My CV

Career Summary

BRIAN GRAY

INFORMATION AND CYBER SECURITY EXPERT


Experienced Chief Information Security Officer (CISO), Virtual Chief Information Security Officer (vCISO), Technical Security Officer (TSO), senior leader, wisdom provider and problem solver with a proven track record of reducing risk.

Business Skills

  • Trusted CISO, vCISO, Senior Leader, Consultant & Advisor
  • Relationship builder and collaborator
  • Six Sigma & Continuous Improvement
  • People, Process & Technology Connector
  • Assessor and Auditor of Security Postures
  • IT & Security expertise
  • Creator of assessment and auditing tools
  • Skilled in governance, risk, compliance & data privacy
  • Expert in security controls and mitigating controls
  • Tactical thinker & decision-maker
  • Skilled in global IT/Security solutions
  • Customer & Business centric requirements
  • Proficient problem solver and troubleshooter
  • Experienced in application and web security
  • Proficient in Open Source & Commercial tooling
  • Former Technical Instructor
  • Self starter & team motivator
  • Project Manager & Meeting Facilitator

Top Technical Skills

  • Operating Systems:
    • All versions of; Unix, Linux, Windows, OSX, BSD, Novell,
      Chromium, IOS & Andriod
  • Cloud & Application Technologies:
    • Artificial Intelligence (AI), Containers, Azure, AWS, Google Cloud Platform – GCP, Office 365, Federated AD, ERP, CRM, HR, Payroll, Data Analysis, GRC, Risk Registry & eDiscovery
  • Networking, Storage & Infrastructure:
    • Virtualization, Routers, Switches, Load Balancers, Clustering, QOS, NOC, DHCP, DNS, VDI, SAN, NAS, VEEM, NFS, ISCSI, SD-WAN, SASE, Servers, Network Monitoring, Packet Analysis,
      Structured and Unstructured Data, MicroSegmentation, Databases, Big Data, Data Flows & Security Solutions
  • Security Technologies:
    • Incident Response (IR) & Management (IM), Disaster Recovery (DR), Business Continuity Plans (BCP), Data Leak Prevention (DLP), Active Directory (AD), Zero Trust, ADCS, PKI, HSM, LDAP,
      Kerberos, Multi-factor, IDS/IPS, Firewall, EndPoint Security, SOC, Forensics, Pentesting & Vulnerability Management, Log Monitoring, Encryption, Secure Transport and Storage, Cloud App
      Security, Identity and Privileged Access Management, Zero Trust, EDR, MDR, XDR, SOAR, MSP, MSSP, Artificial Intelligence (AI).
  • Frameworks & Security Best Practices:
    • ISO, COBIT, CSI, GLBA, HIPAA, PCI, SOX, SOC I & II, SWIFT, CVE, SANS, NIST, SCF, CMMC, CMMI, COSO, CIS, MITRE Att&Ck, FIPS, GDPR, FFIEC, Data Security, Governance, Risk, Compliance (GRC), Audit, Assessment & Remediation.
  • Code Review, Development DevOps & SDLC:
    • Agile, Waterfall, Scrum, CI/CD, DevOps, DevSecOps, API, OWASP, Code Review (DAST, SAST, IAST, RAST, SCA etc.), Code Repositories, Languages & Security Tooling.
  • People, Process & Technology Integration:
    • Business Integration, Workflow, Analytics & Automation, Six-Sigma, Continuous Improvement, CMMI, Capabilities and Maturity, Roadmaps, Skills Matrix, Training, Mentoring & Gui

Memberships

  • ISACA Member & Chapter Presenter
  • #1 Husband and Wife Team in Professional Rock Crawling
  • SCCA (Sports Car Club of America) Member and Competitor

Honors

  • Voya: Selected for CTF – Capture the Flag & Red and Blue Teaming
  • Voya: Nefarious Hacker Challenge Award.
  • Norfolk Southern: Created Security aspects within the OAR – Operation and Awareness Response Exercises
  • Red Hat: Recipient of the First Fedora Award, Red Hat.
  • Red Hat: Selected to represent the Linux Terminal Server Project (LTSP) for Education
  • Tangram Enterprise Solutions: Presidential Award for Excellence
  • NCSU: President of TECA & Epsilon Pi Tau

Volunteer & Charity

  • Mission 22
  • Wounded Warrior Project
  • Fort Benning Transition Battalion
  • Fisher House Foundation
  • Boys & Girls Clubs of America
  • Humble Heros Foundation
  • Touch a Truck

Employment History

Information & Cyber Security Consultant, Advisor and Leader | GrayMatter, LLC | 2017 – Present

  • CISO, temporary and interim CISO & vCISO engagements, developed and implemented security programs, risk reduction, regulatory requirements & roadmaps for major companies
  • Provided security best practices and training, driving process improvement where a 15% ROI was shown within 1 year.
  • I cultivate strong relationships with C-level executives and technical experts, leading to successful security operations.
  • Implemented security controls and frameworks to ensure customer trust and compliance. Managed teams to support customer engagements.
  • Healthcare, Pharmaceutical, Banking, Manufacturing, Distribution and Financial, Insurance, Software Development clients and expertise.


vCISO Professional Services Principal and Leader | Solis Security (Division of CFC Underwriting), May 2024 – Present

  • Experienced:
    • vCISO for clients in multiple sectors and industries including; Education, Government, Healthcare, Finance-Banking-Fintech, Insurance, Development, Distribution & Manufacturing.
  • Thought leadership:
    • vCISO tiered approach allowing for better scoping of services and delivery options to a wider range of clients.
    • Creation of standard methodologies for performing and delivering risk, gap, and compliance assessments, risk remediation and reduction.
  • Product Owner & Process Improvements:
    • Created and collaborated development of standard processes, workflows & automation.
  • Performance:
    • Lead a team of global consultants in providing vCISO and security professional services with 98% on time delivery.
    • Process improvements including automation leading to a reduction of overhead by 25% for client engagements.
    • Developed new security services increasing revenue by 15%.
    • Created a high performance team where 100% of bonuses are achieved.
    • Process integration of needed GRC and vCISO software.
  • Team, Collaboration and Customer Satisfaction
    • Work with Account Executives as a SME promoting services and offerings increasing conversion rates, renewals and accurate scoping.
    • Educator providing guidance and mentoring to clients and teams.

  • Managing Consultant | Zyston LLC | 2019 – 2023
    • Provide vCISO consulting and leadership advisory.
    • PreSales & Marketing support for teams.
    • Engagement delivery with 100% on time delivery.
    • Increase advisory revenue from 1 million to 3.8 million.
    • CyberSecurity & Information Security methodology & tooling
    • Focused on people, process & technology.
    • Security mapping, alignment, assessing, testing, security posture and board presentations.
    • Industry best practices, standards, frameworks, and regulations.
    • Expert understanding of architecture, cloud, infrastructure and security.
    • Advisement, consulting, mentoring, guiding, reporting through KPIs.
    • Collaborator, relationships, influencer, dialoguer & customer satisfaction.
    • Teamwork, programs & operations management, manage, direct & lead.
    • DevOps, DevSecOps, CI/CD & SDLC, Integration, QA, UAT, software, technical requirements, including functionality, reporting.
    • Thought leadership, leadership, management, strategy & advisement.Positive work environment where 100% of bonuses were achieved.



Technical Security Officer (TSO), Manager and Lead Engineer | Voya Financial | 2009 – 2017

  • Application Security: Hybrid application testing & threat modeling approach saving millions of dollars in dev cost.
  • Decrease of security code issues by 20,000.
  • Threat & Vulnerability Management: Identified 30,000 patching issues & zero-day vulnerabilities with100% of needed patches and/or mitigating controls where established.
  • Compliance Management: Identified 80,000 compliance issues needing closure and helped close them.
  • Reviewed technologies: Saved ING $750,000 identifying products not meeting requirements.
  • Identified 25,000 configuration issues and guided SME’s until closure.
  • Processes and workflow automation & improvements, advanced maturity models, roadmaps, CI saves.
  • Perform risk assessments on 100% of current and 3rd party controls.
  • Risk identification, threat modeling & assessments, solutions, toolsets, frameworks and best practices.
  • Using Open Source tools saved the company $200,000 and yearly maintenance costs.
  • Management, mentoring, guide, skill matrix, training modules, documentation, KPIs to measure success.
  • Positive work environment where 98% of bonuses were achieved.

Additional Experience

  • Norfolk Southern Corporation – Lead Security Analyst
  • Verint (Formerly Witness Systems, Inc) – Lead Security Engineer
  • Cardinal Health (Formerly Magellan Labs) – Network & Systems Engineering Team Lead
  • Red Hat Inc – Senior System & Web Administrator
  • Tangram Enterprise Solutions – Senior Network, Systems & Web Administrator
  • ECPI University – Technical Instructor
  • Wake County Public Schools – Computer and Electronics Instructor
  • US Army – Administrative Specialist, Motor Pool and Supply Sargent

Education

  • Bachelor of Science | Technology Education | North Carolina State University | Magna Cum Laude

Certifications & Training

  • Security:
    • CISSP, CISA, CISM & CEH
    • BlackHat, Defcon & SANS
    • McAfee & Qualys: Vulnerability
      Mgmt., Compliance & WebApps
    • CheckPoint: CCSA & CCSE
    • Cisco: CCNA & CCSP
    • Red Hat: RHCE
    • Novell: CNA, CNE, CNP, CLS, & CLP
    • Windows: MCP
    • Cisco Product Training: Meraki, ASA, SourceFire, AMP, Umbrella, ISE, CloudLock & StealthWatch
  • Cloud Computing:
    • ISC2 Certified Cloud Security Professional
    • Server-less Concepts – Linux Academy
    • Google Cloud Essential Cloud Infrastructure Foundation – Google Cloud Training
  • LinkedIn Learning:
    • AWS Certified Solutions Arch, Server-less Architecture, Cloud Architecture: Design Decisions,
      Microsoft Azure Security, Learning Cloud Computing Cloud Security, Planning an AWS Solution, AWS: Enterprise Security,
  • Office 365:
    • Implementing Networking and Security, Advanced Threat Protection & Automation
  • Development:
    • Certified ScrumMaster – CSM
    • Voya: .Net, Java/Javascript & SQL
    • Red Hat: CMS, Web Development, Postgres, MySQL & Oracle
    • LinkedIn Learning: Learning the OWASP Top 10, ITIL, ITSM, and the SDLC, Software Testing/QA, Software Development Management Practices, The Product Life Cycle, DevOps Foundations
  • Leadership:
    • Covey: Leadership and Relationship Management
    • Voya: Developing High Performance Teams & Thought Leadership
    • LinkedIn Learning: Becoming a Thought Leader, Situational Leadership, Balancing Multiple Roles as a Leader, Using Questions to Foster Critical Thinking and Solutions
  • Process and Workflow:
    • Voya: Six Sigma & CI, Work Flow Automation
    • Red Hat: Security Analytic Methods
    • Microsoft: Flow, SharePoint & Teams
    • LinkedIn Learning: Draw Process Flow Diagrams,
      Business Process Management, Process and Workflow for Design