Mark T. Edmead MBA, CISSP, CISA – Senior Compliance Consultant

PROFESSIONAL SUMMARY AND ACCOMPLISHMENTS

Over 25 years experience in computer systems architecture, information security, and project management. Mr. Edmead excels in managing the tight-deadlines and ever-changing tasks related to mission-critical project schedules. He has extensive knowledge in IT security, IT and application audits, IT governance, including Sarbanes-Oxley compliance auditing. Mr. Edmead understands all aspects of information security and protection including access controls, cryptography, security management practices, network and Internet security, computer security law and investigations, and physical security.  Mr. Edmead has consulted with Fortune 500 and Fortune 1000 companies in the areas of information, system, and Internet security. He has worked with many international firms, and has the unique ability to explain very technical concepts in simple-to-understand terms. Mr. Edmead is a sought-after author and lecturer for information security and information technology topics. He has delivered security presentations in Japan, China, Singapore, Europe, as well as the United States. He was a semi-finalist in the Entrepreneur of the Year 1988 Award sponsored by Arthur Young and Venture Magazine.

ACTIVE DOD TOP SECRET CLEARANCE

Security Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Systems Security Certified Practitioner (SSCP)
  • CompTIA Security+
  • TruSecure ICSA Certified Security Associate (TICSA)
  • National Security Agency – Information Assessment Methodologies (IAM)
  • Certificate in Homeland Security (CHS-III)

PROFESSIONAL ASSOCIATIONS AND MEMBERSHIPS

  • Member Institute of Internal Auditors (IIA)
  • High Technology Crime Investigation Association (HTCIA)
  • Information System Security Association (ISSA)
  • Member of the Information Systems Audit and Control Association (ISACA)
  • Member of the American College of Forensic Examiners
  • Member of the National Defense Industrial Association (NDIA)
  • Member of the Armed Forces Communications and Electronic Association (AFCEA)

PLATFORMS AND TECHNOLOGY COMPETENCY

  • Experienced in IT audits following BS7799/ISO 17799, COBIT, and COSO methodologies
  • Compliance audits: Sarbanes-Oxley, SAS 70, FERPA, SAS 94, SB 1386, GLB, CRF 21 Part 11, HIPAA, Basel II, BSA
  • Security policy development and deployment
  • Disaster Recovery: assessment and planning
  • Risk assessment and risk mitigation procedures
  • Company asset classification and protection
  • Access control recommendations (Administrative, Technical, Physical)
  • Operating system internal security policy and implementation, daily oversight and technical intervention in LAN/WAN and Internet security issues: access control/policies, user management, infrastructure upgrades and troubleshooting.
  • Firewall technical oversight/management and policy development
  • Intrusion detection system analysis
  • Perimeter security protection (Firewalls, IDS, VPN’s) architecture
  • PKI infrastructure design, implementation and analysis

Other Accomplishments

  • Development and delivery of information security courses including: 5-Day CISSP Bootcamp, 5-Day Security+ Hands-on Course, 2-Day Sarbanes-Oxley Security Control Course, and 2-Day ISO 17799 Course.
  • Member Compliance Solutions Advisor magazine editorial board
  • ITT Technical Institute School of Information Technology Advisory Committee
  • Member Institute of Internal Auditors (2nd Vice President San Diego 2005-2006)
  • Instructor/trainer for the Institute of Internal Auditors (IIA)
  • Contributing security editor (Ask-The-Expert) for Search Systems Management (www.searchsystemsmanagement.com).
  • Instructor for SANS Institute, Learning Tree International, UCSD Extension, and the Institute of Internal Auditors.
  • Co-Chair of California Technology Forum Conference (Internet and Security)
  • Past managing Editor of the SANS (Systems Administration and Network Security) Security Digest and contributing editor to the SANS NT Digest.
  • Editor of the SANS Step-by-Step Windows NT Security Guide and editor of the SANS Business Continuity/Disaster Recovery Guide.
  • Program committee member for SANS Network Conference Orlando 1998.
  • Received finalist nomination for Entrepreneur of the Year in 1988.
  • Past secretary for IEEE 1284.4 Working Group.

Mr. Edmead is a sought after lecturer and instructor. He has taught information security courses for the SANS Institute, MIS Institute, and the University of California San Diego. He has taught advanced Windows NT courses for Learning Tree International all throughout the US and Asia Pacific. He has presented technical papers on Windows performance and implementing information security solutions at numerous conferences worldwide including the Digital User's Group Conference (DECUS) in Los Angeles, Systems Administration and Network Security conferences in San Francisco and New York, and Windows NT Intranet conference in Tokyo Japan. Mr. Edmead has also taught Windows security seminars in Singapore, Hong Kong, Tokyo and Taiwan.

Complete list of technical articles, presentation and seminar presentations available upon request.

Mr. Edmead is fluent in Spanish and conversational in French, Italian, and Portuguese. International assignments include Japan, Hong Kong, Taiwan, Singapore, Switzerland, Germany and Scotland.

WORK EXPERIENCE

BEKKER COMPLIANCE CONSULTING PARTNERS, LLC, Los Angeles and San Diego, CA – June 2006 to Present

Senior Compliance Consultant – E-Compliance Solutions
BCCP is a boutique regulatory compliance consulting firm that specializes in providing proactive compliance solutions to many sectors of the financial services industry, including:  banks, insurance companies, hedge funds, mutual funds, broker/dealers, and investment advisers.  BCCP also provides consulting services pertaining to e-compliance solutions for clients who need assistance in upgrading their technology in order to automate all or a portion of their compliance programs.  BCCP’s core areas of expertise include:  Rule 38a-1 under the Investment Company Act of 1940; Rule 206(4)-7 under the Investment Advisers Act of 1940; Bank Secrecy Act/USA PATRIOT Act; Sarbanes-Oxley Act of 2002; and SEC Regulation S-P (privacy).

MTE ADVISORS, San Diego, CA – January 2002 to Present

Principal Director - Security Consultant/IT SOX Auditor
Performed both financial and IT control audits for variety of clients. Sample clients include: Ernst & Young, Wells Fargo Bank, Washington Mutual Bank, Booz Allen Hamilton, Intel Corporation, Toyota Motor Services, Sempra Energy, Capital One Auto Financing, Maxwell Technologies, and BDO Siedman, LLP. Project tasks included:

  • SOX/Business Analyst for Toyota Motor Services. Perform risk assessments, develop, document, remediate controls, develop SOX application and interface control documentation, perform gap analysis.
  • SOX auditor for a large mortgage and financial services firm. Audit lead for Loan Tracing and Software Development Lifecycle audits. Member of SOX IT audit team, performing risk assessments, developing segregation duties matrices, and control objective definitions.
  • Regulatory Compliance Consultant. Work with the Small Business Cash Management compliance manager in performing risk assessments based on the various FDIC banking regulations. Research of the various Federal Regulations and how they apply to the various banking business units including: Consumer Deposits Group, Regional Bank, and Business Banking Support Group. Development of risk matrix analysis for each of these business units.
  • Risk assessments/security audits for Wells Fargo vendors throughout the US to ensure they comply to with security policies, Sarbanes-Oxley and ISO 17799 standards, and other related measures.  Perform audit, risk assessment and gap analysis.
  • Perform IT General Infrastructure and Application audits in line with COBiT and COSO standards and methodologies. Plan and conduct internal IT audits in the areas of critical infrastructure/systems and applications. Assess and test internal controls of critical infrastructure platform systems – Windows, Unix, IIS, SQL, SAP, Oracle. Assess and test internal controls of various critical financial applications. Prepare risk assessments - determine risks to critical financial data systems and infrastructure components. Create test plans and test processes, execute test plans – including inquiry, observation, inspection, documentation review, re-performance, physical inspection. Document test results – substantiate all findings with complete work papers and supporting evidence. Coordinate and conduct reviews of existing systems and applications – ensuring appropriate security, management, and data integrity via control processes. Prepare written reports and communicate findings to all levels of management. Participate in audit review panel sessions to address results, conclusions, and follow-up actions required
  • Established the IT Risk Management department at Onyx Acceptance Corporation. Managed the progress of roll-out/implementation of all controls and governance initiatives at Onyx. Developed business process narratives, flowcharts, and defined, developed, and implemented control and processes as needed. Performed Business Process and IT Risk/Control services including: Application Security and Controls Assessment, Information Technology Controls, Infrastructure Security, System Project Control Assurance, and Security Management.
  • Perform IT General and Application control audit for Aeroflex, Inc. Travel to Aeroflex location, evaluate existing controls and match to COSO and CoBIT objectives. Audit of Logical System, Change Management, Data Center, Entity, and System Development Life Cycle.  Also assist application consultant with review of Revenue, Payroll, Accounts Payable, and Financial Reporting. Documented new or revised controls, evaluated of the design effectiveness of the new or revised controls, tested new or revised controls, identified control deficiencies associated with new or revised controls, and monitored corrective action plans and documented remediation efforts.
  • Aggressive project to complete SOX IT and Application control audit. Performed required activities necessary to develop and present a complete analysis of internal control issue(s) to the SOX Compliance and Tax Officer, Disclosure Committee and Audit Committee. Documented new or revised controls, evaluated of the design effectiveness of the new or revised controls, tested new or revised controls, identified control deficiencies associated with new or revised controls, and monitored corrective action plans and documented remediation efforts.
  • Sarbanes-Oxley audit of Wells Fargo Business Partner Network. The directive of this audit was to review the defined security policies that identifies who can access which data, applications, servers, or other network resources. Review of standards to ensure the consistency of security products and their configurations. Review of security controls to determine if they effectively enforce the governing policy, standards, and address threats emanating from both within and outside the enterprise network. Review of management and monitoring of controls ensure the effectiveness and appropriateness.
  • Development of security awareness training program for Sempra Energy. Performed analysis of existing security policies and development of new policies based on changes in technology, people, or processes within the company. Development of “best practices” guidelines and procedures used to protect information system assets from breaches in confidentiality, integrity, and availability. Member of the vulnerability management team — responsible for monitoring, categorizing, and implementing security controls to mitigate security risks.
  • Provided information security consulting services for Navy SPAWAR program. Projects include review of Wireless LAN technology, and other Navy technology policy implementation. Developed and delivered information security courses for Information System Security Officers (ISSO) and Information System Security Managers (ISSM) in Norfolk, Hawaii, and Japan.

 

RL PHILLIPS, LLC, San Diego, CA. December 2003 to December 2004

Senior Systems Security Architect
Provide technical knowledge and analysis of Information Assurance (IA), which includes: applications, operating systems, Internet and Intranet, physical security, planning, emergency preparedness, security awareness, and training. Perform risk analysis, assessment, and risk mitigation reports. Maintain host and network-based Intrusion Detection System (IDS) and coordinate response of CERT to real-time threats. Conduct penetration testing of production network. Review System Security Authorization Agreements (SSAA) to ensure compliance with Defense Information Technology Security Certification and Accreditation (DITSCAP) and local security requirements. Assist the Information Assurance officer in the conduct of LAN risk assessments, internal investigations, and required reports. Train and guide Information Assurance team members as needed.

KPMG LLP, San Diego, CA. August 2001 to January 2002

Senior Security Consultant.
Senior consultant in KPMGs San Diego Information Risk Management practice working with clients in the areas of Sarbanes-Oxley compliance audits, Internet Architecture Design, Windows NT/2000 security, networking techniques, security policies and procedures, computer systems and analysis, wireless security, e-commerce security, and information security. Perform network security assessments, security system reviews, development of security recommendations and ethical hacking.

PLANESIA, Inc. San Diego, CA. April 2001 to September 2001

Vice President Technology/CTO
In charge of the architecture, infrastructure design and development of Planesia e-commerce shopping solution. Managed 22+ team of Internet Java developers and multimedia/web designers. Technology was implemented using ATG Dynamo and WebMethods B2B Commerce software. Planesia is a universal shopping cart (checkout) that allows users to purchase from a wide number of merchants at the same time. Interfaced extensively with portals, merchants and investors. Responsible to technology development, hardware architecture, co-location issues, site reliability and performance, and security. Development of company’s privacy statement and security procedures including incident handling, business continuity and disaster recovery, as well as all of the corporate security policies.

IBM CORPORATION, San Diego, CA. January 1998 to January 2001

E-Commerce Consultant, Security and Privacy Services.
Mr. Edmead managed a $70M security architecture/web-enabled technology project for the City of New York. This includes architecture design, web technology evaluation, and integration of third-party solutions. In addition to his management expertise, Mr. Edmead is a well-known network/Windows NT security specialist responsible for network security assessments (ISO17799), security system reviews, development of security recommendations and ethical hacking. Other projects include assisting companies develop a secure and reliable network system architecture for their web-enabled businesses. Clients include Fortune 500 and Fortune 100 companies in a variety of industries such as health care, financial institutions, insurance and government agencies.

World Health Organization, Geneva, Switzerland. May 1997 to December 1998

Systems Security Consultant (Contract Position)
Participated in the rollout and migration of workstations to Windows NT 4.0, as well as the development, operation and evolution towards an electronic user desktop environment. Worked extensively with SMS 1.2 to configure, diagnose and push software to clients. Developed custom Visual Basic scripts for custom installation and setup of machines and user accounts. Assisted in the configuration of the communications infrastructure that supports the network-based services including WWW, e-mail and e-forms. Provided technology support to the end user community and ensured effective/productive use on hardware and application software. Handled problem identification and resolution within the desktop environment. Worked with the Network Services team to pilot/test hardware and application software. Involved in the planning, installation, and training of Windows NT Server and Workstation. This includes Domain planning, Network security, capacity planning, and DHCP, WINS and RAS configurations, as well as delivery of custom in-house training seminars on topics including Windows administration, optimization and information security.

Previous employment information available upon request.

EDUCATION

  • University of Phoenix, San Diego, California. PhD Candidate (DM)
  • University of Phoenix, San Diego, California. Masters Business Administration
  • University of Phoenix, San Diego, California. Bachelor of Science Information Technology
  • Northeastern University, Boston, Massachusetts. BSEE Track (1978-1982)
  • University of California, San Diego, California.
    Continuing Education: C++Programming, Advanced 'C' Class, Digital Signal Processing, Hardware Microprocessor Design, Digital Design for Microprocessors, OS/2 Presentation Manager, MS-Windows Application programming.