Cyber Security Expert ★ Protecting people and companies from fraud and other bad things that can happen online
Growing up geek Brian tended to void a lot of warranties. If it ain’t broke, fix it until it is! This intellectual curiosity continues to help Brian understand how things work and to better protect the things that matter.
Brian is a cyber security expert with 20 years of experience, a Certified Information Systems Security Professional (CISSP) and has worked primarily in highly regulated industries like financial services and the energy sector. He is an active participant in the information security community, has been featured in various print articles and radio interviews as well as been a guest speaker at IT Management conferences.
Brian s also passionate about people, travel and adventure.
Specialties: Infrmation security, risk management, security metrics, identity and access management, internal controls and regulatory requirements, privacy and ethics, cryptography, incident response and handling, online fraud.
Information Security at Capital G Bank Limited
September 2010 – Present (3 years 8 months)
- Developed and maintained information security policies and standards
- Standardized identity and access management technologies and practices across the line of business applications (covering requests, provisioning, authentication, authorization, role based access, access certification and de-provisioning)
- Design and implement identity and access management and transaction verification/signing solutions for Internet banking
- Developed and led the web fraud protection strategy and implementation
- Developed and led the security incident response team
- Led the vulnerability management program to identify, measure, prioritize and remediate risks
- Developed and maintained system configuration baselines and monitored for unauthorized changes
- Developed and maintained security metrics covering security incidents, vulnerabilities, unauthorized changes, identity and access management and anti-malware
- Participated in the conversion of core banking applications (FISERV’s Signature, Teller, Aperio, Nautilus, Corillian)
- Implement technology and processes to reduce online fraud and protect the company’s brand and reputation
Digital Advocate & Founder at Clearware
March 2006 – Present (8 years 2 months)
80% of users never or rarely read license agreements. Clearware started as an initiative to research and propose solutions to make it easier for average consumers to better understand end-user license agreements (EULA).
Clearware guidelines includes a set of symbols (similar to care labels on clothing, nutrition labels on food and warnings on hazard material) to represent the terms and conditions of a license agreement that impact control over user experience, privacy and system security. An electronic version of the label was also proposed to enable the automated processing and handling of these terms in software.
Brian continues to advocate for consumer rights by collaborating in these related online initiatives:
1 recommendation available upon request
Adjunct Lecturer at Bermuda College
January 2011 – January 2014 (3 years 1 month)
- Introduced students to information security fundamentals and policies
- Developed lesson plans, labs and exercises
- Evaluated students understanding and progress with exams, tests, assignments and projects
Director, Global IS Risk Management at Manulife Financial
January 2009 – July 2010 (1 year 7 months)
Fortune 100 insurance and financial services company serving millions of customers in 22 countries and territories world-wide.
Coordinate the development and implementation of global security programs including strategy development, security risk management, security architecture, vulnerability management, security metrics, security incident management, security operations centre, endpoint security, data loss prevention and litigation hold requests (eDicovery).
- Reduced software licensing expenses by $105K annually by reviewing the needs of divisions and negotiating more favourable terms with vendors
- Reduced professional services costs of annual global penetration testing by $100K over two years through due diligence and vendor management
- Lead the security risk assessments and vendor evaluations of global initiatives (Global Network Optimization, Enterprise Records Management, SSL VPN, Single Sign-On and opening new offices in China).
- Established and chaired monthly Security Working Group conference calls and initiative based taskforces involving risk managers, security officers and subject matter experts world-wide.
Principal Security Consultant at Assurity Consulting Inc.
June 2007 – January 2008 (8 months)
Global information assurance and security risk management consulting for leading financial services and telecommunication providers in Canada and Saudi Arabia.
- Developed and delivered awareness workshops and readiness assessments to various banks in Saudi Arabia regarding Payment Card Industry Data Security Standards (PCI DSS)
- Developed Enterprise Information Security Architecture for a startup bank in Saudi Arabia
- Developed a sustainable compliance programme for a Canadian communications and media company (Rogers Communication) to address privacy (PIPEDA), financial reporting (SOX), payment card industry (PCI) and business requirements.
- Architected and planned deployment of enterprise wide network intrusion detection systems for a leading Canadian and European insurer (Great-West Life).
- Architected and deployed technology and processes to encrypt Internet email with third-parties for a leading Canadian insurer (Great-West Life).
1 recommendation available upon request
Information Security Officer at Blackmont Capital Inc.
June 2004 – June 2007 (3 years 1 month)
- Implemented IT Service Management processes for change management following ITIL standards.
- Established a Business Continuity Planning Committee with senior management from all areas of the business
- Implemented enterprise wide email archiving and supervision capabilities to comply with regulations in the securities industry
- Established a framework of internal controls to comply with Bill 198 and Sarbanes-Oxley (SOX) for corporate governance
- Provide information security leadership for Canada’s leading independent investment management firm (AUM $14.1 billion) with business in wealth management, asset management and capital markets.
- Build and maintain corproate governance and security programs to meet regulatory requirements of the Investment Dealers Association of Canada (IDA), National Association of Securities Dealers (NASD), U.S. Securities and Exchange Commission (SEC) and the Ontario Securities Commission (OSC)
- Develop, maintain and lead business continuity and disaster recovery plans
1 recommendation available upon request
IT Security Manager at Capgemini
2002 – 2004 (2 years)
Manage IT security services in an outsourced managed security services provider (MSSP) environment for energy and utility clients.
- Reduced number of reported S5900 (SAS70) exceptions from 34 to 4 in one year by developing a compliance program
- Identified and eliminated 40-55% of users as unauthorized by enhancing and implementing identity and access management processes
- Generate revenues of $100,000 to $700,000 (per project) by leading project teams in the preparation of proposals, business cases, recommendations, alternative selection, project planning and implementation of security tools, processes and systems.
- Manage an enterprise wide information security program for a world leader in management consulting and IT services.
- Provide managed IT Security services in a multi-client environment specializing in the Energy and Utilities sector.
- Develop information security policies, standards, procedures and programs complying with NERC and Sarbanes-Oxley.
- Coordinate, participate and respond to external Section 5900 (SAS70) audits for our customers.
- Perform audits of systems and controls to assess vulnerabilities and analyze risks involving technologies such as Windows, Unix, OS/390, SAP, PeopleSoft, Oracle and others.
- Participate in certification and accreditation process to ensure new systems and changes are authorized and meet security requirements.
- Perform and lead investigations of alleged or potential security violations by staff and/or external groups and provide expert advice during litigation.
Information Security Officer at EDULINX Canada (CIBC)
2000 – 2002 (2 years)
- Developed an enterprise security organization to meet RCMP security standards that lead to being awarded a $100 million government contract.
- Develop and manage information security for $30 billion of client assets.
- Communications Security (COMSEC) Officer for Canada Student Loan Program.
- Build and maintain the security infrastructure for a major financial services provider consisting of Windows, OS/2, AIX/SP2, and OS/390 environments consistent with ISO 177799, Government of Canada Security Policy, The Personal Information Protection Act and Electronic Documents Act, The Privacy Act, and other client security requirements.
- Develop and deliver security awareness programs to ensure that employees are aware of the requirements for information security.
- Conduct threat and risk assessments, identify exposures through penetration testing and gap analysis and conduct regular audits of all sites accessing financial data.
- Engage consultants and third parties to fill the gaps in resources and expertise as required.
- Design and implement tools and procedures for intrusion detection, threat and risk assessment, incident handling, public key encryption (PKI), virtual private network (VPN), LDAP, audit trails, alerts, and reports.
- Review and approve change requests to identify security risks and gaps.
Advisory System Engineer at IBM Canada
1994 – 2000 (6 years)
- Reduced cost of distributing software patches by over $200,000 per year
- Pioneered the development of first generation content filtering technology.
- Successfully deployed a large distributed Windows network affecting 60,000 users for the largest separate school board in Canada.
- Leading member of IBM’s StudeNTVista development project creating international solutions for a secure classroom environment.
- Developed the national support structure for IBM’s Internet ecommerce products.
- IBM Achievement Award and IBM StudeNTVista Development Project Recognition Award.
- Defect and how-to support for various IBM software products such as OS/2, Personal Communications 3270/5250, Communications Server, Host-on-Demand, WebSphere and others.
- Draft contracts and deliver onsite and remote technical support.
- Identify security gaps and recommend changes based on best practices.
- Implement security policies and firewall rules for production LAN connected to the Internet via satellite to comply with corporate policies.
- Analyze TCP/IP and SNA network traces (protocol analysis).
- Develop and present skills transfer workshops.
CISSP (ISC)2 License 30005 February 2002
CISA ISACA February 2003 to February 2006
English (Native or bilingual proficiency)
Skills & Expertise
Information Security Management
Information Security Policy
Enterprise Risk Management
Civil Engineering, 1992 – 1994
Volunteer at Open Notice
January 2013 – Present (1 year 4 months)
Information Security Manager at PostNuke
January 2002 – December 2002 (1 year)
Established a computer security incident response team (CSIRT) for the PostNuke Content Management System (CMS).
Volunteer at Team OS/2
1996 – 1998 (2 years)