Lorna Koppel
Education:
MS
Atmospheric Science
State University of New York at Albany
1993 : 1995
BS
Meteorology
Penn State University
1989 : 1990
BS
Physics
Bowling Green State University
1985 : 1989
Experience:
Tufts University is a private university on 5 campuses with over 10,000 students, 4,500 faculty and staff, two undergraduate programs, eight graduate divisions, and a $1.6B endowment.
• Hired to provide leadership and vision for Information Security across the university by serving as the leading authority and adviser to senior leadership and developing necessary security strategic plans.
• Responsible for managing a team of information security professionals that provides a broad catalog of security services including policies and procedures, risk assessments, security reviews, leadership for incident response and management, and community outreach and education that is designed to protect the university, its data, faculty, staff, and students.
2014 : Present
Tufts University
Director Information Security/CISO
Iron Mountain is a $3B public global storage and information management company with 1,050 facilities in 36 countries and with 17,000 employees servicing 156,000 clients.
• Recruited to fill a long-vacant CISO position, revamped security program to include a strategic security roadmap and created a dashboard that facilitated communications on priorities to all organizational levels, focused attention towards progress on key initiatives, and recognized successes in reducing risk.
• Provided regular Information Security updates to the Audit Committee creating a clear dialog on risks, priorities, and progress.
• Reorganized duties and mentored global staff of 20 in 5 teams, thus improving responsiveness and quality of security programs. Priorities included customer assurance, sales support, third-party vendor reviews, compliance to customer contracts, Information Security governance, vulnerability management, and cyber-incident response. Also provided matrix management to IT staff performing security administration tasks.
• Strengthened cross-functional relationships with IT, Legal, Procurement, Compliance, Internal Audit, and Sales, as well as with IT reached agreement to address issues created due to history of high volume of acquisitions and of decentralized management of security technologies and IT processes.
• Oversaw security aspects of compliance and assurance such as PCI, ISO27k, HIPAA, FISMA, and SOC 1/2/3.
2013 : 2014
Iron Mountain
Vice President, Chief Information Security Officer (CISO)
Kohler Co. is a $5B private global consumer goods manufacturer and hospitality provider with 5-star resorts and golf courses on 6 continents, 50 manufacturing locations, and 30,000 employees.
• In newly created executive position, developed strategic program to address risks in business-appropriate way sensitive to Kohler Co. culture and business priorities that spanned 4 diverse businesses. Successfully built internal alliances that enabled achievement of strategic and tactical security goals.
• Advocated and achieved significant budget commitments to build IT Security program. Managed $4M expense and $750K capital budgets and re-aligned program to mitigate current risks minimizing impact on revenues for long-standing business performance of 10% year-over-year CAGR.
• Grew team from 10 staff members with outdated skills to a high performing global team of 19. Mentored staff performance, addressed morale and team cohesiveness, implemented succession plans, and created a career development and training program. In first 3 years, team went from among the company’s lowest to the highest Gallup engagement scores.
• Leveraged key partnerships with PWC, SAP, and SUN to build an internal, deep understanding of tools and best practices. This enabled the needed creativity to eliminate significant fraud potential and manual processes.
2006 : 2013
Kohler, Co.
Director-IT Security/CISO
Infonet Services Corporation was a $700M Wide Area Network and application services provider in over 180 countries with 1000 employees servicing 1,150 global companies. British Telecommunications (BT) purchased Infonet in 2005.
• Partnered weekly with COO, General Counsel, and VP-IT to ensure strategic and tactical security issues were being discussed and solutions developed. Liaison to the CEO concerning security matters and questions.
• Initiated redesign of the internal Corporate Security Audit function to better support business outcomes. Improved efficiency and priorities to address risks to customer products and services.
• Facilitated merger activities for British Telecommunication’s (BT’s) acquisition of Infonet. Successfully met US Government requirements for a foreign purchase of a US company without impacting the scheduled closing.
2005 : 2006
BT-Infonet Services Corp.
Director Global Security Group
Senior Manager Global Network Security (May 2001-December 2004)
Manager Network Security Engineering and Administration (May 1999 – May 2001)
• Led a security engineering team responsible for providing all operational support for internal protection and for a simple customer Managed Firewall Service. Transformed this revenue generating service into a complex product offering with a broad array of customer options for multinational customers.
• Wrote company’s first strategic security plan that set direction for 70 global locations to focus resources on risk reductions in-line with business priorities supportive of Infonet’s products and services.
• Championed and participated in creating a new service delivery process involving all key departments and full security risk assessments for developing new customer products and services. Result greatly improved company’s brand, customer service, and minimized outages.
1999 : 2004
Infonet Services Corp.
Senior Manager Global Network Security
Company: Tufts University
Years of Experience: 34
SELECTED ACCOMPLISHMENTS:
Technology Leadership:
Revamped Kohler’s 25 year-old information security program from manual processes and outdated skills to a high performance global group skilled to provide IT Security operations, incident response, architecture design, risk assessments, forensic investigations, and SAP security operations.
Cyber Security and Compliance:
Developed Kohler’s first 5-year strategic plan for IT Security. Directed global implementation of several major technical initiatives including Identity Management (IDM), endpoint security, security vulnerability management, forensics, and security event correlation, and replaced underperforming technologies and vendors. Result was layered technology protection that also focused on end-user experience and productivity. The IDM project alone reduced access granting from weeks to minutes and eliminated over 1000 monthly help-desk issues.
Business Partnerships and New Product Development:
Forged new, positive working relationships with Internal Audit, Legal & Labor Relations, HR, several IT organizations, Business Operations, Corporate Security, and business units to assess and more efficiently address security risks across the company.