Lorna Koppel

Education: MS

Atmospheric Science

State University of New York at Albany

1993 : 1995

BS

Meteorology

Penn State University

1989 : 1990

BS

Physics

Bowling Green State University

1985 : 1989

Experience: Tufts University is a private university on 5 campuses with over 10,000 students, 4,500 faculty and staff, two undergraduate programs, eight graduate divisions, and a $1.6B endowment.

• Hired to provide leadership and vision for Information Security across the university by serving as the leading authority and adviser to senior leadership and developing necessary security strategic plans.

• Responsible for managing a team of information security professionals that provides a broad catalog of security services including policies and procedures, risk assessments, security reviews, leadership for incident response and management, and community outreach and education that is designed to protect the university, its data, faculty, staff, and students.

2014 : Present

Tufts University

Director Information Security/CISO

Iron Mountain is a $3B public global storage and information management company with 1,050 facilities in 36 countries and with 17,000 employees servicing 156,000 clients.

• Recruited to fill a long-vacant CISO position, revamped security program to include a strategic security roadmap and created a dashboard that facilitated communications on priorities to all organizational levels, focused attention towards progress on key initiatives, and recognized successes in reducing risk.



• Provided regular Information Security updates to the Audit Committee creating a clear dialog on risks, priorities, and progress.

• Reorganized duties and mentored global staff of 20 in 5 teams, thus improving responsiveness and quality of security programs. Priorities included customer assurance, sales support, third-party vendor reviews, compliance to customer contracts, Information Security governance, vulnerability management, and cyber-incident response. Also provided matrix management to IT staff performing security administration tasks.

• Strengthened cross-functional relationships with IT, Legal, Procurement, Compliance, Internal Audit, and Sales, as well as with IT reached agreement to address issues created due to history of high volume of acquisitions and of decentralized management of security technologies and IT processes.

• Oversaw security aspects of compliance and assurance such as PCI, ISO27k, HIPAA, FISMA, and SOC 1/2/3.

2013 : 2014

Iron Mountain

Vice President, Chief Information Security Officer (CISO)

Kohler Co. is a $5B private global consumer goods manufacturer and hospitality provider with 5-star resorts and golf courses on 6 continents, 50 manufacturing locations, and 30,000 employees.

• In newly created executive position, developed strategic program to address risks in business-appropriate way sensitive to Kohler Co. culture and business priorities that spanned 4 diverse businesses. Successfully built internal alliances that enabled achievement of strategic and tactical security goals.

• Advocated and achieved significant budget commitments to build IT Security program. Managed $4M expense and $750K capital budgets and re-aligned program to mitigate current risks minimizing impact on revenues for long-standing business performance of 10% year-over-year CAGR.

• Grew team from 10 staff members with outdated skills to a high performing global team of 19. Mentored staff performance, addressed morale and team cohesiveness, implemented succession plans, and created a career development and training program. In first 3 years, team went from among the company’s lowest to the highest Gallup engagement scores.

• Leveraged key partnerships with PWC, SAP, and SUN to build an internal, deep understanding of tools and best practices. This enabled the needed creativity to eliminate significant fraud potential and manual processes.

2006 : 2013

Kohler, Co.

Director-IT Security/CISO

Infonet Services Corporation was a $700M Wide Area Network and application services provider in over 180 countries with 1000 employees servicing 1,150 global companies. British Telecommunications (BT) purchased Infonet in 2005.

• Partnered weekly with COO, General Counsel, and VP-IT to ensure strategic and tactical security issues were being discussed and solutions developed. Liaison to the CEO concerning security matters and questions.

• Initiated redesign of the internal Corporate Security Audit function to better support business outcomes. Improved efficiency and priorities to address risks to customer products and services.

• Facilitated merger activities for British Telecommunication’s (BT’s) acquisition of Infonet. Successfully met US Government requirements for a foreign purchase of a US company without impacting the scheduled closing.

2005 : 2006

BT-Infonet Services Corp.

Director Global Security Group

Senior Manager Global Network Security (May 2001-December 2004)

Manager Network Security Engineering and Administration (May 1999 – May 2001)

• Led a security engineering team responsible for providing all operational support for internal protection and for a simple customer Managed Firewall Service. Transformed this revenue generating service into a complex product offering with a broad array of customer options for multinational customers.

• Wrote company’s first strategic security plan that set direction for 70 global locations to focus resources on risk reductions in-line with business priorities supportive of Infonet’s products and services.

• Championed and participated in creating a new service delivery process involving all key departments and full security risk assessments for developing new customer products and services. Result greatly improved company’s brand, customer service, and minimized outages.

1999 : 2004

Infonet Services Corp.

Senior Manager Global Network Security

Company: Tufts University

Years of Experience: 34