John Hoffoss

Current

• Senior Information Security Specialist at Minnesota State Colleges and Universities

Past

• Senior Information Security Consultant at LarsonAllen LLP
• Teaching Assistant at University of Minnesota - Computer Science
• Systems Support Analyst at University of Minnesota - Facilities Management

see less...

Education

• University of Minnesota-Twin Cities

Recommended

4 people have recommended John

Connections

178 connections

Industry

Information Technology and Services

Websites

• My Website
• My Blog

John Hoffoss’s Summary

I'm an IT security professional with an ability to communicate technical concepts with non-technical people. I'm an excellent listener, I'm levelheaded, I learn quickly, and I'm looking to broaden my leadership experience.

With Minnesota State Colleges and Universities (MnSCU), I piloted and facilitated an information security assessment program to establish a security baseline of all 32 MnSCU institutions, providing guidance and direction to remediate gaps in system security. This then led to collaboratively developing an innovative training program, educating the 800 IT staff across MnSCU, ultimately saving over $10M compared to private training. During this time, I was also invited to act as Head Judge for the State and Regional Collegiate Cyber Defense Competitions.

At LarsonAllen's Information Security Services Group, I built the computer forensics practice, generating $500K in revenue with a bonus $500K savings to clients. Performing SAS70 and IT controls audits as the technical lead at that same time, I generated an additional $500K in revenue.

I hold a Bachelor of Science in Computer Science from the University of Minnesota, and am a Certified Information Systems Security Professional (CISSP) and a GIAC Certified Incident Handler (GCIH).

John Hoffoss’s Specialties:

Communication, Vulnerability Assessment, Incident Response, IT Audit, SAS70 Audit, Computer Forensics.

John Hoffoss’s Experience

• Senior Information Security Specialist

  Minnesota State Colleges and Universities

  (Educational Institution; Higher Education industry)

  February 2007 — Present (2 years 10 months)

  Information Security Training:
  Developed cost-efficient and sustainable program to educate the 800+ IT staff across MnSCU. Content was created collaboratively with MnSCU faculty and third-party security professionals.
  
  Information Security Assessment:
  Executed measurable method to determine information security practices across MnSCU. Worked with IT staff at all 32 MnSCU institutions to identify gaps in controls and provided recommendations and initiatives for short- and long-term improvement.
  
  Incident Response:
  Worked with IT staff to identify and collect evidence as part of investigations and security incident response. Documented and revised procedures carried out when responding to incidents, culminating in the creation of a system-wide standard for incident response.
  
  Security Consulting:
  Defined and developed technical policies and standards for system-wide technology. Also assisted campuses in managing risk, defining business challenges, resolution strategies, and successful execution of solutions.

• Senior Information Security Consultant

  LarsonAllen LLP

  (Privately Held; Accounting industry)

  November 2003 — February 2007 (3 years 4 months)

  Forensic Investigation, Digital Discovery, Incident Handling:
  Created practice that identified and collected evidence via forensically sound procedures as part of investigations and security incident response. Investigated cases included: fraud, litigation and computer & network intrusions.
  
  SAS70 and IT Auditing:
  Reviewed and validated IT-based controls in support of financial and compliance audits for technology companies, financial institutions, and public sector.
  
  Security Consulting:
  Assisted clients in defining business challenges, resolution strategies, and successful execution of solutions.
  
  Internal and External Network Security Testing:
  Identified security vulnerabilities and proposed mitigating solutions to client. Delivered consistent level of service and redesigned testing processes for efficiency. Penetrated client systems via the Internet, wireless networks and physical access (social engineering).
  
  Systems Administration:
  Managed, secured and maintained servers and systems used for security testing. Selected and implemented hardware & software to increase performance and staff productivity.

• Teaching Assistant

  University of Minnesota - Computer Science

  (Educational Institution; Higher Education industry)

  September 2003 — December 2003 (4 months)

  Instruction:
  Provided one-on-one instruction and explanation of programming concepts in an introductory C++ programming course within the Computer Science department.

• Systems Support Analyst

  University of Minnesota - Facilities Management

  (Educational Institution; Higher Education industry)

  November 2000 — November 2003 (3 years 1 month)

  Desktop Security Administration:
  Managed desktop security, hardware, and software in a Novell environment.
  
  Process Improvement:
  Streamlined processes for support procedures, including PC installation and imaging, eliminating the need for an additional position.
  
  Documentation:
  Generated and maintained analyst documentation including security configuration and management.

John Hoffoss’s Education

• University of Minnesota-Twin Cities

  BS , Computer Science , 1999 — 2003

  Activities and Societies:

  Co-President: Habitat for Humanity Campus Chapter, Member: Association for Computing Machinery (ACM)

Additional Information

John Hoffoss’s Websites:

• My Website
• My Blog

John Hoffoss’s Interests:

IT Security Geek, Hacker, Amateur Photographer, Curler, Foodie, Beer Snob, Homebrewer, Carpenter

John Hoffoss’s Groups:

CISSP, InfraGard, GIAC Certified Incident Handler, GCIH, Twitterati

•    Certified Information Systems Security Professionals (CISSP)
•    KIVA
•    GIAC, Global Information Assurance Certification
•    University of Minnesota Alumni Association (UMAA)
•    Ralph n'Mike n'Natn n'Kirk's Beer gang
•    International Information Systems Forensics Association
•    Curling Networking Club
•    Syngress
•    Minnesota Security Community
•    Ignite Minneapolis

John Hoffoss’s Honors:

Served as chief judge for the 2009 Collegiate Cyber Defense Competition for the Minnesota/Wisconsin/Iowa state competition and the upper-midwest regional competition, February 2009.

John Hoffoss’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• expertise requests
• reference requests
• getting back in touch