Dan Penrod

Information Security Professional

Career Summary

 

Over the last 3 years, as a Senior Information Security Analyst, my role has been to ensure the security of the organization's Informations Systems on both a tactical and strategic level through regular assessments of system vulnerabilities, policies & standards, vendor reviews and incident response.  Previously, as the IT Security Architect, I managed IT Security with a focus on PCI Compliance audits and gap assessments, successfully managing a broad range of IT Security projects including; Tokenization, POS P2PE, Multi-Factor Authentication, Software White-Listing, and Infrastructure Hardening.  Earlier, in my role as Network Manager and Systems Technology Manager, I managed geographically diverse server and network Infrastructure teams leading the company to successfully integrate architecture and common platforms.

 

Education

 

  • Masters of Science – Management of IT (Florida Institute of Technology)

  • Bachelor of Science – Computer Science (Eckerd College)

 

Professional Development and Certifications

 

  • Splunk Certified Knowledge Manager   Certified (#58109)

  • Certified Ethical Hacker (CEH) Certified (ECC26176530034) 

  • PCI Internal Security Assessor (ISA) Certified (#800-762)

  • Core Impact Certified Professional (CICP) Certified

  • Certified Information Systems Security Professional (CISSP) Certified (#325540)

  • Cisco Certified Network Associate (CCNA) Certified

 

Security Conferences and Events.
 

I annually attend conferences including RSA San Francisco, BSides PDX InfoSec, PCI North America Community Meeting (Las Vegas), and SecureWorld Portland. I also attend Monthly Nike Tech Talks hosted on the Beaverton Nike Campus.

 

Work Experience


Senior Information Security Analyst

02/2016 – Present                 Providence Health and Services                            Beaverton, OR

As Senior Information Security Analyst my responsibilities have included PCI (Payment Card Industry) Compliance initiatives (with a drive towards 100% P2PE / EMV and scope reduction), vendor and project reviews, the vulnerability management program including vulnerability scanning & penetration testing. I’m involved in supporting security requests and incidents through ITSM, DLP (Data Loss Prevention) incidents securing ePHI and credit card data, and HIPAA related incidences through Ethics Point.


Among my Achievements;

  • I recertified as PCI Internal Security Assessor (ISA).

  • I contributed to the evolution of the Penetration Testing program, introducing new cost-effective tools with Kali Linux.

  • I wrote standards and policies related to Information Security.

 

 

IT Cybersecurity Analyst

08/2015 – 02/2016                  Mosaic451 / Bonneville Power Administration       Portland, OR

 

As a contracted Cybersecurity Analyst at Bonneville Power, my responsibilities involved identifying risks, threats, and vulnerabilities to the IT data infrastructure in the Security Operations Center by combining multi-source threat intelligence with vulnerability scanning and data aggregation & analysis, to ensure the high level of information security standards required by the DOE to run a 24x7 SOC.

 

Among my Achievements;

  • I became certified as a Splunk Certified Knowledge Manager

  • I contributed new technologies and methodologies to the team's approach to researching and identifying cyber risks and attacks.

 

 

IT Security Architect

06/2009 – 04/2015                         Orchard Brands                                               Hillsboro, OR

 

As IT Security Architect, I owned responsibility for IT Security across Orchard Brands with a focus on the Payment Card Industry (PCI) and Personally Identifiable Information (PII).

 

Among my achievements;

  • I spearheaded the tokenization project for the web, call centers, and POS, to eliminate the storage of credit card numbers.

  • I have developed and implemented a PCI program for the company.

  • I have been the PCI Internal Security Assessor (ISA) for the company.

  • I am responsible for penetration testing at each of the OB companies to meet PCI requirements.  I attended Core Security Core Impact penetration testing training, receiving their CICP (Core Impact Certified Professional) certification.

  • I managed the Security Incident & Event Management system (SIEM).

  • I managed internal and external vulnerability scanning across the company.

  • I developed and delivered a Security Awareness program across the business to all employees.

  • I lead the deployment of 2-Factor Authentication projects including 2FA for Cisco Anyconnect and Gmail.

  • I have developed corporate Security Policies and an Incident Response Plan.

 

 

Network Manager

03/2008 – 06/2009                             Orchard Brands                                          Hillsboro, OR

 

As Orchard Brands Network Manager I managed the Technical Services teams across 5 different brand locations.  This included server, desktop, and network administration teams.  I was responsible for budgeting, vendor relationships, contracts, performance reviews, and role development.  I built strong relationships between departments to achieve the goals of the business.

 

Among my achievements;

  • I consolidated server and network architecture plans across recently merged retail companies.  I did this through weekly team meetings where we developed and deployed Technical Services projects integrating processes and interfaces to form a consolidated corporate infrastructure.

  • I co-developed the Orchard Brands Security Office creating a platform from which to meet the needs of PCI compliance across the business.

 

 

Systems Technology Manager

07/2001 – 3/2008       Norm Thompson Outfitters (Orchard Brands Subsidiary)    Hillsboro, OR

 

As Norm Thompson Outfitters Systems Technology Manager I managed a staff of 5 full-time employees and 4 contractors, which included budgeting, vendor relationships, contracts, performance reviews, and role development.  I built strong relationships between departments to achieve the overall goals of the business.  My team was responsible for all technical infrastructure to support NTO’s business including;

  • Sun Solaris Unix and Microsoft Servers

  • Microsoft Desktops and Dell Leases

  • Server & Desktop software license management

  • Help Desk / Desktop support ticket tracking

  • Campus-wide LAN, WAN, VPN and Wi-Fi Networking Infrastructure

  • Telecommunications (DSL, T1 & T3 and Frame-Relay), 2 PBX’s (Aspect & Lucent/Avaya Definity)

  • Database: IBM Unidata, Oracle RDBMS, Microsoft SQL Server

  • Development and support of corporate Intranet and SharePoint infrastructure

  • Corporate cell phone program; deployment and contract management

  • Teaming with App Dev and eCommerce to provide business critical solutions.

 

Among my achievements;

  • I successfully turned around the corporate perception of the IT Help Desk through relationship building, online surveys, and team coaching.  At the same time, we created a robust systems/network monitoring solution and rapid response strategy.

  • Our team helped develop the company’s first web and eCommerce platform.

  • I developed our company’s first PCI security program bringing the company into PCI compliance.

  • Earned my Cisco Certified Network Associate (CCNA) certification

 

 

Senior Systems and Network Administrator

07/1999 - 07/2001      Norm Thompson Outfitters (Orchard Brands Subsidiary)            Hillsboro, OR

 

As Norm Thompson Outfitters Systems and Network Administrator, I was responsible for managing Sun Unix servers and the networking infrastructure.

 

Among my achievements;

 

  • I replaced our legacy network backbone with new state-of-the-art Cisco switches, routers, and firewalls, segregating the network into VLANs.

  • Perl and Unix Shell scripting to create Password Self-Service and LDAP integration.

 

Other Work History

 

10/1997 - 07/1999            Paradyne Corporation                                                        Largo, FL

Senior Server and Network Administrator

 

05/1996 - 10/1997             World Color New Media                                                    Tampa, FL

Senior Server and Network Administrator

 

04/1993 - 05/1996             US Geological Survey Center for Coastal Geology          St Petersburg, FL

Server and Network Administrator

 

05/1991 – 04/1993            Profit Management Systems, Inc.                                     St Petersburg, FL

Software Developer – C and Pascal  -  Sales force automation software

 

05/1989 – 05/1991                 CSC – Computer Sciences Corporation                      Tampa, FL

Software Developer – Cobol and Dbase - Military contracting for the Gulf War