Norm M.
Details
Rabo AgriFinance
Information Security Officer
2019 : 2019
Mercy
Lead Compliance and Vulnerability Management
Performed Risk assessments and remedition status within the North American region. Updated policies and procedures for cybersecurity team, including detailed procedures for Wombat phishing software, Qualys vulnerability scanning reporting, active directory reporting for account use and misuse. Used Archer for risk reviews and assessment.
2019 : 2019
Rabo AgriFinance
Cybersecurity and Risk Compliance
Member of surge team, remediating issues found during SCAP scans, and addressing defeciencies in system security plans. Worked with program managers to ensure systems were DISA STIG compliant. Assist in deployment of McAfee ePO environment, as well as DLP tools. Monitored log usage and overall sevurity status of various programs. Updated and submitted POA&Ms in accordence with NIST 800-37 RMF guidelines as well as DAAPM guidence.
2018 : 2019
Boeing
Cyber Security Consultant
Cyber Compliance Manager and cyber security professional at EPS. Responsible for NERC-CIP compliance, auditing, and policy creation/management. I perform auditing of clients for NERC-CIP regulations, and ensure the company internal network is compliant and secure. I also am responsible for training staff in cyber security methods. Internal vulnerability testing/penetration testing is also done.
2018 : 2018
Electric Power Systems
Cyber Compliance Manager
About
I am currently working as Vice President in Information Security for Rabo Agri Finance. I am doing Risk Assessments, compliance audits, and penetration remediation. I have familiarity with Archer GRC, NIST CSF, and ISO 27001. As a financial sector business, we also have to be aware of FINRA and NYSDFS regulations, as well as GDPR and CCPA.
Previously, I was doing vulnerability scanning/management at Mercy Health Systems. I created and updated several policies for their network.
Previous to that, I was doing contract work with Boeing in St.Louis, MO. I was brought on to help improve Boeing's Govt. CyberSecurity profile. We utilized SCAP scanners and STIG viewer to ensure systems meet DISA STIG compliance. We did this in conjunction with Risk Management Framework, DAAPM, and NISPOM/NIST standards. I help reviewes networked and isolated systems via weekly, quarterly, and additional audits. I assisted in training other cybersecurity employees, as well as end users. I also helped to harden systems, and wrote policies to ensure consistent compliance.
Previous employment was with a St.Louis based company called Electric Power Systems. Having offices throughout the United States, and a footprint in several global markets, the company is an electrical design and testing company for utilities. I was the Chief Information Security Officer and Compliance Manager for the company. We were NERC-CIP compliant, as well as following PCI-DSS standards. My roles include overall security policy development and review for the company, vulnerability testing and assessment, inventory review, and compliance with CIS Top 20 Critical Security Controls. We also performed auditing services for our clients. We helped clients ensure that they are prepared to meet NERC-CIP auditing requirements.
Prior employer was Alpine Security, LLC. Operating around the world, we performed penetration testing, security assessments, and provided world-class training opportunities for attendees. Our class offerings are varied, and we are authorized trainers for (ISC)2, CompTIA, EC-Council, among others. I have taught CISSP, CHFI, CAP, CEH classes.
Specialties:
Security+, Network+, Server+, CEH, SSCP, CASP, CISSP, CHFI, CND, and CAP
Profile Photo
