Edward Frye, CISSP - Resume

Summary

Hands-on Information Security leader with over 20 years experience establishing cross- functional, practical security approaches that fit company culture and business goals. Excellent communication skills across managerial levels. Able to interface with executives, customers, auditors, and technical teams.

Experience Highlights

  • Assessment and Risk Management
    • Penetration Testing
      Vulnerability Assessment
      Risk / Compliance Assessment
  • Certifications
    • CISSP 53360 GIAC GWAPT
      CEH CHFI MCP Project+
      CCNA Security CSCO12076222
  • Security Frameworks
    • ISO 27001 COBIT COSO ITIL
      NIST SP 800-53, 800-30, 800-37r1
  • Compliance Experience
    • ISO27001 SSAE 16 SOC 2 PCI-DSS
      HIPAASOX
  • Operating Platforms
    • Windows Linux Unix OSX

Employment History

 

Elementum SCM, Inc • Mountain View, CA2017 - Present
Director Information Security (Head of Security/CISO)

Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.

  • Obtained ISO/IEC 27001 certification within first 90 days after restart, resolving major non-conformity issues found during phase 1.
  • Drove SSAE 16 SOC2 Type 2 certification after one year with no documented findings
  • Established regular vulnerability assessments and penetration testing and reduced exposed vulnerabilities by 20%
  • Developed company’s first internal company-wide Risk Register allowing the company to track and manage company risks.
  • Implemented 3rd party license compliance program and eliminated license violations such as copyleft, GPL. Reduced 3rd party library vulnerabilities by 60% and libraries with vulnerable method in use by 90%.
  • Implemented Company wide Security and Compliance Awareness Training program with 100% participation.

Silicon Valley Chapter, Information System Security Association2009 - Present
President

Elected to the board of directors for the Silicon Valley chapter of the Information System Security Association (SV-ISSA) from 2009 to present. Most recently serving as the President of the chapter.

  • Chairing board meetings, organizing community events, chapter meetings, and annual security conference.

Blue Jeans Network, Inc Mountain View, CA2014 - 2017
Security Engineer (Acting Information Security Officer)

Developed Information Security Program based on ISO framework for cloud-based video conferencing solution.

  • Provided critical support to the sales team on pre-sales and post-sales customer security evaluations to help close deals.
  • Coordinated security efforts across departments and functions
  • Three-years SSAE 16 SOC 2 security audit with unqualified reports
  • Integrated and managed Security Information Event Management (SIEM) system
  • Implemented software static code analysis systems

Kaiser Permanente Pleasanton, CA 2010 – 2014
Information Security Consultant Specialist

Providing Risk Management and mitigation recommendations for projects in large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.

  • Evaluate vendors against HIPAA, SOX, and PCI security requirements for Healthcare records
  • Identified potential risk, consulted on correcting or reducing risk and created reporting if uncorrected
  • Performed risk assessments on new projects
  • Consult with Security Operations Team on security events

Security Operations Center Lead

Lead for team of 6 security analysts providing response and investigations into security events and incidents in large healthcare organization.

  • Developed automation for data-loss-prevention (DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours / day
  • Responded to events from Security Incident Event Management (SIEM) system distilling 50 million events into a few hundred actionable items per week.
  • Investigate cases of fraud and abuse.

Proofpoint, Inc • Sunnyvale, CA 2009 – 2010
Sr. Technical Support Engineer

Provide advanced level product support for the Proofpoint Email Protection Server to Self-Hosted as well as Proofpoint hosted customers.

  • SME in Networking and Information Security.
  • Provide policy recommendations to customers for email security and encryption.

Education

  • Masters of Science • Information Security and Assurance
  • Bachelors of Science • Information Technology: Security
  • Computer Communications Systems Control Specialist - U.S. Air Force
  • Basic Military Training - U.S. Air Force