Scott Perry, CISSP, CISM

Education: Bachelor of Science Degree

Marketing/ Management

Mankato State University

1991 : 1993

Associate of Arts

Computer Science

Austin Community College

1989 : 1991

Lyle HIgh School

1987 : 1991

Experience: 2022 : Present

Zywave

Director of Information Security

2016 : 2022

AmWINS Group

Director of Cyber Security

- Oversee enterprise vulnerability scans understanding the current network topology



- Manage network and application penetration tests using both outside providers and internal Penetration Testing Team



- Manage the Patch Management governance process

- Manage the assessment of vulnerabilities identified in scan reports and penetration reports to determine and rank risk



- Oversee the assessment of threat advisories to determine vulnerability and impact to the enterprise



- Monitor patch rotation cycle to ensure critical security patches are deployed



- Manage the remediation and/or mitigation strategies with security team and business owners to address and/or resolve business risks associated with vulnerabilities



- Monitor remediation and/or mitigation progress to ensure vulnerabilities are addressed in a timely manner



- Maintain an understanding of information security threats and possible impacts to the enterprise



- Assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks.



- Collaborate closely with members of Information Security and other organizations to ensure Enterprise goals are achieved

2014 : 2016

TIAA-CREF

Dir, Sr Information Security Manager of Vulnerability Identification

- deploy/manage vulnerability scanning software

- Monitor company infrastructure to ensure they adhere to compliance standards

- Manage the Cyber Incident Response Center (CIRC)

- Mange DLP toolset to make sure the company data is protected and breaches do not occur

- Manage the penetration testing for the company utilizing internal and external resources

- Assist in supporting firewalls and web proxies

- Support a centralized SIEM and manage alerts from tools feeding into the SIEM

- Manage various tools that monitor the network from a security perspective, Incident response, and a eGRC tool

2012 : 2014

ECMC

Sr Cyber Security Engineer

• Proactively identify security threats to prevent cyber-attacks before they occur

• Manage application vulnerability and source code scanning

• Implement “self scanning” for development teams to improve the SDLC process

• Manage Penetration Testing by internal and external resources to discover vulnerabilities

• Work with segments across the company to bring security awareness and training

• Created an Application Risk Dashboard to provide an overall view of how all applications compare in relation to vulnerabilities in apps, hosts, pen tests, patches, etc.

• Assist the Incident Response Team with security breaches and malware inspection

• Manage the Patch Management Governance process

• Perform assessments against M&A applications to ensure weaknesses are addressed

• Manage multi-million dollar project budgets regarding the Threat and Vulnerability Management Team as well managing the Training/Travel budget for the Security Architecture Team

• Mentor team members to ensure they continue to progress down the professional path they desire

2011 : 2012

UnitedHealth Group

Director, Threat and Vulnerability Management (Ethical Hacking)

Company: Zywave

Years of Experience: 28

Spoken Language: English