Keith P. Burdick

KEITH P. BURDICK

537 Glendale Avenue, Bridgeport, CT 06606

203.521.7855

SUMMARY:

Over 15 years of executive level andhands-on information technology and information securityexperience inboth private and public sectors (including health care, banking, defense,marketing, and education).

*Information security certifications: CISSP, CISM, CISA, CEH, CHFI, LPT, ECSA;

Vendor certifications: Microsoft MCTS (SQL/Exchange), Apple ACTC and ACSP, Linux+.

WORK EXPERIENCE

CYNERGISTEK, INC.

SENIOR INFORMATION SECURITY CONSULTANT

2013 – Present

Senior information security consultant for an information security consulting firm with over 150 clients across the U.S. Responsible for evaluating client security practices, assessing external and internal technical/physical security measures, and providing recommendations for improved security and regulatory compliance.

* Perform external and internal vulnerability assessments of infrastructure via Qualys scans (PCI-DSS), wireless scans (Aircrack), fingerprinting, and social engineering (including email phishing).

* Perform black box Web Application Security testing for clients including Associated Press using QualysGuard and open source tools (nMap, Nikto, Owasp-Zap, W3af, Backtrack 5).

* Perform network device assessments utilizing CIS benchmarks and router/firewall (RAT and Nipper) security auditing tools.

* Collaborate with client CIO, CSO, HR, and IS teams during consultation process to determine the current state of security systems and policies (particuarly those necessary for HIPPA compliance).

* Develop, write, and present separate technical assessment reports and remediation recommendations to executives and technical teams based on comprehensive evaluation.

* Assist the risk team in conducting risk assessments for clients.

* Conduct forensic analysis on emergency basis and provide advisory services on possible evidentiary proceedings.

* Vendor certified for BlueCoat products (ProxySG, DLP, WebGateway).

CITIZENS FINANCIAL GROUP, INC.

VICE PRESIDENT OF INFORMATION SECURITY - AMERICAS

2011–2012

Responsible for the development, implementation and execution of security policy of Citizens.

* Reporting to the SVP of Information Security and Chief Information Security Officer, responsible for participation in the development and implementation of solutions for the 2012 FFIEC Supplement to Authentication in an Internet Banking Environment, specifically those recommendations regarding device fingerprinting (Device ID).

* Assisted in Royal Bank of Scotland (RBS)security risk assessments, audits, and status reporting for regulatory compliance in the RBS global trading environment. Using audit results, recommended methodology to reduce security gaps between risk appetite and current risk position as set by the RBS CISO.

* Working directly with Hewlett Packard engineers, assist in developmentof an intranet portal for CFG collection of HP WebInspect and AppScan vulnerability data of CFG applications and web pages for collaborative information security team review.

* Providedassistance to CFG forensics team in developing the forensic department, including recommendations and use of current forensic tools for mobile devices.

FAIRFIELD UNIVERSITY

MANAGER OFINFORMATION TECHNOLOGY -NETWORK ARCHITECTURE

2008–2009

Reporting to the Vice President of Information Systems, responsible for oversight of I.T. for 6500+ end users and I.T. team of 10+ employees with a budget of approximately 1MM.

*Led forensic and legal investigations for the university andinvestigated security events in collaboration with third-party legal and forensic departments (UHY Advisors/Day Pitney).

* Responsible for information security audit and regulatory compliance, as well as

risk and vulnerability assessments, review of daily SIEM reports, and security reporting and analysis to senior management.

* Designed and implemented BCP/DRP business continuity plans and disaster recovery plans at “warm” offsite co-location facilities out of state,includingfailover redundancy for all local servers, routers, and ISP data connections.

* Updated and implemented health department security to address HIPAA compliance, including: access controls, SIEM log management, and encryption for ePII.

* Oversaw the design and implementation of a $500,000 IdM Sun metadirectory project utilizing Shibboleth and Kerberos for single sign-on to AD and LDAP directories.

* Implemented Packetshaper and Bradford NAC monitoring software to reduce file sharing and track end users for MPAA/RIAA compliance.

* Evaluated and implemented new Department of Public Safety technology infrastructure.

* Designed and installed Blackberry serversand Exchange activesync for iPhone.

* Re-negotiated telecom, ISP, and data supportcontractssaving over $300,000 per year, implementedoutsourcing of student email to cloud services, saving over $100,000 per year, and implemented Nuance Call Center, resulting in cost savings of over $250,000 p/yr.

ALCONE MARKETING GROUP, INC.

DIRECTOR OF INFORMATION TECHNOLOGY

1999–2008

Director of IT for the #1 ranked U.S. marketing agency and a Fortune 500 division of Omnicom, Inc. Reporting directly to CEO, responsible for I.T. operations of seven offices located in CT, NJ, PA, IL, TX, GA and CAand assistance to offshore office in London.

*Worked directly with CEO, COO, and CFO to author, manage, and implement IT operating budgets of 1MM+, and oversee I.T. team of 10+ staff.

*Responsible for authoring and implementing company I.T.acceptable use and I.T. security policies, including controls and documentation for the introduction of Sarbanes-Oxley (SOX) compliance.

* Main liaison for third party IT audits and compliance testing,responsible for engaging and directing outside consultants on information security audits.

* Responsible for maintaining relationships with law enforcement due to physical and virtual security breaches.

* Implemented offsite disaster recovery plan and business continuity plan (DRP/BCP) at reciprocating co-location sites in “sister” agency datacenters.

* Responsible for design and implementation of security, infrastructure, and policy strategies with the integration of business partners and all mergers and acquisitions.

* Enhanced revenue through modernization of warehouse inventory and shipping technology, resulting in increased production and improving on-time product delivery.

*Responsible for hands-on configuration and administration of: all servers (Microsoft AD, Exchange, Flie, SQL); network devices (Cisco switches, routers, and firewalls); desktops/laptops (Windows XP and OS X); Polycom video conferencing equipment;Avaya PBX phone systems; HP and Xerox press printers; and Blackberry phones for all locations (including replacement every three years due to leasing requirements).

* Increased employee productivity and retention through implementing VPN remote access and installing Cisco Aironet wireless networks to allow for in office mobility.

* Negotiated contracts and licensing with all vendors (CDW, SHI, Microsoft, Apple, Adobe, Xerox, Avaya, Novell) and contractors.

* Awarded first Alcone achievement and performance award as voted on by peers.

LOCKHEED MARTIN, INC.

INFORMATION TECHOLOGY CONSULTANT - HANSCOMB AIR FORCE BASE

1999 -1999

Responsible for technical support of all operating systems,andprovide input on design ofintranet website design and administration.

* Evaluated existing support, administration, and security of Microsoft Windows NT 4 and 95, Apple Mac OS 9.x, and SGI Irix operating systems, and made recommendations to improve technical quality of service (QoS).

* Recommended changes to the support of all OS platforms resulting in significant reduction in computing downtime for desktop computers and improvements in client satisfaction feedback.

YALE UNIVERSITY

SUPPORT SPECIALIST LEVEL III

1998-1999

Responsible for LAN/WAN management and desktop support of the Clinical Neuroscience Research Unit of Yale University (CNRU), and support of CNRU research computers offsite at the Veterans Administration hospital.

* Responsible for design, support, and integration of desktop and server platforms (Windows, Macintosh, Solaris and Netware).

* Responsible for network communication of CNRU computers with both the State of Connecticut and U.S. Veterans Administration Hospital computing systems.

EDUCATION

University of New Haven, New Haven, CT

B.A., Clinical Psychology (Cum Laude 3.8 G.P.A.)

1987-1991

University of New Haven, New Haven, CT

M.A. Clinical Psychology (Magna Cum Laude, 4.0 G.P.A.)

1995-1998

CERTIFICATIONS

CISSP Certified Information Systems Security Professional (# 320496)

CISM Certified Information Security Manager (# 1116832)

CISA Certified Information Systems Auditor (# 1192345)

CEH Certified Ethical Hacker

CHFI Computer Hacking Forensic Investigator

LPT Licensed Penetration Tester (# PB11-317)

ECSA Certified Security Analyst

MCTS Microsoft Certified Technical Specialist, Exchange Server 2010

MCTS Microsoft Certified Technical Specialist, SQL Server 2008

ACSP Apple Certified Support Professional, OS X 10.6, OSX Support Essentials

ACTC Apple Certified Technical Coordinator, OS X 10.6, OSX Server Essentials

LINUX + CompTia

Full –Time Study: Certifications CISM; CISA; CEH; CHFI; ECSA; LPT; MCTS (2); ACTC; ACTS; Linux 2010-2011