Dan Penrod
Information Security Professional
Career Summary
Over the last 3 years, as a Senior Information Security Analyst, my role has been to ensure the security of the organization's Informations Systems on both a tactical and strategic level through regular assessments of system vulnerabilities, policies & standards, vendor reviews and incident response. Previously, as the IT Security Architect, I managed IT Security with a focus on PCI Compliance audits and gap assessments, successfully managing a broad range of IT Security projects including; Tokenization, POS P2PE, Multi-Factor Authentication, Software White-Listing, and Infrastructure Hardening. Earlier, in my role as Network Manager and Systems Technology Manager, I managed geographically diverse server and network Infrastructure teams leading the company to successfully integrate architecture and common platforms.

Education
-
Masters of Science – Management of IT (Florida Institute of Technology)
-
Bachelor of Science – Computer Science (Eckerd College)
Professional Development and Certifications
-
Splunk Certified Knowledge Manager Certified (#58109)
-
Certified Ethical Hacker (CEH) Certified (ECC26176530034)
-
PCI Internal Security Assessor (ISA) Certified (#800-762)
-
Core Impact Certified Professional (CICP) Certified
-
Certified Information Systems Security Professional (CISSP) Certified (#325540)
-
Cisco Certified Network Associate (CCNA) Certified
Security Conferences and Events.
I annually attend conferences including RSA San Francisco, BSides PDX InfoSec, PCI North America Community Meeting (Las Vegas), and SecureWorld Portland. I also attend Monthly Nike Tech Talks hosted on the Beaverton Nike Campus.
Work Experience
Senior Information Security Analyst
02/2016 – Present Providence Health and Services Beaverton, OR
As Senior Information Security Analyst my responsibilities have included PCI (Payment Card Industry) Compliance initiatives (with a drive towards 100% P2PE / EMV and scope reduction), vendor and project reviews, the vulnerability management program including vulnerability scanning & penetration testing. I’m involved in supporting security requests and incidents through ITSM, DLP (Data Loss Prevention) incidents securing ePHI and credit card data, and HIPAA related incidences through Ethics Point.
Among my Achievements;
-
I recertified as PCI Internal Security Assessor (ISA).
-
I contributed to the evolution of the Penetration Testing program, introducing new cost-effective tools with Kali Linux.
-
I wrote standards and policies related to Information Security.
IT Cybersecurity Analyst
08/2015 – 02/2016 Mosaic451 / Bonneville Power Administration Portland, OR
As a contracted Cybersecurity Analyst at Bonneville Power, my responsibilities involved identifying risks, threats, and vulnerabilities to the IT data infrastructure in the Security Operations Center by combining multi-source threat intelligence with vulnerability scanning and data aggregation & analysis, to ensure the high level of information security standards required by the DOE to run a 24x7 SOC.
Among my Achievements;
-
I became certified as a Splunk Certified Knowledge Manager
-
I contributed new technologies and methodologies to the team's approach to researching and identifying cyber risks and attacks.
IT Security Architect
06/2009 – 04/2015 Orchard Brands Hillsboro, OR
As IT Security Architect, I owned responsibility for IT Security across Orchard Brands with a focus on the Payment Card Industry (PCI) and Personally Identifiable Information (PII).
Among my achievements;
-
I spearheaded the tokenization project for the web, call centers, and POS, to eliminate the storage of credit card numbers.
-
I have developed and implemented a PCI program for the company.
-
I have been the PCI Internal Security Assessor (ISA) for the company.
-
I am responsible for penetration testing at each of the OB companies to meet PCI requirements. I attended Core Security Core Impact penetration testing training, receiving their CICP (Core Impact Certified Professional) certification.
-
I managed the Security Incident & Event Management system (SIEM).
-
I managed internal and external vulnerability scanning across the company.
-
I developed and delivered a Security Awareness program across the business to all employees.
-
I lead the deployment of 2-Factor Authentication projects including 2FA for Cisco Anyconnect and Gmail.
-
I have developed corporate Security Policies and an Incident Response Plan.
Network Manager
03/2008 – 06/2009 Orchard Brands Hillsboro, OR
As Orchard Brands Network Manager I managed the Technical Services teams across 5 different brand locations. This included server, desktop, and network administration teams. I was responsible for budgeting, vendor relationships, contracts, performance reviews, and role development. I built strong relationships between departments to achieve the goals of the business.
Among my achievements;
-
I consolidated server and network architecture plans across recently merged retail companies. I did this through weekly team meetings where we developed and deployed Technical Services projects integrating processes and interfaces to form a consolidated corporate infrastructure.
-
I co-developed the Orchard Brands Security Office creating a platform from which to meet the needs of PCI compliance across the business.
Systems Technology Manager
07/2001 – 3/2008 Norm Thompson Outfitters (Orchard Brands Subsidiary) Hillsboro, OR
As Norm Thompson Outfitters Systems Technology Manager I managed a staff of 5 full-time employees and 4 contractors, which included budgeting, vendor relationships, contracts, performance reviews, and role development. I built strong relationships between departments to achieve the overall goals of the business. My team was responsible for all technical infrastructure to support NTO’s business including;
-
Sun Solaris Unix and Microsoft Servers
-
Microsoft Desktops and Dell Leases
-
Server & Desktop software license management
-
Help Desk / Desktop support ticket tracking
-
Campus-wide LAN, WAN, VPN and Wi-Fi Networking Infrastructure
-
Telecommunications (DSL, T1 & T3 and Frame-Relay), 2 PBX’s (Aspect & Lucent/Avaya Definity)
-
Database: IBM Unidata, Oracle RDBMS, Microsoft SQL Server
-
Development and support of corporate Intranet and SharePoint infrastructure
-
Corporate cell phone program; deployment and contract management
-
Teaming with App Dev and eCommerce to provide business critical solutions.
Among my achievements;
-
I successfully turned around the corporate perception of the IT Help Desk through relationship building, online surveys, and team coaching. At the same time, we created a robust systems/network monitoring solution and rapid response strategy.
-
Our team helped develop the company’s first web and eCommerce platform.
-
I developed our company’s first PCI security program bringing the company into PCI compliance.
-
Earned my Cisco Certified Network Associate (CCNA) certification
Senior Systems and Network Administrator
07/1999 - 07/2001 Norm Thompson Outfitters (Orchard Brands Subsidiary) Hillsboro, OR
As Norm Thompson Outfitters Systems and Network Administrator, I was responsible for managing Sun Unix servers and the networking infrastructure.
Among my achievements;
-
I replaced our legacy network backbone with new state-of-the-art Cisco switches, routers, and firewalls, segregating the network into VLANs.
-
Perl and Unix Shell scripting to create Password Self-Service and LDAP integration.
Other Work History
10/1997 - 07/1999 Paradyne Corporation Largo, FL
Senior Server and Network Administrator
05/1996 - 10/1997 World Color New Media Tampa, FL
Senior Server and Network Administrator
04/1993 - 05/1996 US Geological Survey Center for Coastal Geology St Petersburg, FL
Server and Network Administrator
05/1991 – 04/1993 Profit Management Systems, Inc. St Petersburg, FL
Software Developer – C and Pascal - Sales force automation software
05/1989 – 05/1991 CSC – Computer Sciences Corporation Tampa, FL
Software Developer – Cobol and Dbase - Military contracting for the Gulf War