It was once written, Specialization is for Insects. I agree to some extent because too many people working in the IT and security space are too narrowly focused and at the same time the people on the business side don't seem to have any knowledge of IT or security. I bring a mix of systems development, information security and business management experience that can add value to your organization.
Why Individual Contributors, LLC?
When looking for a name to attach to the services provided, I remembered the two general categories of employees - management and individual contributors. It is at the individual contributor level that the work gets done. The work I propose is to provide assistance to the management level of an organization so that their individual contributors can best do the work.
This starts with helping you to understand, document and communicate the businesses you are in. It helps you to validate that the organizational structure employed is appropriate.
Now that you understand your business better you can create a process to select the best individual for a job. By applying a structured approach to the hiring process I can help you ensure that the individual selected will be the right one for the job.
For the last 17 years I have been involved in the creation and execution of the information security program at a large financial institution. This started at a meeting where the CIO said to my boss, "Dave, information security is your most important thing this year." Dave then turned to me and said "Bob, information security is your most import thing this year." From that short conversation a renewed security program, organization and architecture was developed and implemented. It has been evolving and improving but the basic structure has remained.
An organization does not have to have a formal information security group, but the tasked related to managing the risks associated with technology still have to be done by somebody. I can help assess your current process and recommend improvements to ensure that you understand the risks associated with your business and have addressed each one of them.
I also have experience in developing GRC applications using the RSA/Archer tool. This experience also includes the administration of the tool. I have worked with most solutions (I know that is the old terminology). This has included Policy Management, Risk Management, Vendor Management Risk Assessments, and Enterprise Management.
For further information or to discuss a potential engagement please contact me by calling or clicking on the Contact Me button.