George Moraetes, CISM, CGEIT

Current

• Contributing Columnist and Author at Various Publishers
• President and Owner, Information Security Management Solutions at Securityminders, Inc.

Past

• Security Consultant at CompTIA
• Co-Author at Corporate Bold
• Advisory Board Member at IdentityLogix, Inc.

• Technical Security Project Manager at DeVry University
• Enterprise Technical Security Architect at Marriott International
• Security Architect at ABN AMRO
• Security Architect at United States Department of Commerce
• Access and Identity Management Architect at GE Healthcare
• Security Architect at Publix Supermarkets
• Security Architect at Veterans Heath Administration
• Security Architect at Internal Revenue Service
• Security Architect at State Farm Insurance
• Security Architect at KeyBank NA
• Network Security Architect at Allegheny Energy
• Security Architect at AI Imperial Credit (AIG Insurance)
• Application Security Architect at Motorola
• Application Security Architect at Advantis (IBM)
• Application Security Architect at W.W. Grainger
• Information Systems Security Audit Manager at Ben Franklin Retail Stores

see less...

16 more...

Education

• University of Iowa
• Certifications

Recommended

24 people have recommended George

Connections

500+ connections

Industry

Information Technology and Services

Websites

• My Website
• Follow Me on Twitter

George Moraetes, CISM, CGEIT’s Summary

One of the leading Information Security practitioners, certified, highly accomplished Information Security Architect and Visionary with a proven track record of successfully completing complex technical projects, disciplined budget holder, effective communicator with experience in managing multi discipline and multinational teams.

I have engaged in a wide variety of complex Information Security projects throughout the United States and Canada assisting organizations meet their security objectives in difficult situations and tight deadlines. My work focused on the large global corporations and the federal government addressing their concerns designing and implementing technical architecture solutions. In my 16 years of experience I have seen some of the best to some of the worst secured corporate environments and helped them attain and/or maintain industry's best practices, compliance mandates, risk management as well as establishing IT governance.

Technical Skills:

Sun Identity Management, Federation, Intrusion Detection/Response, Ethical Hacking, Cisco Routers, Cisco PIX, Checkpoint Firewall, SOCKS, RADIUS, RSA ClearTrust, CA Siteminder, CA Identity Manager, Oracle Oblix, Proxy, Reverse Proxy, IBM Tivoli, VPN, PKI, Foundstone, Axent, ISS, Forensics, RACF, ACF2, Top Secret, Sun Messaging, Sun Web Server, Injoin Critical Path Directory, Sun Directory, CA eTrust Directory, Microsoft Active Directory, Meta/Join Directories, WebSphere, WebLogic, Cold Fusion, J-Run, Tomcat, New Atlanta, CA TransactionMinder, Microsoft Exchange, IIS, SNA, WebTrends, Lotus Domino/Notes, Novell eDirectory, Vignette, Broadvision, Corporate Yahoo Portal (Tibco), Plumbtree and Interwoven.

Network Protocols:
TCP/IP, IPSec, TACACS+, SNA and IPX.

DBMS:
Oracle, DB2, Access and SQL Server.

George Moraetes, CISM, CGEIT’s Specialties:

Information security, network, application, ethical hacking, risk management, disaster recovery, policies and procedures, security architectures, awareness, speaker, single sign on, identity management, IT governance, Federal certification & accreditation, Federal Information Security Management Act (FISMA), NIST, SOX, HIPPA, ISO 17799, COBIT and project management.

George Moraetes, CISM, CGEIT’s Experience

• Contributing Columnist and Author

  Various Publishers

  (Publishing industry)

  January 2008 — Present (1 year 7 months)

  CSO (Chief Security Officer) Magazine
  
  Data Breach Fallout: Do CISOs Need Legal Protection?
  Since the security executive is on the hot seat after a data breach, some industry experts suggest CISOs get themselves some form of liability protection. The downside is that such protection could shield those who deserve the blame for an incident.
  
  http://www.csoonline.com/article/440108/Data_Breach_Fallout_Do_CISOs_Need_Legal_Protection_
  
  BusinessWeek
  
  Are H-1B Workers Getting Bilked?
  Overseas companies are accused of underpaying foreigners on work visas—and hurting U.S. wages.
  
  http://www.businessweek.com/magazine/content/08_06/b4070057782750.htm
  
  Corporate Bold
  
  Co-Author
  
  Corporate Bold is a book about what today’s corporate professionals need to think about in order to thrive in tomorrow’s corporate structure. The book is currently under development and is slated to be published in Spring 2009 and will be available through Barnes & Noble bookstores and BN.com.

• President and Owner, Information Security Management Solutions

  Securityminders, Inc.

  (Information Technology and Services industry)

  January 1996 — Present (13 years 7 months)

  Information Security Executive, Architect, Project Manager, Instructor and Engineer for Fortune 100 Corporations and the Federal Government managing, designing and implementing security architectures. Responsibilities include the delivery of security analysis, architectures and recommendations implementing new technologies into existing enterprise environments. In addition, providing project group leadership, budgets, forecasting, headcount, resource allocation, deployment, move planning, logistics, recruiting, team building, process design, methodology, mentoring and development of IT staff.

• Security Consultant

  CompTIA

  (Non-Profit; Information Technology and Services industry)

  July 2008 — July 2009 (1 year 1 month)

  Served a subject matter expert developing the foundation of CompTIA's Security Trustmark Certification program. Trustmark is a vendor neutral accreditation around security business capabilities and processes that have been agreed upon by the IT industry to promote generally accepted security practices that will invoke the trust of end-users.
  
  • Developed the Trustmark Assessment Training Program.
  • Developed the Trustmark Assessor Certification Examination Program.
  • Developed the Trustmark online assessment database system.
  • Participated in several alpha and beta assessments nationally fine tuning the program prior to official launch.

• Co-Author

  Corporate Bold

  (Information Technology and Services industry)

  September 2008 — January 2009 (5 months)

  Corporate Bold is a book about what today’s corporate professionals need to think about in order to thrive in tomorrow’s corporate structure. The book is currently under development and is slated to be published in Spring 2009 and will be available through Barnes & Noble bookstores and BN.com.

• Advisory Board Member

  IdentityLogix, Inc.

  (Computer Software industry)

  April 2007 — December 2008 (1 year 9 months)

  Business development and business strategy consulting with focus on market driven innovation of new services and products. The focus is to provide a unique suite of software applications for IT Security and Internal Audit producing valuable compliance data reporting for COBIT, SOX and HIPPA from existing Identity Management systems.
  
  * Corporate Governance counseling and senior board member network building.
  
  * Brand development, web site traffic growth, web site UI and advertising revenue.
  
  * Brand strategy and statistics system development.
  
  * Strategic Consulting, including business planning and sales strategy development.

• Technical Security Project Manager

  DeVry University

  (Public Company; 1001-5000 employees; DV; Higher Education industry)

  March 2008 — June 2008 (4 months)

  DeVry University - Oak Brook Terrace, IL
  Technical Security Project Manager
  
  Served as a technical security project manager for various infrastructure and security projects. Spearheaded the projects from design to production implementation with an emphasis in security and managed teams ranging from 5 to 26 staff members.
  
  • Managed the replacement of Checkpoint/Nokia with Juniper firewalls for the corporate data center and twenty six university campus locations.
  • Initiated the Data Loss Prevention and Network Access Control projects and participated designing the implementation architecture.
  • Assisted and trained staff on various compliance mandates such as PCI, SOX and enterprise security architecture fundamentals.

• Enterprise Technical Security Architect

  Marriott International

  (Public Company; 10,001 or more employees; MAR; Hospitality industry)

  March 2007 — December 2007 (10 months)

  A key senior member of Marriott's Information Security team responsible for providing leadership across the systems development life cycle of Marriott IR systems. Develop architectures and solution blue prints for emerging security technologies and standards.
  
  * Developer of security strategies and road maps.
  
  * Author security best practices documents, templates and white papers
  
  * Provide architectural patterns and technology standards guidance.
  
  * Provide guidance for security requirements and security related use/abuse cases.
  
  * Provide guidance on security risk assessments.
  
  * Facilitate preliminary and final review assessment providing recommendations.
  
  * Lead security requirements, analysis and design for new technologies to meet Marriott enterprise business needs.
  
  * Consult with project teams to create security architectures for major Marriott initiatives.
  
  * Develop framework for incorporating security processes to Marriott’s SDLC initiatives.

• Security Architect

  ABN AMRO

  (Public Company; 10,001 or more employees; ABN; Banking industry)

  February 2007 — March 2007 (2 months)

  PROJECT ASSIGNMENT:
  
  Served as a key member of the Technology Risk Management of North America (TRM) team responsible for implementing, improving, and enforcing bank information security policy, infrastructure security architecture and availability programs that secure ABN AMRO information assets.

• Security Architect

  United States Department of Commerce

  (Government Agency; 10,001 or more employees; Information Technology and Services industry)

  November 2006 — January 2007 (3 months)

  PROJECT ASSIGNMENT:
  
  Served as a member of the Certification and Accreditation Security Tiger Team. This team was assembled to provide subject matter expertise to ensure the Commerce Department Census Bureau's information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) security standards.

• Access and Identity Management Architect

  GE Healthcare

  (Public Company; 10,001 or more employees; GE; Biotechnology industry)

  November 2005 — November 2006 (1 year 1 month)

  PROJECT ASSIGNMENT:
  
  Served as a key member of the Single Sign On (SSO) and Identity Management teams. Responsibilities included designing standards and process for access management across multiple operating systems. Project Architect working with the IT Compliance, Provisioning, and Operations teams to implement access processes which meet business requirements.

• Security Architect

  Publix Supermarkets

  (Public Company; 10,001 or more employees; PUSH.OB; Supermarkets industry)

  October 2005 — November 2005 (2 months)

  PROJECT ASSIGNMENT:
  
  Served as a subject matter expert providing solution upgrade direction for Computer Associates Siteminder.

• Security Architect

  Veterans Heath Administration

  (Information Technology and Services industry)

  November 2004 — October 2005 (1 year)

  PROJECT ASSIGNMENT:
  
  Served as a member of the Certification and Accreditation Project to ensure VA hospital information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPPA), Government Information Security Reform Act (GISRA) and executive branch directives.

• Security Architect

  Internal Revenue Service

  (Government Agency; 10,001 or more employees; Information Technology and Services industry)

  May 2004 — November 2004 (7 months)

  PROJECT ASSIGNMENT:
  
  Served as a member of the Infrastructure Engineering Project, a major business systems modernization initiative of the IRS. Contributed to the design and deployment of the infrastructure, which is a combination of custom software modules and commercial-off-the-shelf (COTS) software, hardware and security solutions, integrated to form the technical foundation for the IRS modernization.

• Security Architect

  State Farm Insurance

  (Privately Held; 10,001 or more employees; Insurance industry)

  May 2002 — May 2004 (2 years 1 month)

  PROJECT ASSIGNMENT:
  
  Provided solution development consulting for Computer Associates Siteminder implementations and 3rd level support for State Farm employees, Agents, Claim Representatives, Mortgage Lenders and automotive body shops.

• Security Architect

  KeyBank NA

  (Public Company; 10,001 or more employees; KEY; Banking industry)

  February 2002 — May 2002 (4 months)

  PROJECT ASSIGNMENT:
  
  * Evaluated online Internet banking applications, code reviews and architectures to ensure transactional security.
  
  * Conducted ethical hacking to assess potential risks and vulnerabilities to online banking applications.
  
  * Researched and evaluated various Web Security Application Assessment Tools for assessment automation.

• Network Security Architect

  Allegheny Energy

  (Public Company; 10,001 or more employees; AYE; Utilities industry)

  February 2001 — February 2002 (1 year 1 month)

  PROJECT ASSIGNMENT:
  
  * Evaluated and re-architect the Internet infrastructure from both the hardware and software perspectives to provide 24 x 7 operations.
  
  * Designed a highly available e-infrastructure the will withstand hardware, circuit, network and software outages.
  
  * Documented the current environment, including software, hardware, support maintenance processes, ownership, business and technical interdependencies.
  
  * Designed a tiered Internet infrastructure with information security as a primary focus. The design included network infrastructure components, protocols, ISP/ASP services, load balancing, failover, disaster recovery, monitoring, firewall topology, configuration and policies.

• Security Architect

  AI Imperial Credit (AIG Insurance)

  (Public Company; 10,001 or more employees; AIG; Insurance industry)

  May 2000 — February 2001 (10 months)

  PROJECT ASSIGNMENT:
  
  * Designed network infrastructure and security architecture supporting over 20,000 insurance agency users.
  
  * Developed and implemented iPlanet LDAP and Netegrity Siteminder single sign on solution on a NT/Windows 2000 platform.
  
  * Evaluated corporate Internet/Intranet security policies and recommended modifications and additions to support the new implementation.

• Application Security Architect

  Motorola

  (Public Company; 10,001 or more employees; MOT; Electrical/Electronic Manufacturing industry)

  August 1998 — May 2000 (1 year 10 months)

  PROJECT ASSIGNMENT:
  
  * Designed and developed divisional Intranet system for the sales, marketing, human resource, information systems, accounting/finance and executive departments.
  
  * Administered development and production IIS Web, Site Server, Exchange 5.5 messaging/collaboration servers.
  
  * Implemented and administered a secured VPN solution connecting various manufacturing facilities supporting over 6,000 users.

• Application Security Architect

  Advantis (IBM)

  (Public Company; 10,001 or more employees; IBM; Computer Networking industry)

  January 1997 — August 1998 (1 year 8 months)

  PROJECT ASSIGNMENT:
  
  * Developed document-handling architectures for Intranet sub-nets with direct DB2 database integration using Netscape and Interleaf based technologies.
  
  * Designed and implemented a custom Intranet system to support over 25,000 users using Netscape Enterprise, Messaging, Proxy, Collabra, Compass and Directory server technologies.
  
  * Developed PKI certificate based architecture for client access via Internet.

• Application Security Architect

  W.W. Grainger

  (Public Company; 10,001 or more employees; GWW; Wholesale industry)

  January 1996 — December 1996 (1 year)

  PROJECT ASSIGNMENT:
  
  * System transfer planing for Sales and Product Management Internet Web environment to internal Extranet.
  
  * Installation and configuration of development and production servers using Microsoft IIS.
  
  * Performed technical system security audits of web infrastructure and provided detailed security recommendations.
  
  * Provided web architecture analysis and proposals for Human Resources.
  
  * Developed developed company-wide architectures for legacy integration with SAP, Tesseract and Mobius.
  
  * Implemented SAP Security across all standard modules.
  
  * Configuration and use of Profile Generator, role base security using single and composite roles, user administration, naming convention, testing support, change control management, security design, audit support and documentation.

• Information Systems Security Audit Manager

  Ben Franklin Retail Stores

  (Retail industry)

  January 1992 — January 1996 (4 years 1 month)

  Responsible for complete audit engagements evaluating the security controls of corporate computer system environments. Served as a subject matter expert for various e-Commerce implementation projects.

Additional Information

George Moraetes, CISM, CGEIT’s Websites:

• My Website
• Follow Me on Twitter

George Moraetes, CISM, CGEIT’s Interests:

Information security, new technology, entrepreneur, independent consultant, racquetball, cycling, golf and reading biographies. Bilingual: Greek

George Moraetes, CISM, CGEIT’s Honors:

International Who's Who of Professionals - 1997

George Moraetes, CISM, CGEIT’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• business deals
• reference requests
• getting back in touch