Information Systems Audit and Control Association (ISACA)

International Information System Security Certification Consortium (ISC2)

Governance Risk Compliance Security International (GRCSI)

Disaster Recovery Institute International (DRI)

Defense Counterintelligence and Security Agency (DCSA)

Defense Security Service (DSS)

Fortinet

Université du Québec à Trois-Rivières

IIA-The Institute of Internal Auditors

University of Phoenix

Senior Enterprise IT & Security Architect

Greater Ottawa Metropolitan Area

Main areas of involvement:
1. IT Governance & Solutions Design
2. IT Risk/Impact Management
3. Enterprise Project Management (EPM)
4. Cybersecurity Engineering
5. Architecture/Solution Design
6. Securing Electronic Transactions
7. Security Architecture & Zoning
8. Infrastructure and Security Controls
9. Cyber Assets & Data Protection
10. Vulnerability Assessment & Security Testing
11. Threat and Incident Management
12. Lead, Manage, Plan and Coordinate Teams/Resources & Efforts
13. Palo Alto Networks and F5 Collaboration on Network & Security Initiatives

Expertises: QRadar SIEM Architecture/F5 Traffic MGMT, DNS/zones and ASM (WAF), IBM Cloud Object Storage, Cloud & Security (e.g. Security Group, VPC Peering, AWS VPN and routing), Palo Alto Networks Security Solutions.

Main areas of involvement:
1. Security Governance
2. IT Security/Enterprise Program Management
3. Audit & Security Program
4. Cybersecurity Cloud
5. Information Technology
6. Security Testing
7. Cybersecurity Incident Response

Expertises: NIST, ISO/IEC 270001, AWS Segmentation/Cybersecurity, Canonical Ubuntu, Fortinet Fortigate, BCP/DRP.

Mortgage Planners

Chief Information Security Officer (remote CISO)

Main areas of involvement:
1. Security Governance & Risk Management
2. Compliance/Audit
3. Security Lead/Enterprise Project Management
4. Cybersecurity - Threats and Intrusions
5. Incident Response & Forensic
6. Security Architecture/Segmentation
7. Identity and Access Management (IAM)
8. Technical Security
9. Vulnerability Assessment & Penetration Testing
10. Security Information and Event Management
11. Business & Opportunities Development
- 
Bell Canada West Lab - technical security research:
1. VMware ESXi (e.g. virtual switches,  datastores)
2. HP Aruba switches (e.g. vlan, routes, access management)
3. Fortinet Fortigate (e.g. VDOM, policy, routing,  vpn, snmp, syslog, Fortitoken)
4. Cisco ISE and 2FA external identity sources with open source radius, LinoTP and AD
5. SPLUNK  (e.g. Bash shell-scripting, universal forwarders, alerts and various input sources: Windows, firewalls, ESXi events)
6. Fortinet and Cisco wireless APs
7. RSA Authentication Manager
8. Microsoft Azure - cloud security: Check Point vSEC (e.g. remote access, policy, UTM, IPS, source NAT)

Bell Business Markets - Western Canada

Enterprise Security Architect

Leading Security Governance surrounding the Test Data Management - Data Anonymization Solution for Desjardins Bank, Marc was responsible of:
1. Collaboration on identifying critical business aspects and functions
2. Definition of actors, objects and stereotypes of a central service (UML Use Case)
3. Identification of critical activities based on ITIL Service Design (UML/SysML Activity Diagram)
4. Collaboration on Architecture and Development to define the solution
5. Collaboration on Compliance and Security in regards to PCI DSS and PIPEDA

Desjardins

IT Governance Advisor

Main areas of involvement:
1. IT Governance
2. Risk Management (ex. assessment of a SaaS solution)
3. Security Architecture
4. Cybersecurity and Network Security
5. Forensic Investigation Assistance
6. Security Evaluation and Strategic Planning

InFidem

IT Governance & Security Consultant

Governance Risk Compliance Security International

GRCSI is an international not-for-profit organization comprised of individuals and organizations related to one or more of the fields of governance, risk management, compliance, and security whose goals are to promote best practices in these fields though education, certification, and accreditation.

GRCSI was founded in early 2009 by professionals and practitioners across the globe that identified the need for an authoritative body in the realm of risk management. The GRCSI founders have an extensive background in one of the concentration areas (finance, information, and operations), and have pooled their knowledge to create the Certified Risk Management Professional (CRMP) certification program.

More information about GRCSI and the CRMP certification can be found at <a href="http://www.grcsi.org">http://www.grcsi.org</a>

Education Board Member

Member of the professional security and governance services at Bell, Marc worked in the following areas:
1. Security Governance Advisory
2. Risk Management Advisory
3. Security Recommendations
4. Security Architecture
5. Training and coaching

Bell

Security Governance & Risk Management Advisor

Information Security & Risks Advisor for various organizations such as: Desjardins Banking Services and Transat.

Security & Risk Management Advisor

As the responsible of the security and the compliance of EDIINT, Marc was directly involved in:
1. Compliance to SOX & Security policy
2. Business continuity and disaster recovery planning
3. Security, systems and software architecture
4. Project management & consulting
5. Electronic Data Interchange-Internet (EDIINT - AS2)
6. Programming & Network Security

Marc is a well-recognized expert in the North American Electronic Data Interchange-Internet Integration (EDIINT) and he leads many projects.

Successful interventions:
1. Deployed and controlled of several secured transactional AS2 Internet encrypted systems (PKI).
2. Implemented of secure transactional systems with the largest North American VAN networks and engineers.
3. Coded Java, .net, bash, perl and SQL for electronic messaging solutions (ex.: mapper).
4. Provided and corrected partner's security issues (ex: network authentication, redirection, vulnerabilities, etc.).

Marc established several secured transactions with various trading partners or VAN:
EDS Elite  -  Emergis  -  GE Information Services -  (GEIS)  -  IBM Sterling Commerce  -  GXS  -  Kleinschmidt Incorporated  -  Sony  -  Samsung  -  LG  -  Toys R Us  -  Sears  -  Army and Air Force Exchange Service (AAFES)  -  Nova Scotia Liquor Corporation (NSLC)  -  GE Capital  -  US Custom Border.

Réseau Deblecx Network & special collaboration with Emergis

Cybersecurity & EDIINT Consultant

Marc managed resources and actively participated in the following:
1. Penetration testing and vulnerability assessment service
2. Financial forensic investigations
3. Financial Business Intelligence (BI) system penetration testing
4. Red Hat linux kernel firewall development
5. Application development

Main clients of the organization were: International Air Transport Association (IATA), PEAK Financial Services, T2C2 Capital, Capgemini and Gusti.

XNETSECURE

Managing Director

Marc was working at the architecture level of public Information Service of IATA. He worked on functional analysis, plans, access control, practices and SDLC audit of external providers.

He also developed many lines of code in several languages to increase and maintain functionality of many systems such as the Internet Unit Load Devices (IULD) for cargos and the Exchange Rates (xrates) system used between airlines.

He was a member of IATA Computer Security Incident Response (CSIRT), audited e-commerce development practices and controlled online identity & access control management (IAM) to IATA public services.

International Air Transport Association (IATA)

Internet Development Analyst (ITS/CSIRT)

Marc worked for Momentum Business Systems (acquired by Momentum Digital Solutions  -  OnX Enterprise Solutions). At Momentum, he was mainly involved in:
-  Analysis and Object Model Definition
-  Coding and Deploying Collaborative Applications
-  Development & Implementation of Collaboration Systems

OnX Enterprise Solutions

Programmer Analyst

Marc collaborated during several years with PEAK as an external consultant.

He designed and implemented:
-  Windows Network (DC)
-  Corporate Website and Intranet
-  VPN solutions for stock exchange
-  Microsoft Exchange Server & filtering

He also collaborated about:
-  Application & Database Development
-  Security Penetration Testing
-  Cyber verification of PEAK's online services


With over $6 billion in assets under administration, PEAK is positioned as the leader amongst independent full-service dealers. From coast to coast, the PEAK Financial Group has captured the trust of over 1,000 independent Advisors, professionals and employees registered throughout Canada, enabling them to successfully serve more than 135,000 clients by delivering unbiased financial advice for their investments.

Marc-Andre Heroux

Marc-Andre Heroux