Owner / IT Security Architect
Investigative Reporting and Investigative Journalism, taking a investigative approach to discover the facts related to events that matter in peoples lives. Being able to inspire truth using images, when a image is worth a thousand words. https://michaelrutt.net/pointintime A Chief Information Security Officer is instrumental in coordinating all manner of information security related issues. A vCISO drafts and approves policy, manages subject matter experts, coordinates incident response, develops information security services and work-flow. A Chief Information Security Officer will identity key assets and protect them, mitigating critical security issues. Able to communicate critical security issues to executives and key stakeholders concerning compliance issues is a top priority of a Chief Information Security Officer. Risk can include a process, work-flow, assets and vendors. Able to define the scope of risk and applying security controls through an audit process is key to define risk. A primary focus of an Information Security Architect is to provide a cost benefit analysis for security controls and mitigate risk. Showing value over time to key stakeholders provides value for your organization. Complying with federal regulation can be frustrating if you don't know how they apply to your organization. PCI, SOX, HIPPA, FERPA, GDPR, NIST 800-171 and Export Control have to be accounted for by law. It's important to make sure you protect data that is connected with any federal regulation.Applying a solid security framework around sensitive data must be a priority for any organization. NIST, ISO 27001 and COBIT are frameworks that can be put in place to protect sensitive information.
Understand federal, state and local rules and regulations and how they apply to an organization. Use all available security framework to apply security policy and standards around organizational services and data. Develop risk management around services including vendor risk, attack surface risk and gap analysis risk. Provide cost benefit analysis around security controls to mitigate risk for organizational process and data. Advise key stakeholders and help them become aware of the cost around providing effective security. Develop security architecture in an organization to provide human resources, security infrastructure, security process and policy for security controls. Subject matter experts are utilized and trained to address security needs in an organization. Able to manage a team of security staff to address critical security needs. Create an environment of security awareness at all levels. Key stakeholders know and understand information security including leadership, staff and security personal. Making sure certified security staff continue in professional development to stay on top of an ever-changing threat landscape. Security threat collaboration intelligence at all levels is developed for an organization to provide real time threat data to apply to security controls across the organization holistically. Security Leadership, able to communicate with an organization in an open manner with only the highest level of integrity, understanding the security needs of the customer. Collaboratively work with third parties that provide key services making sure the highest level of integrity is maintained. Investigative Journalism, taking a photo journalistic approach to discover the facts related to events that matter in peoples lives. Being able to inspire truth using photography, when a picture is worth a thousand words.https://www.michaelrutt.net/pointintime.html