Elbert Peak, CISSP, GSLC

Director, Audit, CyberSecurity, and Risk Engagement | CISSP | GIAC x 10 | CEH | Agile

Stonington, CT, United States

Details

Education: Master of Science - MS

Software Engineering

California State University-Fullerton

2007 : 2009

Master of Science

Computer Information Systems

Florida Institute of Technology

2007 : 2009

Bachelor of Science

Computer and Information Science

University of Maryland University College

2003 : 2007

Professional Continuing Education

Cyber/Electronic Operations and Warfare

Air Force Institute of Technology-Graduate School of Engineering & Management

2013 : 2013

Warrant Officer Senior Staff Course, Military and Strategic Leadership

The Army University, Warrant Officer Career College (WOCC) (WOSSE)

2014 : 2014

Experience: Providing leadership, project management, and oversight of various cross-business unit initiatives for CIO critical metrics and other pivotal initiatives. Responsible for Tech Operations on technology lifecycle, cybersecurity, technology and risk driven priorities. Provide business vision and guide IT projects with a focus on customer impact. Focused on the vision, planning, management and delivery of our cyber and information security program. Oversee Information Security’s strategy and roadmap, while enabling the business through secure development, audit and risk minimization.

Projects, Reporting & Operations team (PRO) is part of the domain that is accountable for the Technology Strategy and Agile Enablement Office within Asset Management Technology (AMT). AMT in turn provides worldwide technology and support to all the Investment Management, Research, Trading and Investment Operations functions. AMT is an integral partner for Asset Management to deliver innovative, scalable, industry-leading investment tools that enable Asset Management to achieve competitive advantage globally.

#FidelityAssociate

2022 : Present

Fidelity Investments

Director, Audit, CyberSecurity, and Risk Engagement

Security Testing Manager leading our penetration testing team's activities validating external attack surface consisting of our services, applications, and websites are secured against the latest threats. Responsible for managing a program of teams with security engineers and third party vendors conducting penetration tests, evolving the security assurance process, manage third party vendors, and creating metrics to demonstrate team’s performance. Drive remediation activities to closure. Apply Open Web Application Security Project (OWASP) into continuous Systems Development Life Cycle (SDLC).

Engage with business owners to quantify security risk and compliance requirements, and endorse mitigations for risk acceptance (e.g., SOX, Protected Health Information (PHI), General Data Protection Regulation (GDPR), Privacy Data, HIPAA).

Program Manager for several projects designed for remediation tracking. Devise, implement, and monitor critical vulnerability response processes to efficiently remediate critical vulnerabilities.

2022 : 2022

Pfizer

Security Testing Manager/Program Manager - Global Information Security

Lead global delivery of operational security tools, services, vulnerability management, and process management. Research and monitor cyber threats and vulnerability trends and collaborate with other Global Information Security organizations to implement measures of detection for the provided services. Lead projects in security testing, penetration testing, and continuous monitoring. Lead technical response, root cause analysis, source code analysis, and follow-up to service issues.

Responsible for leading global governance procedures ensuring relevant vulnerability management metrics or potential enterprise-level threats are shared with relevant stakeholders. Manage engineering teams responsible for vulnerability scanning and response, and security tool management.

2018 : 2022

Pfizer

Cybersecurity Vulnerability Manager - Global Information Security

Senior Cybersecurity Subject Matter Expert (SME) for computer network exploitation, cyber-physical security, Industrial Control Systems (ICS) Cybersecurity, Internet of Things (IoT), and embedded systems.

Research, develop, maintain, and deliver weapon system cybersecurity education in response to urgent needs from the Air Force and Department of Defense. Anticipate needs to develop short-term capability to vague and/or nascent educational requirements. Design cyber solutions around industry standards (DoD 8500, NIST 800-53, ISO 27001 & 27002, Open Web Application Security Project (OWASP), SANS Critical Security Controls, Risk Management Framework (RMF), etc.) that integrate vendor agnostic best of breed capabilities, tailored to the unique needs of individual customers to ensure each security implementation resolves our customer’s toughest challenges. Provide technical services to support research, engineering and acquisition customers.

2017 : 2018

MacAulay Brown

Senior Cyber and Systems Engineer (SME) / Program Manager / Instructor

Senior Cyber Security Technical Advisor and instructor for Cyber 200/300 Professional Continuing Education courses at the Air Force Institute of Technology (AFIT). Produced cutting-edge research and injects that research into the curriculum, a process not found at most institutions, especially in the cyber warfare environment. Cyber 200 and 300 are joint certified and meet requirements of CJCSM 3500.03C. Center for Cyberspace Research (CCR) has six active research laboratories spanning critical infrastructure, computer network exploitation and attack, wireless networking and security, malicious code analysis and software assurance/protection. Tasked with leading Professional Continuing Education development efforts based on demonstrated leadership and technical capabilities. Primary instructor for cyberspace operations doctrine, software security engineering principles, offensive security, cryptography, network architecture, wireless & mobile device security, cyber case studies, and digital forensics. Served as the Senior Army Warrant Officer advisor to Air Force personnel for assessing tactics, techniques, and procedures (TTPs) for inclusion in Air Force and Joint Department of Defense doctrine.

2013 : 2017

Air Force Institute of Technology

Senior Cyber Security Technical Officer / Lead

Company: Fidelity Investments

Years of Experience: 35

Skills

Agile Methodologies, Army, CEH, CISSP, Command, CompTIA, CompTIA Security+, Computer Forensics, Computer Security, Cryptography, Cyber Operations, cybersecurity, Cyberspace Operations, Defense, DIACAP, DoD, IDS, Incident Response, Information Assurance, Information Security, Information Security Management, Integration, Intelligence, Intrusion Detection, Malware Analysis, Microsoft Power BI, Military, Military Operations, National Security, Network Architecture, Network Security, Penetration Testing, Process Improvement, Project Management, Reverse Engineering, Risk Assessment, Security, Security+, Security Audits, Security Clearance, Security Policy, Software Analysis, Software Design, Software Engineering, Software Project Management, Systems Engineering, Tactics, Top Secret, Vulnerability Assessment, Vulnerability Management

About

Highly experienced Cybersecurity Leader and Veteran. Effective leader driving roadmaps to deliver key security initiatives in enterprise-wide environments. Interdisciplinary experience in program management, vulnerability management, penetration testing, software project management, information systems management, intrusion detection and analysis, computer forensics, and incident response. Respected leader with proven ability to lead teams in a demanding environment through communicating, building relationships and teams, advising, and delivering desired results. Self-motivated leader in analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threats warning information, developing risk mitigation, and coordinating incident response activities.

Solid background in network penetration testing, hacker exploits, incident handling, intrusion detection, and computer forensics (including malware reverse engineering). Knowledgeable in software engineering principles and techniques such as Agile methodologies, CMMI, UML, requirements analysis, systems life-cycle management, project management and discrete mathematics. Experienced in web development, Oracle DBA, Linux/UNIX, reverse engineering and systems architecture and design. Technically proficient in software development concepts using Java, C/C++, and Visual Basic programming languages. Operational experience at the Joint, Operational, and Tactical levels in many areas of communications and cyberspace operations. Experience with threat modeling and trend monitoring using Security Information and Event Management (SIEM) tools.

Specialties: cyberspace operations, computer security, information security, computer forensics, network penetration testing, security/vulnerability assessments, incident handling, intrusion detection, systems auditing, software project management, software design & architecture, software measurement & testing, software verification & validation, software maintenance, software process Capability Maturity Model Integration (CMMI) and Standard CMMI Appraisal Method for Process Improvement (SCAMPI).