Stan Lyzak, CISSP, CISA
Details
Electrical Engineering
University of Central Florida
1983 : 1988
U.S. Federal Government
CyberSecurity Advisor
Responsible to build and provide technical and strategic oversight of the enterprise security program, improve and increase our security monitoring and response capabilities, lead investigations and resolve security events, and improve the overall security posture of CCC for ourselves and our customers.
Directing security operations, I am a critical component to our multi-disciplinary security team, and help to promote a culture of security throughout the company. Team building, cross-functional collaboration and effective communication are key responsibilities, from the technical business teams all the way to executive leadership.
2020 : 2023
CCC Intelligent Solutions
Director of Security Operations
Provide technical and strategic oversight of enterprise operational security programs, developing information security architecture, and investigating security events.
As a security leader within the company, I take a central role in actively promoting a culture of information security throughout the IT organization and across the enterprise. The scope of work spans the organization’s technology solutions including software applications, infrastructure, services and external vendor solutions.
Advise the Application and Infrastructure teams on emerging vulnerabilities and newly introduced risks to their systems, and take a proactive approach in continually assessing the security of those systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.
Responsibilities :
• Cross-department collaboration to ensure appropriate security processes, procedures and tools are installed, monitored, and effectively operating and alerting.
• Strategy, planning and operational excellence through continuous improvement and automation.
• Manage the operational security staff, consisting of direct reports including hiring, training, staff development, performance management and annual reviews.
• Liaise with compliance, audit, legal and HR management teams as required, including overseeing audits and reporting as required.
• Develop and maintain operational security policies, standards and guidelines.
• Serve as the escalation point for technical issues related to information security platforms.
• Take the lead role in responding to and managing information security related incidents.
• Manage the SOC, and develop constant improvements in capabilities.
• Promote a culture of information security across all business units.
• Build relationships and collaborate with other teams.
• Communicate security incidents effectively to key stakeholders such as legal counsel, executive management and business owners.
2018 : 2020
Fortinet
Director of Security Operations
Working in a high paced security advisory position, supporting client engagement teams, working with a wide variety of clients to deliver security services and participate in business development activities on strategic and global priority accounts.
Develop intellectual capital in the form of statements of work, request for proposals, security methodology documents and final report deliverables. Create and maintain relationships with client personnel at the director/executive levels, while leading technical teams performing security services. Monitor progress, managing risk and confirming key stakeholders are kept informed about progress and expected outcomes. Deliver executive briefings and providing a strategic road map for senior leadership. Stay abreast of current business and security industry trends relevant to the client's business.
Demonstrate in-depth security, risk management and compliance capabilities and professional knowledge. Possess good business and financial acumen. Mentor other security personnel, and work with interns and new hires to provide guidance. Remain current on new developments in advisory services capabilities and industry knowledge.
Key Contributions :
• Established expertise and key relationships with manufacturing/utility customers due to Industrial controls (ICS) knowledge.
• Managed technical teams to deliver customers the best quality solutions and actionable plans.
• Developed training material for various security topics, to be delivered to sales teams and customers.
• Provided unique value to the national security team due to my broad range of knowledge across leadership skills, operational experience, risk management, compliance, security and general IT architecture knowledge.
2014 : 2018
World Wide Technology
Principal Security Consultant
Supporting the ISC2 certification organization; creating and evaluating new exam questions across all 8 domains for the Certified Information Systems Security Professional (CISSP) exam.
2011 : 2017
(ISC)²
CISSP Certificate Exam Developer
About
I am excited to have worked in the management, design, architecture and implementation of security solutions for customers in over 20 countries across 4 continents. Working with small and large teams, I have a long history of management roles within IT and security including teams spanning dozens of countries on multi-million dollar projects.
You are looking at the unique hybrid of IT and security technology experience, GRC knowledge, interpersonal skills, leadership and business acumen with 25 years experience in the IT industry (20 years devoted to security). I have provided security focused business services to many Fortune 500 organizations. You will rarely find a more tenacious security professional, who can be effective from the technology level to the boardroom, while driving business value.
My knowledge and experience of security frameworks and regulations include, but are not limited to PCI, SOX, SSAE16 (SAS70), GLBA, GDPR, CCPA, HIPAA, FNS-EBT (USDA), NERC-CIP, FFIEC, ITAR, NIST, ISO, COBIT. My current role is pushing the envelope to solve the enterprise security visibility and detection challenges, using Next-Gen technologies, architectural solutions and automation to improve resilience and increase data protection within the enterprise.
My education and knowledge, along with my professional experience in management, business and technology allow me to provide executive insight, professional leadership, and effective and timely program success to satisfy all business and technical objectives.
Attention to detail and holding myself to the highest standards of integrity has earned me the trust of every former client.
Profile Photo
