Bob Rudis
23721 34th Ave W, Brier, WA 98036
Home: 425.408.1724; Cell: 610.248.6064; E-mail: bob@rudis.net


PROFILE

IT Security professional with significant experience in the health care,
pharmaceutical, financial, not-for-profit, Internet and publishing sectors
and demonstrated expertise in planning and implementing information security
strategic initiatives in direct support of business objectives.


EXPERIENCE

Director, IT Security & Compliance
Safeco Insurance Company of America (Seattle, WA) - 2007-Present 

	Primary responsibilities & accomplishments: 

* Built and managed 13-member team overseeing all IT security & compliance
  initiatives across all business units

* Direct oversight of IT SOX compliance including IT test and review cycles

* Managed the relationship between Internal Audit & Safeco IT and coordinated 
  all IT audit remediation activities

* Developed and maintained IT security policies, procedures and practices

* Performed detailed contract review and analysis of all business-to-business
  (B2B) engagements and oversaw the security component of all B2B integration projects

* Planned and implemented modern security awareness program, including displaying
  security "commercials" on break room LCD displays

* Coordinated PCI compliance review program

* Developed and implemented internal vulnerability assessment program

* Produced and delivered monthly security posture report for CIO briefing

* Participated in all stages of technology architecture and development projects


Contributing Writer - ongoing 

* Recognized security industry expert and author of in-print columns and online
  articles for FedTech Magazine (http://fedtechmagazine.com/)

* Author of InFocus security articles (http://www.securityfocus.com/infocus)


Senior Technology Manager
Global Information Security, Johnson & Johnson (Raritan, NJ) - 1998-2007 

	Primary responsibilities & accomplishments: 
	
* Define and refine components of metrics to establish security profiles of
  J&J perimeter and internal networks & hosts based on data from NIDS, HIDS,
  anti-virus, OpenView, SMS, etc.

* Manage strategic security outsourcing activities:
  - Define requirements and interface with external security providers
  - Establish metrics to evaluate performance

* Provide the following to operating company CIOs and CISOs & internal audit staff:
  - security policy training and interpretation/guidance
  - security policy waiver risk assessment
  - technical security training
  - risk assessment of applications for deployment
  - security consulting for products we (J&J) develop

* Oversee development of global host-based intrusion detection solution and Network
  Access Control (NAC) solution

* Responsible for security component of FDA validated/qualified environments and
  SOX compliance of:
  - Elevated privileges account management
  - Vulnerability management
  - Incident management

* Manage security component of business-to-business and M&A connections:
  - Review network/system architecture components of connections
  - Conduct risk assessment of internal and third party systems/networks
  - Authorize and signoff on connection agreements

* Responsible for global systems' security
  - Manage global systems' security team

* Coordinate team involvement on Unix, Windows & mobile projects

* Responsible for global vulnerability management (VM) activities
  (e.g. patch management, internal/external vulnerability scanning/penetration testing):
  - Manage global VM team
  - Designed VM processes and procedures
  - Authored VM security policy

* Incident response duties
  - Responsible for leading response to incidents with international scope
  - Provide support and guidance for all incident response activities

* Lead security role in Vista, Longhorn, SMS and Office TAP programs
  - Assign TAP tasks to global security teams & coordinate feedback
  - Represent J&J at Microsoft TAP events

* Designed security architecture for SSL VPN (reverse proxy) access

* Developed security controls for Windows 2000, Windows 2003, XP, Vista,
  SMS and Active Directory

* Provide risk management consulting to internal engineering group for all
  J&J global IT initiatives

* Managed security for mobile device usage
  - Architected firewall & anti-virus managed agents design for Windows Mobile/PocketPC
  - Defined configuration requirements for ISA server
  - Provided risk management consulting and auditing for BlackBerry implementation
  - Authored mobile access security policy 

* Designed & built snort-sensor-based internal NIDS solution with managed signature
  updates and centralized reporting back to netForensics console

* Architected J&J's wireless security infrastructure
  - Designed "internal" VPN-based framework for wireless access to J&J network
  - Authored wireless security policy

* Architected security configuration for .NET & J2EE internal and external
  hosting environments

* Coordinated PKI integration
  - Augmented VPN solution authentication design to work with internal
    PKI environment and token-based certificates
  - Designed & built custom reporting solution for CiscoSecure
  - Provided instructions for utilization of internal CA-generated server certificates

* Provided security consulting and auditing for global DNS re-design and migration
  to private addressing

* Architected J&J's third generation Internet security infrastructure
  - Designed migration strategy from CheckPoint Firewall-1 to Cisco PIX firewall
    appliances with global configuration management
  - Designed Cisco-based, global perimeter NIDS solution with centralized reporting
    back to netForensics
  - Designed client VPN solution based on Nortel and SecurID for employee and 3rd party
    access to internal J&J network

* Architected & implemented high availability (H/A) solutions for J&J's
  second generation Internet security infrastructure
  - Designed & built Sun E10K-based foundation for dynamic allocation of
    network & CPU resources 
  - Designed & built H/A Netscape Proxy Server configuration with integrated
    NT Domain authentication for 50K+ users
  - Designed & built H/A CheckPoint Firewall-1 configuration
  - Designed & built H/A border e-mail gateway/anti-virus systems

* Designed, built & managed J&J's initial Internet security infrastructure
  - Installed, configured & maintained CheckPoint Firewall-1 servers
  - Installed, configured & maintained Netscape Proxy Servers
  - Installed, configured & maintained SecurID servers
  - Designed secure access solution for 3rd party web content providers


Enterprise Consultant, Netera - 1995-1998 

Provided consulting and engineering services to Fortune 500 clients including Ernst & Young, Brother International and Johnson & Johnson. 

* E&Y: Designed and implemented largest SecurID deployment on record
       (at that time, 40,000). Designed and developed custom RADIUS SecurID
       authentication module for open source RADIUS server. 
* Brother International: Security consulting, including firewall & proxy
       server implementation
* J&J: Part of design and implementation team for first generation Internet
       access and hosting infrastructure. Developed global firewall solution
       (CheckPoint/Solaris), global secure web hosting services (Netscape web server),
       and global authenticated access infrastructure (Netscape Proxy/LDAP + open source SOCKS5). 


Systems & Network Manager, KidsPeace, - 1992-1995 

* Managed team of engineers responsible for ten (10) HP-UX database/application
  servers, 2000 PC workstations and all network equipment spread across seven (7) 
  east-coast campuses
* Provided systems engineering services for Lawson system rollout and patient
  care system rollout


Publishing Systems Developer/Integration Specialist, SCS- 1990-1992 

* Developed Macintosh and UNIX publishing tools for newspaper production systems
* Provided on-site installation, engineering and training services. 


R&D Lab &Manufacturing Systems Administrator, Beloit Manhattan - 1988-1990 

* Maintained analysis and control systems in support of R&D and manufacturing activities.
* Designed/developed data acquisition software on PC & VAX systems


EDUCATION

University of Scranton - B.S. Computer Science, 1990
University of Illinois (UC campus) - M.S. Computer Science (in progress)


CERTIFICATIONS/ASSOCIATIONS

CISSP; IEEE; IETF; ISSA; ISACA
Panel member, SecureWorld 2007 (Seattle)


SKILLS

Platforms:
Windows Vista/2003/XP/2000/NT/ME/98/95, Solaris, HP-UX, Mac OS X Desktop & Server,
RedHat Linux (including Fedora forks), FreeBSD, PocketPC/Windows Mobile, BlackBerry, iPhone

Standards:
ITIL, COBIT, NIST, ISO 17779/27001, OCTAVE

Network-oriented:
PKI/SecurID-enabled Nortel VPN, SSH, Symantec/Sygate Firewall, McAfee Anti-virus/Anti-malware, McAfee Entercept/HIPS, snort, netForensics, McAfee Enterprise Policy Orchestrator, HP OpenView, syslog, RippleTech, Cisco network equipment, WLAN

Assessment:
Nessus/Tenable, nmap, ISS, MBSA, StealthAudit, Ethereal/Wireshark, kismet, NetStumbler

Development:
Perl, C/C++/Objective-C/C#, Java, Python, PHP, most Unix shells, PowerShell, Xcode, AJAX

App/Server:
Microsoft Office Suite (including 2007), Oracle, Apache, MySQL, MS SQL, PostgreSQL, IIS, Tomcat, QIP, WebSphere, Active Directory, Centrify, NetBackup, SMS, VMware, Altiris; iWork; Parallels