the Rasners

the Rasnersthe Rasnersthe Rasners

the Rasners

the Rasnersthe Rasnersthe Rasners
  • Home
  • Greg Rasner
  • Maria Rasner
  • 3rdParty Threat Hunting
  • Family Trips
  • Greg's Blog
  • More
    • Home
    • Greg Rasner
    • Maria Rasner
    • 3rdParty Threat Hunting
    • Family Trips
    • Greg's Blog
  • Home
  • Greg Rasner
  • Maria Rasner
  • 3rdParty Threat Hunting
  • Family Trips
  • Greg's Blog

Greg Rasner CV

  

20+ years of IT experience in securing software, finance and biotech industries. 15+ years of management experience with hands-on knowledge of technology. Extensive experience in federal/industry certifications as well as documentation and implementation of policies. Teach networking and security at the college level. Experienced with operating and managing IT infrastructure and projects. Certified in Information Security, project management, IT service management, Cisco, Palo Alto, Microsoft, and Linux. Active in local Information Systems Security Association (ISSA) Raleigh. Volunteer my time to Veterans and Military Association at BB&T as the Co-Chair for Raleigh; mentor students at Johnston Community College and sit on the IT Advisory Board as well. 


Author, "Cybersecurity &  Third-Party Risk: Third-Party Threat Hunting" (Wiley Publishing)

July 2021: The first book on this important topic of the day, Greg's work has been well-reviewed as is evident by the book sales and requests to speak on the subject.


Senior Vice President, Third Party Security, Truist Financial (formerly BB&T), Raleigh, NC  3/2018 - present

Developed and deployed a program to perform onsite assessments of BB&T’s third parties (vendors) within two months of hire, hired resources, developed artifacts and processes, and had team perform 25% more onsite assessments than committed to senior management. Over the year since starting the program, built out a complementary program within the Third Party Security team to review InfoSec contract redlines with customer and vendors; developed and managed program adherence to NYDFS 500.11; and taken on new intake processes to engaged directly with BISO and Line of Business Resources to ensure CIS is engaged in vendor due diligence. Built out a new Continuous Monitoring program, utilizing BitSight, to monitor, in near real-time, our critical vendor connections and provide updates to senior management. Have received the highest performance rating possible in first year and have been named as the leader of the new program once BB&T and SunTrust are formally Truist (post Legal Day 1 of the merger). 


Security and Networking Instructor (Part-Time), Johnston Community College   6/2017 - present

Teach part-time (after hours and online) networking and information security courses at Johnston Community College. 

Program Development, Cybersecurity, Johnston Community College 1/2020 – 3/2020

Develop Cybersecurity AA program at Johnston Community College. Research current in-demand roles for Cybersecurity in the area, partner with business leaders on direction, find comparable courses in the existing NC college curriculum, and develop roadmap for full program on Cybersecurity.


Director, Security Architecture, Quintiles (IQVIA), Morrisville, NC 6/2017 – 3/2018

Responsible and Accountable for Security Architecture to support all lines of business. Critical functions and ecosystems had to be integrated as a result of the merger with IMS Health (to create IQVIA). Drafted and published over a dozen various architecture frameworks: Cloud, O365 Deployment, AWS Best Practice, Identity and Access Management, Azure Best Practice, API Development and Deployment. Reported directly to CISO.


Secure Development Manager, Data Center, Cisco, RTP, NC  11/2014 – 6/2017

Responsible for the secure development of both hardware and software in the Data Center line of products from Cisco. This includes all the Nexus products, Application Centric Infrastructure (ACI), Data Center Network Manager (DCNM), Tetration (Analytics), and UCS line. Oversaw the inclusion of such technologies as Image/Code Signing, Secure Boot, Trust Anchor Modules, as well as ensuring the Cisco Secure Design Lifecycle (CSDL) is followed and scored. 

  • Integrated      multiple acquisitions (M&A, ‘spin-ins’, and alpha product teams) into      the security and process for Cisco.
  • Manage      multiple development teams across the globe
  • Report      directly to senior C-level and GM-level leadership on status and roadmap      decisions
  • Lead      teams and management on risk assessment and priority for future releases
  • Direct      teams on testing (static, fuzzing, dynamic and penetration)
  • Guided      all development process from EC/IC, to Dev-Test Handoff (DTHO) to FCSRR
  • Wrote      policies and whitepapers on secure development best practices
  • Guided      certification process for FedRAMP and FIPS
  • Awarded      “Cisco Security Ninja Black Belt” for contributions to increasing product      security.
  • Led      effort to develop a closer DevOps team between Cisco’s GIS and Engineering      departments.
  • Completed      Cisco Advanced Manager Series (CAMS) training
  • Volunteer      Work: Mentor PMP trainees to successfully pass the Certification. Mentor newly separated US veterans to      transition into civilian careers.

Network Infrastructure Security Manager, Cisco, San Jose., CA  11/2011–11/2014

Managed several large programs for the Network Services division for Cisco’s internal I.T. department. Succeeded in completing within six months where previous managers had not been for over a year. Promoted to Program Manager for Security Program and Unified Access Program, responsible for Cisco IT’s global Security strategy; Enterprise ACL Management, Identity Services Engine (ISE), Web Security Architecture (WSA), DDOS NetThreat, 802.1x wired and wireless authentication, off-premises malware protection, and Administrator Role-Based Access Controls (ARBAC) successfully launched in FY12 and 13. 

  • Responsible      for multiple projects and programs spanning multiple continents and      business units
  • Managed      an annual budget of $10 million and more than five project managers and      analysts.
  • Charter      and manage through the Project Life Cycle all programs and projects.
  • Awarded      “Top Performer of the Year” for FY13 (ending July 2013).
  • Published      several white papers on Cisco security products.
  • Presented      to dozens of Executive Briefings to Cisco high-profile accounts on Cisco      IT’s implementation of its own products. Given top marks by both internal Cisco personnel and the customers.
  • Taken      and passed several key Cisco certifications including Cisco Security Ninja      White Belt, Security Knowledge Expert and Identity Services Engine      Implementation and Configuration. 

Infrastructure/Security Manager, Federal Home Loan Bank of SF, San Francisco., CA 8/2009–10/2011

Initially brought in mid-Q3 in 2009 as contractor to supplement existing full-time staff project managers. After succeeding in turning around program that had not completed any sizeable projects to date, was asked to convert to full-time. Successfully completed over seventy-five percent of program in 2009 and was instrumental in chartering, budgeting and managing 2010 – 2012 Program for IS Maintenance. Successfully completed all projects in 2010 within budget and quality standards set forth by PMO and Executive Sponsor. Managed three project managers’ goals, work effort, set standards, and templates for department meeting and status reporting. Managed and responsible for a capital and operating expense budget of over four million dollars.

  • Overall      responsible for the successful implementation of all IS infrastructure      projects. 2010 Projects included      Office 2007 Upgrade (from Office 2003), Upgrade of CX to VNX devices at      both main facility and DR site. Enterprise      Backup Upgrade, Fiber Channel Upgrade, Upgrade Tape Library, Oracle 11g      Upgrade, and CISCO PIX upgrades. 2011      Projects are Upgrade Bank Storage and Backup (to tapeless), Windows 7      Infrastructure, Oracle Audit Vault, and VMWare upgrade.
  • Responsible      for the planning, budgeting and acceptance of the 2010-2012 IS Maintenance      Program Charter and Budget.
  • 2009 to      2011 IS Maintenance Program were successfully completed with highest      Sponsor satisfaction.
  • Managing      the Security Maintenance Program and two project managers responsible for      its completion. This included projects      such as Network Access Control (NAC), Oracle Audit Vault, and upgrades of      Bindview, SiteScope and IdentityIQ (AACR). 

Application Security Architect and Program Manager, Charles Schwab & Co., San Francisco., CA 11/2007 - 4/2009 

Effectively managed the 3rd party implementations into the Greenfield project; this project is a complete remake of the Schwab.com eCommerce/trading website into .net along with many look-and-feel changes. Brought on after huge gap identified on 3rdparties to identify scope of gap, impact and manage to successful implementation. This was a $44+ million project with high visibility to senior management and customers. 

  • Managed      up to 3 other project managers to ensure their portions of the project      were meeting targets.
  • Managed      the integration of credit card business, authentication and encryption,      into the new Schwab.com site.
  • Provided      sole contact between off-site 3rd party vendors who had content      on the Schwab.com website and their sites. 
  • Resolved      many issues around compatibility, authentication, security, and differing      timelines between Schwab.com site and 3rd party sites.
  • Gathered      requirements, set-up meetings, documented gaps and published project      plan. All issues were resolved      ahead of schedule.
  • Recognized      on several occasions by senior management for superior performance and      accomplishment.
  • Authored      and managed the project plans for all 20+ 3rd party      implementation project plans simultaneously. Using a series of Give/Gets      to other project plans along with Project Server, was able to publish and      share with management progress on a daily and weekly basis.
  • Utilized      Agile as software lifecycle development tool.
  • Identified      numerous gaps in discovery of project risks and issue with regard to 3rd     party implementation points. Working with business, 3rd party and the Greenfield      development team was able to resolve or defer all to satisfaction of      business by internal employee launch date.
  • Attended      twice weekly meetings with senior management to provide updates and      escalate where appropriate.
  • Assumed      bug wrangling role when testing commenced, along with project management      role. Often retested the bugs to      verify still reproducible and then assign to appropriate owner for      resolution. Upon resolution would      inform business and assign for retest. By time of employee launch, no bugs were open that were assigned a      high severity by business.


CRM Manager, Polycom Inc.,  Pleasanton., CA 2/2006 - 11/2007 

Successfully initiated and managed the implementation of a new Siebel CRM for the Polycom Global Services division. The launch was on-time and under-budget. The CEO, Bob Hagerty, remarked at a subsequent all-employee meeting, that it was the smoothest launch of a large piece of software he has ever seen in his entire career. Managed the complete Software Development Life Cycle (SDLC) for the development team.

· Managed up to 3 other project managers to ensure their portions of the project were meeting targets. Also managed up to 3 Business Analysts relating to the project.

· Managed data migration from acquired company into existing systems within timeline and budget.

· Successfully managed the several large scale, multi-national, cross-organizational projects for the firm simultaneously. All projects met scope, resources and performance goals.

· Planned, designed and implemented new VOIP phone system for worldwide service operations. Included server farm build-out, satellite units at each office down to desktop units and video conferencing equipment.

· Managed several MS-SQL database applications for projects as upgrades to newer versions. 

· Implemented Agile systems for software development.

· Managed the implementation of Microstategy to provide Relational On-Line Analytical Processing (ROLAP) into the PeopleSoft FDM 

· Managed new software and vendor for the logistics division of the firm in NALA. Managed the roll-out of the same system and vendor change to APAC and EMEA. 

· Supervised the integration of Spectralink, a recent large Polycom acquisition, into our CRM, SCM and business practices.

· Administered on-site training classes in EMEA, NALA and APAC regional offices for the CRM project and subsequently for follow-up training.

· Authored end-to-end documentation on internal systems and business process to enable the company to better plan for systems changes.

· Authored training documentation for CRM and PeopleSoft CRM and FDM systems. 

· Taught classes on Microsoft Project to senior team members.

· Responsible for SOX compliance on CRM by Polycom Global Services


Applications Development Manager, Charles Schwab, S.F., CA  4/2005 - 2/2006 

Successfully managed numerous application upgrades for the Financial Consultants Incentives programs. As sole Project Manager for the group was instrumental in the successful delivery of business requirements, documentation, development and deployment.Managed the complete Software Development Life Cycle (SDLC) for the development team. This was a contract position.

· Implemented a Microsoft Sharepoint solution for the group using forms to deliver Project Status to senior management.

· Delivered a Change Control procedure using Microsoft Sharepoint; complete with Change Request form, Issue Report Form and Implementation Form. Published extensive documentation around the process, ensured Internal Audit signed-off on it and taught the end-users in several classes on process. 

· Successfully launched and completed the Teradata Conversion Project. This project was to convert the Oracle Incentives database to Teradata and design monitoring tools.

· Implemented a resource allocation form on the group’s Sharepoint site.  Designed and published end-user input form and management reports. This site assisted the Director of the group to convince senior management of the need for additional resources to complete scheduled work.

· Taught classes on Microsoft Project to senior team members.

· This was a contract position for a one-year contract only.


Senior Database Manager, Wells Fargo Services, S.F., CA   1/2004 - 4/2005

Successfully managed numerous application, MS-SQL and Oracle database upgrades with a large range of internal customers ranging from their Internet Services Group, Wholesale, Mortgage, and Retail Banking. Directed and published several internal templates to be used for project management and reporting.  This was a contract position. 

· Managed several large infrastructure projects involving migration of live systems to IBM Blades and new Cisco routers and switches

· Successfully managed and directed the database resources utilized in the upgrade of Wells Fargo’s Bill Pay database to Oracle 9i. The upgrade involved hundreds of personnel and millions of dollars of hardware; Wells Fargo Bill Pay is the online payment system for the bank’s millions of customers. 

· Efficiently coordinated the upgrade of Wells Fargo’s ACH History and Loan Manager to 9i and upgraded Dataguard. Managed the upgrade of several other databases in Shareplex. Managed the upgrades from end-to-end, performing all phases of project management, to include project planning in MS Project, risk analysis, documentation, and post-implementation activities.

· Managed the implementation of Oracle’s OEM Grid Control 10g to several production databases for monitoring and alarming.

· Implemented an escalation procedure and coordinated cross-departmental meetings and processes to ensure the stability of the Database Consolidation Project. This is a project to implement Oracle 9i on IBM Blades in a RAC environment for all customers. Managed SDLC on DEV, SIT and UAT environments, ensuring availability was maintained for application teams. 

· Published documentation regarding internal processes and procedures relating to project management and standard set of services out team offered. 

· Designed and implemented internal templates for database administrators, team leads and other project managers to aid in the management of projects and reporting status.

· Managed many weekly interdepartmental and cross-company meetings to manage projects, update team members of progress, manage risk and escalate issues as appropriate.

· Taught classes on Microsoft Project to senior team members.

· This was a one-year contract position.


Director of Information Systems, Avigen, Inc., Alameda, CA 1/2002 - 1/2004

Turned around moribund department to exceed industry standards within months of taking position.

· Hands-on manager of all systems operations. Included Exchange mail servers, MS-SQL servers, Financial systems (Oracle) servers, Infrastructure equipment (Cisco routers, switches and VPN equipment), desktops, phones, and applications. 

· Authored, planned and implemented a complete re-design and re-work of the corporate network. Complete change from wiring closet to desktops, backbone, new routers and switches and firewalls. Prior to change, many users were experiencing intermittent delays or outages and it was traced to a sub-standard network.

· Successfully planned, budgeted and coordinated accounting financial system from Oracle Financials 11.1 to Great Plains 7.5. Completed on-time and under-budget with all milestones and goals successfully met.

· Successfully planned and implemented several different software projects. Implemented Great Plains and Seibel, experience with CRM, ERP and Financial software implementation across various corporate organizations. 

· Published and enforced internal controls for Sarbanes-Oxley (SOX) compliance.

· Maintained systems and network uptime to greater than 99.97%.


Director, Security and Systems Management, Silicon Energy Corp., Alameda, CA 2/1999-1/2002

Promoted three times in three years and given increasing responsibilities as senior management saw my success with existing departments.

· Authored and published many internal policies and procedures, including Disaster Recovery and Business Resumption Plan, Acceptable Use Policy, Systems and Network Security Policy, and Internal Support Level Agreements.

· Implemented Peoplesoft and Siebel CRM and ERP systems. Implemented Great Plains as a financial system.

· Integrated the systems of several purchased companies, from all over the United States, into our corporate systems with no service interruptions. 

· Successfully managed the technology growth of a company from 25 to 300+ employees and had offices across the U.S. and Europe.

· Managed and administered MS-SQL databases

· Managed budgets up to $6 million annually always coming in under budget.

· Efficiently managed the move of corporate headquarters with no downtime.

· Implemented an ASP model for software firm and managed the data center with 24/7 staffing and support.

· Planned and implemented our software into several client sites (Fortune 100 firms) within budget and time constraints.


I.T. Manager, PMI Mortgage Insurance, San Francisco, CA 4/1997-2/1999

Responsible for mobile work force and central office I.T. personnel. Managed the implementation of several large I.T. projects working with multiple departments. System administrator for MS-SQL and Exchange servers.


Senior Analyst, LECG, Inc., Emeryville, CA 8/1995-4/1997

Programming in Visual Basic in MS Access, published hedonic models used for presentation in trials and depositions.


ADDITIONAL EXPERIENCE 

Part-Time Instructor, College of Alameda 9/2002 – 12/2004

Created and taught course on Network Security based on Security+ certification. Currently working with the administration to develop a course on I.T. Project Management to mirror the Project+ certification process.

Infantryman and Squad Leader • USMC, Camp Lejune, NC 8/1986-12/1991

Combat-decorated and honorably discharged in 1991.

EDUCATION 

B.A., Claremont McKenna College, Triple Major: Economics, Chemistry, Political Science. Valedictorian 1995

Kepner-Tregoe Problem Solving, Decision Making and Project Management Training, August 2007

College of Alameda, Project Management Professional (PMP) Training class, 2008

CERTIFICATIONS and MEMBERSHIPS

MS-SQL DBA, Project+, Cisco Certified Network Associate (CCNA), Microsoft Certified System Engineer (MCSE), Certified Help Desk Director (CHDD), Security +; Member of Project Management Institute (PMI); Anti-Money Laundering and OFAC Compliance Training, Health Insurance Portability and Accountability Act (HIPAA) compliance Training. OWASP Member


REFERENCES AND SAMPLE WORK PRODUCT AVAILABLE UPON REQUEST

Copyright © 2022 Rasner - All Rights Reserved.