Scott Perry, CISSP, CISM
Education:
Bachelor of Science Degree
Marketing/ Management
Mankato State University
1991 : 1993
Associate of Arts
Computer Science
Austin Community College
1989 : 1991
Lyle HIgh School
1987 : 1991
Experience:
2022 : Present
Zywave
Director of Information Security
2016 : 2022
AmWINS Group
Director of Cyber Security
- Oversee enterprise vulnerability scans understanding the current network topology
- Manage network and application penetration tests using both outside providers and internal Penetration Testing Team
- Manage the Patch Management governance process
- Manage the assessment of vulnerabilities identified in scan reports and penetration reports to determine and rank risk
- Oversee the assessment of threat advisories to determine vulnerability and impact to the enterprise
- Monitor patch rotation cycle to ensure critical security patches are deployed
- Manage the remediation and/or mitigation strategies with security team and business owners to address and/or resolve business risks associated with vulnerabilities
- Monitor remediation and/or mitigation progress to ensure vulnerabilities are addressed in a timely manner
- Maintain an understanding of information security threats and possible impacts to the enterprise
- Assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks.
- Collaborate closely with members of Information Security and other organizations to ensure Enterprise goals are achieved
2014 : 2016
TIAA-CREF
Dir, Sr Information Security Manager of Vulnerability Identification
- deploy/manage vulnerability scanning software
- Monitor company infrastructure to ensure they adhere to compliance standards
- Manage the Cyber Incident Response Center (CIRC)
- Mange DLP toolset to make sure the company data is protected and breaches do not occur
- Manage the penetration testing for the company utilizing internal and external resources
- Assist in supporting firewalls and web proxies
- Support a centralized SIEM and manage alerts from tools feeding into the SIEM
- Manage various tools that monitor the network from a security perspective, Incident response, and a eGRC tool
2012 : 2014
ECMC
Sr Cyber Security Engineer
• Proactively identify security threats to prevent cyber-attacks before they occur
• Manage application vulnerability and source code scanning
• Implement “self scanning” for development teams to improve the SDLC process
• Manage Penetration Testing by internal and external resources to discover vulnerabilities
• Work with segments across the company to bring security awareness and training
• Created an Application Risk Dashboard to provide an overall view of how all applications compare in relation to vulnerabilities in apps, hosts, pen tests, patches, etc.
• Assist the Incident Response Team with security breaches and malware inspection
• Manage the Patch Management Governance process
• Perform assessments against M&A applications to ensure weaknesses are addressed
• Manage multi-million dollar project budgets regarding the Threat and Vulnerability Management Team as well managing the Training/Travel budget for the Security Architecture Team
• Mentor team members to ensure they continue to progress down the professional path they desire
2011 : 2012
UnitedHealth Group
Director, Threat and Vulnerability Management (Ethical Hacking)
Company: Zywave
Years of Experience: 28
Spoken Language: English