Kevin Riggins

Current

Senior Information Security Analyst at Principal Financial Group

Past

Director of Information Security and Infrastructure at Knowledge Technology Solutions
Senior Systems Engineer at DICE

Education

Simpson University

Connections

141 connections

Industry

Financial Services

Kevin Riggins’s Summary

Kevin Riggins is a Senior Information Security Analyst with over 20 years experience in information technology and over 10 years experience in information security. He has technical and strategic experience in a broad range of technologies and systems. He currently leads the Security Review and Consulting team at Principal Financial Group which performs information security risk assessments and provides information consulting services for all business units of The Principal.

He is still actively involved in assisting an international division of Principal with their information security efforts.

He also writes on information topics on his blog Infosec Ramblings (http://www.infosecramblings.com.) and speaks on occasion at information security conferences. His most recent speaking engagement was at Secure360 in St. Paul, MN.

He will be speaking next at the Nebraska 2009 Cert Conference in August and at the Mankado, MN ISSA Chapter meeting in September.

He has been published in (IN)Secure magazine and is also currently acting as the technical editor for a Linux+ certification book for Syngress publishing.

Kevin Riggins’s Specialties:

Policy development, Risk Assessments, Network Vulnerability Assessments, Application Security Testing, Information Security Architecture

Kevin Riggins’s Experience

Senior Information Security Analyst

Principal Financial Group

(Public Company; PFG; Financial Services industry)

October 2005 — Present (4 years 2 months)

In January of 2009, I became the leader of Principal's Security Review and Consulting Team. My team performs information security risk assessments and provides information security consulting services to all business units at The Principal.

I am also the designated Information Security resource for one of our international divisions. I assisted our international member companies and joint ventures in their information security efforts. This included helping them be successful in the following areas:
-- Information security policy and procedures development and maintenance
-- Governance activities
-- Computer security incident response endeavors
-- Education and awareness functions
Another large part of my role is to provide the following services:
-- Risk assessments of current and ongoing projects
-- Web application security testing
-- Penetration testing
-- Network vulnerability assessments and management.
Director of Information Security and Infrastructure

Knowledge Technology Solutions

(Privately Held; 11-50 employees; Market Research industry)

May 2002 — October 2005 (3 years 6 months)

Responsible for the strategic and tactical management of all Information Security endeavors and the enterprise’s infrastructure. This includes physical and network security, internal network management, management of external network connections (internet, VPN), servers, workstations, telephony, and facilities management.
Senior Systems Engineer

DICE

(Public Company; 201-500 employees; Computer Games industry)

September 2000 — May 2002 (1 year 9 months)

Managed the systems infrastructure used to run a three-tier on-line job board.

• Optimized Apache web farm producing a 20% increase in per server capacity.
• Implemented a monitoring, alert and automated recovery system using Netsaint, Perl and shell scripting which resulted in a 50% savings in administrator’s time spent managing the environment.
• Performed periodic system and network vulnerability assessments.