Gregory Lucak
Education:
The University of Toledo
1986 : 1992
Experience:
I am a technical consultant to clients, IBM sales teams and IBM Business Partners specializing in Data Security/Guardium. I use my extensive systems and security background to assist customers with solving complex security and compliance problems.
2019 : Present
IBM
Cybersecurity Specialist
Accepted responsibility for security engineering and operations following merger. Supervised 18 full-time employees in combined company. Oversaw security event monitoring and incident response, vulnerability management, application security, security architecture, and security platform engineering functions. Guided technology rationalization plan between merged entities, as well as Security Operations Center transformation project, to not only align operational procedures post-merger, but also evolve program into an intelligence-driven defense model, with a focus on IoC and TTP analysis and threat-hunting.
2017 : 2019
Windstream
Sr. Director, Security Operations and Engineering
Worked to govern and align disparate information security departments across three distinct business units. Oversaw and managed all information security activities across entire corporation. Led development and maintenance of security strategy, security governance over all business units, security risk management, security awareness, vendor security, threat management, event management, incident response, vulnerability management, and application security. Developed the security strategy and security committee. Expanded the CISO team from four to 12 employees to centralize governance, risk, and Security Operation Center functions under the CISO. On-boarded co-managed MSSP for 24x7 security monitoring. Executed NIST CSF-based risk assessments over three core business units.
2012 : 2017
Windstream
Chief Information Security Officer
Realigned direct report to CIO to deliver greater visibility to continued success and evolution of security program. Led and managed IT security, including identity and access management, event monitoring, incident response, application security, vulnerability management, and IT compliance. Guided automation of user access recertification procedures, formalization of vulnerability management program, development of in-house forensic capabilities, and achievement of initial PCI RoC as a Level Two merchant.
2011 : 2012
Windstream
Director, IT Security
Accepted position of IT security manager of new (divested) company. Oversaw IT security, including access management and IT compliance. Identified need and initiated programs for security policy development, incident response tools and procedures, vulnerability management, application security, penetration testing, and PCI compliance gap remediation. Managed data encryption project across mainframe, UNIX, and Windows systems and applications. Oversaw and guided PCI gap-remediation project. Wrote initial security policy for company.
2006 : 2011
Windstream
Manager, IT Security
Company: IBM
Years of Experience: 32