Profiles search
Michael Watson
Chief Information Security Officer for the Commonwealth of Virginia at Virginia Information Technologies Agency
Chester, VA, United States
Details
Education:
MSE
Telecommunications with Focus on Security and Management
University of Pennsylvania
2003 : 2006
BS
Computer Science - Networking Concentration
James Madison University
1998 : 2002
Telecommunications with Focus on Security and Management
University of Pennsylvania
2003 : 2006
BS
Computer Science - Networking Concentration
James Madison University
1998 : 2002
Experience:
Set information security strategy for the Commonwealth of Virginia which has over 100,000 employees, 60,000 workstations, 3500 servers, and 1.5 petabyes of data..
Established organizational objections for the Virginia Information Technologies Agency to support the security strategy and business objectives of Virginia.
Charged with oversight and maintenance of the Commonwealth of Virginia information security program including evaluating security frameworks and program architecture.
Responsible for creating security policies and standards that maintain the security of Virginia data and satisfying regulatory compliance requirements.
Tasked with management of Commonwealth vendors and managed service providers who supply security services to the Commonwealth of Virginia.
Evaluate risks and corresponding risk remediation plans for the Commonwealth and make recommendations on how to prioritize resources for risk mitigation.
Led multiple teams and large projects to further the information security program within the Commonwealth.
Evaluate and implement regulatory standards such as HIPAA, PCI, NIST, and IRS1075 and establish the impact to Virginia's enterprise environment.
Led multiple teams of employees, over 100 agency information security officers, and information security council members.
Evaluate, identify, and implement security tools and technology and ,monitor emerging security technologies and trends.
Responsible for the information security budget and managing the expertise of the information security employees.
Establish new information security services and offerings to further the information security program within the Commonwealth.
Establish information security awareness training for the VITA agency and recommendations for the state.
Report on the impact and status of information security issues to senior cabinet members and agency heads.
Maintain relationships with vendors, state and federal law enforcement, and intelligence groups.
2011 : Present
Virginia Information Technologies Agency
Chief Information Security Officer / Deputy Chief Information Officer
Responsible for the creation, management, and implementation of a statewide risk management program. Provide recommendations and evaluations of security controls for the Commonwealth network, applications, and operating systems. Provide direction for security architecture and service operations offered to customer agencies. Tasked with oversight of the continuity of operations plan. Serve on integrated product team for enterprise architecture and operational security. Act as a security resource for state agencies and external directorates. Coordinate with local, state, and federal law enforcement to take action on security incidents. Charged with oversight of the security incident response program.
2010 : 2011
Virginia Information Technologies Agency
Sr. Manager of IT Risk Management
Created an incident management program to handle response to security incidents within the state. Successfully responded to over 400 incidents per year.
Responsible for the management and development of the Commonwealth of Virginia Security Incident Management Program.
Charged with creating and managing a vulnerability assessment program for Commonwealth agencies.
Provided threat analysis and threat briefings to the Commonwealth CISO, CIO, and cabinet secretaries.
Educated the Commonwealth security community about current cyber threats and trends in cyber security.
Performed web application penetration testing and compliance reviews.
Introduced new methods to monitor the threat environment for the Commonwealth.
Analyzed and tracked threats and vulnerabilities affecting the Commonwealth.
Created and distributed security advisories to Commonwealth agencies.
Assisted in updating and revising the Commonwealth Security standards and guidelines.
2007 : 2010
Virginia Information Technologies Agency
Director of Security Incident Management
Reviewed state systems, equipment, and environment to ensure adequate security configuration and compliance with standards, regulations, laws, and policies.
Served as architect and led the penetration testing and vulnerability assessment program.
Introduced new methodology for performing testing and assessments.
Managed the statewide ecommerce and PCI security review project.
Introduced new ideas to increase operating efficiency such as writing an application to automatically create portions of the statewide single audit.
2006 : 2007
Virginia Auditor of Public Accounts
Information Security Specialist
Served as a system and mail administrator for the Wharton school’s core systems. Evaluated the environment to identify cost savings opportunities and new ways to operate.
Responsible for the technical direction, administration, and performance of Wharton’s Microsoft Exchange environment supporting over 10,000 user accounts.
Implemented public key infrastructure into the enterprise environment.
Championed security initiatives such as encrypted email, firewall deployment, two-factor authentication, sever security audits and security policies.
Identified need for and implemented server consolidation services (VMWare) to save Wharton over $45,000 per year in equipment, power and heat.
Worked with University committees to help determine standards and policy for the University.
Implemented alternate spam services saving the school over $50,000 per year.
Deployed an enterprise-class storage area network (SAN) with tiered and redundant storage.
Assisted in administration and implementation of UNIX and Linux servers.
2002 : 2006
University of Pennsylvania
Senior Systems Programmer
Established organizational objections for the Virginia Information Technologies Agency to support the security strategy and business objectives of Virginia.
Charged with oversight and maintenance of the Commonwealth of Virginia information security program including evaluating security frameworks and program architecture.
Responsible for creating security policies and standards that maintain the security of Virginia data and satisfying regulatory compliance requirements.
Tasked with management of Commonwealth vendors and managed service providers who supply security services to the Commonwealth of Virginia.
Evaluate risks and corresponding risk remediation plans for the Commonwealth and make recommendations on how to prioritize resources for risk mitigation.
Led multiple teams and large projects to further the information security program within the Commonwealth.
Evaluate and implement regulatory standards such as HIPAA, PCI, NIST, and IRS1075 and establish the impact to Virginia's enterprise environment.
Led multiple teams of employees, over 100 agency information security officers, and information security council members.
Evaluate, identify, and implement security tools and technology and ,monitor emerging security technologies and trends.
Responsible for the information security budget and managing the expertise of the information security employees.
Establish new information security services and offerings to further the information security program within the Commonwealth.
Establish information security awareness training for the VITA agency and recommendations for the state.
Report on the impact and status of information security issues to senior cabinet members and agency heads.
Maintain relationships with vendors, state and federal law enforcement, and intelligence groups.
2011 : Present
Virginia Information Technologies Agency
Chief Information Security Officer / Deputy Chief Information Officer
Responsible for the creation, management, and implementation of a statewide risk management program. Provide recommendations and evaluations of security controls for the Commonwealth network, applications, and operating systems. Provide direction for security architecture and service operations offered to customer agencies. Tasked with oversight of the continuity of operations plan. Serve on integrated product team for enterprise architecture and operational security. Act as a security resource for state agencies and external directorates. Coordinate with local, state, and federal law enforcement to take action on security incidents. Charged with oversight of the security incident response program.
2010 : 2011
Virginia Information Technologies Agency
Sr. Manager of IT Risk Management
Created an incident management program to handle response to security incidents within the state. Successfully responded to over 400 incidents per year.
Responsible for the management and development of the Commonwealth of Virginia Security Incident Management Program.
Charged with creating and managing a vulnerability assessment program for Commonwealth agencies.
Provided threat analysis and threat briefings to the Commonwealth CISO, CIO, and cabinet secretaries.
Educated the Commonwealth security community about current cyber threats and trends in cyber security.
Performed web application penetration testing and compliance reviews.
Introduced new methods to monitor the threat environment for the Commonwealth.
Analyzed and tracked threats and vulnerabilities affecting the Commonwealth.
Created and distributed security advisories to Commonwealth agencies.
Assisted in updating and revising the Commonwealth Security standards and guidelines.
2007 : 2010
Virginia Information Technologies Agency
Director of Security Incident Management
Reviewed state systems, equipment, and environment to ensure adequate security configuration and compliance with standards, regulations, laws, and policies.
Served as architect and led the penetration testing and vulnerability assessment program.
Introduced new methodology for performing testing and assessments.
Managed the statewide ecommerce and PCI security review project.
Introduced new ideas to increase operating efficiency such as writing an application to automatically create portions of the statewide single audit.
2006 : 2007
Virginia Auditor of Public Accounts
Information Security Specialist
Served as a system and mail administrator for the Wharton school’s core systems. Evaluated the environment to identify cost savings opportunities and new ways to operate.
Responsible for the technical direction, administration, and performance of Wharton’s Microsoft Exchange environment supporting over 10,000 user accounts.
Implemented public key infrastructure into the enterprise environment.
Championed security initiatives such as encrypted email, firewall deployment, two-factor authentication, sever security audits and security policies.
Identified need for and implemented server consolidation services (VMWare) to save Wharton over $45,000 per year in equipment, power and heat.
Worked with University committees to help determine standards and policy for the University.
Implemented alternate spam services saving the school over $50,000 per year.
Deployed an enterprise-class storage area network (SAN) with tiered and redundant storage.
Assisted in administration and implementation of UNIX and Linux servers.
2002 : 2006
University of Pennsylvania
Senior Systems Programmer
Company:
Virginia Information Technologies Agency
Years of Experience:
29
Skills
Active Directory, Business Analysis, Business Continuity, CISSP, Computer Forensics, Computer Security, Cyber Defense, Cyber Operations, Cyber Security, Disaster Recovery, Enterprise Architecture, Executive Management, Firewalls, Government, Incident Handling, Information Assurance, Information Security, Information Security Awareness, Information Security Management, Information Technology, Infrastructure as a Service (IaaS), IT Audit, IT Management, IT Strategy, Linux, Microsoft Azure, Networking, Network Security, PCI DSS, Penetration Testing, Program Management, Risk Assessment, Risk Management, Risk Mitigation, Security, Security Architecture Design, Security Clearance, Security Incident & Event Management, Security Incident Response, Security Policy, Security Policy Development, SQL, Strategic Planning, TCP/IP, Vendor Management, Visual Basic, Vulnerability Assessment, Vulnerability Management, Windows, Windows Server
About
Cyber security professional with notable success in building IT security programs and introducing creative information security solutions and concepts to support business objectives.
Areas of expertise include IT risk management, cyber security incident management, IT security evaluations, and developing information security programs.
Specialties: Cyber Security, Information Security Program Development, IT Risk Management, Security Incident Management, Penetration Testing
Profile Photo
