George Moraetes, CISM, CGEIT

Current

• Information Security Member at InfraGard Chicago Members Alliance
• IT Industry Security Mentor & Distinquished Panelist at CompTIA
• Contributing Columnist and Author at Various Publishers

• Volunteer Member at Technology Leaders Association
• Principal, Information Security Management Consultant at Securityminders, Inc.

see less...

2 more...

Past

• Co-Author at Corporate Bold
• Technical Security Project Manager at DeVry University
• Enterprise Technical Security Architect at Marriott International

• Security Architect at ABN AMRO
• Security Architect at United States Department of Commerce
• Access and Identity Management Architect at GE Healthcare
• Security Architect at Publix Supermarkets
• Security Architect at Veterans Heath Administration
• Security Architect at Internal Revenue Service
• Security Architect at State Farm Insurance
• Security Architect at KeyBank NA
• Network Security Architect at Allegheny Energy
• Security Architect at AI Imperial Credit (AIG Insurance)
• Application Security Architect at Motorola
• Application Security Architect at Advantis (IBM)
• Application Security Architect at W.W. Grainger
• Information Systems Security Audit Manager at Ben Franklin Retail Stores

see less...

14 more...

Education

• Certifications
• University of Iowa

Recommended

30 people have recommended George

Connections

500+ connections

Industry

Information Technology and Services

Websites

• My Website
• Invite Me to Your Network!

George Moraetes, CISM, CGEIT’s Summary

One of the leading Information Security practitioners, certified, highly accomplished Information Security Architect and Visionary with a proven track record of successfully completing complex technical projects, disciplined budget holder, effective communicator with experience in managing multi discipline and multinational teams.

I engage in a wide variety of complex Information Security projects throughout the United States assisting organizations meet their security objectives in difficult situations and tight deadlines. My work focuses on the large global corporations and the federal government addressing their concerns designing and managing technical architectures.

Identity Management:
Sun Identity Management, Federation, RSA ClearTrust, CA Siteminder, CA Identity Manager, Oracle Oblix, OpenSSO, IBM TAM, RACF, ACF2 and Top Secret.

Ethical Hacking and Penetration Testing:
Nessus, Nmap, Metasploit Framework, Wireshark, Qualys, NetIQ and OWASP’s WebScarab

Firewalls, IDS, NAC, DLP and Routers:
Cisco ASA/PIX, Juniper, Microsoft ISA, Checkpoint, Snort, Untangle, McAfee Network Security Manager, FreeNAC, PacketFence, Vontu and Websense.

Business Applications, Middleware and LDAP:
Sun Directory, OpenLDAP, Injoin Critical Path Directory, CA eTrust Directory, Microsoft Active Directory, Meta/Join Directories, WebSphere, WebLogic, Cold Fusion, J-Run, Tomcat, New Atlanta, CA TransactionMinder, Microsoft Exchange, IIS, SNA, WebTrends, Lotus Domino/Notes, Novell eDirectory, Vignette, Broadvision, Corporate Yahoo Portal (Tibco), Plumbtree and Interwoven.

Community Involvement & Philanthropy:

A leading member of the Technology Leaders Association (TLA), a Chicago based executive level networking forum that enables the career development needs of senior information technology (IT) professionals. Founder of the TLA LinkedIn Group one of the largest and popular networking sites for IT executive professionals world-wide.

George Moraetes, CISM, CGEIT’s Specialties:

Information security, network, application, ethical hacking, risk management, disaster recovery, policies and procedures, security architectures, awareness, speaker, single sign on, identity management, IT governance, Federal certification & accreditation, Federal Information Security Management Act (FISMA), NIST, SOX, HIPPA, ISO 17799, COBIT and project management.

George Moraetes, CISM, CGEIT’s Experience

• Information Security Member

  InfraGard Chicago Members Alliance

  (Non-Profit; Information Technology and Services industry)

  October 2009 — Present (2 months)

  A private-sector volunteer with an inherent concern for national security. Driven to protect our own industry and further motivated to share professional and personal knowledge to safeguard the country. Connecting to a national network of Subject Matter Experts (SMEs) communicate with federal law enforcement and government agencies through national local InfraGard chapters, and contribute to the security and protection of our national infrastructure from threats and attacks.

• IT Industry Security Mentor & Distinquished Panelist

  CompTIA

  (Non-Profit; Information Technology and Services industry)

  July 2008 — Present (1 year 5 months)

  Served a subject matter expert developing the foundation of CompTIA's Security Trustmark Certification program. Trustmark is a vendor neutral accreditation around security business capabilities and processes that have been agreed upon by the IT industry to promote generally accepted security practices that will invoke the trust of end-users.
  
  • Developed the Trustmark Assessment Training Program.
  • Developed the Trustmark Assessor Certification Examination Program.
  • Developed the Trustmark online assessment database system.
  • Participated in several alpha and beta assessments nationally fine tuning the program prior to official launch.
  
  
  September 23, 2009
  
  Selected security expert and distinguished panelist in CompTIA's Industry Mentors Program Resource Center. The program makes available to association members a volunteer panel of experts who can answer tough business questions and offer options for long-term guidance on these issues. The CompTIA Member Resource Center brings together in one community leading experts and thought leaders in areas that have a daily impact on business operations and success.

• Contributing Columnist and Author

  Various Publishers

  (Publishing industry)

  January 2008 — Present (1 year 11 months)

  CSO (Chief Security Officer) Magazine
  
  Data Breach Fallout: Do CISOs Need Legal Protection?
  Since the security executive is on the hot seat after a data breach, some industry experts suggest CISOs get themselves some form of liability protection. The downside is that such protection could shield those who deserve the blame for an incident.
  
  http://www.csoonline.com/article/440108/Data_Breach_Fallout_Do_CISOs_Need_Legal_Protection_
  
  How to Succeed in a Two-Faced IT Security Job Market
  
  More companies are hiring CSOs and moving security tasks in-house. But that doesn't always mean more jobs (article and 3 audio clips).
  
  http://www.csoonline.com/article/501117/How_to_Succeed_in_a_Two_Faced_IT_Security_Job_Market
  
  BusinessWeek
  
  Are H-1B Workers Getting Bilked?
  Overseas companies are accused of underpaying foreigners on work visas—and hurting U.S. wages.
  
  http://www.businessweek.com/magazine/content/08_06/b4070057782750.htm
  
  Corporate Bold
  
  Co-Author
  
  Corporate Bold is a book about what today’s corporate professionals need to think about in order to thrive in tomorrow’s corporate structure. The book is currently is in the final stages and is slated to be published in late fall 2009. It will be available through Barnes & Noble bookstores and BN.com.

• Volunteer Member

  Technology Leaders Association

  (Non-Profit Organization Management industry)

  November 2007 — Present (2 years 1 month)

  One of the leading members of the Chicago based executive level networking forum that enables the career development needs of senior information technology (IT) professionals.
  
  Currently serving the 2,300+ membership in the Chicago IT community network out for opportunities and assist them sharpen their networking skills.
  
  Founder of the Technology Leaders Association (TLA) LinkedIn Group that has become one of the largest and popular networking sites for IT executive professionals world-wide. There are 5,200+ members where some of the best IT executive talent network and provide valuable insights to the global information technology community.
  
  Organized and hosts the evening sessions of the TLA meeting to accommodate the growing membership making it more convenient for the executive IT community to participate. The formal meeting provides structured networking techniques used at most major executive transition groups. It is meant to be a powerful method of generating ideas that might help each of our searches. Informative guest speakers also participate delivering topics of interest affecting the IT industry.
  
  Currently researching the feasibility of delivering the structured networking techniques in the TLA meeting format via Webinars and Web 2.0 technologies to the TLA's global membership outside of the Chicago metropolitan area.
  
  TLA is about colleagues helping colleagues where I have helped the membership consisting of CIOs, CTO's, CISO's, VPs, Directors and Senior Managers across companies and industries committed to networking as a means of building and maintaining strong business relationships and their professional edge.

• Principal, Information Security Management Consultant

  Securityminders, Inc.

  (Information Technology and Services industry)

  January 1996 — Present (13 years 11 months)

  Information Security Executive, Architect, Project Manager, Instructor and Engineer for Fortune 100 Corporations and the Federal Government managing, designing and implementing security architectures. Responsibilities include the delivery of security analysis, architectures and recommendations implementing new technologies into existing enterprise environments. In addition, providing project group leadership, budgets, forecasting, headcount, resource allocation, deployment, move planning, logistics, recruiting, team building, process design, methodology, mentoring and development of IT staff.

• Co-Author

  Corporate Bold

  (Information Technology and Services industry)

  September 2008 — January 2009 (5 months)

  Corporate Bold is a book about what today’s corporate professionals need to think about in order to thrive in tomorrow’s corporate structure. The book is currently under development and is slated to be published in Spring 2009 and will be available through Barnes & Noble bookstores and BN.com.

• Technical Security Project Manager

  DeVry University

  (Public Company; 1001-5000 employees; DV; Higher Education industry)

  March 2008 — June 2008 (4 months)

  DeVry University - Oak Brook Terrace, IL
  Technical Security Project Manager
  
  Served as a technical security project manager for various infrastructure and security projects. Spearheaded the projects from design to production implementation with an emphasis in security and managed teams ranging from 5 to 26 staff members.
  
  • Managed the replacement of Checkpoint/Nokia with Juniper firewalls for the corporate data center and twenty six university campus locations.
  • Initiated the Data Loss Prevention and Network Access Control projects and participated designing the implementation architecture.
  • Assisted and trained staff on various compliance mandates such as PCI, SOX and enterprise security architecture fundamentals.

• Enterprise Technical Security Architect

  Marriott International

  (Public Company; 10,001 or more employees; MAR; Hospitality industry)

  March 2007 — December 2007 (10 months)

  A key senior member of Marriott's Information Security team responsible for providing leadership across the systems development life cycle of Marriott IR systems. Develop architectures and solution blue prints for emerging security technologies and standards.
  
  * Developer of security strategies and road maps.
  
  * Author security best practices documents, templates and white papers
  
  * Provide architectural patterns and technology standards guidance.
  
  * Provide guidance for security requirements and security related use/abuse cases.
  
  * Provide guidance on security risk assessments.
  
  * Facilitate preliminary and final review assessment providing recommendations.
  
  * Lead security requirements, analysis and design for new technologies to meet Marriott enterprise business needs.
  
  * Consult with project teams to create security architectures for major Marriott initiatives.
  
  * Develop framework for incorporating security processes to Marriott’s SDLC initiatives.

• Security Architect

  ABN AMRO

  (Public Company; 10,001 or more employees; ABN; Banking industry)

  February 2007 — March 2007 (2 months)

  PROJECT ASSIGNMENT:
  
  Served as a key member of the Technology Risk Management of North America (TRM) team responsible for implementing, improving, and enforcing bank information security policy, infrastructure security architecture and availability programs that secure ABN AMRO information assets.

• Security Architect

  United States Department of Commerce

  (Government Agency; 10,001 or more employees; Information Technology and Services industry)

  November 2006 — January 2007 (3 months)

  PROJECT ASSIGNMENT:
  
  Served as a member of the Certification and Accreditation Security Tiger Team. This team was assembled to provide subject matter expertise to ensure the Commerce Department Census Bureau's information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) security standards.

• Access and Identity Management Architect

  GE Healthcare

  (Public Company; 10,001 or more employees; GE; Biotechnology industry)

  November 2005 — November 2006 (1 year 1 month)

  PROJECT ASSIGNMENT:
  
  Served as a key member of the Single Sign On (SSO) and Identity Management teams. Responsibilities included designing standards and process for access management across multiple operating systems. Project Architect working with the IT Compliance, Provisioning, and Operations teams to implement access processes which meet business requirements.

• Security Architect

  Publix Supermarkets

  (Public Company; 10,001 or more employees; PUSH.OB; Supermarkets industry)

  October 2005 — November 2005 (2 months)

  PROJECT ASSIGNMENT:
  
  Served as a subject matter expert providing solution upgrade direction for Computer Associates Siteminder.

• Security Architect

  Veterans Heath Administration

  (Information Technology and Services industry)

  November 2004 — October 2005 (1 year )

  PROJECT ASSIGNMENT:
  
  Served as a member of the Certification and Accreditation Project to ensure VA hospital information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPPA), Government Information Security Reform Act (GISRA) and executive branch directives.

• Security Architect

  Internal Revenue Service

  (Government Agency; 10,001 or more employees; Information Technology and Services industry)

  May 2004 — November 2004 (7 months)

  PROJECT ASSIGNMENT:
  
  Served as a member of the Infrastructure Engineering Project, a major business systems modernization initiative of the IRS. Contributed to the design and deployment of the infrastructure, which is a combination of custom software modules and commercial-off-the-shelf (COTS) software, hardware and security solutions, integrated to form the technical foundation for the IRS modernization.

• Security Architect

  State Farm Insurance

  (Privately Held; 10,001 or more employees; Insurance industry)

  May 2002 — May 2004 (2 years 1 month)

  PROJECT ASSIGNMENT:
  
  Provided solution development consulting for Computer Associates Siteminder implementations and 3rd level support for State Farm employees, Agents, Claim Representatives, Mortgage Lenders and automotive body shops.

• Security Architect

  KeyBank NA

  (Public Company; 10,001 or more employees; KEY; Banking industry)

  February 2002 — May 2002 (4 months)

  PROJECT ASSIGNMENT:
  
  * Evaluated online Internet banking applications, code reviews and architectures to ensure transactional security.
  
  * Conducted ethical hacking to assess potential risks and vulnerabilities to online banking applications.
  
  * Researched and evaluated various Web Security Application Assessment Tools for assessment automation.

• Network Security Architect

  Allegheny Energy

  (Public Company; 10,001 or more employees; AYE; Utilities industry)

  February 2001 — February 2002 (1 year 1 month)

  PROJECT ASSIGNMENT:
  
  * Evaluated and re-architect the Internet infrastructure from both the hardware and software perspectives to provide 24 x 7 operations.
  
  * Designed a highly available e-infrastructure the will withstand hardware, circuit, network and software outages.
  
  * Documented the current environment, including software, hardware, support maintenance processes, ownership, business and technical interdependencies.
  
  * Designed a tiered Internet infrastructure with information security as a primary focus. The design included network infrastructure components, protocols, ISP/ASP services, load balancing, failover, disaster recovery, monitoring, firewall topology, configuration and policies.

• Security Architect

  AI Imperial Credit (AIG Insurance)

  (Public Company; 10,001 or more employees; AIG; Insurance industry)

  May 2000 — February 2001 (10 months)

  PROJECT ASSIGNMENT:
  
  * Designed network infrastructure and security architecture supporting over 20,000 insurance agency users.
  
  * Developed and implemented iPlanet LDAP and Netegrity Siteminder single sign on solution on a NT/Windows 2000 platform.
  
  * Evaluated corporate Internet/Intranet security policies and recommended modifications and additions to support the new implementation.

• Application Security Architect

  Motorola

  (Public Company; 10,001 or more employees; MOT; Electrical/Electronic Manufacturing industry)

  August 1998 — May 2000 (1 year 10 months)

  PROJECT ASSIGNMENT:
  
  * Designed and developed divisional Intranet system for the sales, marketing, human resource, information systems, accounting/finance and executive departments.
  
  * Administered development and production IIS Web, Site Server, Exchange 5.5 messaging/collaboration servers.
  
  * Implemented and administered a secured VPN solution connecting various manufacturing facilities supporting over 6,000 users.

• Application Security Architect

  Advantis (IBM)

  (Public Company; 10,001 or more employees; IBM; Computer Networking industry)

  January 1997 — August 1998 (1 year 8 months)

  PROJECT ASSIGNMENT:
  
  * Developed document-handling architectures for Intranet sub-nets with direct DB2 database integration using Netscape and Interleaf based technologies.
  
  * Designed and implemented a custom Intranet system to support over 25,000 users using Netscape Enterprise, Messaging, Proxy, Collabra, Compass and Directory server technologies.
  
  * Developed PKI certificate based architecture for client access via Internet.

• Application Security Architect

  W.W. Grainger

  (Public Company; 10,001 or more employees; GWW; Wholesale industry)

  January 1996 — December 1996 (1 year )

  PROJECT ASSIGNMENT:
  
  * System transfer planing for Sales and Product Management Internet Web environment to internal Extranet.
  
  * Installation and configuration of development and production servers using Microsoft IIS.
  
  * Performed technical system security audits of web infrastructure and provided detailed security recommendations.
  
  * Provided web architecture analysis and proposals for Human Resources.
  
  * Developed developed company-wide architectures for legacy integration with SAP, Tesseract and Mobius.
  
  * Implemented SAP Security across all standard modules.
  
  * Configuration and use of Profile Generator, role base security using single and composite roles, user administration, naming convention, testing support, change control management, security design, audit support and documentation.

• Information Systems Security Audit Manager

  Ben Franklin Retail Stores

  (Retail industry)

  January 1992 — January 1996 (4 years 1 month)

  Responsible for complete audit engagements evaluating the security controls of corporate computer system environments. Served as a subject matter expert for various e-Commerce implementation projects.

Additional Information

George Moraetes, CISM, CGEIT’s Websites:

• My Website
• Invite Me to Your Network!

George Moraetes, CISM, CGEIT’s Interests:

Information security, new technology, entrepreneur, independent consultant, racquetball, cycling, golf and reading biographies. Bilingual: Greek

George Moraetes, CISM, CGEIT’s Groups:

Information Security Audit and Control Association (ISACA)
Computer Technology Industry Association (CompTIA)
Technology Leaders Association (TLA)

•    CSORoundtable
•    Certified Information Systems Security Professionals (CISSP)
•    Illinois Executives Network
•    Information Security Expert Center
•    Executive Suite
•    The Greater IBM Connection: IBM's alumni program for past and present IBM employees
•    Linked n Chicago
•    TEN - Top Executives Net
•    CISCO
•    Information Systems Security Association (ISSA)
•    IT Specialist Group
•    IT Governance
•    Information Security Community
•    ASIS International
•    Association of Information Technology Professionals
•    Identity Management Specialists Group
•    Technology Leaders Association
•    Friends of Greece
•    IT SECURITY EXPERT
•    ISACA Professionals
•    CSO Forum
•    CXO (CEO, COO, CKO, CFO, CMO, CAO, CVO, CDO, CRO, CLO, CSO & CTO) Community
•    General Electric Alumni
•    CIOs.com: Chief Information Officer Network
•    Chicago Technology Network
•    SecurityMetrics
•    Homeland Security
•    Chicago Bears NFL Group
•    Chicago Bulls NBA Group
•    Chicago Blackhawks NHL Group
•    Chicago Cubs MLB Group
•    Chicago White Sox MLB Group
•    Certified Information Security Managers (CISM)
•    Security Industry Group
•    U.S. GOVERNMENT CONNECTIONS
•    Information Security Network
•    Business Continuity, Information Security Assurance and Compliance Management
•    WASHINGTON DC CONNECTIONS
•    Security Leaders Group
•    ChiSec
•    FEDERAL BIZ Network - Government Stimulus Teaming Jobs PMI Consulting Funding Sales Opportunities
•    CGEIT Network
•    NSA Information Assurance
•    InfraGard National Members Alliance [READ Directions for Joining Carefully]
•    Open Security Exchange
•    IT Focus Expert Group
•    US Security Clearance careers
•    Information Security Careers Network
•    Cloud Security Alliance
•    White House
•    Chicago Cubs Tickets
•    Chicago White Sox Tickets
•    Chicago Bears Tickets
•    Chicago Bulls Tickets
•    Chicago Blackhawks Tickets

George Moraetes, CISM, CGEIT’s Honors:

International Who's Who of Professionals - 1997

George Moraetes, CISM, CGEIT’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• business deals
• reference requests
• getting back in touch