| Contact Information | |
| Name: | mark waldis |
| Email: | mwaldis (at) charter (dot) net [email concealed] |
| Location: | mascoutah, Illinois, United States |
| Resume | |
| Position/Title: | Security Consultant |
| Resume: |
SUMMARY Mark Waldis has over 21 years of systems operations and programming, security, business continuity planning and information systems auditing experience. Mark started with the U.S. Army in 1984 as a computer operator, then to the National Bank of Washington, in 1986, Chevy Chase F.S.B., in 1987, Peabody Coal Company in 1989, and May Department Stores Company in 1991 as an Information Systems Auditor. May Department Stores Company in 1992, and Pet Foods in 1993 as a Security Administrator and Business Continuity Analyst. Ernst & Young in 1995 as a Security Manager and Consultant. IBM Global Services in 1996 as a Security Analyst, 2000 as an E-business Security Specialist, 2002 to present as a Security Specialist. Mark Waldis helped establish a new Information Systems Auditing function at Chevy Chase F.S.B. allowing the bank to provide leading edge credit card physical and logical security controls that did not exist in the industry at that time. At Peabody Coal Company developed computer programs to check and monitor mission critical applications in real time as apposed to traditional data request processes that provided more efficient audit coverage, proactive security monitoring and more accurate system testing. At May Department Stores Company established the initial set of Technical Systems auditing programs to review areas within the company that had never been reviewed before, such as Tandem, MVS, and CICS operating systems. In addition, provided justification to senior management for implementing RACF security software, and to include implementation of RACF security software. At Pet Foods, developed an automated computer program to monitor and alert management on potential fraudulent transactions processed through the company’s EDI infrastructure. Established a business continuity function within the company to help business owners develop, test and document disaster recovery plans. At Ernst & Young, started the Security Consulting practice in St. Louis, helping to establish new clientele and provided security consulting services to existing financial services clients. At IBM Global Services, developed a certification process to ensure network connections between IBM and our customers were secure. Process included utilization of penetration testing tools, and establishment of security practices. In addition, successfully lead the security team when tasked to convert a large fortune 500 company’s computer system and build an entirely new infrastructure and computing environment. Lastly, worked with a security team to present a total security solution for the U.S. Navy based on a Request for Proposal, the security solution was positively accepted but the overall engagement was awarded to a competitor. Mark has presented at Southern Illinois University – Edwardsville on E-Business Security Practices and has presented to existing and potential new IBM customers on IBM’s E-Business Security Solution. SPECIALITY SKILLS • Risk Management • Privacy and Protection • Remediation/Mitigation Planning and Execution • Physical Security and Social Engineering • Change Management • Main Frame, AS/400, Servers, Middleware, Network. • DR and BCP Planning and Evaluation • Physical Security and Logical Security • Training including Security Awareness • IS017799, HIPAA, FERPA, CJIS, IRS, SSA, SOX, and Regulatory Compliance • Vulnerability Assessments (ISS, Netsus, NSA, nmap, Saint, Cops, Cheops) • Threat Assessments • Network and Host Based Intrusion Detection • Security Architecture • System Health Checking (ESM,SCM,VSA, Scripting) • Baseline analysis • Policy Gap analysis and Mitigation CERTIFICATIONS • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA). • Certified Secure Network Gateway Administrator (SNG) TRAINING • MIS Training Institute, SANS, IBM Share conference, NetSec conference, AIX administration, Global Knowledge (Advanced Security Boot Camp), RACF Security Administration. • Regularly attend online webinars and view CD based computer training. EDUCATION BS Accounting, 1982 from Ferris State College AAS Computer Science, 1986 from Central Texas College PRIOR WORK EXPERIENCE IBM 2002-present Security and Risk Compliance Officer Functioned as a Security Compliance Officer for 5 large Outsourcing Accounts • Responsible for development of joint security standards and policies for newly contracted customers. • Created baseline and gap analysis reports to identify risk and exposure, which facilitates development of remediation project plans • Development of logical and physical security processes to include patch management, health checking, exception processing, and security change management • Reviewed with customers on a regular basis, overall project plans, risks, and mitigating controls to be implemented. • Responsible for review of large contract security requirements, evaluated contract requirements to input into a joint use security policy that identifies roles and responsibilities, services and technical settings to be implemented. • Facilitated discussions with systems subject matter experts to ensure control areas are addressed across server, middleware and mainframe environments. • Responsible for reviewing audit findings from internal and external auditors to determine impact, relevance and remediation required to address potential exposures. • Developed security standards to adequately address Federal Regulatory security requirements. • Responsible for review, communication, and resolution of security issues identified during Strategic Outsourcing contracts so that contracts can move into security and audit compliance. • Responsible for knowledge transfer of new customers, this data gathering is documented to provide foundation for development of new security standards to be deployed. IBM 2000-2002 E-Business Security Specialist Functioned as the Security Specialist managing security for St .Louis E-business web farm. • Developed ID management tool to track, authorize and revalidate system access • Presented to existing customer IBM’s security solution and helped them to understand security areas of concern • Reviewed Network Intrusion Detection activity and initiated and actively was involved in security incident management. • Regularly reviewed firewall configuration settings, rules, and logs to ensure security controls were in place. • Participated in audit remediation activities, ensure remediation activities were taking place and moving forward. • Evaluated new proposals for security architecture options • Regularly produced and reviewed systems security reports to identify security non-compliance. IBM 1996-2000 Security Technician Functioned as a Security Technician performing a variety of security duties depending on customer requirements. • Provided Top Secret security support and consulting for a large Midwest utility company. • Provided security consulting and advice for a large energy company and a large Aerospace company. • Developed a network security checking process to ensure internal and external connected networks were properly established prior to moving into a production environment within IBM. • Conducted RACF security reviews to identify security exposures and present those to management. Ernst & Young 1995 – 1996 Security Manager/Consultant Functioned as a Security Consultant for several large fortune 500 companies • Executed security assessments on customer systems utilizing Axent security tools. Reports were generated and presented to customer for review. • Participated in Security Architecture meetings, reviewing customer security environment and providing recommendations on security controls they may wish to implement. • Reviewed organizations security policy for adequacy provided recommendations for improvement. • Reviewed organizations security environment to identify security vulnerabilities and/or exposures, and presented those findings to Management. • Helped organize and establish a consulting presence in St. Louis as the first Security Manager Pet Foods 1993 – 1995 Security Administrator Functioned as a the Security Administrator and Business Continuity Analyst • Managed RACF security settings and controls for the company. • Established business continuity role to assist business application teams with disaster recovery preparedness. • Developed programs utilizing 4th generation languages to monitor system activity and automate repetitive tasks. • Reviewed new server environments created for security exposures, reviews included assessing Windows NT, OS/2 server, and workstation security controls. • Developed several programs to gather and match EDI data to ensure proper controls were in place between customers. • Regularly attended RACF and ISSA user group meetings, as a facilitator and presenter. May Department Stores Company 1991 – 1993 Information Systems Auditor and Security Administrator Functioned as an Information Systems Auditor and Security Administrator. • Performed system and application level audits such as Tandem, CICS, MVS, and general ledger. • Initiated an effort to implement RACF mainframe security system through a risk assessment report. • Performed the conversion from Top Secret to RACF security system. • Managed RACF security settings and controls for the company. Peabody Coal Company 1989 – 1991 Information Systems Auditor Functioned as a Information Systems Auditor • Performed general and system technical audits, to include ACF2, CICS, IMS, VM and manufacturing applications. • Developed programs to monitor and provide data extraction for further analysis and study to ensure controls were properly in place. Chevy Chase F.S.B 1987 – 1989 Information Systems Auditor Functioned as a Information Systems Auditor • Performed system and application level audits such as Credit Card Operations, and Check Processing systems. • Helped organize and establish an Information Systems auditing function by developing documentation and process flows. • Developed a cost justification for purchase of 4th generation language software to report and extract data for auditing purposes. National Bank of Washington 1986 – 1987 Information Systems Auditor Functioned as a Information Systems Auditor • Performed application and general level audits over the following areas, savings, demand deposits, and Data Center Operations. United States Army 1983 – 1986 Logistics Specialist • Performed Computer Operations duties such as loading input cards for data input, mounting tapes, inserting and removing media platters, documenting batch jobs, and 1st level help desk support. PROFESSIONAL ASSOCIATIONS • Information Systems And Control Association (ISACA) • SANS |