLBA compliant status from the Federal Reserve
• Primary interface with internal and external auditors regarding security programs, from reporting to remediation endeavors
• Provide strategic guidance on the deployment of both technical and process driven cybersecurity countermeasures that align
with business requirements, Santander Global Protect initiatives, and ensure the Confidentiality, Integrity, and Availability of
company data and information systems
• Provide key insights and vision to executive leadership in support of coherent Cybersecurity strategy to protect entities with
varying operational models and business requirements
• Responsible for the operations and program maturity of the following Information Security teams : Cyber Incident Response
(IR), Digital Forensics & eDiscovery, Security Monitoring & Logging, Threat Intelligence, Data Loss Prevention (DLP),
Network Security, Third Party Risk & Security Assurance, and Penetration Testing
• Manage approximately 20 full time employees and contractors; some local to Dallas and some remote across the US
• Research developing new technologies to identify ones that create the most secure environment while considering fiscal
limitations and business requirements
• Use a risk-based approach to assess the current security posture, identify any gaps, and remediate or mitigate the deficiency
with compensating controls based on FFIEC guidelines
2018 : 2021
Santander Consumer USA
Director
Senior Consultant/Manager Incident Response, Digital Forensics & Penetration Testing
• Manage Incident Response (IR), Digital Forensics and Penetration Testing teams as part of a comprehensive Cyber Threat program
• Authored company Security Monitoring, Digital Forensics and Incident Response program documents, supporting procedures, and runbooks
• Develop and provide evidence of compliance with GLBA, PCI, SOX, and other regulatory compliance requirements for both internal and external auditors
• Contribute to an annual cybersecurity maturity review based on FFIEC guidelines
• Lead and mentor team of information security professionals in handling cyber security incidents to protect the confidentiality, integrity, and availability of Santander Consumer USA digital assets
• Develop and implement training in IR, Forensics, and eDiscovery including facilitation of quarterly table top exercises
• Draft incident response analysis reports for consumption of multiple audiences to include technically knowledgeable colleagues and non-technical executive leadership
• Prepare monthly metrics-based reporting for executive leadership
• Brief complex technical cyber security incident details to key business stakeholders and executive leadership members in written reports and oral briefings
2016 : 2018
Santander Consumer USA
Senior Information Security Consultant/Manager
Cybersecurity & Digital Forensics Specialist – Incident Response Team
• Subject Matter Expert (SME) in Digital Forensics on the PepsiCo Incident Response Management team
• Provide guidance on policy and procedures; create related documentation to include SOPs, playbooks, etc.
• Collect, preserve, and analyze electronic data of various types (workstation HDDs, servers, virtual machines, live memory, etc...) and provide accompanying reporting
• Perform investigations into cyber security incidents in accordance with the phases of the Incident Response Cycle
• Assist in managing a team of incident handlers in North America and coordinate the efforts of teams in Europe and India
2015 : 2016
PepsiCo
Cybersecurity & Digital Forensics Specialist – Incident Response Team
As a member of Capsicum Group I provide expertise and project management in the areas of Digital Forensics, Electronic & Paper Discovery, Data Recovery, Security, Compliance and Expert Testimony Services. My duties include the collection, preservation, and examination of electronic data along with accompanying reporting. I also interact with clients in order to provide them with project management support.
2012 : 2015
Capsicum Group, LLC
Senior Consultant – Digital Forensics
Hilltop Holdings
Vice President, IT Information Security Operations Director
Director of Information Security / Head of Cybersecurity
• CISO Chief of Staff overseeing 10MUSD annual operational and capital expenditures
• Chief CISO advisor regarding security initiatives
• Key contributor in organization’s successful multi-year effort to attain GLBA compliant status from the Federal Reserve
• Primary interface with internal and external auditors regarding security programs, from reporting to remediation endeavors
• Provide strategic guidance on the deployment of both technical and process driven cybersecurity countermeasures that align
with business requirements, Santander Global Protect initiatives, and ensure the Confidentiality, Integrity, and Availability of
company data and information systems
• Provide key insights and vision to executive leadership in support of coherent Cybersecurity strategy to protect entities with
varying operational models and business requirements
• Responsible for the operations and program maturity of the following Information Security teams : Cyber Incident Response
(IR), Digital Forensics & eDiscovery, Security Monitoring & Logging, Threat Intelligence, Data Loss Prevention (DLP),
Network Security, Third Party Risk & Security Assurance, and Penetration Testing
• Manage approximately 20 full time employees and contractors; some local to Dallas and some remote across the US
• Research developing new technologies to identify ones that create the most secure environment while considering fiscal
limitations and business requirements
• Use a risk-based approach to assess the current security posture, identify any gaps, and remediate or mitigate the deficiency
with compensating controls based on FFIEC guidelines
2018 : 2021
Santander Consumer USA
Director
Senior Consultant/Manager Incident Response, Digital Forensics & Penetration Testing
• Manage Incident Response (IR), Digital Forensics and Penetration Testing teams as part of a comprehensive Cyber Threat program
• Authored company Security Monitoring, Digital Forensics and Incident Response program documents, supporting procedures, and runbooks
• Develop and provide evidence of compliance with GLBA, PCI, SOX, and other regulatory compliance requirements for both internal and external auditors
• Contribute to an annual cybersecurity maturity review based on FFIEC guidelines
• Lead and mentor team of information security professionals in handling cyber security incidents to protect the confidentiality, integrity, and availability of Santander Consumer USA digital assets
• Develop and implement training in IR, Forensics, and eDiscovery including facilitation of quarterly table top exercises
• Draft incident response analysis reports for consumption of multiple audiences to include technically knowledgeable colleagues and non-technical executive leadership
• Prepare monthly metrics-based reporting for executive leadership
• Brief complex technical cyber security incident details to key business stakeholders and executive leadership members in written reports and oral briefings
2016 : 2018
Santander Consumer USA
Senior Information Security Consultant/Manager
Cybersecurity & Digital Forensics Specialist – Incident Response Team
• Subject Matter Expert (SME) in Digital Forensics on the PepsiCo Incident Response Management team
• Provide guidance on policy and procedures; create related documentation to include SOPs, playbooks, etc.
• Collect, preserve, and analyze electronic data of various types (workstation HDDs, servers, virtual machines, live memory, etc...) and provide accompanying reporting
• Perform investigations into cyber security incidents in accordance with the phases of the Incident Response Cycle
• Assist in managing a team of incident handlers in North America and coordinate the efforts of teams in Europe and India
2015 : 2016
PepsiCo
Cybersecurity & Digital Forensics Specialist – Incident Response Team
As a member of Capsicum Group I provide expertise and project management in the areas of Digital Forensics, Electronic & Paper Discovery, Data Recovery, Security, Compliance and Expert Testimony Services. My duties include the collection, preservation, and examination of electronic data along with accompanying reporting. I also interact with clients in order to provide them with project management support.
2012 : 2015
Capsicum Group, LLC
Senior Consultant – Digital Forensics
Company:
Hilltop Holdings
Spoken Language:
Russian, Spanish
About
US Army veteran with 20+ years of experience in security and investigations and 15+ years of experience in Cybersecurity. A consistent top performing cybersecurity leader with experience in Government, Financial Services, Information Technology, and Retail sectors. Performed computer forensic examinations and provided expert testimony in support of Federal and State law enforcement agencies.
Specialties: Speak Spanish and Russian;
EnCE, EnCase Certified Examiner;
ACE, AccessData Certified Forensic Examiner;
GCFA, GIAC Certified Forensic Analyst;
Certified SAFe 5 Agilist.
Profile Photo
