George Moraetes, C|CISO, CISM, CGEIT

Security Executive ● Architecture ● Compliance ● Privacy ● DR/BC ● Cloud ● Mobile ● Identity Management ● Governance

Location: Greater Chicago Area
Industry: Information Technology and Services

As a LinkedIn member, you'll join 225 million other professionals who are sharing connections, ideas, and opportunities.

See who you and George Moraetes, C|CISO, CISM, CGEIT know in common
Get introduced to George Moraetes, C|CISO, CISM, CGEIT
Contact George Moraetes, C|CISO, CISM, CGEIT directly

View George's full profile

George Moraetes, C|CISO, CISM, CGEIT's Overview

Current

Volunteer Member at Technology Leaders Association
Principal, Information Security Management Consultant at Securityminders, Inc.

Past

Security Architecture Director at UnitedHealth Group
Contributing Columnist and Author at Various Publishers
Security Architect at Cardinal Health

Security Project Manager at Tufts Health Plan
Information Security Architect & Project Manager at 3M
IT Industry Security Mentor & Distinguished Panelist at CompTIA
Technical Security Project Manager at DeVry University
Enterprise Technical Security Architect at Marriott International
Security Architect at ABN AMRO
Access and Identity Management Architect at GE Healthcare
Security Architect at Publix Supermarkets
Security Architect at Veterans Heath Administration
Security Architect at Internal Revenue Service
Security Architect at State Farm Insurance
Security Architect at KeyBank NA
Network Security Architect at Allegheny Energy
Security Architect at AI Imperial Credit (AIG Insurance)
Application Security Architect at Motorola
Application Security Architect at Advantis (IBM)
Application Security Architect at W.W. Grainger
Information Systems Security Audit Manager at Ben Franklin Retail Stores

see less

see all

Education

University of Iowa

Recommendations

35 people have recommended George

Connections

500+ connections

Websites

One of the leading Information Security practitioners, certified, highly accomplished Information Security Executive, Visionary and Architect with a proven track record of successfully completing complex technical projects. A disciplined budget holder, effective communicator with experience in managing multidisciplinary and multinational teams.

• Consultant in a wide variety of complex Information Security projects throughout the United States assisting organizations meet their security objectives in difficult situations and tight deadlines. Focus is on the large global corporations and the federal government addressing their concerns designing and managing technical architectures.

Humanitarian and Community Involvement:

• Assisted the Haitians with disaster recovery (DR) and business continuity (BC) expertise during their earthquake catastrophe.

• Active in the social media participating in a number of organizations helping countless in their professional endeavors with a vast network.

Specialties: Information security, network, application, ethical hacking, risk management, disaster recovery, policies and procedures, security architectures, awareness, speaker, single sign on, identity management, IT governance, Federal certification & accreditation, Federal Information Security Management Act (FISMA), NIST, SOX, HIPAA, ISO 27002, COBIT and project management.

Volunteer Member

Technology Leaders Association

November 2007 – Present (5 years 7 months) Greater Chicago Area

One of the leading members of the Chicago based executive level networking forum that enables the career development needs of senior information technology (IT) professionals.

• Serving the 2,300+ membership in the Chicago IT community by assisting them to sharpen their networking skills.

• Founder of the TriumphCIO LinkedIn Group formerly the Technology Leaders Association (TLA) Group that has become one of the largest and popular networking sites for IT executive professionals worldwide. There are 5,100+ members where some of the best executive talent network and provide valuable insights to the global information technology community.

• Organized the evening TLA session meetings to accommodate and provide convenience to the growing membership. The formal meetings provide structured networking techniques used at most major executive transition groups. It is meant to be a powerful method of generating ideas that prove invaluable in a candidate's job search. Informative guest speakers also participate delivering topics of interest affecting the industry.

• Researched the feasibility of delivering the structured networking techniques in the TLA meeting format via online Webinars to the TLA's global membership outside the Chicago metropolitan area.

• Assisted the membership consisting of CIOs, CTO's, CISO's, VPs, Directors and Senior Managers across industries committed to networking as a means of building and maintaining strong business relationships and their professional edge.

Principal, Information Security Management Consultant

Securityminders, Inc.

January 1996 – Present (17 years 5 months)

Information Security Executive, Architect, Project Manager, Instructor and Engineer for Fortune 100 Corporations and the Federal Government managing, designing and implementing security architectures. Responsibilities include the delivery of security analysis, architectures and recommendations implementing new technologies into existing enterprise environments. In addition, providing project group leadership, budgets, forecasting, headcount, resource allocation, deployment, move planning, logistics, recruiting, team building, process design, methodology, mentoring and development of IT staff.

• Chief Security Architect on IT Compliance, Provisioning, and Operation teams implementing access processes which meet business requirements.

• Developed Identity Management Infrastructure frameworks.

• Developed the foundation of a vendor neutral global certification program.

• $15M budget holder managing various infrastructure security projects from design to implementation supporting over 25,000 users/300 trading partners.

• Developed security frameworks, architectures and solution blue prints for emerging technologies and standards to support business objectives.

• Developed risk assessment models ranking and measuring security vulnerabilities across business assets.

• Strategic member on Federal Certification and Accreditation Security Tiger Teams to ensure the information systems are in compliance with various federally mandated laws such as the Federal Information Security Management Act (FISMA), Government Information Security Reform Act (GiSRA), executive branch directives and others.

• Key strategic member of federal infrastructure engineering modernization projects assuring security architecture for identity management.

• Developed technical security risk assessments of network and application architecture designs providing recommendations for compliance, PCI, SOX and HIPAA.

Security Architecture Director

UnitedHealth Group

Public Company; 10,001+ employees; UNH; Hospital & Health Care industry

August 2012 – May 2013 (10 months) Plymouth, MN

Lead architect for the $20B Department of Defense Tricare implementation project providing health care coverage for medical services, medications, dental care for military families, retirees and their survivors. Direct oversight of federal NIST, DIACAP and HIPAA compliance mandates with the overall security architecture, application and infrastructure designs.

• Assessed various risk adverse issues and designed cost effective alternative solutions to meet security assurance and business requirements.

• Advised corporate staff and clients to understand the specific system security requirements.

• Advised on project design concepts or compensating solution revisions to meet compliance with federal and corporate security policies.

• Lead the security design specifications, implementation procedures and the overall system deployment approach.

• Verified the overall security integrity of the system architecture and its ability to protect the data being managed by UHG personnel under their control.

• Provided guidance to various engineers and software developers to select appropriate design solutions and ensure the compatibility of system components to meet security requirements.

• Provided technical guidance for the development, implementation and maintenance of systems. In addition, designed solutions to maintain performance standards while maintaining security.

• Developed guidelines for implementing secure systems to business partners and various implementation teams.

• Provided direction and guidance of audit and compliance assessment documentation, processes and procedures to measure compliance with federal and corporate security policies.

Contributing Columnist and Author

Various Publishers

January 2008 – August 2012 (4 years 8 months)

The Wall Street Journal - CIO Journal

In issuing guidance on companies’ responsibilities for disclosing cyber security risks, the SEC brought information security from a backroom issue to a boardroom issue and introduced a number of new questions that CISOs need to answer.

http://deloitte.wsj.com/cio/2012/08/29/cisos-welcome-sec-cyber-security-disclosure-guidance-but-struggle-to-respond/

CSO (Chief Security Officer) Magazine

Data Breach Fallout: Do CISOs Need Legal Protection?
Since the security executive is on the hot seat after a data breach, some industry experts suggest CISOs get themselves some form of liability protection. The downside is that such protection could shield those who deserve the blame for an incident.

http://www.csoonline.com/article/440108/Data_Breach_Fallout_Do_CISOs_Need_Legal_Protection_

How to Succeed in a Two-Faced IT Security Job Market

More companies are hiring CSOs and moving security tasks in-house. But that doesn't always mean more jobs (article and 3 audio clips).

http://www.csoonline.com/article/501117/How_to_Succeed_in_a_Two_Faced_IT_Security_Job_Market

Bloomberg BusinessWeek

Are H-1B Workers Getting Bilked?
Overseas companies are accused of underpaying foreigners on work visas—and hurting U.S. wages.

http://www.businessweek.com/stories/2008-01-30/are-h-1b-workers-getting-bilked

Security Architect

Cardinal Health

Public Company; 10,001+ employees; CAH; Hospital & Health Care industry

February 2012 – May 2012 (4 months) Dublin, OH

Advisor for tech refresh upgrades to the CA SiteMinder and Identity Management engineering teams. Assisted in the deployment and directed the SiteMinder upgrade project from R6 to R12 designing standards and process for access management across multiple system environments.

Security Project Manager

Tufts Health Plan

Nonprofit; 1001-5000 employees; Insurance industry

February 2011 – July 2011 (6 months) Boston, MA

Served as the project manager planning platform upgrades for CA SiteMinder, CA Directory, and Identity Management teams. Developed and directed SiteMinder upgrade project from R6 to R12 designing standards and process for access management across multiple system environments. Project managed and implemented roll-out of CA Directory R12 from Etrust Directory R8.1.

Information Security Architect & Project Manager

3M

Public Company; 10,001+ employees; MMM; Mechanical or Industrial Engineering industry

June 2010 – November 2010 (6 months)

Served as the senior architect and project manager of 3M’s Single Sign On (SSO) and Identity Management teams. Developed and directed SiteMinder upgrade global architectures from R6 to R12 designing standards and process for access management across multiple system environments.

• Directed CA SiteMinder product enhancements and provided vendor relations assisting CA sales and support engineers develop them.

• Managed IT compliance standards and application provisioning for business units and operation teams to implement upgrades to their critical applications.

• Lead the efforts for SSO application integration with PeopleSoft and SAP.

• Assisted and trained global support teams hands on with implementing enhancements and upgrades.

IT Industry Security Mentor & Distinguished Panelist

CompTIA

Nonprofit; 51-200 employees; Information Technology and Services industry

July 2008 – April 2010 (1 year 10 months)

Served a subject matter expert developing the foundation of CompTIA's Security Trustmark Certification program. Trustmark is a vendor neutral accreditation around security business capabilities and processes that have been agreed upon by the IT industry to promote generally accepted security practices that will invoke the trust of end-users.

• Developed the Trustmark Assessment Training Program.

• Developed the Trustmark Assessor Certification Examination Program.

• Developed the Trustmark online assessment database system.

• Participated in several alpha and beta assessments nationally fine tuning the program prior to official launch.

September 23, 2009

Selected security expert and distinguished panelist in CompTIA's Industry Mentors Program Resource Center. The program makes available to association members a volunteer panel of experts who can answer tough business questions and offer options for long-term guidance on these issues. The CompTIA Member Resource Center brings together in one community leading experts and thought leaders in areas that have a daily impact on business operations and success.

Technical Security Project Manager

DeVry University

Educational Institution; 1001-5000 employees; DV; Higher Education industry

March 2008 – June 2008 (4 months)

DeVry University - Oak Brook Terrace, IL
Technical Security Project Manager

Served as a technical security project manager for various infrastructure and security projects. Spearheaded the projects from design to production implementation with an emphasis in security and managed teams ranging from 5 to 26 staff members.

• Managed the replacement of Checkpoint/Nokia with Juniper firewalls for the corporate data center and twenty six university campus locations.

• Initiated the Data Loss Prevention and Network Access Control projects and participated designing the implementation architecture.

• Assisted and trained staff on various compliance mandates such as PCI, SOX and enterprise security architecture fundamentals.

Enterprise Technical Security Architect

Marriott International

Public Company; 10,001+ employees; MAR; Hospitality industry

March 2007 – December 2007 (10 months)

A key senior member of Marriott's Information Security team responsible for providing leadership across the systems development life cycle of Marriott IR systems. Develop architectures and solution blue prints for emerging security technologies and standards.

• Developer of security strategies and road maps.

• Author security best practices documents, templates and white papers

• Provide architectural patterns and technology standards guidance.

• Provide guidance for security requirements and security related use/abuse cases.

• Provide guidance on security risk assessments.

• Facilitate preliminary and final review assessment providing recommendations.

• Lead security requirements, analysis and design for new technologies to meet Marriott enterprise business needs.

• Consult with project teams to create security architectures for major Marriott initiatives.

• Develop framework for incorporating security processes to Marriott’s SDLC initiatives.

Security Architect

ABN AMRO

Privately Held; 10,001+ employees; Banking industry

February 2007 – March 2007 (2 months)

Served as a key member of the Technology Risk Management of North America (TRM) team responsible for implementing, improving, and enforcing bank information security policy, infrastructure security architecture and availability programs that secure ABN AMRO information assets.

Access and Identity Management Architect

GE Healthcare

Public Company; 10,001+ employees; GE; Hospital & Health Care industry

November 2005 – November 2006 (1 year 1 month)

Served as a key member of the Single Sign On (SSO) and Identity Management teams. Responsibilities included designing standards and process for access management across multiple operating systems. Project Architect working with the IT Compliance, Provisioning, and Operations teams to implement access processes which meet business requirements.

Security Architect

Publix Supermarkets

Privately Held; 10,001+ employees; Retail industry

October 2005 – November 2005 (2 months)

Served as a subject matter expert providing solution upgrade direction for CA SiteMinder from R5 to R6.

Security Architect

Veterans Heath Administration

November 2004 – October 2005 (1 year)

Served as a member of the Certification and Accreditation Project to ensure VA hospital information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPPA), Government Information Security Reform Act (GISRA) and executive branch directives.

Security Architect

Internal Revenue Service

Government Agency; 10,001+ employees; Government Administration industry

May 2004 – November 2004 (7 months)

Served as a member of the Infrastructure Engineering Project, a major business systems modernization initiative of the IRS. Contributed to the design and deployment of the infrastructure, which is a combination of custom software modules and commercial-off-the-shelf (COTS) software, hardware and security solutions, integrated to form the technical foundation for the IRS modernization.

Security Architect

State Farm Insurance

Privately Held; 10,001+ employees; Insurance industry

May 2002 – May 2004 (2 years 1 month)

Provided solution development consulting for CA SiteMinder implementations and 3rd level support for State Farm business divisions.

Security Architect

KeyBank NA

Public Company; 10,001+ employees; KEY; Banking industry

February 2002 – May 2002 (4 months)

• Evaluated online Internet banking applications, code reviews and architectures to ensure transactional security.

• Conducted ethical hacking to assess potential risks and vulnerabilities to online banking applications.

• Researched and evaluated various Web Security Application Assessment Tools for assessment automation.

Network Security Architect

Allegheny Energy

Public Company; 1001-5000 employees; AYE; Utilities industry

February 2001 – February 2002 (1 year 1 month)

• Evaluated and re-architect the Internet infrastructure from both the hardware and software perspectives to provide 24 x 7 operations.

• Designed a highly available e-infrastructure the will withstand hardware, circuit, network and software outages.

• Documented the current environment, including software, hardware, support maintenance processes, ownership, business and technical inter dependencies.

• Designed a tiered Internet infrastructure with information security as a primary focus. The design included network infrastructure components, protocols, ISP/ASP services, load balancing, failover, disaster recovery, monitoring, firewall topology, configuration and policies.

Security Architect

AI Imperial Credit (AIG Insurance)

Public Company; 10,001+ employees; AIG; Insurance industry

May 2000 – February 2001 (10 months)

• Designed network infrastructure and security architecture supporting over 20,000 insurance agency users.

• Developed and implemented iPlanet LDAP and Netegrity Siteminder single sign on solution on a NT/Windows 2000 platform.

• Evaluated corporate Internet/Intranet security policies and recommended modifications and additions to support the new implementation.

Application Security Architect

Motorola

Public Company; 10,001+ employees; MMI; Telecommunications industry

August 1998 – May 2000 (1 year 10 months)

• Designed and developed divisional Intranet system for the sales, marketing, human resource, information systems, accounting/finance and executive departments.

• Administered development and production IIS Web, Site Server, Exchange 5.5 messaging/collaboration servers.

• Implemented and administered a secured VPN solution connecting various manufacturing facilities supporting over 6,000 users.

Application Security Architect

Advantis (IBM)

Privately Held; 51-200 employees; Information Technology and Services industry

January 1997 – August 1998 (1 year 8 months)

• Developed document-handling architectures for Intranet sub-nets with direct DB2 database integration using Netscape and Interleaf based technologies.

• Designed and implemented a custom Intranet system to support over 25,000 users using Netscape Enterprise, Messaging, Proxy, Collabra, Compass and Directory server technologies.

• Developed PKI certificate based architecture for client access via Internet.

Application Security Architect

W.W. Grainger

Public Company; 10,001+ employees; GWW; Business Supplies and Equipment industry

January 1996 – December 1996 (1 year)

• System transfer planing for Sales and Product Management Internet Web environment to internal Extranet.

• Installation and configuration of development and production servers using Microsoft IIS.

• Performed technical system security audits of web infrastructure and provided detailed security recommendations.

• Provided web architecture analysis and proposals for Human Resources.

• Developed developed company-wide architectures for legacy integration with SAP, Tesseract and Mobius.

• Implemented SAP Security across all standard modules.

• Configuration and use of Profile Generator, role base security using single and composite roles, user administration, naming convention, testing support, change control management, security design, audit support and documentation.

Information Systems Security Audit Manager

Ben Franklin Retail Stores

January 1992 – January 1996 (4 years 1 month)

Responsible for complete audit engagements evaluating the security controls of corporate computer system environments. Served as a subject matter expert for various e-Commerce implementation projects.

ISACA

Gold Member, Chicago Chapter Secretary - 1996 & Volunteer Contributor
- September 1995 to Present
ISACA provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. The COBIT, Val IT and Risk IT governance frameworks and the CISA, CISM, CGEIT and CRISC certifications are ISACA brands respected and used by these professionals for the benefit of their enterprises.
InfraGard Chicago Alliance

Information Security Volunteer
- October 2009 to September 2012
InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.

Volunteer Experience
- Employment Networking and Career Support
  
  Technology Leaders Association (TLA)
  - Science and Technology
  November 2007 – present (5 years 7 months)
  
  One of the leading members of the Chicago based executive level networking forum that enables the career development needs of senior information technology (IT) professionals.
  
  • Currently serving the 2,300+ membership in the Chicago IT community network out for opportunities and assist them sharpen their networking skills.
  
  • Founder of the Technology Leaders Association (TLA) LinkedIn Group that has become one of the largest and popular networking sites for IT executive professionals world-wide. There are 5,200+ members where some of the best IT executive talent network and provide valuable insights to the global information technology community.
  
  • Organized the evening TLA session meetings to accommodate and provide convenience to the growing membership. The formal meetings provide structured networking techniques used at most major executive transition groups. It is meant to be a powerful method of generating ideas that prove invaluable in a candidates job search. Informative guest speakers also participate delivering topics of interest affecting the IT industry.
  
  • Researched the feasibility of delivering the structured networking techniques in the TLA meeting format via Webinars and Web 2.0 technologies to the TLA's global membership outside of the Chicago metropolitan area.
  
  TLA is about colleagues helping colleagues where I have helped the membership consisting of CIOs, CTO's, CISO's, VPs, Directors and Senior Managers across companies and industries committed to networking as a means of building and maintaining strong business relationships and their professional edge.
- Security and Disaster Recovery
  
  Crisis Camp Haiti
  - Disaster and Humanitarian Relief
  January 2010 – March 2010 (3 months)
  
  Active volunteer assisting Haitian organizations recover their information technology systems, instructor and remote hands-on engineer. Spearheaded and mobilizing other technologists to assist in the Haiti relief efforts donating their time and talents.
  
  http://blogs.csoonline.com/it_talent_helping_haiti
- Founder of the TriumphCIO LinkedIn Groups
  
  TriumphCIO Group
  - Science and Technology
  June 2009 – present (4 years)
  
  TriumphCIO is about colleagues helping colleagues. Members are information technology executives such as CIOs, VPs and Directors across diverse industries committed to networking. This is a successful means of building and maintaining strong business relationships while maintaining their professional edge. Group members are also encouraged to network, provide career advise and job leads. The TriumphCIO Group is much broader in scope and open to all IT professionals providing a rich and diverse network community.
  
  Assisting countless individuals across the United States with their careers in information technology find job opportunities through proper networking techniques using a variety of methods.
- Information Security Volunteer
  
  InfraGard Chicago Members Alliance
  - Science and Technology
  October 2009 – present (3 years 8 months)
  
  A private-sector volunteer with an inherent concern for national security. Driven to protect our own industry and further motivated to share professional and personal knowledge to safeguard the country. Connecting to a national network of Subject Matter Experts (SMEs) communicate with federal law enforcement and government agencies through national local InfraGard chapters, and contribute to the security and protection of our national infrastructure from threats and attacks.
Volunteer Interests
- Causes I care about:
  - Disaster and Humanitarian Relief
  - Science and Technology
- Organizations I support:
  - American Red Cross
  - UNICEF
  - Technology Leaders Association
  - ISACA
  - CompTIA
  - Crisis Camp Haiti
  - TriumphCIO Group
  - EC-Council

View All (50) Skills View Fewer Skills

Corporate Bold - What Every Corporate Professional Must Know
- Co-Author
- June 27, 2011
Authors: George Moraetes, C|CISO, CISM, CGEIT

1) What can 101 Corporate Professionals teach you that perhaps you didn't know?

2) Isn't it time for Corporate Professional to learn from life experiences of other Professionals?

3) Are you prepared to engage in a self-transforming paradigm?

Corporate Bold is about what today’s Corporate Professionals need to think about in order to thrive in tomorrow’s corporate structure. This multi-year project is now published and available via Amazon.com and Barnes and Noble.

The book challenges many of the assumptions that may no longer be true. By providing specific steps that can be taken immediately to assess readiness, Corporate Bold aims to change the lives of corporate professionals in a powerful and positive manner. Corporate Bold outlines a strategy for success and gives the readers a larger and richer context to think from.

http://search.barnesandnoble.com/Corporate-Bold/Written-by-101-Corporate-Professionals/e/9781462015139

http://www.amazon.com/dp/1462015131/

ISBN-13: 9781462015139
ISBN: 1462015131

English
(Native or bilingual proficiency)
Greek
(Native or bilingual proficiency)

Certified Information Security Manager (CISM)
- ISACA
- License 0301216
- October 2003
Certified in the Governance of Enterprise IT (CGEIT)
- ISACA
- License 0800668
- September 2008
Certified Chief Information Security Officer (C|CISO)
- EC-Council
- License CC-GM-72
- May 2012

University of Iowa

BA, Geology/Geophysics

Websites:

Interests:

Information security, new technology, entrepreneur, independent consultant, racquetball, cycling, golf and reading biographies. Bilingual: Greek

Groups and Associations:

Information Security Audit and Control Association (ISACA) Computer Technology Industry Association (CompTIA) Technology Leaders Association (TLA) EC-Council