Gregory Lucak

Helping customers improve their security posture

Cleveland, OH, United States

Details

Education: The University of Toledo

1986 : 1992

Experience: I am a technical consultant to clients, IBM sales teams and IBM Business Partners specializing in Data Security/Guardium. I use my extensive systems and security background to assist customers with solving complex security and compliance problems.

2019 : Present

IBM

Cybersecurity Specialist

Accepted responsibility for security engineering and operations following merger. Supervised 18 full-time employees in combined company. Oversaw security event monitoring and incident response, vulnerability management, application security, security architecture, and security platform engineering functions. Guided technology rationalization plan between merged entities, as well as Security Operations Center transformation project, to not only align operational procedures post-merger, but also evolve program into an intelligence-driven defense model, with a focus on IoC and TTP analysis and threat-hunting.

2017 : 2019

Windstream

Sr. Director, Security Operations and Engineering

Worked to govern and align disparate information security departments across three distinct business units. Oversaw and managed all information security activities across entire corporation. Led development and maintenance of security strategy, security governance over all business units, security risk management, security awareness, vendor security, threat management, event management, incident response, vulnerability management, and application security. Developed the security strategy and security committee. Expanded the CISO team from four to 12 employees to centralize governance, risk, and Security Operation Center functions under the CISO. On-boarded co-managed MSSP for 24x7 security monitoring. Executed NIST CSF-based risk assessments over three core business units.

2012 : 2017

Windstream

Chief Information Security Officer

Realigned direct report to CIO to deliver greater visibility to continued success and evolution of security program. Led and managed IT security, including identity and access management, event monitoring, incident response, application security, vulnerability management, and IT compliance. Guided automation of user access recertification procedures, formalization of vulnerability management program, development of in-house forensic capabilities, and achievement of initial PCI RoC as a Level Two merchant.

2011 : 2012

Windstream

Director, IT Security

Accepted position of IT security manager of new (divested) company. Oversaw IT security, including access management and IT compliance. Identified need and initiated programs for security policy development, incident response tools and procedures, vulnerability management, application security, penetration testing, and PCI compliance gap remediation. Managed data encryption project across mainframe, UNIX, and Windows systems and applications. Oversaw and guided PCI gap-remediation project. Wrote initial security policy for company.

2006 : 2011

Windstream

Manager, IT Security

Company: IBM

Years of Experience: 32

Skills Data Center, Information Security, Information Technology, Infrastructure, Integration, IP, IT Management, IT Service Management, Linux, Network Security, Perl, Project Management, Unix, Vendor Management

About A cybersecurity leader with extensive experience in data protection, risk mitigation, incident response, security architectures, and vulnerability management. Excels at identifying security controls to meet business risk objectives while achieving regulatory and industry compliance obligations.