Steve Cummings, CISA, CISSP, NSA-IAM

Current

Information Security and Risk Consultant at Integrated Business Solutions and Consulting Services

Past

Vice President and Manager, Distributed Information Security at SunTrust Banks, Inc.
Director, Enterprise Consulting at Internet Security Systems, Inc. (ISS)

Education

Daniel Webster College

Recommended

10 people have recommended Steve

Connections

95 connections

Industry

Information Technology and Services

Websites

Steve Cummings, CISA, CISSP, NSA-IAM’s Summary

As an Information Technology consultant, I offer consolidated skills associated with compliance and the reduction of cost associated with becoming compliant with Regulatory and Statutes obligations. My work includes information security assessments, systems monitoring, risk management and security and contingency planning for facilities and systems, communication systems design and development and management of business systems. I implement compliance programs aimed to prevent, and where necessary, identify and respond to, breaches of laws, regulations, codes or organizational standards occurring in the organization. I address the functions of corporate governance which fall into three major areas: developing governance policies, systems and practices; engaging in internal and external communications regarding governance. I assist in implementing continuous improvement in corporate governance and in other areas of the business. By assessing the infrastructure of facilities and institutions, I determine if procedure and practices are properly implemented and policies are supported by the documented procedures and operational practices. I have also been called upon to manage the implementation of specialized systems and to ensure compliance to specifications and contractual requirements. I act as a trusted advisor and vendor manager for many Fortune 500 customers. I have implemented multiple systems and standards for financial and healthcare institutions as well as power and industry clients.

Steve Cummings, CISA, CISSP, NSA-IAM’s Specialties:

Security Project Management, Enterprise Security Audits & Evaluations, Network Security Vulnerability Assessment, Executive awareness briefings, Financial Services security management and practices, Technical personnel management and project direction, Complex Technology, Assessment, Network Management Platforms, Data Classification & Management.

Steve Cummings, CISA, CISSP, NSA-IAM’s Experience

Information Security and Risk Consultant

Integrated Business Solutions and Consulting Services

(Information Technology and Services industry)

August 2000 — Present (9 years)

I design and implement security standards and products to defend customers internal and external information technology assets. I perform information security assessments, gap analysis, business impact analysis and continuity, disaster recovery implementation and reviews. I advise in the design of systems, security infrastructure and systems management and reporting approaches while interpreting technological requirements against business necessities.I work with customers regarding HIPAA, or the Health Insurance Portability and Accountability Act focusing on the Security and Electronic Signature Standards, Gramm-Leach-Bliley Act, U.S. Patriot Act and Sarbanes-Oxley Act (SOX).I act as an interim CIO/CSO. I advise on employee positioning and retention. I am often responsible for the recruitment and training of security professionals. I am responsible for reporting to senior management of my financial and healthcare customers the status of engagements.
Vice President and Manager, Distributed Information Security

SunTrust Banks, Inc.

(Public Company; 10,001 or more employees; Banking industry)

May 1999 — May 2000 (1 year 1 month)

I developed and implemented policies and standards regarding distributed network systems security for a major financial institution. I was responsible for line of business interfaces regarding information technology security. I was also responsible for the implementation and design of the information security architecture. All changes and additions to the network architecture were reviewed for security implications and either approved or denied by my staff or me. These duties also included the prevention and detection of intrusions, fraud, misuses and root cause analysis. I was responsible for leading investigations associated with any security incidents. I also managed Internet, Intranet, VPN, Extranet, and remote access as well as vendor connectivity.
Director, Enterprise Consulting

Internet Security Systems, Inc. (ISS)

(Public Company; 201-500 employees; ISSX; Information Technology and Services industry)

January 1997 — May 1999 (2 years 5 months)

As the director of Enterprise Security Consulting in the Professional Services Organization of Internet Security Systems, I reviewed and assessed risks of business operations involving Information Technology, data communications and telecommunications systems with the purpose of identifying vulnerabilities, risks and exposures. Developed mitigation strategies of enterprise wide systems/functions. Conducted advanced public training classes on Internet Security Systems products. I employed expertise in managing technical teams in reviewing telecommunications, data communications, and IT based systems focusing on risk and vulnerability identification, mitigation strategy development, associated economic analyses and enterprise wide security management. I directed the development of budget and business case qualifications for systems infrastructure for ISS customers. I managed multi-site implementations and directed approaches for new business development.

Additional Information

Steve Cummings, CISA, CISSP, NSA-IAM’s Websites:

Steve Cummings, CISA, CISSP, NSA-IAM’s Groups:

Certified Information Systems Auditor - CISA
Certified Information Systems Security Professional - CISSP
NSA-IAM Certified
Certified Healthcare Security Professional - CHSP
A Service Connected Disabled Veteran Owned Small Business.