Tony Collings
Details
Business and Computer Management
Eastern Illinois University
Associate of Science - AS
Computer Management
Lake Land College
Cybersecurity and Infrastructure Security Agency
Cybersecurity Advisor
Appointed to establish the first-ever State of Illinois’ Cybersecurity Program and strategic roadmap to protect the agencies while promoting the innovation and economic growth across the state.
• Lead and provide oversight for governance, risk, compliance, cyber resiliency, business continuity, and business alignment for 46 agencies, boards, and commissions under the direction of the Governor of the State of Illinois
• Provide input to the statewide CISO on creating the annual goals and objectives for the IS division and lead the implementations aligned with the organizational strategy
• Advise on the security requirements within agency contracts specializing in cloud solutions
• Direct the advancement, development, and deployment of all IS programs and initiatives, including the daily operations, employee development, training, and maintenance
• Initiate an Integrated Risk Management Program and build the Third-Party Risk Management Program, established to drive risk-based business decisions and mitigate supply chain risk
• Drive the Business Continuity/Cyber Resiliency Program to streamline processes and minimize disruptions in performance and availability of critical business activities
• Manage the statewide Cyber Disruptions Plan, bringing together state resources including law enforcement, the Illinois National Guard, and emergency management agencies to local governments, healthcare facilities, and private businesses within the state in the event of a major cyber event
• Collaborate with legal, HR, and labor relations to build the Enterprise IS Policies and Standards
• Spearhead the Cyber Insurance initiative to incorporate it into the Breach Response Program and mitigate financial risk statewide
• Lead the ServiceNow implementation of the GRC and SecOps products since January 2020
• Oversee the implementation of Okta and SailPoint to build an identity and access management program (IAM)
2018 : 2022
State of Illinois
Deputy Chief Information Security Officer
• Promoted from Technical Safeguards Manager (06/2015 – 06/2017)
• Established and managed the State of Illinois’ Penetration Testing staff to conduct security assessments and ongoing vulnerability scanning across agencies; supervised two penetration testers and one intelligence analyst
• Introduced and integrated Open-Source vulnerability scanning for effective and innovative application development; included ongoing testing to maintain its value
• Oversaw the creation of the State of Illinois’ Security Operations Center (SOC) built in 2017 to handle incidents and decrease the impacts of cyber events
• Oversaw active threat analysis, threat intelligence, and security incident response
• Represented IS for the agency to set the direction for cloud computing, data analytics, DevSecOps, and blockchain competency group efforts
• Established the State of Illinois’ Threat Intel Program and the Vulnerability Scanning Program
• Boosted risk mitigation and analysis from scanning servers across 10 agencies annually to 37 agencies monthly; initiated DAST for applications prior to deployment and vulnerability scanning post-deployment
2015 : 2018
State of Illinois
Offensive Security Manager
• Designed and implemented an Agile project management framework for the agency
• Led the implementation of a self-service portal for the organization’s timekeeping system, eliminating paperwork and integrating a responsive web interface
• Managed and developed a team of eight web developers to enhance innovation within the agency
• Designed and implemented a statewide insurance benefits system. Extensive experience working with insurance carriers, including health, dental, vision, and employee assistance plans, enrollments, benefit selection periods, and the EDI 834 transaction set
2006 : 2015
State of Illinois
Agile Coach / Project Manager, Central Management Services
• Expanded the organization from 13 to 70+ employees over tenure
• Led the onboarding and offboarding initiatives for contractors, including recruiting, resolving client escalations, annual reviews, and salary negotiations
• Coordinated team meetings and social functions, including holiday parties and employee appreciation events
1996 : 2006
Diversified Services Network, Inc.
Area Manager
Skills
Agile Methodologies, Agile Project Management, Application Security, Business Alignment, Business Continuity, Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Change Management, CISA, Cloud Security, Community Engagement, Contract Management, Cross-functional Team Leadership, Cyber Defense, Cybersecurity, Cyber Threat Intelligence (CTI), Data Privacy, Data Security, DevSecOps, Digital Transformation, Disaster Recovery, Executive Influence, Financial Risk, Incident Management, Information Security, Information Security Awareness, Information Security Governance, Information Security Management, Infrastructure Security, Insurance, IT Audit, IT Governance, Leadership Development, Management, Payment Card Industry Data Security Standard (PCI DSS), Penetration Testing, Policy Development, Program Management, Project Management, Risk Management, Security Audits, Security Innovation, Security Policy, Strategic Planning, Strategy, Threat & Vulnerability Management, Threat Assessment, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning
About
♦ PROFESSIONAL SUMMARY:
An innovative and forward-thinking professional with notable expertise in IT Cybersecurity management. Demonstrated success in establishing enterprise Information Security (IS) programs, designing and executing initiatives to protect the confidentiality, integrity, availability, and privacy of critical business information. A trusted advisor, highly skilled and passionate about developing cybersecurity talent, modernizing frameworks, and proactively discovering new and emerging IS solutions and trends.
♦ STRENGTHS AND COMPETENCIES:
Strategic Vision + Leadership | Security Innovation | Project Management + Execution | Leadership Development | Digital Transformation | Executive Influence | Contract Management | Risk Mitigation | Security Operations | Governance + Policy Development | Cross-Functional Team Leadership | Change Management | Threat Analysis
♦ SELECTED ACCOMPLISHMENTS:
• Innovative Initiatives: Established and led the development of a Cybersecurity Program to protect data and privacy, identify and mitigate risk for internal and external stakeholders, facilitate training for end-users, and ensure ongoing cyber-readiness for the state.
• Operational Excellence: Initiated and managed the State of Illinois’ penetration testing and vulnerability scanning activity across infrastructure and application development to ensure top quality, development, deployment, and advancement.
• Community Security: Co-created and administered a cyber-navigator program in 2016 to assess risk for election entities throughout the state of Illinois; appointed nine individuals to conduct risk assessments and assist in remediation efforts.
♦ CERTIFICATIONS:
• IAPP Certified Information Privacy Professional (CIPP/US), 2021 | Certified Information Privacy
Technologist (CIPT), 2021 | Fellow of Information Privacy (FIP), 2022
• (ISC)2 Certified Cloud Security (CCSP), 2020 | Certified Information Systems Security (CISSP), 2019 |
Certified Secure Software Lifecycle Professional (CSSLP), 2022
• ISACA Certified Data Privacy Solutions Engineer (CDPSE), 2020 | Certified Information Systems Auditor
(CISA), 2020
• DRI International Certified Business Continuity Professional (CBCP), 2020 | Certified Cyber Resilience
Professional (CCRP), 2021
• APMG International NIST Cyber Security Professional Practitioner (NCSP), 2021
• Axelos ITIL 4 Foundation, 2021
• OCEG Certified GRC Auditor (GRCA), 2020 | Certified GRC Professional (GRCP), 2020
• PMI Project Management Professional (PMP), 2005
Profile Photo
