Edward Frye - Resume

Summary

Hands-on Information Security leader with over 25 years experience establishing cross-functional, practical security approaches that fit company culture and business goals. Excellent communication skills with ability to interface with executives, customers, auditors, technical, and non-technical teams. Adept at building security champions programs leveraging cross-functional software engineering resources as a security force multiplier and integrating security into continuous-development / continuous-integration deployment pipelines.

Experience Highlights

  • Assessment and Risk Management
    • Application Security / CICD Security
    • Risk / Compliance Assessment
  • Certifications
    • CISSP 53360 GIAC GWAPT
      CEH CHFI MCP Project+
      CCNA Security CSCO12076222
  • Security Frameworks
    • ISO 27001 COBIT COSO ITIL
      NIST SP 800-53, 800-30, 800-37r1
  • Compliance Experience
    • ISO27001 SSAE 18 SOC 2 PCI-DSS
      HIPAASOX

Employment History

Aryaka Networks, Inc • San Mateo, CA 2019 - Present
Chief Information Security Officer (CISO)

Revamped Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for Software-Defined Wide Area Network.

  • Drove ISO/IEC 27001 certification with no non-conformities through stage 2.
  • Drove migration from SSAE 16 to SSAE 18 standards for SOC 2 reporting
  • Reduced exposed vulnerabilities by 80% by updating vulnerability management program.
  • Developed and managed Information Security Incident Response Process
  • Implemented Forensics analysis and evidence gathering process
  • Developed Continuous Company wide Security and Compliance Awareness Training program.
  • $200k / year cost reduction on telephony and unified communications solutions
  • Implement Software Engineering Security solutions through SAST/DAST solutions.
  • Migrate from on-prem to cloud solutions.
  • Grew security team from 1 to 5, and IT team from 4 to 11, Business Information Systems team from 2 to 12 

Silicon Valley Chapter, Information System Security Association 2009 - Present
President

Elected to the board of directors for the Silicon Valley chapter of the Information System Security Association (SV-ISSA) from 2009 to present. Most recently serving as the President of the chapter.

  • Chairing board meetings, organizing community events, chapter meetings, and annual security conference.
  • Managing team of volunteers for non-profit 503(c)(6) professional organization

Elementum SCM, Inc • Mountain View, CA 2017 - 2019
Director Information Security (Head of Security/CISO)

Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.

  • Obtained ISO/IEC 27001 certification within first 90 days after restart, resolving major non-conformity issues found during phase 1.
  • Developed Security integration into CI/CD process through micro-services and micro-deployments reducing sprint to deploy from 4 weeks to continuous deployment.
  • Implemented security with quality tools in IDE/Jenkins build environments using Maven and SonarQube and augmented with SAST and DAST tools.
  • Drove SSAE 16 SOC2 Type 2 certification after one year with no documented findings 
  • Established regular vulnerability assessments and penetration testing and reduced exposed vulnerabilities by 20%
  • Developed company’s first  internal company-wide Risk Register allowing the company to track and manage company risks.
  • Implemented 3rd party license compliance program and eliminated license violations such as copyleft, GPL. Reduced 3rd party library vulnerabilities by 60% and libraries with vulnerable methods in use by 90%.
  • Implemented Company wide Security and Compliance Awareness Training program with 100% participation.

Blue Jeans Network, Inc Mountain View, CA 2014 - 2017
Security Engineer (Acting Information Security Officer)

Developed Information Security Program based on ISO framework for cloud-based video conferencing solution.

  • Provided critical support to the sales team on pre-sales and post-sales customer security evaluations to help close deals.
  • Coordinated security efforts across departments and functions
  • Three-years SSAE 16 SOC 2 security audit with unqualified reports
  • Integrated and managed Security Information Event Management (SIEM) system
  • Implemented software static code analysis systems

Kaiser Permanente Pleasanton, CA 2010 – 2014
Information Security Consultant Specialist

Providing Risk Management and mitigation recommendations for projects in large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.

  • Evaluate vendors against HIPAA, SOX, and PCI security requirements for Healthcare records
  • Identified potential risk, consulted on correcting or reducing risk and created reporting if uncorrected
  • Performed risk assessments on new projects
  • Consult with Security Operations Team on security events

Security Operations Center Lead

Lead for team of 6 security analysts providing response and investigations into security events and incidents in large healthcare organization.

  • Developed automation for data-loss-prevention (DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours / day
  • Responded to events from Security Incident Event Management (SIEM) system distilling 50 million events into a few hundred actionable items per week.
  • Investigate cases of fraud and abuse.

Proofpoint, Inc • Sunnyvale, CA 2009 – 2010
Sr. Technical Support Engineer

Provide advanced level product support for the Proofpoint Email Protection Server to Self-Hosted as well as Proofpoint hosted customers.

  • SME in Networking and Information Security.
  • Provide policy recommendations to customers for email security and encryption.

Education

  • Masters of Science • Information Security and Assurance
  • Bachelors of Science • Information Technology: Security
  • Computer Communications Systems Control Specialist - U.S. Air Force
  • Basic Military Training - U.S. Air Force

 

DISCLAIMER: This is a personal Web site, produced in my own time and solely reflecting my personal opinions. Statements on this site do not represent the views or policies of my employer, past or present, or any other organization with which I may be affiliated. All content is copyrighted.