Profiles search
Bill Shearstone, CISSP, CCSP, CEH
Director, Information Security at Boston Energy Trading and Marketing
Boston, MA, United States
Details
Education:
Master of Business Administration - MBA
Management Informations Systems
Western New England College of Pharmacy and Health Sciences
Bachelor of Applied Science - BASc
Management Information Systems
Bridgewater State University
1990 : 1995
Management Informations Systems
Western New England College of Pharmacy and Health Sciences
Bachelor of Applied Science - BASc
Management Information Systems
Bridgewater State University
1990 : 1995
Experience:
- Leads the Information Security program with a pragmatic risk management approach to ensure that business operations are conducted in a secure and productive manner using the NIST Cyber Security Framework following a cloud first strategy.
- Develops and analyzes information security metrics to gauge the effectiveness of controls and gain a pulse of the security environment using vulnerability and incident information as well as tracking tasks to improve the program maturity.
- Selects the use of advanced security technologies with the implementation and management of these technologies using a DevOps approach.
- Develops Information Security strategy and executes this strategy through roadmaps to further enhance the information security program through maturity and ensuring that proper technologies and processes are in place to address the ever-changing threat dynamics.
- Communicates regularly with the executive steering team to keep them apprised of the Information Security program to include current organizational risks.
2021 : Present
Boston Energy Trading and Marketing
Director, Information Security
- Had the opportunity to build a security program from the ground up on newly procured on premise and cloud environments as the result of a diversification. Tightly integrated with the design and implementation of the environment to direct and validate that security protocols and fundamentals are followed.
- Following the cutover to the new environment, quickly implemented critical security technologies and practices to include vulnerability management, email protections, and training.
- Developed policies and standards to to begin the Information Security Program and governance.
- Based the information security program using the NIST Cybersecurity Framework and developed metrics to measure progress and effectiveness.
- Created yearly roadmaps to address identified gaps and to meet business objectives and goals.
Selected and implemented advanced security technologies to protect against the latest threats.
- Established an executive steering committee within the security program and regularly briefed them on the program status and information security topics.
- Captured and tracked organizational risks through a risk register that was routinely briefed to the executive team, and which drove the yearly roadmap planning to address those risks.
2019 : 2021
Boston Energy Trading and Marketing
Sr. Manager, Information Security
- Leads a team of Information Security and Network Engineers which support the network and IT security infrastructure with a hands-on approach to stay in tune with capabilities and configuration integrity
- Directs the security architecture for newly developed applications for IAM, monitoring and alerting, security controls, and ensuring the design is in accordance with best practices and guidance.
- Oversees the configuration and controls of a development cloud (AWS) environment, IAM SaaS, and email protection SaaS
- Sets IT Security strategy and ensures business applications and initiatives are in accordance with security policies and best practices.
- Guides the selection and implementation of next generation security technologies included automated response
- Develops and implements the IT security roadmap to enhance the IT security posture.
- Responsible for vulnerability management and feeds risk information to the CISO.
- The technical lead for incident response to include identification, containment, and investigation.
2018 : 2019
MIB Group, Inc.
Manager, IT Security and Networking
- Managed a team of IT infrastructure personnel to include systems administrators, network engineer, network security engineer, and desktop support technicians.
- Responsible for data center management to include :
o Virtualization, storage area network, and servers.
o Local area and wide area networks.
o IT security such as firewalls, Virtual Private Network (VPN), Intrusion Detection and Prevention Systems (IDPs), Network Access Control (NAC), Mobile Device Management (MDM), Vulnerability Management, patch management, Internet filtering, malware detection, disk encryption, Email Gateway, and Security Incident and Event Management (SIEM).
o Desktops and mobile devices.
- Engineered the infrastructure and Information Security solutions for new initiatives.
- Technical lead for the company’s Incident Response Team
- Oversees the status, configuration, and alerting of numerous IT security technologies.
- Implemented infrastructure technology refreshments to include storage area network, backup systems, and SIEM.
- Orchestrated office moves to include procurement and build out of IT infrastructure and circuit installations.
- Vastly improved Disaster Recovery by incorporating a more robust system reducing RTO and RPO.
- Ensured department activities fulfilled control requirements for SOC2 certification.
2012 : 2018
MIB Group, Inc.
Manager, LAN, Network and Security Services
- Led the implementation of and co-designed a virtualization security architecture which capitalized on the latest virtualization security technologies along with traditional defense-in-depth best practices.
- Deployed various IT security initiatives to include dual-factor authentication, VPN remote access, disk encryption, NAC, and malware detection. These deployments involved other departments as well as Help Desk and user training.
- Developed an incident response plan which included the enhancement of the company’s SIEM system.
- Maintains and configures the gamut of security devices which include firewalls, IDPs, anti-virus systems, Internet filters, and mail gateways.
2007 : 2012
MIB
Senior Network Security Analyst
- Develops and analyzes information security metrics to gauge the effectiveness of controls and gain a pulse of the security environment using vulnerability and incident information as well as tracking tasks to improve the program maturity.
- Selects the use of advanced security technologies with the implementation and management of these technologies using a DevOps approach.
- Develops Information Security strategy and executes this strategy through roadmaps to further enhance the information security program through maturity and ensuring that proper technologies and processes are in place to address the ever-changing threat dynamics.
- Communicates regularly with the executive steering team to keep them apprised of the Information Security program to include current organizational risks.
2021 : Present
Boston Energy Trading and Marketing
Director, Information Security
- Had the opportunity to build a security program from the ground up on newly procured on premise and cloud environments as the result of a diversification. Tightly integrated with the design and implementation of the environment to direct and validate that security protocols and fundamentals are followed.
- Following the cutover to the new environment, quickly implemented critical security technologies and practices to include vulnerability management, email protections, and training.
- Developed policies and standards to to begin the Information Security Program and governance.
- Based the information security program using the NIST Cybersecurity Framework and developed metrics to measure progress and effectiveness.
- Created yearly roadmaps to address identified gaps and to meet business objectives and goals.
Selected and implemented advanced security technologies to protect against the latest threats.
- Established an executive steering committee within the security program and regularly briefed them on the program status and information security topics.
- Captured and tracked organizational risks through a risk register that was routinely briefed to the executive team, and which drove the yearly roadmap planning to address those risks.
2019 : 2021
Boston Energy Trading and Marketing
Sr. Manager, Information Security
- Leads a team of Information Security and Network Engineers which support the network and IT security infrastructure with a hands-on approach to stay in tune with capabilities and configuration integrity
- Directs the security architecture for newly developed applications for IAM, monitoring and alerting, security controls, and ensuring the design is in accordance with best practices and guidance.
- Oversees the configuration and controls of a development cloud (AWS) environment, IAM SaaS, and email protection SaaS
- Sets IT Security strategy and ensures business applications and initiatives are in accordance with security policies and best practices.
- Guides the selection and implementation of next generation security technologies included automated response
- Develops and implements the IT security roadmap to enhance the IT security posture.
- Responsible for vulnerability management and feeds risk information to the CISO.
- The technical lead for incident response to include identification, containment, and investigation.
2018 : 2019
MIB Group, Inc.
Manager, IT Security and Networking
- Managed a team of IT infrastructure personnel to include systems administrators, network engineer, network security engineer, and desktop support technicians.
- Responsible for data center management to include :
o Virtualization, storage area network, and servers.
o Local area and wide area networks.
o IT security such as firewalls, Virtual Private Network (VPN), Intrusion Detection and Prevention Systems (IDPs), Network Access Control (NAC), Mobile Device Management (MDM), Vulnerability Management, patch management, Internet filtering, malware detection, disk encryption, Email Gateway, and Security Incident and Event Management (SIEM).
o Desktops and mobile devices.
- Engineered the infrastructure and Information Security solutions for new initiatives.
- Technical lead for the company’s Incident Response Team
- Oversees the status, configuration, and alerting of numerous IT security technologies.
- Implemented infrastructure technology refreshments to include storage area network, backup systems, and SIEM.
- Orchestrated office moves to include procurement and build out of IT infrastructure and circuit installations.
- Vastly improved Disaster Recovery by incorporating a more robust system reducing RTO and RPO.
- Ensured department activities fulfilled control requirements for SOC2 certification.
2012 : 2018
MIB Group, Inc.
Manager, LAN, Network and Security Services
- Led the implementation of and co-designed a virtualization security architecture which capitalized on the latest virtualization security technologies along with traditional defense-in-depth best practices.
- Deployed various IT security initiatives to include dual-factor authentication, VPN remote access, disk encryption, NAC, and malware detection. These deployments involved other departments as well as Help Desk and user training.
- Developed an incident response plan which included the enhancement of the company’s SIEM system.
- Maintains and configures the gamut of security devices which include firewalls, IDPs, anti-virus systems, Internet filters, and mail gateways.
2007 : 2012
MIB
Senior Network Security Analyst
Company:
Boston Energy Trading and Marketing
Years of Experience:
29
Skills
Budget Management, Computer Security, Incident Response, Information Security, IT Management, Network Security, Program Management, Risk Management, Security, Security Awareness, Security Management, Security Metrics, Virtualization, Vulnerability, Vulnerability Management
About
Self-motivated and highly technical leader with 25 years of hands on experience in the Information Technology (IT) arena with over 15 years of experience focusing on IT security with the Department of Defense and commercial sector. In tune with the latest Information Security technologies, methodologies and best practices and follows a cloud first strategy.
Profile Photo
