| Contact Information | |
| Name: | Steve Abatangle |
| Email: | steve (at) abatangle (dot) com [email concealed] |
| Location: | Redwood City, California, United States |
| Resume | |
| Position/Title: | CISO |
| Resume: |
Steve Abatangle, CISSP 650-339-2162 | steve (at) abatangle (dot) com [email concealed] | http://steve.abatangle.com | http://badcissp.com Seeking: CISO (Chief Information Security Officer) or similar position in information security. = Summary = Savvy, pro-business information security officer with 5+ years experience handling practical security and regulatory compliance at leading financial website, 15 years experience in information technology. Strong background in technical infrastructure management and software development. = Employment History = Chief Information Security Officer, E-Loan, Inc., 2003-present E-Loan is a company that emphasizes security and customer data privacy; my role as security officer is to maintain good security practices while avoiding unnecessary bureaucracy. With the advent of Sarbanes-Oxley, the rise of corporate regulation, and E-Loan's venture into the banking world, I have also overseen an never-ending audit cycle -- and learned a lot about how to manage audits and auditors. * Created information security office responsible for security policy, strategy, and implementation including risk assessment, incident response planning, security testing, coordination with privacy officer, planning and management of audits. * Zero successful exploits of vulnerabilities in life of security program. External penetration tests free of major findings since security program's inception. * Led IT Security efforts for Sarbanes-Oxley section 404, FFIEC, financial statement, and internal audits. No material or significant deficiencies in IT throughout history as security officer. Authored and maintained IT security controls used as basis for company audits. * Created Data Leakage Protection (DLP) initiative to reduce data loss to manageable level. * Used combined network and desktop strategy to eliminate threat of spyware from internal network. * Minimized data loss risk from lost laptops by implementing strong hard-disk encryption company-wide. * Developed automated system to streamline user audits, eliminating need for hours of repeated manual auditing. * Hired and managed direct staff and worked across departments to accomplish goals. * Worked directly with developers to encourage secure development practices. * Solid history of working with business rather than against it. -- Webmaster, E-Loan, Inc., 1998-2003 "Webmaster" was a generic title at this early stage of E-Loan's life. It encompassed all support functions: system administrator, security administrator, DBA, network administrator, tools developer, release engineer. * Responsible for availability and security of all internal and external systems. * Scaled to handle rapid growth: from one server to 100+, handling 30,000 rate quote inquiries and 5,000+ loan applications per day, 99.99% uptime typical each year. * Created automated application-promotion system to handle developer submissions, QA phase, promotion to production systems. * Designed and deployed technology to support all mission-critical web application systems, from www.eloan.com to internal loan processing systems. * Implemented first firewall system and grew mature security posture (e.g. network IPS, HIDS, encryption, role-based access, host hardening). * Developed and implemented high-availability and redundancy plans as the company grew including geographically diverse co-locations and global load-balancing. -- Webmaster, Oracle University, Oracle Corporation, 1995-1998 In the 1990s, it was typical for a single person to be responsible for every aspect of a web application -- the code, the servers, the page design, even the marketing copy. That was me: write, build, secure, administer. Initially oversaw the U.S. technical operation, later developed a system that allowed worldwide divisions to run similar e-commerce operations. * Built custom, modular course cataloging system for internal and external customers (Perl and C, HTML and page design, database back end). * Grew site to eventually generate more than 15% of division's business. * Developed, deployed, and administered web presence, from hardware to website application code. Successfully hardened webserver boxes against attack without benefit of intermediary (DMZ) firewall. * Oversaw coders and web designers, coordinated with marketing and business. * Developed commodity application system that could be customized easily for local needs, and would require only minimum technical expertise to deploy. Used throughout Oracle University in divisions worldwide. -- Webmaster, System Administrator, Harris Digital Telephone Systems, 1993-1995 The nascent days of the web gave me a great opportunity to grow from system administrator and documentation person into to a burgeoning worldwide web guru. * Taught self all aspects of web (HTTP protocol, server configuration, HTML, CGI). * Contributed code to NCSA HTTPd server (later became the basis for Apache). * Deployed one of the first Harris Corporation division websites. * Developed proficiency in server administration, information security practices, TCP/IP networking, e-mail technologies. = Certification = CISSP (Certified Information Systems Security Professional), ISC(2), certification number 322734. See the ISC(2)'s verification website at https://webportal.isc2.org/custom/certificationverification.aspx. = Education = Bachelor of Arts, Information and Communication Systems, Minor: Computer Science California State University, Chico |