20+ years of IT experience in securing software, finance and biotech industries. 15+ years of management experience with hands-on knowledge of technology. Extensive experience in federal/industry certifications as well as documentation and implementation of policies. Teach networking and security at the college level. Experienced with operating and managing IT infrastructure and projects. Certified in Information Security, project management, IT service management, Cisco, Palo Alto, Microsoft, and Linux. Active in local Information Systems Security Association (ISSA) Raleigh. Volunteer my time to Veterans and Military Association at BB&T as the Co-Chair for Raleigh; mentor students at Johnston Community College and sit on the IT Advisory Board as well.
Author, "Cybersecurity & Third-Party Risk: Third-Party Threat Hunting" (Wiley Publishing)
July 2021: The first book on this important topic of the day, Greg's work has been well-reviewed as is evident by the book sales and requests to speak on the subject.
Senior Vice President, Third Party Security, Truist Financial (formerly BB&T), Raleigh, NC 3/2018 - present
Developed and deployed a program to perform onsite assessments of BB&T’s third parties (vendors) within two months of hire, hired resources, developed artifacts and processes, and had team perform 25% more onsite assessments than committed to senior management. Over the year since starting the program, built out a complementary program within the Third Party Security team to review InfoSec contract redlines with customer and vendors; developed and managed program adherence to NYDFS 500.11; and taken on new intake processes to engaged directly with BISO and Line of Business Resources to ensure CIS is engaged in vendor due diligence. Built out a new Continuous Monitoring program, utilizing BitSight, to monitor, in near real-time, our critical vendor connections and provide updates to senior management. Have received the highest performance rating possible in first year and have been named as the leader of the new program once BB&T and SunTrust are formally Truist (post Legal Day 1 of the merger).
Security and Networking Instructor (Part-Time), Johnston Community College 6/2017 - present
Teach part-time (after hours and online) networking and information security courses at Johnston Community College.
Program Development, Cybersecurity, Johnston Community College 1/2020 – 3/2020
Develop Cybersecurity AA program at Johnston Community College. Research current in-demand roles for Cybersecurity in the area, partner with business leaders on direction, find comparable courses in the existing NC college curriculum, and develop roadmap for full program on Cybersecurity.
Director, Security Architecture, Quintiles (IQVIA), Morrisville, NC 6/2017 – 3/2018
Responsible and Accountable for Security Architecture to support all lines of business. Critical functions and ecosystems had to be integrated as a result of the merger with IMS Health (to create IQVIA). Drafted and published over a dozen various architecture frameworks: Cloud, O365 Deployment, AWS Best Practice, Identity and Access Management, Azure Best Practice, API Development and Deployment. Reported directly to CISO.
Secure Development Manager, Data Center, Cisco, RTP, NC 11/2014 – 6/2017
Responsible for the secure development of both hardware and software in the Data Center line of products from Cisco. This includes all the Nexus products, Application Centric Infrastructure (ACI), Data Center Network Manager (DCNM), Tetration (Analytics), and UCS line. Oversaw the inclusion of such technologies as Image/Code Signing, Secure Boot, Trust Anchor Modules, as well as ensuring the Cisco Secure Design Lifecycle (CSDL) is followed and scored.
Network Infrastructure Security Manager, Cisco, San Jose., CA 11/2011–11/2014
Managed several large programs for the Network Services division for Cisco’s internal I.T. department. Succeeded in completing within six months where previous managers had not been for over a year. Promoted to Program Manager for Security Program and Unified Access Program, responsible for Cisco IT’s global Security strategy; Enterprise ACL Management, Identity Services Engine (ISE), Web Security Architecture (WSA), DDOS NetThreat, 802.1x wired and wireless authentication, off-premises malware protection, and Administrator Role-Based Access Controls (ARBAC) successfully launched in FY12 and 13.
Infrastructure/Security Manager, Federal Home Loan Bank of SF, San Francisco., CA 8/2009–10/2011
Initially brought in mid-Q3 in 2009 as contractor to supplement existing full-time staff project managers. After succeeding in turning around program that had not completed any sizeable projects to date, was asked to convert to full-time. Successfully completed over seventy-five percent of program in 2009 and was instrumental in chartering, budgeting and managing 2010 – 2012 Program for IS Maintenance. Successfully completed all projects in 2010 within budget and quality standards set forth by PMO and Executive Sponsor. Managed three project managers’ goals, work effort, set standards, and templates for department meeting and status reporting. Managed and responsible for a capital and operating expense budget of over four million dollars.
Application Security Architect and Program Manager, Charles Schwab & Co., San Francisco., CA 11/2007 - 4/2009
Effectively managed the 3rd party implementations into the Greenfield project; this project is a complete remake of the Schwab.com eCommerce/trading website into .net along with many look-and-feel changes. Brought on after huge gap identified on 3rdparties to identify scope of gap, impact and manage to successful implementation. This was a $44+ million project with high visibility to senior management and customers.
CRM Manager, Polycom Inc., Pleasanton., CA 2/2006 - 11/2007
Successfully initiated and managed the implementation of a new Siebel CRM for the Polycom Global Services division. The launch was on-time and under-budget. The CEO, Bob Hagerty, remarked at a subsequent all-employee meeting, that it was the smoothest launch of a large piece of software he has ever seen in his entire career. Managed the complete Software Development Life Cycle (SDLC) for the development team.
· Managed up to 3 other project managers to ensure their portions of the project were meeting targets. Also managed up to 3 Business Analysts relating to the project.
· Managed data migration from acquired company into existing systems within timeline and budget.
· Successfully managed the several large scale, multi-national, cross-organizational projects for the firm simultaneously. All projects met scope, resources and performance goals.
· Planned, designed and implemented new VOIP phone system for worldwide service operations. Included server farm build-out, satellite units at each office down to desktop units and video conferencing equipment.
· Managed several MS-SQL database applications for projects as upgrades to newer versions.
· Implemented Agile systems for software development.
· Managed the implementation of Microstategy to provide Relational On-Line Analytical Processing (ROLAP) into the PeopleSoft FDM
· Managed new software and vendor for the logistics division of the firm in NALA. Managed the roll-out of the same system and vendor change to APAC and EMEA.
· Supervised the integration of Spectralink, a recent large Polycom acquisition, into our CRM, SCM and business practices.
· Administered on-site training classes in EMEA, NALA and APAC regional offices for the CRM project and subsequently for follow-up training.
· Authored end-to-end documentation on internal systems and business process to enable the company to better plan for systems changes.
· Authored training documentation for CRM and PeopleSoft CRM and FDM systems.
· Taught classes on Microsoft Project to senior team members.
· Responsible for SOX compliance on CRM by Polycom Global Services
Applications Development Manager, Charles Schwab, S.F., CA 4/2005 - 2/2006
Successfully managed numerous application upgrades for the Financial Consultants Incentives programs. As sole Project Manager for the group was instrumental in the successful delivery of business requirements, documentation, development and deployment.Managed the complete Software Development Life Cycle (SDLC) for the development team. This was a contract position.
· Implemented a Microsoft Sharepoint solution for the group using forms to deliver Project Status to senior management.
· Delivered a Change Control procedure using Microsoft Sharepoint; complete with Change Request form, Issue Report Form and Implementation Form. Published extensive documentation around the process, ensured Internal Audit signed-off on it and taught the end-users in several classes on process.
· Successfully launched and completed the Teradata Conversion Project. This project was to convert the Oracle Incentives database to Teradata and design monitoring tools.
· Implemented a resource allocation form on the group’s Sharepoint site. Designed and published end-user input form and management reports. This site assisted the Director of the group to convince senior management of the need for additional resources to complete scheduled work.
· Taught classes on Microsoft Project to senior team members.
· This was a contract position for a one-year contract only.
Senior Database Manager, Wells Fargo Services, S.F., CA 1/2004 - 4/2005
Successfully managed numerous application, MS-SQL and Oracle database upgrades with a large range of internal customers ranging from their Internet Services Group, Wholesale, Mortgage, and Retail Banking. Directed and published several internal templates to be used for project management and reporting. This was a contract position.
· Managed several large infrastructure projects involving migration of live systems to IBM Blades and new Cisco routers and switches
· Successfully managed and directed the database resources utilized in the upgrade of Wells Fargo’s Bill Pay database to Oracle 9i. The upgrade involved hundreds of personnel and millions of dollars of hardware; Wells Fargo Bill Pay is the online payment system for the bank’s millions of customers.
· Efficiently coordinated the upgrade of Wells Fargo’s ACH History and Loan Manager to 9i and upgraded Dataguard. Managed the upgrade of several other databases in Shareplex. Managed the upgrades from end-to-end, performing all phases of project management, to include project planning in MS Project, risk analysis, documentation, and post-implementation activities.
· Managed the implementation of Oracle’s OEM Grid Control 10g to several production databases for monitoring and alarming.
· Implemented an escalation procedure and coordinated cross-departmental meetings and processes to ensure the stability of the Database Consolidation Project. This is a project to implement Oracle 9i on IBM Blades in a RAC environment for all customers. Managed SDLC on DEV, SIT and UAT environments, ensuring availability was maintained for application teams.
· Published documentation regarding internal processes and procedures relating to project management and standard set of services out team offered.
· Designed and implemented internal templates for database administrators, team leads and other project managers to aid in the management of projects and reporting status.
· Managed many weekly interdepartmental and cross-company meetings to manage projects, update team members of progress, manage risk and escalate issues as appropriate.
· Taught classes on Microsoft Project to senior team members.
· This was a one-year contract position.
Director of Information Systems, Avigen, Inc., Alameda, CA 1/2002 - 1/2004
Turned around moribund department to exceed industry standards within months of taking position.
· Hands-on manager of all systems operations. Included Exchange mail servers, MS-SQL servers, Financial systems (Oracle) servers, Infrastructure equipment (Cisco routers, switches and VPN equipment), desktops, phones, and applications.
· Authored, planned and implemented a complete re-design and re-work of the corporate network. Complete change from wiring closet to desktops, backbone, new routers and switches and firewalls. Prior to change, many users were experiencing intermittent delays or outages and it was traced to a sub-standard network.
· Successfully planned, budgeted and coordinated accounting financial system from Oracle Financials 11.1 to Great Plains 7.5. Completed on-time and under-budget with all milestones and goals successfully met.
· Successfully planned and implemented several different software projects. Implemented Great Plains and Seibel, experience with CRM, ERP and Financial software implementation across various corporate organizations.
· Published and enforced internal controls for Sarbanes-Oxley (SOX) compliance.
· Maintained systems and network uptime to greater than 99.97%.
Director, Security and Systems Management, Silicon Energy Corp., Alameda, CA 2/1999-1/2002
Promoted three times in three years and given increasing responsibilities as senior management saw my success with existing departments.
· Authored and published many internal policies and procedures, including Disaster Recovery and Business Resumption Plan, Acceptable Use Policy, Systems and Network Security Policy, and Internal Support Level Agreements.
· Implemented Peoplesoft and Siebel CRM and ERP systems. Implemented Great Plains as a financial system.
· Integrated the systems of several purchased companies, from all over the United States, into our corporate systems with no service interruptions.
· Successfully managed the technology growth of a company from 25 to 300+ employees and had offices across the U.S. and Europe.
· Managed and administered MS-SQL databases
· Managed budgets up to $6 million annually always coming in under budget.
· Efficiently managed the move of corporate headquarters with no downtime.
· Implemented an ASP model for software firm and managed the data center with 24/7 staffing and support.
· Planned and implemented our software into several client sites (Fortune 100 firms) within budget and time constraints.
I.T. Manager, PMI Mortgage Insurance, San Francisco, CA 4/1997-2/1999
Responsible for mobile work force and central office I.T. personnel. Managed the implementation of several large I.T. projects working with multiple departments. System administrator for MS-SQL and Exchange servers.
Senior Analyst, LECG, Inc., Emeryville, CA 8/1995-4/1997
Programming in Visual Basic in MS Access, published hedonic models used for presentation in trials and depositions.
ADDITIONAL EXPERIENCE
Part-Time Instructor, College of Alameda 9/2002 – 12/2004
Created and taught course on Network Security based on Security+ certification. Currently working with the administration to develop a course on I.T. Project Management to mirror the Project+ certification process.
Infantryman and Squad Leader • USMC, Camp Lejune, NC 8/1986-12/1991
Combat-decorated and honorably discharged in 1991.
EDUCATION
B.A., Claremont McKenna College, Triple Major: Economics, Chemistry, Political Science. Valedictorian 1995
Kepner-Tregoe Problem Solving, Decision Making and Project Management Training, August 2007
College of Alameda, Project Management Professional (PMP) Training class, 2008
CERTIFICATIONS and MEMBERSHIPS
MS-SQL DBA, Project+, Cisco Certified Network Associate (CCNA), Microsoft Certified System Engineer (MCSE), Certified Help Desk Director (CHDD), Security +; Member of Project Management Institute (PMI); Anti-Money Laundering and OFAC Compliance Training, Health Insurance Portability and Accountability Act (HIPAA) compliance Training. OWASP Member
REFERENCES AND SAMPLE WORK PRODUCT AVAILABLE UPON REQUEST