Stephen Alexander

Stephen Alexander

30 Hoskins Road, Simsbury, CT 06070
steve@salexander.com
@sealexander

PROFILE
Cybersecurity evangelist leading email and data protection technologies. Heading one of the most sophisticated email protection programs, managing email gateway & protection tools, post delivery technologies and reducing threats for inbound email. Protecting nearly 1000 email domains from spoofing through DMARC, SPF, DKIM and BIMI technologies. Managing trusted email program, providing email protection data to corporate management.

  • CISSP since 2004 (#54142)
  • Email Protections Technology Lead
  • Technical Consulting and Advising
  • Vulnerability & Risk Analysis
  • Project Vision & Leadership
  • Analytical Research
  • Leveraging Relationships

PROFESSIONAL EXPERIENCE
MASSMUTUAL Springfield, MA 05/2008 – present

Program Owner – Trusted Email Program 12/2019 – present

  • Leading the Trusted Email Program through the implementation of multiple technologies used to thwart email initiated attacks on the corporation
  • Aligning an advanced, layered system of tools utilizing AI to protect company email users from phishing, business/vendor email compromise, phishing and other email attacks
  • Working with internal and external resources to protect 900+ corporate and field office domains using authentication standards including DMARC, SPF, DKIM and BIMI through industry-leading and new, niche technology solutions through email authentication standards
  • Providing substantially improved delivery rates while protecting company domains from misuse including lockdown of defensive or web-only domains

Business Information Security Manager (BISO) 11/2018 – 12/2019

  • Enabling information risk reduction through collaborative work with business partners to identify, prioritize and mitigate information risks
  • Acting as a trusted advisor to the line of business as an extended member of the leadership team; understand strategic goals and embed information risk management into the culture
  • Working to support sales efforts through customer consultations regarding the protections in place to protect customer’s employee data
  • Acting as the single point of contact for the lines of business to Cyber Security leadership

Information Risk Manager 08/2016 – 11/2018

  • Reducing risk through evaluation of projects, suppliers, policies
  • Information risk liaison with internal business partners
  • Managing risk acceptances through evaluation of compensating controls
  • Resource cost forecasting, reporting metrics

Information Risk Consultant 03/2015 – 08/2016

  • Leading discussion of key performance indicators, team activities and focus
  • Heading efforts to secure access to critical corporate financial assets
  • Securing company and client confidential data

Business Change Agent 06/2014 – 03/2015

  • Working with Lean principles to address the opportunity for improvements across various Information Technology departments
  • Facilitating workshops to gather value streams for current processes across the solution delivery life cycle (SDLC)
  • Through the collection of empirical data, seeking to reduce pain points, waste, cost of doing business

Enterprise Architecture, Solutions Architect, Security Domain Advocate 09/2011 – 06/2014

  • Create Solution Architecture designs for assigned projects including Architectural Vision, Architecture Design Document, and Enterprise Reference Architecture; 1 large project and 2-3 small concurrent projects
  • Lead architect for Active-Active Data Center project ($2MM est.)
  • Create and maintain Architecture Patterns to promote re-use rather than re-work
  • Facilitate the Architecture Community of Practice (COP) weekly meetings (40 – 60 members); founded and facilitated the company’s Security Community of Expertise (CoE)
  • Engaged across the architect teams (Enterprise Technology Organization, US Insurance Group, Retirement Services) as the security domain advocate for projects; represent the entire Architecture community in weekly project triage meetings
  • Provide guidance for required access in a secure manner; protect data with appropriate MassMutual policies and standards, support legal requirements
  • Engage with senior management in a risk-based approach for available options to solve business problems and facilitate projects
  • Maintain effective relationships across lines of business; work as a conduit to get in front of ideas before they become concrete projects; provide pre-project guidance
  • Consult with Legal, HR, Compliance, and line of business leaders as a data security subject matter expert (SME)

Information Security Consultant, 05/2008 – 09/2011

  • Direct report to Chief Information Security Officer (CISO); represented CISO as requested
  • Provided internal, risk-based consulting services to Enterprise Technology Organization projects to secure data in use, in flight, at rest; advised on best practices for assigned projects; guided project leads on adhering to regulations regarding data encryption
  • Created Security Architecture Documents relating to new security patterns (authentication, authorization, access, connectivity, protection of data)
  • Provided guidance during project initiation phases (triage, discovery meetings)
  • Represented department on Security Roundtable, Firewall Request Review Board, Remote Computing Services team
  • Worked with Enterprise Architect team to create, update Reference Architecture documents

CIRCUIT CITY STORES, INC. Richmond, VA 02/1998 – 05/2008
Senior Data Security Architect 2006 – 2008
Senior Information Security Analyst 1999 – 2006
Manager of Data Networking 1998 – 1999

  • Primary conduit to senior management and C-levels for all aspects of data security, data leakage, issue resolution; primary counsel to Legal and HR teams in regard to data preservation and access controls for use in litigation
  • Identified security vulnerabilities and prioritization across all information technology (IT) projects; advised principals of the means and methods to adhere to new and existing security policies and standards; provided support for security architecture development and design, system and software requirement analysis
  • Lead investigator for data leakage and information security-related matters including triage efforts; engaged as subject matter expert across information security and data protection efforts; materially participated in external and internal audits and mitigation efforts
  • Evaluated new and emerging security technologies; provided peer reviews of new system architectures, program architectures, and network design; researched, developed responses to emerging information security threats
  • Established advocacy for security principles within the corporation; established guidelines for data shared with third-party vendors
  • Led support in the selection of data loss protection (DLP) solution, wireless intrusion detection system (AirDefense – now Motorola); key support for Sarbanes-Oxley, PCI 1.0 and 1.1, and Chase (private label credit cards) controls; customer advisory council for AirDefense
  • Defined and validated system security requirements definition using standards (ISO 17799, COBIT, ITIL)
  • Authored corporate information security policies and standards; provide feedback to Legal and HR partners for corporate-wide policies
  • Oversaw 10-15 technical network analysts and administration team for user IDs for Windows AD, Postini (now Google), Cognos, and MicroStrategy; personally managed access to insider information and insider trading access for all corporate officers
  • Provided peer reviews for new architecture and data sharing projects; architectural risk assessment for software development projects
  • Assisted with budget preparation and cost projections for information security projects; coordinated and presented funding proposals to senior management

VANSTAR CORPORATION Tempe, AZ 1989 – 1998
Senior Systems Engineer 1997 – 1998
Director of Information Systems 1994 – 1996 (dba Dataflex Corporation)
Technical Sales Support Manager 1989 – 1994 (dba Sunland Computer Services)

  • Presented new technology solutions to DoD, government, private clients through executive-level technology briefings
  • Managed installation of corporate WAN, web, email servers; individually provided all support for western US network and email networks over 6 locations
  • Designed, installed, managed secure inter-company communications during two acquisitions
  • Designed, implemented, and maintained national, multi-platform WAN for clients and internal use: Windows NT, AS/400, Novell, and various UNIX systems, routers

APPLIED FINANCIAL SERVICES Scottsdale, AZ 1987 – 1989

  • Sales, service of personal and business life, health and financial services products for Jefferson Pilot and other life and health insurers

HORIZONS UNLIMITED COMPUTER SVCS Gettysburg, PA 1985 – 1987

  • Sales and Technical Support Manager
  • Network Engineer

PROFESSIONAL DESIGNATION
ISC(2) Certified Information Systems Security Professional CISSP # 54142, granted January 2004 (active)

EDUCATION
SHIPPENSBURG UNIVERSITY Shippensburg, PA 1985
Bachelor of Science in Business Administration, Marketing

@sealexander