Brandon Ashey

CISSP,CISM. VP of Information Security

Boise, ID, United States

Details

Education: Master of Information Technology, Enterprise Software Architecture

Capella University

Bachelor of Science, Computer Science

Boise State University

Experience: In this role, reporting to the CIO, I am responsible for adhering to CIS and other frameworks relating to the Financial regulatory requirements, while functioning as Head of Information Security. I work across multiple organizations to design, develop and monitor information security policy and documents; monitor compliance with Company security policies such as GLBA, regulatory requirements, and applicable laws; design security policy training and awareness activities. Other activities include reporting on security control status using various tools combined with analytic methods to correlate across systems and provide actionable information, as well as coordinates assessment, investigation, and reporting of security incidents. Responsible for implementing new processes, technical controls, and policies and procedures. Acting as primary liaison with the Applicaiton Development and DevOps teams, I am responsible for validating that our applications are designed and implemented with high security standards. I worked closely with the other technology leadership and other departments to further the information security standing of the company. It promotes strategic relationship with other parts of technology organization.

2023 : Present

Celink

Director of Information Security

In this role, I am responsible for adhering to NIST CSF, while functioning as Head of Information Security. It is worth mentioning that I nurture company's cybersecurity posture including vulnerability management, patching processes, and configuration auditing/hardening efforts. Furthermore, I perform multiple tasks diligently, such as negotiating vendor contracts, liaising with legal team for security requirements, and complying with CCRA and GDPR.

Key accomplishments, I achieved within this role are as follows :

• Saved company's 40% year-over-year spending by negotiating vendor contracts.

• Slashed manual workload by 90% through complex technical problem resolution.

• Established DevSecOps and oversaw GitHub and GCP environments in coordination with R&D teams.

• Implemented DDoS protection to e-commerce infrastructure ensuring availability for critical peak season.

• Maximized overall efficiency by developing and implementing 3rd party security and risk management program.

2022 : 2023

MANSCAPED

Senior Manager, Information Security (Head of Information Security)

During this tenure, I managed a $1.1B valuation, while acting as Head of information security and privacy for a startup through acquisition. I negotiated contracts for more than 50 vendors I was entrusted with providing unprecedented assistance in network and systems implementation and integration for new facilities and M&As. One of my key assignments was monitoring systems and infrastructure by operating 24x7 SOC/NOC. I spearheaded vendor security and risk management program to achieve optimum outcomes. I also administered company's IT infrastructure including communications, networks, servers, and clouds to streamline operations.

Below listed are some notable points from this role :

• Saved $4.5M of revenue by restoring operations services.

• Attained targeted objectives by steering department of 26 managers and ICs.

• Minimized vulnerabilities by 75% through 3rd party risk management and vulnerability management program.

• Collaborated closely with Law enforcement to direct incident response including APT and Ransomware attacks.

• Assured process and performance improvement by leading team and implementing privacy program for GDPR compliance.

• Ensured proper allocation of resources by managing $9.5M budget balancing technology investments with company objectives.

2017 : 2022

Cradlepoint

Director, Infrastructure and Security

I headed the Printer Driver Languages team to drive strategy and roadmap for all HP LaserJet printers. I was tasked with directing the Product Integration team responsible for migrating HP Pro LaserJet and OfficeJet products to a single firmware codebase. I involved myself in defining strategies, roadmap, and program deliverables to meet business objectives while working towards greater efficiency and quality. Along with many other functions, I supervised architecture, requirements, development, and qualification for security initiatives.

Here are some notable contributions to this role :

• Led team of seven software developers to meet and exceed set performance goals.

• Established R&D lab in China and mentored new employees on HP LaserJet firmware development.

• Functioned as Intrusion Detection project lead and established cross-organization strategy, requirements, and schedule.

2015 : 2017

HP

Manager, Pro & Value LaserJet and OfficeJet Printer Driver Languages Team

I was responsible for overseeing operations, maintenance, and security for IaaS and SaaS of over 300 globally distributed and load-balanced servers hosting 24 enterprise applications and web services.

Access Control Services

I authenticated application identities connecting to Web services, including role-based authorization criteria to ensure operations are appropriately exposed by using certificate and PKI infrastructure. I was engaged in implementing and maintaining multiple Web services for creating and managing identities interfacing with Identity Management Infrastructure.

Directory Services

I managed the publication of directory and security data from multiple repositories (LDAP, AD, Oracle) through Web services. Furthermore, I provided decoupled repository of data used for identification, authentication, and authorization during runtime operations.

Secure Development Services

I was responsible for overseeing secure design and development practices by establishing a culture of first-time software quality. I would like to state that I identified and resolved security concerns, peer-reviews, focus on regression test suites, code-signing, and proper change management practices.

Protection Services

I executed services and standards for securing Web services on the Boeing Enterprise, including client health monitors, port & device control, data signing, and encryption. I also ensured the security of application identities in accordance with Boeing cryptographic standards by using the latest standards for encryption.

Detection & Recovery Services

I ensured security and protection of applications through assessments of production-ready software, middleware, and data sources. I established peer reviews, focused on automated test suites, and proactively submitted code for vulnerability scans.

2011 : 2015

Boeing

Manager, Identity and Directory Systems - Cyber Tools & Web Services

Company: Celink

Years of Experience: 26

Skills

Agile Methodologies, Agile Project Management, Application Security, Architecture, Business Continuity, business process improvement, Compliance Management, Cybersecurity, Embedded Systems, Enterprise Risk Management, Enterprise Software, General Data Protection Regulation (GDPR), IDS/IPS, Incident Response, Information Security, Information Security Management, Information Technology, Interpersonal Skills, IT Management, Large Systems Integration, Leadership, Linux, Management, Negotiation, Network Security, Payment Card Industry Data Security Standard (PCI DSS), Physical Security, PKI, Process Improvement, Project Management, Requirements Analysis, Risk Management, Security, Security Architecture Design, Security Information and Event Management (SIEM), Security Operations, Software Development, software development life cycle (sdlc), Software Engineering, Software Project Management, Strategic Planning, Technical Leadership, Telecommunications, Testing, Vendor Management, Vulnerability Management, Windows Server, XML, Java, C, Unix, NET, Cloud Computing, SQL, SDLC, Scrum, SOA, JavaScript, ClearCase, UML, Shell Scripting, ASP.NET, OOP, Database Design, Test Driven Development, Web Applications, Software Project, MySQL, HTML, Object Oriented Design, Subversion, PHP, REST, Git, CSS, Product Development, Design Patterns, Integration, Web Services

About

Welcome to my LinkedIn profile.

➤ My credible history of success is directly related to extensive IT experience and track record of delivering project management leadership for information security infrastructure development.

➤ I have remarkable efficiency in leading enterprise security and privacy programs, directing design/integration of cutting-edge technology solutions, and managing projects under time and budgets.

➤ Employers recognize me for collaborating with vendors and various cross-functional teams aimed at conducting audits and improving overall efficiency with emphasis on maximizing performance and increasing profitability.

➤ I am an expert at recommending existing control updates, mitigating risk, managing resources, and executing risk management frameworks.

➤ I have a proven track record of providing strategic direction and leadership for development and execution of compliance policies and provide supervision to all subsidiary compliance, privacy, and regulatory functions.

➤ Engaging and collaborative, I am a trusted partner to C-level leadership, relied upon to identify and capitalize on opportunities for major savings and process improvements.

If you find my profile exciting or interesting in learning more about my skillset and experience, please contact me on LinkedIn or email me at brandonashey@gmail.com