Nov 2018 – Jul 2022 · 3 yrs 8 mos · Greater Minneapolis-St. Paul Area

• Host the UNSECURITY Podcast with FRSecure's Brad Nigh.
• About the UNSECURITY Podcast:
• Weekly information security podcast airing Monday mornings hosted by Evan Francen and Brad Nigh. In a unique focus on protecting personal information, Evan and Brad discuss information security as an issue that includes cyber security, physical security, as well as administrative controls. Evan is the CEO of FRSecure and the author of the book UNSECURITY (publish date December, 2018). Brad is the Director of Consulting at FRSecure and a 20+ year veteran of the industry.

Apr 2018 – Aug 2020 · 2 yrs 4 mos

Jan 2017 – Present · 9 yrs 3 mos · Greater Minneapolis-St. Paul Area

• Overall responsibility for the success of the SecurityStudio organization including the development, adoption, and maintenance of business plans related to SecurityStudio and the S2 platform, including (but not limited to), S2Score, S2Org, S2Vendor, S2Me, S2Team, S2School, and S2Gov.
• The S2 platform and related tools are required for the creation and maintenance of organizational and personal information security risk scoring (S2Score). The S2Score is the definitive information security risk score; calculated on a scale of 300 - 850.
• We believe that every organization, big or small, should be aware of their most significant information security risks. Drawing on more 20 years of experience, SecurityStudio developed the S2Score and assessment processes to identify and address Information Security risks through a standardized, consistent and efficient process. Leveraging our tools and methodology, we enable trusted partners to help their clients obtain a clear vision into their most significant information security risks and needs. We provide our partners with a turn-key security assessment process and trained security analysts who are on duty to assist with any questions or to provide expert guidance.

Jan 2014 – Jun 2015 · 1 yr 5 mos · Minneapolis, Minnesota, United States · Hybrid

• Updating soon.

Jun 2012 – Mar 2015 · 2 yrs 9 mos · Minneapolis, Minnesota

• Developing industry information security solutions and standards for broad industry adoption.

May 2011 – Oct 2012 · 1 yr 5 mos · Greater Minneapolis-St. Paul Area

Mar 2010 – Present · 16 yrs 1 mo · Global · Remote

• Updating soon.

Jan 2008 – Present · 18 yrs 3 mos · Greater Minneapolis-St. Paul Area

• Lead a dynamic and growing information security consulting company.
• Own the culture of the FRSecure business.
• Work closely with corporate/organizational leadership to define, develop, and implement information security strategy that manages acceptable information security risks and aligns with business objectives.
• Provide thought and practical leadership to other information security professionals within our industry.
• Develop and maintain numerous information security risk assessment and management methodologies that differentiate FRSecure from our competition:
• Information Security Assessments
• Compliance Assessments (i.e. HIPAA, GLBA, etc.)
• Customer Required Assessments
• Internal Network Vulnerability Assessments
• External Network Security Assessments
• Penetration Testing
• BC/DR Plans
• Policy Creation
• Outsourced Security Resources
• Information security training and awareness
• CISSP certification training
• Incident response
• Provide strategic and day-to-day direction to a team of highly-skilled information security consultants.
• Oversee and ensure quality of all FRSecure deliverables.
• Active information security public preacher/speaker and evangelist.

Oct 2006 – Jan 2009 · 2 yrs 3 mos

• Designed, developed and implemented MGI PHARMA’s first formal information security program based on a thorough analysis of risk to MGI’s information resources, industry standard best practices and various governmental rules and regulations including Sarbanes-Oxley (SOX) and FDA 21 CFR Part 11.
• Led numerous information security control projects including policy, standards and procedures development, training & awareness, laptop encryption, data in transit and at rest encryption, network access control, automated patching, secure configuration standards, internal and external security audits, and disaster recovery planning.
• Provided direction to a highly skilled team of engineers that substantially improved MGI’s network and server infrastructure by implementing and supporting scalable and highly-available solutions

Jan 2006 – Oct 2006 · 9 mos

• Developed, implemented, and managed eLoyalty’s first formal information security program, a progressive information security life-cycle program that met the needs of our business, customers, and various governmental and industry regulations

Oct 2005 – Jan 2006 · 3 mos

• Technical project manager dedicated to a project to deploy full-disk encryption to 46,000 laptops across six business divisions within UnitedHealth, to address data at rest HIPAA concerns.
• Coordinated all aspects of the project, including vendor selection, testing, deployment strategies, end-user support, and back-end architecture design

Mar 2005 – Oct 2005 · 7 mos

• Develop, implement and support enterprise-level solutions created to reduce the impact of realized threats, and decrease the number of vulnerabilities in an environment that spans more than 100,000 computers and devices
• Respond to, investigate, and provide remediation to a wide variety of realized security incidents, including DDoS attacks, network intrusions, phishing and Internet fraud attacks, and unauthorized access attempts among many others
• Lead Threat and Vulnerability team projects, including VISA CISP Auditing and Logging Remediation for 532 servers, and GLBA Intrusion Detection Monitoring of 86 host intrusion detection systems and 31 network intrusion detection systems
• Lead forensic investigations into embezzlement, ethics violations, computer misuse, Internet abuse, email misuse, and other InfoSec policy violations
• Consult with all levels of the organization in regards to security issues, interpretations and reviews

Mar 2000 – Mar 2005 · 5 yrs

• Jasc made PaintShop Pro
• Designed, developed, implemented and managed all aspects of technical and non-technical security within the network management facilities and IP network infrastructure including data center, management center, and administrative areas
• Started a company-wide communication initiative in an effort to provide both formal and informal dialog between Information Services and the department managers with the ultimate goal of providing better service to our customers
• Developed an all-encompassing and fully redundant alerting and monitoring architecture utilizing local and off-site sensors.
• Maintained 99.9989% availability while providing for 3.6 billion web hits, 122 million trial downloads, and 556 thousand ecommerce orders through our Internet architecture
• Responsible for analyzing, reporting on, and effecting change in the state of Internet and local network security

Jan 1999 – Jan 2000 · 1 yr

Jan 1998 – Jan 1999 · 1 yr