Portfolio

Enterprise Cybersecurity Engineering, Operations, Devops, Architecture, and Risk Management

I have 18+ years of experience working for international companies and have served in a variety of strategic leadership roles to manage risk and compliance objectives, improve the security posture, support enabling technologies to achieve business growth, and anticipate and prepare for emerging threats.  I led a global security risk assessment team for Mergers and Acquisitions and have conducted over 40+ assessments and integrations worldwide.  I am also experienced in global trade compliance and intellectual property (IP) escrow requirements.

A key area where I have seen repeated success is through establishing a Corporate security assessment and architecture review board process to standardize security design and implementation reviews with key stakeholders, (e.g. Privacy Legal, Business, Procurement, HR, and Engineering leads).   The process incorporates a pre-qualification guideline and risk questionnaire to determine the scope of the review and the prescribed technical design in support of business requirements documentation.  I created the process and artifacts for the required documentation with links to secure standards and approved solutions, to educate and inform the business,  product/project owners, and engineering teams on security best practices and approved solutions, and to ensure comprehensive information is included in the proposal submission.

Under this process, I have reviewed and ensured security, privacy, and risk compliance for over 500+ product and service designs across a wide variety of technology, operations, and business implementations.   This has allowed me to see the spectrum of what works to achieve a secure posture and holistic approach for business agility.  The process I created can be customized for any organization and covers the core principles for risk management, privacy, secure design, and continuous operations.

• Business and Technical Requirements

• Product Design Overview

• Access Control Systems and Methods

• Application and Systems Development Security

• Virtualization and Cloud Design

• Encryption and Data Protection

• Network and Service Mesh Security

• Vulnerability and Patch Management

• Physical Security

• Site Reliability Engineering (SRE) and Disaster Recovery

• Monitoring  and Assurance

• Legal, Privacy, Governance, Risk, and Compliance assessments and audits, (e.g., GDPR, PCI, Sarbanes-Oxley, HIPAA, and other International, Federal, and State policies and regulatory frameworks).

• Privacy Compliance for Personally Identifiable Information (PII) and Sensitive Information Reference Checklist

• Checklist Guidance Documents (e.g. security policies, standards, business  risk and security addendum and contract terms, and legal and privacy terms-of-use)

• More recently Blockchain, Web3, and decentralized technologies

Expert Level Experience (18+ years)

The following is a list my career experience and specialty areas in no particular order.

• Enterprise and Financial Services Global Risk and Privacy Management

• Risk Management Frameworks, IT Audit Controls, and Attestation 

• Governance, Risk, Management, and Compliance (GRC)

• Merger's and Acquisitions Security Advisor

• Secure Enterprise Architecture and Design

• Incident Response Handling & Investigations

• Data Protection and Privacy Engineering Solutions

• Information Security Champions Program and Board-of-Directors Reporting

• Public Key Infrastructure (PKI) Services

• Secure Coding and Development Practices

• Security Information Event Management (SIEM) with Big Data Platform 

• Secure Source Code Management Systems (SCMS)

• Secure CI/CD Automation and Secure DevOps

• Identity Access Management (IAM) Services and Operations

• Hundreds of  successful multi-million dollar proposals and deal closures based on security assurance

• Multi-national experience, I have traveled and performed audit, risk assessment, and forensic reviews in 14+ countries

Architecture and Guidance Documents

I have authored several security policies, standards, solution architecture, and guidance documents.

• Access Controls Standard 

• Password Management

• Logging and Log Analysis Policy

• Single-Sign-On (SSO) Policy

• International Privacy Compliance

• PKI and Code Signing Services Standard

• Blockchain and distributed technologies

• Secure Coding and Product Development 

• Cryptography and Encryption Standard

• Proposal Management & RFP Answer Bank

• Vulnerability & Risk Management Standard

• Global Trade Compliance Technology Control Plan

• International Traffic and Arms Regulation (ITAR) Data Handling

• Mergers & Acquisitions Risk Assessments and Integration Playbooks

• Data Safeguard Design for Intelligence Community and Federal System Processing

• Various international regulatory compliance laws and mandates in financial sector, healthcare, telecommunications, utilities, public sector and government agencies

• Many others...

Key Accomplishments

• Key investigator in an intellectual property lawsuit and $1.3B settlement between Oracle (plaintiff) and SAP (defendant).  Reference,  "Marlene Veum as knowledgeable about technical analysis."  Source: https://docs.justia.com/cases/federal/district-courts/california/candce/3:2007cv01658/190451/793

• Successfully managed risk and integrated 40+ mergers and acquisitions (M&As) into product development,  SaaS, and Cloud services.

• Developed a data safeguard solution to satisfy US intelligence community (IC) requirements for procuring Commercial-off-the-Shelf (COTS) hardware, software, and support service requirements.

• Designed tools and lead a 1year project to inventory and migrate 10k+  PKI certificates from SHA1 to SHA2 for public cloud and SaaS services for world-wide Enterprise customers in advance of the web browser vendors cut-off date of January 2017. [Reference: SHA1 Deprecation What You Need to Know].

• Site Award Winner and team lead for an Executive Hackathon to use a Blockchain service for Visa Pre-paid card service to reduce fraud and improve card usability with balance transfer and digital wallet features.

• Chief Security Architect for a fraud detection platform utilizing machine learning (ML) and advanced analytics design that significantly improved the detection and reporting of fraud and risk transactions for Visa Issuer & Data Processing card programs.

• Redesigned Code Signing Services for multi-billion-dollar software company.

• Key contributor to the sales process and business growth and development with key accounts and partners worldwide

• Successfully migrated over 3 million customer and partner accounts to a Customer Identity Access Management (CIAM) platform. This migration utilized OAuth2/OIDC JWT tokens to secure a React-based serverless front-end and a Kubernetes microservice backend.

• Directed the Colorado Department of State's cybersecurity program, safeguarding business filings in Colorado and overseeing cybersecurity measures for the election process across 64 counties within the voter registration system.