Illinois State University

Managing Director at Protiviti

Serving as Statewide Chief Information Security Officer, I drive positive cybersecurity outcomes for residents and visitors that leverage resources delivered by Agencies across the State of Illinois.  By building relationships and maximizing value provided through Federal - State - Local partnerships, I strive to promote and implement our unified cybersecurity strategy while providing tactical support where needed.  As a public servant, I'm honored to lead a talented cybersecurity team dedicated to serving our residents and neighbors in the accomplishment of this mission.

Illinois Department of Innovation & Technology (DoIT)

Statewide Chief Information Security Officer

As a leader within Protiviti's Security & Privacy practice, I lead the implementation of global information security programs at clients focusing on security governance, operations, and strategy functions across multiple industries.  As a business-oriented leader, I blend the practicality of day to day operations and the vision of a security executive to help companies deliver successful business outcomes securely.

•	Guided transformational cyber security initiatives for 5 clients to create tailored policies that blended regulatory mandates, leveraged NIST CSF principles, and empowered clients’ technical and business teams to enact robust security measures in their day-to-day operations.
•	Served as a trusted advisor to senior leaders, audit executives, and boards of directors on shaping cyber security strategy, meaningful metrics, and leading practices to deliver successful program governance.
•	Accelerated security program maturity and effectiveness through hands-on leadership and strategic projects with prominent clients in the financial services, insurance, manufacturing, and telecommunications industries to meet regulatory requirements.
•	Directed and developed a dynamic security and risk management consulting team of 70+ professionals. Mentored both junior and senior leaders to achieve peak performance and exceed client expectations. 
•	Led Protiviti’s Americas Delivery Center for Third Party Risk Management (TPRM) service delivery, executing 500+ annual assessments, increasing process efficiency by 30%, reducing vendor risk by 40%, and providing visibility to emerging risks in the client's vendor ecosystem.
•	Built metrics programs designed to answer simple questions related to the security program performance. This enabled faster control failure remediation and improved decision-making abilities for executives and board.

Protiviti

Managing Director

As an Director in Protiviti's Technology Consulting practice, I lead complex engagements designed to identify, prioritize and in some cases remediate evolving cyber security issues.  As a member of Chicago's Security & Privacy leadership team, I guide the development of our products and services, develop our team and work with our clients to understand their challenges and bring innovative solutions.

•	Orchestrated a complex global client’s portfolio of 15 security projects to holistically remediate known issues and improve the security/resilience of the client’s entire technology environment. The project culminated with resetting 100% of all user and functional accounts (160K) in 48 hours. 
•	Guided transformational cyber security initiatives that often resulted in a cost savings due to optimized security budgets. Implementing these changes materially increased the maturity and effectiveness of clients’ security programs at or above industry benchmarks. 
•	Executed maturity, capability, governance, strategy, and organizational design assessments for clients and developed actionable and realistic roadmaps to improve client cyber security control environments.
•	Methodically increased the maturity and capability of a client's security program, integrating IT and OT security programs.
•	Evaluated a client's entire security program to create a transformation plan detailing the path to closing gaps while retaining/retraining key personnel. The goal was to resolve redundancies in technology and create a operational budget with no increase for the client.

Director

As leader in Protiviti's Security & Privacy practice, I lead complex engagements designed to identify, prioritize and in some cases remediate evolving cyber security risks.  As a member of Chicago's S&P leadership team, I guide the development of our products and services, develop our team and ensure that our service levels exceed what we promise to our clients.

•	Led several cyber program office engagements to quickly support and improve clients' cyber security programs.
•	Designed, developed, and implemented cyber security policies and organizational risk management metrics to communicate and monitor executives’ cyber security expectations.
•	Served as a subject matter expert on cybersecurity IT audits in the areas of incident response, vulnerability management, network security, security governance, security operations, and endpoint security.

Associate Director

•	Served as the Information Security Officer for the FINRA registered broker-dealer.
•	Developed and managed a compliance program to collect and track evidence for the Global Trading Group’s internal audits, SOC 1 Type II audits, and regulatory (FINRA, SEC, FFIEC) exams, reducing issues by 90%.
•	Led cyber security, application security, business continuity, disaster recovery, incident response, and physical security programs for the Global Trading Group across the Group’s 90+ applications and 46 locations.
•	Worked closely with cross-functional application development teams to incorporate cutting-edge security design principles and leverage SAST, DAST, and penetration testing findings into product backlogs, effectively enhancing the security posture of a diverse portfolio of applications within the Group.
•	Implemented a compliance monitoring strategy, developed metrics to provide governance, and managed issues for these areas of responsibility within GRC platform.
•	Reviewed client contracts for security requirements, presented security program information to clients, supported on-site visits/datacenter tours and responded to over 100 client questionnaires annually.

SunGard Financial Systems

Group Security Officer, Global Trading

• Led Aon's Global Infrastructure Security Team, which was accountable for the leadership and delivery of several global programs including vulnerability management, data loss prevention, and security architecture. 
• Created, delivered, and evolved security metrics to track and improve performance of process participants for security programs under management.
• During the acquisition of Hewitt by Aon, created converged network security, vulnerability management, systems security policies/standards, and developed secure architecture standards for all internet facing environments and the global WAN.
• Designed, implemented, and supported the ongoing management of Aon’s policy exception and risk acceptance processes within the Archer GRC platform.
• Annually reviewed and executed 30+ projects in a security architecture role to ensure that all information technology projects have adequate security governance support. Informed and advised senior IT and business leadership of residual technology risk to assist in the decision-making process.
• Led an international team of cybersecurity and risk management professionals to deliver infrastructure security services to a global organization.
• Managed Aon’s data loss prevention program to protect benefits client PII and support Aon’s PCI program.

Director, Global Infrastructure Security

• Responsible for executing security audits, reviews and projects as assigned in support of the successful security program delivery of the primary human resources and benefits provider of the Fortune 500.  
• Managed Hewitt's annual external network penetration test exercise, performed re-tests and assisted technology professionals with remediation techniques.  Provided overflow capability to the security testing and validation team by penetration testing web applications to ensure client data was secure.  Provided thought leadership on virtualization, operating system and network security standards.
• Managed an internal network penetration exercise (red team) to facilitate a live incident response test.  This exercise identified gaps in infrastructure and provided technical teams with real-life evidence and incident response scenarios.
• Augmented the penetration testing team to address workload fluctuations and maintain program continuity.

SRM IS Security Consultant

• Managed a global vulnerability management engineering team (8 FTE) that delivered highly effective global services, including vulnerability risk reporting (technical, management and dashboards), vulnerability risk triage, antivirus reporting/process oversight and anti-phishing/online brand protection.  
• Designed, maintained and managed ABN AMRO’s Vulnerability Information Portal (VIP), which was a business intelligence application designed to report vulnerability risk findings on 270,000 systems on a global network.  Directed the VIP development staff as well as monitored service satisfaction levels with regional information security officers to ensure that expectations are exceeded. Provided risk mitigation solutions and action plans as part of an international information security crisis team (GCIRT).
• Designed and assisted with the deployment of the global vulnerability management infrastructure which included on-site deployments in Brazil, Netherlands and Scotland and several other remote deployments worldwide.
• The vulnerability management program as deployed enabled the organization to reduce network vulnerability risk (year over year) by 80% in 2007 and 40% in 2008.
• Managed pen testing logistics for a global penetration test exercise to perform a limited scope test against 140+ applications in six weeks.

ABN AMRO

Assistant Vice President, Security Engineering Team Lead

Managed the day to day operations of the vulnerability management infrastructure, including report delivery and integration with other IT Service delivery teams.  Identified and tested security settings of the organization's modems, managing the connection accreditation process.  Served as the subject matter expert in several Computer Incident Response Team events and provided expert advice when security related events transpired.

Provided thought leadership in the areas of vulnerability management in support of the Services IT initiative planning process.  This effort included defining budgets, technology support and staffing levels for several different possible scenarios.  Reviewed outsourced IT service contracts to ensure that corporate standards and best practices in the areas of vulnerability management were appropriately covered.

LaSalle Bank

Network Security Engineer

Assessed and implemented information security architectures, improving client security programs through the application of best practice and sustainable deployments. Predominately served clients in the financial services and manufacturing industries and executed vulnerability assessments, ISO 17799 assessments and network penetration tests. Additionally provided information security assessment and program management services in support of Sarbanes-Oxley control reviews. Delivered an IBM MQ Series technical assessment seminar at a national ISSA conference.

Senior Consultant

Delivered information security services to clients designed to identify, mitigate and eliminate subsequent risks from client organizations.  Managed a network security team for a financial services company during the divestiture and subsequent acquisition of two separate companies.  Implemented various security products (vulnerability management, security compliance and NIDS) at several global organizations.  Additionally performed vulnerability assessment and network penetration tests on client request.

Arthur Andersen

Technology Risk Consultant through Senior Consultant

Led an infantry reconnaissance squad and a line infantry squad while serving in the 1st Battalion, 123rd Infantry Division.  Provided battlefield intelligence collected by my team to senior officers and developed soldiers and subordinate leaders in the accomplishment of their duties.

Army National Guard

Infantry Squad Leader

Served in the United States Army as an arctic infantryman, platoon/company radio telephone operator, infantry team leader and Training Room NCO in the 5th Battalion, 9th Infantry and 1st Battalion, 17th Infantry units.  Deployed to several rotations at the National Training Center (NTC) in Fort Irwin, California, a Cobra Gold joint training exercise in Thailand, and six months in Guantanamo Bay, Cuba in support of migrant relief operations (JTF 160).

As the Training Room NCO, provided all personnel support for a 120 man infantry company and was in charge of all communications, signals and information systems for the unit.  Additional duties included handling all classified documents and serving as the assistant Unit Movement Officer in charge of deploying the company to any location in the world.  While deployed to Guantanamo Bay, Cuba was assigned as the operations NCO in charge of all daily operations for a 1,500 person migrant village.

Jason Bowen