Pingree On Security

Lawrence Pingree – CISSP

Summary

With over 14 Years of Information Technology and Security experience, I am currently seeking a management or security architect position utilizing my extensive background in engineering, technical architecture, networking, security policies, procedures, systems analysis and auditing.

Industry Participation

• Currently Vice President of the Digital Forensics Association

• Member of the Silicon Valley chapter of the ISSA (Information Systems Security Association).

• Member of the Open Web Application Security Project (OWASP)

• Served as Vice President of the Springtown Association Board of Directors

Publications

Book: “The Manager’s Guide to Becoming Great” by iUniverse Publishing – Author

Book: “CCSA Study Guide” by Syngress Media/McGraw Hill – Author and Technical Editor

White Paper: Analysis of VRRP v2 Issues and Solutions

Blog: LawrencePingree.com “Pingree on Security”

Special Talents

Vendor Negotiations, Contract Negotiations, Budget Management, Program Management, Goal

Development and Strategy Development.

Certifications

CISSP CCSA CCSE

CCSI NSA ICE

NSS NCSA NCSP

CISA – Pending

Knowledge

BGP OSPF IGRP EIGRP

RIP v1 & v2, and PIM 802.11 PKI

RADIUS AAA IKE 802.1x

GLBA Sarbanes Oxley (SOX) Common Criteria

SB1386 COBIT ISO 17799 ISO 27001 FISMA

Select Experience

Research Director – Cloud Security and IT Security Technologies at Gartner, Inc. (Research Available here)

Nov 2010 – Present

I am responsible for research in the security technology market which includes analysis of market size, emerging security trends, security technologies within the data center and cloud security.

Sr. Security Engineer at Williams-Sonoma, Inc.

June 2009 – August 30th 2010

• Responsible for the review of security alerts originating from our MSSP security monitoring service including triage, investigation and root cause analysis

• Instrumental in coordinating compliance remediation efforts effectively raising our systems configuration compliance levels from approximately 40% compliant to over 98% compliance in just 6 months for over 200 systems.

• Participated in the prioritization and planning for our $1.6 million capital expense budget aligning it to both business and information security program goals.

• Responsible for Corporate Security Policy development

• Developed Security Operations procedures to maintain regulatory compliance in accordance with prescriptive PCI controls

• Assisted in the internal review of corporate information security policies in cooperation with key systems administration departments in alignment with PCI, SOX and future regulatory frameworks utilizing CIS as a guideline for their provisions

• Participated extensively with external PCI and SOX audits by developing audit evidence and coordinating with internal compliance teams

• Actively Participated in corporate PCI Compliance initiatives and assessment

• Responsible for managing the corporate Tripwire Enterprise file integrity management product

• Responsible for RSA Envision SIEM monitoring and configuration aligned to internal PCI and SOX controls

• Evaluated the selection of Managed Security Services for key IT security systems

• Responsible for corporate Cryptographic tools (Safenet Appliances) and key management processes/procedures.

• Acted as Sr. Security Engineer, Security Analyst and Security Architect for IT projects

• Managed extensive PCI remediation efforts across IT

• Deployed corporate Intrusion Prevention systems for all corporate and ecommerce DMZ environments.

• Evaluated data loss prevention technology for future deployment and budget needs

• Responsible for review/monitoring of corporate Symantec (SEP11) virus/malware remediation efforts

Vice President at Digital Forensics Association (DFA)

July 2007 – Present

• Responsible for the development of internal policies and procedures for chapter startup
• Responsible for Member Services
• Responsible for Member Recruitment
• Member Collateral & Promotion
• Advertising and Evangelizing the Organization

Chief Information Officer (CIO) at BuddyFetch, Inc.

August 2007 – July 2009

• Currently serving in an advisory capacity while the company looks for funding sources.
• Provides strategic and tactical planning, development, evaluation, and
• coordination of the information and technology systems for the network.
• Facilitates communication between staff, management, vendors, and other technology resources within the organization.
• Oversees the back office computer operations of the affiliate management information system, including local area networks and wide-area networks.
• Responsible for the management of multiple information and communications systems and projects, including voice, data, imaging, and office automation.
• Designs, implements, and evaluates the systems that support end users in the productive use of computer hardware and software.
• Develops and implements user-training programs.
• Oversees and evaluates system security and back up procedures.

Sr. Security Engineer at McAfee, Inc.

October 2007 – April 2009

• Responsible for McAfee Competitive Analysis for Enterprise Products
• Act as liaison to Internal and External Sales staff
• Responsible for Evangelizing Enterprise Security Products & Services

Sr. Security Architect at Safeway, Inc.

August 2004 – October 2007

• Served as Security Evangelist for Safeway Information Security program
• Managed over $1 Million in budget for Application Security Program, Information Security Lab and Forensics/Investigations
• Managed complete eDiscovery Process for IT and Legal
• Responsible for over 52 Safeway Information Security policies for the Overall Safeway Security Program
• Responsible for risk assessment and remediation recommendations of all IT applications assessed by risk assessment process
• Responsible for SOX Compliance Audit and Assessment
• Liaison to the Business to promote security within Safeway
• Responsible for Training Classes for IT to ensure Information Security Standards are communicated and adopted
• Responsible for developing Safeway’s Vulnerability Assessment Program
• Responsible for Safeway’s Intellectual Property Monitoring Program
• Safeway Forensics & Investigations team lead
• Responsible for assessing application security and compliance

Chief Security Architect at Netscreen Technologies

2003 – 2004

• Managed over $600,000+ budget for the Information Security Program
• Responsible for Information Security Program
• Responsible for Creation of Information security policies
• Responsible for Security assessment and audit of IT Projects
• Responsible for the Security Awareness training program
• Responsible for New Hire Training
• Completed the rollout of a SSL VPN Solution
• Successfully deployed TWO-Factor authentication system.
• Successfully deployed corporate wide intrusion detection and prevention devices
• Successfully deployed vulnerability assessment software
• Responsible for the creation and implementation of the IT Change Management plan, schedule.
• Participated extensively in the review of the companies Sarbanes/Oxley audit.
• Reduced overall corporate systems patch level non-compliance from 70% to 10%
• Implemented processes to provide investigatory services to other departments.
• General Network troubleshooting and support across global architecture.

Chief Network Security Architect at PeopleSoft, Inc.

October 2001 – June 2003

• Lead for PeopleSoft Network Infrastructure Security Group.
• Provided enterprise networking experience to troubleshoot network and security related events.
• Designed implemented and maintain the PeopleSoft worldwide firewall security and Network
• architecture.
• Provided design and support for customer and internal IT related security solutions.
• Provided top-level support in the creation of company-wide security policies and procedures.
• Developed Unix Security standards
• Participated in the forensics, tracking and assessment of threats to PeopleSoft’s global network.
• Provided security auditing services
• Multiple Installations of Cisco PIX firewall for internal access controls.
• PIX VPN integration with Checkpoint firewall-1
• Responsible for Perimeter access controls
• SecureID strong authentication controls with Cisco routers and layer 3 switches.

Sr. Security Consultant at Siegeworks, Inc

January 2001 – October 2001

• Responsible for Training Room Setup and maintenance at the main corporate campus
• Customer Firewall Deployment
• Provided essential Pre and Post sales customer support for security products
• Network Vulnerability Assessments
• Physical security evaluations
• Taught certification courses in Check Point Firewall-1 and the Nokia Security Administrator for many large scale customers

Sr. Network/Security Engineer at Avantgo, Inc

June 2000 – January 2001

• Designed and supported the Avantgo corporate Network infrastructure on Cisco 7206 and 2621 routers
• Wide Area Network planning and support of DS3 Circuits for national infrastructure.
• Installation of corporate security infrastructure using Check Point Firewall-1(Nokia Ipsolon platform).
• Management, configuration, installation and maintenance of National and International Virtual Private Network.
• Responsible for the management and monitoring of the Avantgo National Intrusion Detection deployment.
• Created project management plans for national Intrusion detection deployment.

Sr Security Engineer at Nokia, Inc

May 1999 – June 2000

• Supported Value added resellers and end customers of the Checkpoint firewall-1 Nokia Security Appliance.
• Supporting all Network components of the Nokia product family, which included supporting OSPF,
• RIPv1, RIPv2, DVMRP, T-1 Serial Lines, Frame-Relay, CSU/DSU, Fast Ethernet and other complex environments.
• Installed 150+ Check Point firewalls across the country on Solaris, NT, and Nokia Platforms.
• Team lead for USinternetworking upgrade project. The project consisted of coordinating and assisting the upgrade of approximately 120 firewalls nationwide.
• Trained Customer Support engineers for the Nokia UK and Singapore Support centers
• This included interviewing potential candidates for each site and helping the launch of each support center.
• Developed in-house documentation and lab testing for Ipsolon integration with other security products (e.g. Cisco PIX and Axent Raptor.

Sr. Security Consultant at Verisign, Inc

December 1997 – March 1999

• Responsible for Management of San Diego Office location
• Duties included, firewall installations, technical support, pre-sales, network vulnerability assessment and physical security evaluations.
• Network and Security architecture, design and implementation for customers.
• Taught certification courses in Firewall-1, Internet Security Systems ISS product and a course in advanced hacking techniques and methodology.
• Consulted for the National Security Agency, Federal Bureau Of Investigation, Department of Defense – Defense Information Systems Agency, and other related agencies and companies about hacker attack scenarios and abilities and methods.
• Certified and taught Check Point Firewall-1 to over 400 people across the country including many large banks, Government Agencies, and fortune 500 and 100 companies.

Sr. Security Consultant at Websense, Inc

November 1996 – November 1997

• Duties included design, implementation and installation of 3 different Firewall Software packages for customers
• Responsible for troubleshooting and support for existing customers.
• Consulted in the implementation of the following technologies: Checkpoint’s Firewall-1,Borderware, and Raptor.
• Responsible for the maintenance of all NetPartners# Internal Workstations, Servers, and Internet connections using Cisco 2501 routers.
• Responsible for internal NetPartners# machines including Windows 95, Windows NT Workstation and Server.
• Responsible for implementing a clear and concise backup policy for our networked machines.
• Responsible for implementing a standard WinNT Login and Drive mapping policy, and administration our Corporate SQL Server.
• Final duty included the management of our corporate computer security policy and our corporate Firewalls.

Education

Las Positas Community College, Criminal Investigations, 2007 – 2007

Las Positas Community College, Criminal Evidence, 2006 – 2006

El Capitan 1990 – 1994

Honors and Awards

2009 – Participated in ISACA 26th Anniversary Winter Conference PCI Panel Discussion with other industry leaders

2007 – Presented at SecureWorld Expo – eDiscovery and Forensics

2007 – Presented at ISACA 25th Anniversary – Penetration testing panel

2006 – Presented at Cornerstones of Trust Conference on Emerging Firewall Technologies

Interests

Computers, Electronics, Hiking, Biking & Exploring the Wilderness

23 people have recommended Lawrence

“Lawrence is a highly technical, highly motivated individual who gets the job done. His passion for information security is second to none and his knowledge in the space is incredible. Lawrence would be a great addition to any security marketing or technical team.”

— Scott Emo at McAfee, Inc., Group Product Mkting Manager, Network Security, McAfee, worked with Lawrence

“Lawrence is an excellent professional with a breadth of knowledge of the Security Industry and its players that is second to none. While working with him at McAfee, I saw him bring a level of exposure and credibility to the company that I know would not have had been possible without him.”

— Afonso Infante worked with Lawrence at McAfee, Inc.

“I have not known Larry Pingree all that long, but from what I have seen of him, I would like to learn much more. He demonstrates great professional maturity as well as outstanding communication and people skills. I am amazed at how many information security professionals who work in Silicon Valley know and respect him.”

— Eugene Schultz when working with Lawrence at McAfee, Inc., Chief Technology Officer, Emagined Security, was with another company

“I had the greatest opportunity to work and partner with Larry Pingree at PeopleSoft. A master and intellect in information security practices, Larry was incredible in his ability to quickly analyze a situation and create solutions. In the mist of building our information security organization, Larry immediately stepped-in to plan, architect, and implement a secure network environment and developed key partnerships with critical IT and business organizations. He is an exceptional talent, professional, and a visionary leader. I would consider myself fortunate to have the opportunity to work with him again in the future.”

— Kimberly Trapani – CISO at PeopleSoft, Inc., CISO / Director Information Security, PeopleSoft, managed Lawrence

“Larry is a professional and skilled network and security engineer. He is highly motivated and driven to succeed. He keeps abreast of new technologies and is always evaluating new solutions. I wish Larry all the best in his professional career.”

— Timothy Brush Inc, Web Operations Manager, AvantGo, worked with Lawrence at Avantgo

“Lawrence is a pleasure to work with. He is always professional and comes prepared to his meetings. His competitive intelligence research has been a great asset to me and my team contributing to the success of my product. Lawrence is a keeper.”

— Harold Toomey Inc., Group Product Manager, Governance, Risk & Compliance, McAfee,, worked directly with Lawrence at McAfee, Inc.

“Larry is an asset to any team. He brings energy and a fantastic team approach to challenging situations and is ready to tackle problems. I hope to work with Larry again in the future.”

— Phil Agcaoili SecureIT), Chief Information Security Officer & Co-Founder, VeriSign (formerly, managed Lawrence indirectly at SecureIT, Inc.

“If I had to pick a single word for Larry, it would be this: Focus. Incredibly potent, laser-like focus that cuts right through “to the chase” – in the time it takes most people to realize a chase is even afoot. If that sounds like the sort of person you need (who doesn’t need him?) then you will find him to be among your most valued resources.”

— Gary Arthur Douglas II

Lawrence at PeopleSoft, Inc., Sr. Security Systems Engineer, PeopleSoft, worked directly with Lawrence at Peoplesoft

“Larry is truly an asset to any Information Security organization. His wealth of technical knowledge combined with big business know-how enables him to succeed in any diverse, high impact environment”

— Woody Hughes

Safeway, Inc., Information Security Analyst, Safeway, Inc., worked directly with Lawrence at Safeway

“PeopleSoft was moving to a complete architecture and platform change for our support systems and our customer support website. Larry worked on the project team to design security for our customer facing applications. Larry’s prior experience and understanding of how we wanted to conduct business with our customers was critical to releasing the project and new capabilities on time with minimal impact to our customer base. Larry possessed a business focus and a could relate real risks back during the process, which minimized debate as we planned, configured and communicated.”

— Sean Bingham, PeopleSoft, Inc., Director, Service Readiness, PeopleSoft, Inc., worked with Lawrence at   Peoplesoft

“Larry was a highly valued security thought leader at Safeway. He is an extremly well versed computer security professional who provided superior customer service to a wide variety of internal customers.”

— Colin Anderson, Director Information Security, Safeway, managed Lawrence at Safeway, Inc.

“Larry has a great passion about what he does. He is also willing to take the time to teach anyone who will listen. If you go to Larry needing help, he will teach how to solve your problem. He would make a great manager.”

— Benjamin Woodford

Lawrence at Safeway, Inc., Information Security Analyst, Safeway Inc., worked indirectly for Lawrence

“Larry is an incredibly sharp and well rounded information security and technology professional. In working with Larry, no matter what the technology issue was at hand, he always seemed to have a very insightful and visionary perspective. I quickly learned that he is a very valuable resource and his willingness to go above and beyond to help others makes him that much more valuable.”

— James (Jim) Range

Lawrence at Safeway, Inc., Senior Consultant, PwC, was with another company when working with Lawrence

“Larry is a technologist, very personable, creative strategist who can execute and implement the solution meeting the business needs. I know him for long time from his days at Nokia when we were building Global Firewall Management Solution and partners trust model at Applied Materials. He was, always, out there to understand our technical/complex global blue print architecture and surprised us every time with the solution. He was a life saver for my team and highly respected. I am very impressed with his progress over these years and helping companies succeed and expand globally. I highly recommend him for a leadership role in the area of security requiring to bridge the gap between business, IT and spearhead security program/product.”

— Jit Singh, was Lawrence’s client

“Larry is a brilliant Security Architect who I first met while trying to sell him NetScreen security solutions while he worked at PeopleSoft. I recall very clearly how impressed I was with his depth of knowledge, penetrating questions, wit, and engaging personality. I was thrilled when not long after Larry ended up working at NetScreen! When I moved into a Business Development and Solutions Strategy position at NetScreen, Larry became one of my most reliable and effective advisors whom I routinely sought for feedback and counsel on my most important strategic initiatives and projects. I strongly endorse Larry as a top tier player in the security industry.”

— Vince Barboni,Lawrence at Netscreen Technologies, Sr. Solution Architect – Corp Dev Strategist, Juniper / NetScreen, worked with Lawrence at Netscreen

“I worked with Larry for almost 4 years at two different companies. Larry is an extremely intelligent, dedicated, and passionate IT professional. Larry cares about continuously improving the organization and himself. I would hire Larry (and have) in a heartbeat!”

— Joshua Mauk PeopleSoft, Inc., Manager, Information Security, Safeway, Inc., worked directly with Lawrence at Safeway

“Larry was a fantasic coworker–knowledgeable, dependable, and a sincere personal interest in his field of expertise and expanding it. I knew that if I asked him something, he either knew the answer or knew where to find it. Any company would benefit from having Larry on board!”

— Laura Leff, PMP, Safeway, Inc., Director, Vendor Management Office, Safeway, worked with Lawrence at Safeway

“Larry is an excellent engineer whose passion for excellence leads him to deploy the right solution with the right components in the right way. He was a pleasure to manage, both professionally and interpersonally. I look forward to working with him again sometime.”

— Sean Casey, Avantgo, Inc, Manager of Networks and Information Security, Avantgo, managed Lawrence at Avantgo

“Larry has a lot of expertise of information security. He is very dedicated to his work at Safeway. He has contributed to the improvement of enterprise security posture.”

— Lena Shey, Supervisor Sr. IT Auditor, Safeway, worked with Lawrence at Safeway, Inc.

“Larry has been the lead engineer for digital forensics and workplace investigations for our team. His customer focus and dedication have been instrumental in handling many large scale cases. He is a skilled mentor for junior members of the team, as well as an excellent educator for raising security awareness among business groups. He is one of those rare breeds–a person with strong technical knowledge and the soft skills to interface well with all levels of management.”

— Suzanne Widup, Safeway, Inc., Sr. Information Security Analyst, Safeway, worked directly with Lawrence at Safeway

“Larry is a down to earth, very detail oriented, technical person, who knows how to get the job done. He is always ready to go the extra mile to get the job done.”

— Eric Locastro, Account Rep, Netscreen, worked with Lawrence at Safeway, Inc.

“Larry is a strong security expert. Many people know him and respect him in the area. I always heard great things about Larry.”

— Norman Girard with Lawrence at Netscreen, Technical Product Manager, Qualys, was with another company when working

“Larry made an immediate impact when he joined Netscreen. Working in the Legal Department, I soon had my consciousness raised to the significance of security awareness not just for our network but also for every aspect of our information handling. Larry weaves together threads from many disciplines into one comprehensive picture. And he’s fun, too.”

— Alex Rathbone, with Lawrence at Netscreen

Tags: able, analysis, application, applications, audit, business, car, cause, class, com, companies, compliance, connection, connections, CSI, data, day, development, device, different, duties, end, ensure, exposure, Firewalls, forensics, framework, government, important, industry, infrastructure, internal, Internet, investigation, just, Law, malware, managed, management, market, mcafee, monitoring, National, NSS, October, pci, practice, president, problem, process, product, program, question, respect, review, ROC, Security, security product, site, software, something, SOX, special, symantec, systems, technology, threats, time, tools, triage, trust, use, vendor, vulnerability, wish