Profiles search

Paul Deaver

Information Security Evangelist - CISSP, CCSP at Anodyne Enterprise Security, LLC
Huntsville, AL, United States

Details

Education: BS

Computer Science, Geography

The University of Alabama

1979 : 1988
Experience: Lead Information Security engineer for Lululemon International eCommerce application development, supporting teams in North America, EMEA, and India.

2022 : Present

lululemon

Cybersecurity Engineer - lululemon

Providing Virtual CISO services to help companies meet governance information security objectives where companies are unable to meet obligations on their own. Virtual CISO services include evaluating company security posture to identify business, architectural and operational gaps; providing clear and pragmatic guidance for contract / legal / regulatory compliance; reviewing tenders; hardening on-premise and cloud infrastructure / software / security; mitigating third-party risk; automating to improve efficiency; analyzing company source code, Open Source Software, and applications for security, configuration and design flaws; assessing privacy practices against industry privacy maturity models; prioritizing and recommending necessary company policy & practice improvements; and training personnel commensurate to roles and responsibilities.

2019 :

Anodyne Enterprise Security

Principal

On contract to Nike Corporate Information Security / Application Security Consulting team. Assessing cloud, infrastructure, and application security for public-facing and business applications in the U.S., EMEA, and Greater China. Engaging with predominately AWS teams and third-party SaaS providers, hardening data storage, flow, and information security controls necessary to protect data.

2020 : 2022

Insight Global Limited

Sr. IT Security Professional - Nike Corporation

On staff to the executive. Coordinated cyber security, legal compliance, application architectural designs, software assessments, and private cloud IT for U.S. Public Safety, Transportation and Utilities development, services and support teams. Regularly interfaced with and advised legal staff for contract review and incident response. Automated numerous manual tasks for security analysis, compliance and reporting. Managed Open Source Software compliance program for license compliance and risk mitigation.

• Created a threat and security assessment, issue mitigation, and management reporting program for an enterprise private cloud systems and SaaS applications.

• Created a shadow IT E911 compliance program, corporate policy, training, and documentation, aligning with FBI CJIS regulatory obligations and corporate ISO 27001 based policy.

• Advised legal teams on issues of software, technology, and security in support of legal proceedings, incident response, and problem account resolution.

• Advised development teams on issues of OSS license risks, regulatory compliance, export-controlled encryption, and newly reported component vulnerabilities & threats.

• Lead compliance, InfoSec, SAST, DAST, OWASP, threat modeling, and OSS assessments for DevSecOps team charged with hardening applications migrating to the public Azure cloud using tools including IBM AppScan, SonarQube, Rapid7, Tenable, Black Duck, and BURP.

• Designed and authored executive oversight dashboards, reporting system and application risks across 30+ SCRUM teams, professional services teams, and support teams.

• Named corporate mentor to new developers.

2012 : 2019

Hexagon Safety & Infrastructure

Staff Consultant

Worked in numerous locations in the Americas, Europe, and Asia Pacific.

• Advised software product managers and executives on legal and regulatory obligations (CJIS, FCPA, NERC CIP).

• Designed and deployed a centralized private cloud self-service management (VM life cycle, users, quotas, security), assessment (resources, security) and reporting tool spanning over a dozen enterprise and stand-alone VMware instances.

• Supported Incident Response, Disaster Planning & Recovery initiatives.

• Initiated FBI/CJIS Compliance activities (2013).

• Supported new DevOps (Agile) program with SAST, DAST, Attack Surface, and OWASP analysis.

• Authored training materials; trained, supported, advised, and mentored engineers and developers (Enterprise App Design, Secure Software development, Attack Surface Analysis, Threat Modeling).

• Managed and executed technical problem resolution for critical customer accounts addressing security, performance, durability, and application of best practices.

• Actively participated in company mentoring program for new engineers and developers.

• Managed Performance & Security Labs.

• Presented and represented company interests at industry trade shows and professional conferences.

2011 : 2012

Hexagon Safety & Infrastructure

Senior Consultant
Company: lululemon
Years of Experience: 37
Spoken Language: Spanish

Skills

.NET, .NET Framework, Agile Methodologies, Agile Project Management, application security, ASP.NET, C#, Database Design, Databases, Debugging, Enterprise Architecture, Enterprise Software, ESRI, geographic information systems (gis), Geomatics, GeoMedia Professional, GeoMedia WebMap, GIS, Hands-on Training, High Performance Computing, information security management, Integration, Java, JavaScript, Linux, Microsoft Cluster, Microsoft SQL Server, Oracle, Oracle Spatial, penetration testing, Performance Testing, PL/SQL, Powershell, Requirements Analysis, Scrum, SOA, Software Development, Software Engineering, Software Project Management, Spatial Analysis, Spatial Databases, SQL, Systems Analysis, VB.NET, Visual Basic, Visual Studio, VMware, Web Applications, Web Services, XML, C, Network Load Balancing, VirtualBox, Performance Tuning, Performance Metrics, Cartography, net framework, NET, Software Project, High Performance

About

Passionate leader in the fields of cyber security, information security management, governance, and risk management. 30 years of professional experience in the Americas, Europe and Asia Pacific; 20 years in a customer-facing senior leadership role, assessing and defining corporate policy, restoring troubled accounts to normal operation, identifying legal and regulatory violations, and bringing incidents to closure. Background includes enterprise architecture and secure software development for cloud and on-premise solutions.



KEY COMPETENCIES

Certified Information System Security Professional (CISSP) • Certified Cloud Security Professional (CCSP) • Information Security & Governance • CIS • FBI/CJIS • FedRAMP • ISO 27000 • NIST 800 • CSA • GDPR • GLBA • HIPAA • NERC CIP • Secure Cloud • Incident Response • SAST / DAST / Pen Testing • Secure Software Development • Threat Modeling • Cloud • Enterprise IT Architecture • Databases • Open Source Software • Performance Analysis • Virtualization