IT Audit Manager and Information Security Consultant
Louisville, Kentucky Area
- Current
-
- Founder at SalaryScout.com, PoliticalCrunch.com, Macmeter.com
- Founder at Louisville Geek Dinner
- IT Audit Manager at ResCare, Inc.
- Project Lead (Consultant/Open Contract) at Guardian Digital, Inc.
- Past
-
- Information Security Consultant (Contract) at ResCare, Inc.
- Security Administrator at ResCare, Inc.
- Assistant Systems Engineer at KA.Net Internet Services
- Education
-
- Royal Holloway, U. of London
- University of Louisville
- Connections
-
169
connections
- Industry
- Computer & Network Security
- Websites
Benjamin Thomas’s Summary
An information assurance professional who loves using innovation and creativity to solve problems, an entrepreneur, a technologist, and someone who will never stop learning new things.
Benjamin Thomas’s Specialties:
Information Security Risk Analysis
Information Systems Audit
Vulnerability Assessment/Penetration Testing
Information Security Program Development
ISO/IEC 17799, 27001, 27002; BS7799 Part I, II, Cobit 3.0-4.0, COSO, ITIL, ISF, ISECOM-OSSTMM, GAISP, NIST SP-800-30, DITSCAP
Benjamin Thomas’s Experience
-
Founder
SalaryScout.com, PoliticalCrunch.com, Macmeter.com
(Human Resources industry)
November 2006 — Present (1 year 11 months)
Develop and manage SalaryScout.com, an Internet-based career resource allowing its users to anonymously share compensation information. SalaryScout is a network of users seeking fairness in compensation and benefits. Discover your true value in the marketplace and demand what you're worth.
-
Founder
Louisville Geek Dinner
(Events Services industry)
February 2006 — Present (2 years 8 months)
Develop, promote, and manage louisvillegeekdinner.com. Louisville Geek Dinner is an unregistered Non-profit semi-annual networking event for those interested in the Internet and technology.
-
IT Audit Manager
ResCare, Inc.
(Public Company; 10,001 or more employees; RSCR; Hospital & Health Care industry)
August 2005 — Present (3 years 2 months)
Manages compliance activities for rule 404 of the Sarbanes-Oxley (SOX) Act of 2002; ensures that company systems accurately reflects current controls, new controls are properly evaluated, reviewed, and implemented; evaluates the adequacy and effectiveness of internal controls by review, examination, and analysis of records, reports, operating practices, and documentation.
Protects organizational assets by managing and performing information system audits; recommending improvements in operating policies and practices; performs control and security assessments of existing systems and those in development; identify and document system process flows, risks, and control points.
Responsible for development of scope, objectives, work programs for IT audits, vulnerabilities assessments, risk assessments, and other related projects.
Facilitate, educate, and train business unit personnel on topics such as risk assessment, risk management, industry best practices, and internal controls. -
Project Lead (Consultant/Open Contract)
Guardian Digital, Inc.
(Privately Held; 11-50 employees; Computer & Network Security industry)
April 1999 — Present (9 years 6 months)
Project management, development, and maintenance of LinuxSecurity.com, a security news portal that averages over 65,000 page-views per day, the Guardian Digital online store, payment system, online advertising campaigns; Web programming, and CSS/HTML development.
User interface development and system-wide quality assurance testing of EnGarde Secure Linux; provides guidance on operating system security architecture, authentication mechanisms, access control, and default configurations; performs system-wide vulnerability assessments and configuration audits.
Weekly composition of two LinuxSecurity.com newsletters (Linux Advisory Watch and Linux Security Week) which are distributed to over 8000 email subscribers.
Assist in the configuration and setup of the firewall, host-based access control, network-based access control, virtual private network, intrusion detection system, mail spool monitoring, and user account management. -
Information Security Consultant (Contract)
ResCare, Inc.
(Public Company; 10,001 or more employees; RSCR; Hospital & Health Care industry)
February 2005 — August 2005 (7 months)
Manage HIPAA compliance project using project management techniques such as identifying requirements, aligning with business objectives, maintaining work breakdown structure, and regularly reporting status to the Chief Information Officer.
Identify eleven key-system that are in-scope for HIPAA compliance, perform valuation of data, identify associated threats and vulnerabilities of each system, document potential mitigation strategies, and evaluate overall risk to the organization.
Analyze and interpret legislation while translating into functional requirements; collect internal information through a series of interviews, identifying data flows, systems analysis, and Internet research.
Write Information Systems Security Policy & Procedure to ensure compliance with HIPAA and SOX; compile all relevant policies and procedures into single compliance binder; develop material for corporate security awareness and training program. -
Security Administrator
ResCare, Inc.
(Public Company; 10,001 or more employees; RSCR; Hospital & Health Care industry)
September 2002 — September 2003 (1 year 1 month)
Provide application security to support 29,000 employees and operations in 32 states by configuring security for strategic business applications; troubleshoot access control issues, lead project to redefine security roles in the accounts receivable system.
Monitor systems for unauthorized activity, maintain corporate virus definitions, assist in special investigations, and configure strategic systems to ensure the greatest level of security.
Write policies & procedures, create access request forms, and define initial requirements for HIPAA compliance. -
Assistant Systems Engineer
KA.Net Internet Services
(Privately Held; 11-50 employees; Telecommunications industry)
January 1999 — January 2001 (2 years 1 month)
System administrator for multiple BSD Unix and Windows NT servers for over 3000 users; tasks included user account management, quota maintenance, virtual host maintenance, Web server (Apache, IIS) administration, DNS (bind) administration, and mail server (Postfix, IMail) administration.
Internal penetration testing, reporting, vulnerability mitigation, and server hardening.
Benjamin Thomas’s Education
-
Royal Holloway, U. of London
MSc, Information Security, 2003 — 2004
Thesis: “A Business Focused Approach to Manual Risk Analysis”;
Degree results: distinction -
University of Louisville
BSBA, Computer Information Systems (College of Business and Public Administration), 1998 — 2002
Additional Information
Benjamin Thomas’s Websites:
Benjamin Thomas’s Interests:
Travel, technology, culture, photography, and videography.
Benjamin Thomas’s Groups:
(ISSA) International Systems Security Association
(ISACA) Information Systems Audit and Control Association
Louisville Geek Dinner (Founder)
-
Professional Audit Information Network (PAIN) -
ISACA Professionals -
Greater Louisville Networking Group -
Killer Innovations -
Plurk -
LeadVine Group
Benjamin Thomas’s Honors:
(CISSP) Certified Information Systems Security Professional;
Passed CISA and CISM exams; certification pending experience verification.
BS7799/IEC-ISO 17799 Training: “Applying BS7799/IEC-ISO 17799 in the Real World.” Insight Consulting; February 2004.
Hacker Bootcamp (Penetration Testing) by Alex Constantinidis; KPMG United Kingdom; January 2004.
Symantec Enterprise Firewall Administration for NT/2000 Training Course; Royal Holloway, University of London; June 2004.
CheckPoint Certified Security Administrator (CCSA) - VPN-1/Firewall-1 Management I CP2000. Certification obtained February 2002.
F.C.C. Licensed Amateur Radio Operator (Callsign: KE4HLX)
Benjamin Thomas’s Contact Settings
Interested In:
- career opportunities
- consulting offers
- new ventures
- job inquiries
- expertise requests
- business deals
- reference requests
- getting back in touch
