CISO

Contact Information
Name:	john seeker
Email:	postille2002 (at) yahoo (dot) com [email concealed]
Location:	city, , Switzerland
Resume
Position/Title:	CISO
Resume:	Michael S. Oberlaender, MSc, CISSP, ACSE, GSNA 9918 Birksbridge Court, Spring, TX 77379, USA Home: 832-717-7804 (after 7PM CST); Email: michael.oberlaender (at) gmail (dot) com [email concealed] Summary of Qualifications Diploma-certified physicist, Senior IT Professional (20+ years). Very strong analyst, thought-&team-leader with cross functional IT/business experience including people-, budget- and project management, enterprise security, infrastructure, operations, SW-/Database development. Self-starter driven to achieve outstanding results. Internationally experienced Manager, problem solver. Professional Experience Publicly traded company Houston (Houston area), TX, USA (04/21/2007 - current) CHIEF INFORMATION SECURITY OFFICER for 13,000(+) global employees (leading energy supply manufacturer) Protect and secure strategically all company information assets and develop and run the corporate awareness and security program. Define targets, create solutions, and succeed against competitive information espionage. - Reviewed and updated the corporate information security policy following international best practices (ISO, NIST). - Defined security standards for all information assets. Subject matter expert on all security issues. - Held presentations on corporate IT council meetings regarding policy and risk management, threats and solutions. - Tested and analyzed critical corporate information assets against vulnerabilities from malicious attacks. - Introduced the global risk assessment process for all IT. Presented to CEO, CIO and other management. - Executed budget and roadmap planning. Introduced data classification and awareness campaign. - Currently reviewing and advising in regards to the international law situation about (EU) privacy and (US) litigation / discovery processes (EU directive 95/46/EC and FTC). - Performed a PCI compliance assessment (done); currently designing corporate wide solution and implementation plan. - Participating at conferences, continuous education events. Vendor and tool selection, standardization. Heidelberg Americas Inc. (www.heidelberg.com) Kennesaw (Atlanta area), GA, USA (01/01/2005 - 12/31/2006) GLOBAL IT SECURITY MANAGER for 18,000(+) global employees (leading commercial printing equipment manufacturer) Strategically designed and managed the IT Security program and steered the internal and external involved people. Created awareness, improved reliability (C-I-A) and was responsible for overall performance. Tracked and adjusted security incidents and problems and created/optimized processes to reduce global impact. - People Management: training, development, team-building, projects, internal employee-leadership and steering of external consultants including budget(up to $2,000,000)-, and performance-control (5 direct reports, up to 50 in emergencies) - Strategically coordinated all security activities (Roadmap), created overview about legal requirements (also international) - Centralized security framework following ISO 17799, 27001, 27005, some COBIT, some NIST 800*SP publications - Estimated risk of affected business, infrastructure, tools and reduced or named the involved risks. - Responsible for continued development / complete redesign of the Corporate IT Security Policy (approved, published and adopted by organization as a mandatory requirement). - Streamlined whole group intranet-security-structure including design, content, main focus and further development - Analyzed the security status (existing infrastructure, scattered information), recommended and performed adjustments, documented the findings, created forms/templates and high level presentations for and to upper management - Developed and reviewed system hardening-guidelines, Windows 2003 Hardening (approved, published) - Improved and evaluated patching-processes, in particular in the server domain (Microsoft) - Designed and created the web-based global reporting tool for all servers and patches (self-developed with external support) - Introduced ITIL in department, like approval / rejection of change-orders of the existing infrastructure, security -incidents, - problems, - configuration items. This helped standardizing the processes and following common best practices. - Collaborated within the ECIS-Core-Team (Expert Commission Information Security), leading member of in house CIRT. - Defined and controlled KPIs (Key Performance Indicators), significantly reduced number of un-patched servers - Raised awareness and brought resolution to security issues by conducting a survey of administrators, providing guidance, and implementing practice changes. - Maintained under tight resource restraints common security best practices (Disaster Recovery & Business Continuity Plan) Suedzucker corporation (www.suedzucker.com) Mannheim, Germany (08/01/1999 - 12/31/2004) PROJECT LEADER & SYSTEM PROGRAMMER for 20,000(+) employees (marketleader sugar & food industries) Introduced and managed security as enterprise IT target, created awareness, designed policy and detailed plans of internet infrastructure, built and ran the whole DMZ structure. Secured network and servers, documented handbook of security, managed certificates, hold lectures and trained people. - Project leader: state-of the art DMZ including 7 zones of security, application level gateways and SOAP (WS-security) - Project leader: Security handbook (HISS), LAN/WAN-Safeguarding - Established a complete 4-tier Antivirus-Software-Concept, automatic updating, reduced virus-impact about 1000 %. - Backbone-redesign, resulted in a scaling throughput of network bandwidth and easily extension of the network structure - “Across the group reference person” in the area of IT-Security which led to a valuable teamwork - Contributed to the creation of the security-policy (group-level) for the CIO - Administered previous DMZ structure - completing the transition smoothly. - Selected, evaluated and reduced software. Contributed mainly to the savings of one half of the “MS select contract” - Tested hacker-tools and developed defence-strategies like wrapping or banner - hiding - Linked security-systems into the existing network-monitoring, which enabled the data center in participating and running the security infrastructure (1st level) - Tested user-management-systems, introduced SecureID cards, evaluated VPN-soft- and hardware - 2nd level-support in the field security for all tools and systems - Strategically designed all activities concerning IT-Security, i.e. 1st AV-standard, 2nd DMZ upgrade, 3rd VPN solution, 4th client rollout, 5th server patching etc. - Presented on discussions and forums, which created (and later improved) awareness and the “risk approach” - Managed certificates (“PostIdent”-procedure), so servers to the outside world were authenticated - Educated employees of the data center, evangelized correct security oriented behaviour Albat & Wirsam corporation (www.a-w.de) Linden, Germany (07/01/1998 - 07/31/1999) ASSISTANT, PROJECT LEADER, SOFTWARE DEVELOPER for 250(+) employees (software for glass industry) Assisted department head in designing / developing features, on-site and off-site of large customers, responsibly headed the source-code transfer project, developed collaboration tools (UNIX/Windows). Optimized database-usage and documentation. Becker Software / P & I corporation (www.pi-ag.de) Wiesbaden, Germany (03/01/1997 - 06/30/1998) SOFTWARE DEVELOPER for 250(+) employees (software company developing human resources standard software) Developed with 4GL software features in main and side product lines, engineered db-structure -queries, visited customers and quality-assured the products. Special task force contributor. Performed installations, tests, created a “make it happen” attitude. Prior experiences (before/beside study) Software developer, System-/Network administrator, DBA, … www.treubau.de Mannheim, Germany (08/01/1989 - 12/31/1993) Voluntary helper / data procurement www.physi.uni-heidelberg.de Heidelberg, Germany (04/01/1989 - 07/31/1989) Military service as Gunner, Tank-grenadier, Hunter German Military, Wallduern, Germany (01/01/1988 - 03/31/1989) Formal Education University of Heidelberg (www.uni-heidelberg.de) Heidelberg, Germany (10/01/1989 - 10/25/1996) scientific study: Diploma of Physics (parallel & vector-computers) (7 years degree+13 years school=20 years total education) Multi-Lingual: German (mother tongue), English (Private English Institute, Heidelberg), French, some Spanish Skills (technical experience, special knowledge, training, certifications) Security (time for CBK-domains in bold) Firewalls (Checkpoint (5rs), IP-tables (2rs), IP-chains (6mon), Cisco ACLs (4yrs), lots of Client FWs (8yrs)) Intrusion Detection / Prevention Systems (ISS, 2yrs), Application GW (6 yrs), Antivirus scanners (all, 16yrs), Patching(5yrs), SSL (6yrs), Smartcards(3yrs), ROI-calc.(2yrs), Policies (9yrs), APP-scanners(6yrs); ethereal, nmap, MBSA, CISSP from (ISC)², USA, ACSE from Integralis, Germany, GSNA from SANS, USA, myriad of class room trainings Op. Systems UNIX (14yrs)(Sun, AIX, Linux) Microsoft (20yrs)(W2K/W2K3, NT, 9x, XP), DOS (10y), VMware, CygWin Network TCP/IP full suite, IPSec, CA Unicenter, HP-OpenView, Cisco IOS 12, LAN’s and WAN’s, Ethernet, Router, Switches, SAP-router, NOVELL, HTTP(S), FTP, SMTP, SNMP, Token Ring, ATM, ISDN (10yrs) Programming C/C++, SQL, SQL Windows, PERL, Scripting + various legacy languages like Fortran, Basic, Pascal (10½yrs) Databases Oracle 7/8i, Informix, Progress, Sybase, SQL Server 2000/2005, MS-Access, ANSI SQL (10yrs) Model./ ERP UML, ErWin Designer, Power-builder (3yrs); Limited SAP, additional custom-developed tools (Perform) P/Q Mgmt MS Project, MS Project SERVER, trainings, project leader practice (10yrs), ISO 9001, ITIL, HP Service Desk Other All Offices, Exchange, Lotus Notes, Sharepoint, Netmeeting, FrontPage, GoLive, web server (Apache, IIS)