Patrick Bryant, CISSP, CISA, PI

Senior Consultant at INFOSEC, Inc.

San Francisco Bay Area

Past
  • Information Security Investigator and Consultant at Confidential Client
  • Senior Network Security Analyst (consultant) at ExxonMobil
  • Information Security Analyst/Evaluator (consultant) at Wells Fargo Bank
  • Security Analyst/Architect (consultant) at Boeing
  • Security Architect (consultant) at Cingular Wireless
  • IT Auditor (consultant) at Boeing
  • Information Security Manager at RealNetworks
  • Security Consultant at High Tower Software
  • Investigator/Qualified Manager at Bryant Network Security
  • Senior Network Security Architect at Yahoo!
  • Chief Information Security Officer / Director of Security Operations at iBeam Broadcasting
  • Senior Security Administrator at Quintus
  • Technical Surveillance Countermeasures (TSCM) Consultant at Numerous Confidential Clients in Stockholm, Sweden
  • Studio/Field Maintenance Engineer/Operations Engineer at ABC Television
  • Assistant Chief Engineer at WOW/KEZO Radio
  • Assistant Chief Operator at KLMS

see less...

13 more...

Recommended
Patrick has 3 recommendation(s) 3 people have recommended Patrick
Connections
90 connections
Industry
Computer & Network Security

Patrick Bryant, CISSP, CISA, PI’s Summary

• Extensive experience developing, implementing and managing information security programs, policies and standards. Original authorship of policies, standards and guidelines in use at RealNetworks, Yahoo, Boeing, Cingular Wireless, and ExxonMobil.
• Extensive experience integrating information security into business processes. Comprehensive understanding and experience with IT Audit requirements.
• Extensive experience with compliance requirements of SOX, HIPAA, GLBA, PCI DSS; as well as standards and practices such as ISO 17799/27001-2, DIACAP, FISMA, COBIT, CMMI, and RACI.
• Twelve years experience in data systems design and administration in the roles of architect, administrator, analyst, and assessor. Experience with the full spectrum of technical activities from troubleshooting to component level, to conducting audits and assessments for some of the world’s largest and most complex enterprise networks such as Boeing and ExxonMobil. Deep and detailed experience specifying, designing, installing, configuring and administering information security countermeasures.
• Extensive experience with all aspects of IP networking, computing and data storage with advanced certifications in information systems security, administration and architecture.
• Formalized training in Risk Management and Risk Analysis.
• Extensive experience with wireless IP networking, microwave radio frequency systems, all common operating system platforms (Windows, Linux, Unix), entire Cisco line of routers and switches including IOS and CatOS, all common routing protocols and wide area networking provisioning and administration methodologies.
• Formalized training as investigator. Experience conducting multiple incident response and investigation assignments as lead investigator pertaining to network intrusions and theft of intellectual property. Licensed to conduct and manage investigations and to gather court-admissible evidence in California.

Patrick Bryant, CISSP, CISA, PI’s Specialties:

• Certified Information Systems Auditor (CISA).
• Certified Information Systems Security Professional (CISSP).
• Information Systems Security Architecture Professional (ISSAP).
• Information Systems Security Management Professional (ISSMP).
• U.S. National Security Agency, Information Systems Security Assessment Methodology (NSA-IAM) certification.
• State of California Licensed Private Investigator and Qualified Manager, license number PI 23268.

Patrick Bryant, CISSP, CISA, PI’s Experience

  • Information Security Investigator and Consultant

    Confidential Client

    (Information Technology and Services industry)

    September 2008December 2008 (4 months)

    Investigation of network intrusion and theft of intellectual property. On site investigation and assessment of the security posture of third-party partners located in Lima, Peru, Bogota, Colombia, and Beijing, China. Collection of evidence and assistance with legal discovery process. Technical remediation of vulnerabilities. Evaluation of client’s information security management program, capability maturity, technical countermeasures, controls and compliance verification processes. Initial development of an incident detection, response, recovery and post-incident examination (“postmortem”) process. Development of information security sensitivity classifications. Revision, updating, simplification and re-harmonization of client’s information security policy, standards, guidelines, and processes. Initial ISO 27001/2 assessment and report to executive staff.

  • Senior Network Security Analyst (consultant)

    ExxonMobil

    (Public Company; 10,001 or more employees; XOM; Oil & Energy industry)

    May 2007August 2007 (4 months)

    Detailed analysis of network security technologies, countermeasures, controls and control designs. Original authorship of technical standards, guidelines and position papers regarding implementation of network security technologies. Detailed reviews of controls applied to networks and networked systems.

  • Information Security Analyst/Evaluator (consultant)

    Wells Fargo Bank

    (Public Company; 10,001 or more employees; WFC; Banking industry)

    November 2005January 2006 (3 months)

    Staff augmentation role to Wells Fargo Computing Information Security for conducting ISO 17799 evaluations as mandated by the U.S. Department of the Treasury, Office of the Comptroller of the Currency.

    On site evaluations through direct observation, interviews and validation of Tier One vendors’ compliance with ISO/IEC 17799 code of practice for information security management. Detailed reporting to Wells Fargo Bank of vendor compliance, and risk assessments of identified non-compliance gaps. Detailed assessment of vendor’s processes and procedures.

  • Security Analyst/Architect (consultant)

    Boeing

    (Public Company; 10,001 or more employees; BA; Aviation & Aerospace industry)

    March 2005October 2005 (8 months)

    Assigned to the Enterprise Computing & Information Security department, Security Assessment Support team. Project pertained to the Multi-Mission Aircraft/Military Derivatives program.

    Assessments of system capabilities to protect classified, sensitive and export restricted (ITAR/EAR) information within the Integrated Defense Systems and Boeing Commercial Airplanes divisions. Evaluation of the sensitivity of application or system data, and the adequacy of information system protection safeguards. Gap identification, analysis and remediation recommendations. Policy interpretation and approval of final mitigation plans.

  • Security Architect (consultant)

    Cingular Wireless

    (Public Company; 10,001 or more employees; T; Telecommunications industry)

    October 2004January 2005 (4 months)

    Risk assessments of revenue-generating information systems assets identified as pertinent to Sarbanes-Oxley Act section 404 General Computing Controls compliance. Risk assessment and risk mitigation strategy development pertaining to critical revenue-generating assets, including network routing and data-transport infrastructure, platform hardening, voice over IP (VoIP) protocol suite hardening, and malicious software detection/countermeasures

  • IT Auditor (consultant)

    Boeing

    (Public Company; 10,001 or more employees; BA; Aviation & Aerospace industry)

    July 2004October 2004 (4 months)

    Boeing is organized into four major business units: Boeing Capital Corporation, Boeing Commercial Airplanes, Connexion by Boeing, and Boeing Integrated Defense Systems. Supporting these four units is the Boeing Shared Services Group (SSG), which contributes common services to all business units.

    Conducted IT Audit activities pertaining specifically to Sarbanes-Oxley Act (SOX) section 404 (General Computing Controls) compliance for operations in the Boeing Shared Services Group. SOX section 404 evaluations pertaining to general computing controls of Boeing SSG operations, including the phases of Documentation, Design Effectiveness, and Operational Effectiveness pertaining to SOX compliance. Development and evaluation of Corrective Action Plans to remedy discovered compliance gaps. Analysis and assessment of business processes and business process controls. Identification of risks and linkage of business risks to the relevant IT audit procedures and control objectives.

  • Information Security Manager

    RealNetworks

    (Public Company; 501-1000 employees; RNWK; Computer Software industry)

    June 2003July 2004 (1 year 2 months)

    Overall threat management, risk assessment, and countermeasure recommendations regarding information security vulnerabilities and related industry best practices. Conducted detailed ISO 17799 compliance recommendations and audits. Performed investigation, forensic analysis, and evidence gathering pertaining to network intrusions. Led activities to provide protection measures for customer Personally Identifying Information in response to Calif. Senate Bill 1386 (Calif. Civil Code Sections 1798.29, 1798.82 and 1798.84) and VISA CISP standards, including extensive collaboration with Development teams to provide detailed protection measures for customer data. Developed and implemented project for Visa CISP and MasterCard SDP compliance and accreditation. .

  • Security Consultant

    High Tower Software

    (Privately Held; Computer Software industry)

    May 2003June 2003 (2 months)

    Research and development of vendor-specific forensic patterns and log data acquisition modalities pertaining to network security-relevant events and trends for incorporation into a new security product.

  • Investigator/Qualified Manager

    Bryant Network Security

    (Computer & Network Security industry)

    September 2002June 2003 (10 months)

    Bryant Network Security is an investigative agency licensed by the California Dept. of Consumer Affairs, Bureau of Security and Investigative Services.

    Services and assignments were performed for corporations and law enforcement agencies including:

    • attack/intrusion origin determination
    • network security consulting
    • perimeter security analysis and configuration
    • forensic analysis
    • network security profile assessments
    • rogue wireless node detection
    • penetration testing
    • intrusion countermeasures
    • incident response
    • gathering of court admissible evidence

  • Senior Network Security Architect

    Yahoo!

    (Public Company; 10,001 or more employees; YHOO; Internet industry)

    August 2001September 2002 (1 year 2 months)

    Full information security profile assessments and audits of the Yahoo global network and of new acquisitions. Partner interconnection risk assessments, partner data flow interface and security coordination. Original design and development of global application-layer vulnerability monitoring and alerting systems. Designed, specified, coordinated and maintained IPSec infrastructure to interconnect Yahoo network with key partners (extranet) involving several complex and heterogeneous networks. Responded to numerous security incidents as team lead. Designed, developed and administered network perimeter security for global production environment. Provided support to IT for internal security issues and to Engineering in product development. Development of evidence gathering techniques and protocols. Investigation of forensic data pertaining to attempted misuse, theft, destruction, alteration or defacement of company data.

  • Chief Information Security Officer / Director of Security Operations

    iBeam Broadcasting

    (Public Company; 201-500 employees; IBEM; Internet industry)

    May 1999August 2001 (2 years 4 months)

    Designed and deployed, from the ground up, the firm’s network security and survivability systems in place at corporate headquarters and all remote sites. Managed team of four security engineers. Provided design support to Engineering regarding network integration and network security issues. Developed and administered all authentication and access control systems for production and corporate network, including internetwork encrypted VPN infrastructure (IPSec) and two-factor authentication systems for personnel. Responsible for enterprise-wide network perimeter security, internal security, network survivability issues, and post-acquisition security audits and policy reconciliation. Wrote and administered corporate network security policy. Planning and support for integration, provisioning and connectivity into third-party networks for secure data content acquisition (streaming media). Tier 3 troubleshooting support to NOC. Solely responsible for several complex DNS implementations.

  • Senior Security Administrator

    Quintus

    (Public Company; 201-500 employees; QNTS; Computer Software industry)

    January 1997May 1999 (2 years 5 months)

    Deployment of all interior and exterior network security systems. Deployment of full network infrastructure in heterogeneous NT and UNIX environments. Project engineer tasked with post-acquisition interconnection, integration and consolidation of dissimilar network systems, network security policies, and network interoperability policies after major acquisition of two east coast firms. Designed and wrote suite of IP management software to provide accounting, validation and interoperability between DNS (BIND), WINS, and NIS for both statically assigned and DHCP assigned IP spaces. Designed and deployed VPN for extensive use throughout US and Europe. Instrumental in identifying and halting 14 major network intrusion or denial-of-service attempts (all unsuccessful) that exploited other networks as staging areas, requiring coordination with outside system administrators.

  • Technical Surveillance Countermeasures (TSCM) Consultant

    Numerous Confidential Clients in Stockholm, Sweden

    (Security and Investigations industry)

    19871990 (3 years )

    Communication security (COMSEC) consultant engaged in the detection and location of surreptitious electronic surveillance systems. Detailed inspections of operational environments using radio frequency detection systems such as spectrum analyzers, time-domain reflectometers and other proprietary methods.

  • Studio/Field Maintenance Engineer/Operations Engineer

    ABC Television

    (Public Company; 10,001 or more employees; DIS; Broadcast Media industry)

    19781986 (8 years )

    Audio, video, and digital systems engineer assigned to troubleshooting, adjustment and repair to component level of broadcast systems in both studio and field (remote) environments. Operations, troubleshooting and maintenance of studio and ENG cameras, studio audio systems, intercom (PL) systems, digital post production systems (CMX), electronic title and graphics generators (Chyron), videotape systems, microwave and other RF systems, internal video cable distribution systems, satellite uplink and downlink stations, and Master Control operations engineering. Acted as crew member in capacities of maintenance engineer as well as camera and utility operator on numerous shows; including American Bandstand, General Hospital, Family Feud, Good Morning America, Nightline, Eye On LA, Mr. Belvedere, KABC News, and numerous ABC Sports and ABC News field events.

  • Assistant Chief Engineer

    WOW/KEZO Radio

    (Broadcast Media industry)

    19761978 (2 years )

    Broadcast engineering duties at studios and transmitters as FCC licensed First Class Commercial Operator. Maintenance, repair, and monitoring of 100 kilowatt ERP FM and 5 kilowatt non-directional AM broadcast transmitters.

  • Assistant Chief Operator

    KLMS

    (Broadcast Media industry)

    19731976 (3 years )

    Broadcast engineering duties at studios and transmitters as FCC licensed First Class Commercial Operator. Maintenance, repair, and monitoring of 1 kilowatt transmitter and 5 tower directional array.

Additional Information

Patrick Bryant, CISSP, CISA, PI’s Interests:

• Sailing and skydiving. • Commercial pilot with airplane instrument rating. Certificated in single and multiengine land and sea airplanes, helicopters and gliders. Skydiving jump pilot, glider and banner tow pilot. • Amateur Extra Class Radio Operator.

Patrick Bryant, CISSP, CISA, PI’s Honors:

• Inventor of Two-tone Attention Signal Broadcasting System used to activate the Emergency Alert System in the United States. U.S. Patent number 4,103,235.
• FCC licensed to install, inspect, repair, and internally adjust all radio systems for which FCC licensing is required. Licensed at the highest possible grade to operate all radio systems except those based on radiotelegraphy. FCC licensed Commercial Radio Operator (GROL Class License). FCC licensed Global Maritime Distress and Safety System Radio Operator/Maintainer with Ship Radar Endorsement. Amateur Extra Class radio operator, the Commission's highest grade amateur radio license.
• Placed in the International Aerobatics Club 1995 Paso Robles aerobatics competition piloting a type 7GCAA Bellanca Citabria (without an inverted fuel system) -- my most cherished honor.

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View Patrick Bryant, CISSP, CISA, PI’s full profile:

  • See who you and Patrick Bryant, CISSP, CISA, PI know in common
  • Get introduced to Patrick Bryant, CISSP, CISA, PI
  • Contact Patrick Bryant, CISSP, CISA, PI directly

View Full Profile