| Contact Information | |
| Name: | Fred Kreitzberg |
| Email: | fred.kreitzberg (at) gmail (dot) com [email concealed] |
| Location: | Maple Valley, Washington, United States |
| Resume | |
| Position/Title: | Sr. Security Engineer |
| Resume: |
Fred Kreitzberg 22834 SE Lake Wilderness Dr. Fred.Kreitzberg (at) gmail (dot) com [email concealed] Maple Valley WA 98038-6092 (206) 914-0008 SUMMARY Facilitate the implementation of the appropriate information security controls to protect corporate assets. The decision process to be based on clear understanding of the value of the corporations’ information assets, the threats to those assets and, management’s risk tolerance. Information security best practices will be followed through the process while taking into account the companies unique opportunities and constraints. PROFESSIONAL EXPERIENCE Seasonal View, Tacoma, WA (2009-to present) Fred, as Seasonal View’s Information Security consultant, is applying his 30 years of corporate experience to create workable security solutions for the clients with less then a thousand employees that need a Security Advocate, but cannot afford to hire one full-time. REI (Recreational Equipment Inc), Kent, WA (1996-2009) Information Security Engineer (2001–2009) Fred was the senior member of a self-directed data security team of two that evolved into a team of 5 reporting to a Director of Information Security. In this role, he contributed to REI’s success by maintaining the confidentiality, integrity and availability of information assets through the application of sound risk management process, cost-effective security controls, governance and security awareness. This success was due in part to the creation of healthy and effective working relationships with IT and the business, which is vital in the overall cultural shift required to make information protection a business priority. Major Achievements: • Member of a 4-person team, which lead the successful, 3.6 million dollar, project to achieve compliance with the rigorous Payment Card Industry Data Security Standards. • Created Information Protection Principles, Policies and Standards tailored for REI’s specific needs from comparable National Institute of Standards (NIST) documents. • Initiated and lead the effort to identify REI’s critical information assets and to assign responsibility for those assets to the appropriate senior manager. Specific Responsibilities: • Monitoring evolving information security threats, identifying those for which REI was most at risk and recommends both short and long-term responses. • Identify the security challenges of implementing new technology and recommend appropriate remediation steps to address those challenges. • Develop, implemented and maintain a detailed information security policies and standards for REI encompassing all layers of information systems. Data Security Analyst (1997–2001) Fred was REI’s only data security officer for the four year period when REI launched its’ very successful online store (rei.com) on the Unix platform, completed the migration from mainframe to AS400 and implemented a Windows client server architecture for both the retail stores and headquarters. Though a line level position, he had authority to sanction or stop projects based on the security risk to the company. Success of failure in most cased depended on his ability to advocate the security requirement to the person(s) directly responsible for implementing or managing the technology. Major Achievements: • Created a central logging system for Unix and firewall syslog messages that was used for both alerting and forensic work. • Created the IS virus swat team to protect REI from virulent network worms such as code-red. • Implemented Information Security Systems (ISS) vulnerability scanner intrusion detection system. • Instituted annual ethical hacks against www.rei.com. Specific Responsibilities: • Educate management as to the rapidly growing threats from Internet based worms and viruses. • Create platform specific security teams to work on incremental security improvements. Information System Auditor (1996–1997) Fred was REI’s Information System Auditor for six months during the development and launching of www.rei.com. When the position of Data Security Analyst opened, he applied for and was given the job. Washington Mutual, Seattle WA. (1990-1996) Vice President and Audit Manager (1995–1996) Fred was one of three Audit Managers, responsible for verifying that risks within the Company are being adequately managed and that the Bank is in compliance with all regulatory requirements. He was directly responsible for the audit coverage of Information Systems, Loan Servicing, Item Processing, Human Resources and Contingency Planning AVP and Audit Manager (1993–1995) After the Bank doubled in size through the acquisition of Pacific First Bank, Fred expanded the Information Audit Staff to six by hiring three experienced senior auditors. At the same time the Bank launched a very aggressive campaign to create a uniform front-end system for our retail network. Information System Auditor (1990–1993) I was hired to re-establish the Information System Audit function after a reorganization and downsizing of the Audit Department. Over a two year period I rebuilt the Information System section to three. First Interstate Bank , Seattle WA. (1979-1990) Supervisor in Wire Transfer (1989–1990) I was hired to stabilize recently implemented LAN-based Wire Transfer system, centralize and supervise the wires being originated from Idaho and to work on special projects. AVP & Senior DP Auditor (1986–1988) With a staff of two, I was responsible for developing audit software and performing application audits. I was personally responsible for auditing the implementation of the Bank's new deposit system, the largest and most complex application implemented by the Bank. From Branch Auditor to EDP Auditor (1979–1986) I started my career performing audits of branch operations. I progressed to EDP Audit where I learned the fundamentals of Information Controls, COBOL programming and gained experience performing audits of complex applications. EDUCATION 2008: The SANS Institute’s Hacker Techniques, Exploits & Incident Handling 2006: The SANS Institute’s Auditing Networks, Perimeters & Systems 2004: The SANS Institute’s Securing Unix/Linux 1990: Thunderbird International Business School: Certified Program in International Trade 1987: Information System Audit and Control Association's: Certified Information System Auditor (CISA) 1984: Bank Institute of America: Certified EDP Auditor 1978: Oregon State University: BS in Economics. REFERENCES http://www.linkedin.com/in/fredkreitzberg COMMUNITY On the board of the Lake Wilderness Arboretum Vice President of Lake Wilderness Preservation Society |
