Lucia Sills CISSP CISA CISM CPP

Details

Education: B.S.

Psychology/Biology; Minor in Art

St. Mary's College of California

CIS, UNIX,Linux and C Programming, C and Korn Shell Scripting, Windows Networking, Web Design

De Anza College

1996 : 1998

Administration of Justice, Business, Accounting

Diablo Valley College

1996 : 1997

Experience: Cisco Global Information Security Team Member assessing new web applications, services and Third Party Vendors and Partners. Review and approve multi-platform IT INFRA, architectures, Regulatory Compliance, Operational Risk, security designs and hardening standards including Cloud-based solutions.

2015 : Present

Cisco

Application Security Engineer - Information Security, GIS

2015 : 2015

Open Sourcework

IT Consultant - Designing security-focused solutions

Sabbatical,– 7/14 – 3/15

• Cloud Security Association and CSA’s Cloud Security Open API Data Governance and Policies Working Group Member.

• Defining Cloud Supply Chain complex business, technical and organizational issues, as well as geographical boundaries and Cloud Service Business Activities, SaaS, IaaS, EU, Privacy and Business Scopes cross-borders including Cloud Brokerage, Cloud Security Audit Issues, Third Party Data Classification (Trust Zones). Cloud Data Classification CSA Subgroup Contributor under Cisco Leadership for the CSA International and US Communities.

Defining Cloud Security and Trust Frameworks, Sec. Architecture reviews, creating prototypes and working with CSA Cloud Security Matrix requirements.

Updated skillset :

• McAfee ePO (Enterprise Policy Orchestrator), SIEM and DLP continuous monitoring, Administration, creation of customized Dashboard, Graphical Metrics and Reporting; ePO Deep Command Discovery and Reporting Software tools.

• BITS Shared Assessment Risk Management Tools; Third Party Self Assessments; SIG (Standard Information Gathering Questionnaire) Lite and Full Vendor Assessment Reviews; Vendor Risk Management Lifecycle.

• Control Case Vendor Manager, Audit and Remediation Tracking Tools and Administration

• IAPP- International Association of Privacy Professionals Conference and World Security Congress

2014 : 2015

IT Professional on Sabbatical

Traveler

• Source Code Signing - Cloud Security Project - Completed Phase 1 and Information Security Consulting through Oxford Global International.

Phase 2 will take place in the UK and Fort Lauderdale, FL and I will be dropping off the project after the transition has been completed.

• Global Project Managed and removed roadblocks for Code Signing Server OPS, Management Tiger Team and each of 9 multi-national Cloud Product Divisions’ multi-platform teams : Software/Development, Engineering- ISO 27001-002 Compliant Secure Build Systems and Environment, Enterprise Infrastructure, Santa Clara and London Labs and reporting weekly Executive Status.

• Created build diagrams (e.g. physical, logical, virtual) and performing Security Architecture, Firewall, Jenkins, Hudson builds and reviews through Orchestration.

• Member of Remote Access, Logging and Alerting Policy Creation and RFC/ Firewall Change Control Teams.

• Product divisions include NetScaler, Cloud Platform, CloudBridge, VDI, Citrix Labs, SaaS, XenServer, XenMobile/AppC/Cloud Gateway, Byte Mobile, Framehawk and others.

2014 : 2014

Citrix Systems

Sr. Security Project Manager, Security Engineer-Product Security

Completed one year contract through Advantage Technical Resourcing supporting Vulnerability and Penetration Testing Teams, scheduling and managing Test Engagements, SoWs, Third Party Vendor contracts, Code Reviews and Customer meetings to final Executive Management and BoD Reports. Administered Cisco VTC Video and Jabber meetings, vendor and employee Security Background checks including NCIC, OFAC, FCRA requirements; updated multi-level Archer SmartSuite dB constructs; C-level reporting of formal and graphical Pen Test monthly and quarterly status performance, ISO Compliance and Audit metrics, and created formal technical process whitepapers.

2012 : 2013

Federal Reserve Bank of San Francisco

Information Security Analyst, National Incident Response Team (NIRT)

Company: Cisco

Years of Experience: 15

Skills

Analytics, Application Security, Board of Directors Experience: 12 years, Business Continuity, Business Continuity Planning, C-Level Security, Joint Chiefs, Governance and Advisory Councils, CISA, CISM, CISSP, Cloud Computing, COBIT, Compliance Management, Computer Security, Consulting, CPP-Global Enterprise Security Programs and Facility Security Design, Data Center, Data Privacy, Data Security, Disaster Recovery, Enterprise Architecture, Firewalls, GLBA, Governance, GRC Leadership, Information Security, Information Security Management, Information Technology, Information Technology Consulting, Internal Audit, ISO 27001, IT Audit, ITIL, Leadership, Operational Risk, Operational Risk Management, PCI DSS, Penetration Testing, Privacy Law, Program Managment, Regulatory Compliance, Risk Assessment, Risk Management, Sarbanes-Oxley Act, SAS70, SDLC, Security, Security Architecture Design, Security Audits, Security Policy, Vulnerability Assessment

About

Expertise as multi-national Operational IT/ Information Security Management (Technical), ITIL, Business and Technical Security Process Management; secure Application-Database System Development, Data Center, DRP/BCP, Privacy, documentarian and multiple-domain InfoSec Subject Matter Expert.

• Member of CISP/ PCI DSS -Data Security Standards Criteria- 2001 origination team.

• CISA Instructor and CISM 2009 Exam Review Training Manual published contributor.

Specialties: CISSP, CISA, CISM, CPP

• Highly experienced with integrated IT Network, global regulatory, financial, privacy and policy compliance; Development and implementation of ten successful Global IT/ InfoSec Governance Programs; risk management, business resiliency, continuity and resumption, IT consulting, physical and logical security; Third party vendor management.

• M&A; Cloud, GNOC, SOC and NOC expertise.