Jeff is a Managing Director in Protiviti’s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen’s Technology Risk Consulting practice. He has vast experience in industries like Consumer Products, Retail and Hospitality.
He co-leads Protiviti’s global PCI practice and has been a PCI PA-QSA and previously VISA QDSP since the initiation of each applicable program. He has participated in technical consulting and audit projects primarily in the Retail, and Consumer Products industries and has conducted numerous technical training courses on Network Security, Privacy, PCI Compliance and Privacy. For the last eight years, he has concentrated on information security and privacy consulting and remediation.
Representative Engagements Include
- Assisted many large companies with achieving compliance to the Payment Card Industry Data Security Standard. As a global leader in Protiviti’s PCI practice, worked with a wide variety of companies around the world. Assisted in designing and implementing full production security architecture and infrastructure including DMZs, logging, encryption, and intrusion detection. Focus of many projects has been on implementation of strategies to reduce the scope and efforts of current and future compliance efforts
- As the product leader for Privacy services in the west, he has directed many projects to assess compliance with privacy regulations and best practices. The projects included developing security standards for all company-held customer information; assisting clients to align security and privacy functions to more optimally address customer and employee privacy concerns; working with companies to improve privacy programs, policies and activities to reduce the risk of breaching customer privacy commitments; and leading GLBA risk assessments, compliance consulting projects, and audits at multiple bank and mortgage companies
- Pioneered the use of leading data leakage prevention tool to monitor client Internet traffic for improperly protected customer and employee data. Projects typically identified significant issues including: Trojan Horse programs, network misconfigurations, employee awareness issues, and numerous business processes that failed to consider the risks associated with insecure data exchange
- Performed an information security risk assessment for one of the world’s largest card brands. Focused on organizational structure, security governance and the process for selecting and evaluating security tools
- Bachelors of Science – Electrical Engineering
- Masters of Business Administration
Professional Memberships & Certifications
- Certified Information Systems Auditor (CISA)
- Certified Internal Auditor (CIA)
- Qualified Security Assessor with Payment Applications (PA-QSA)
- Certified Information Security Manager (CISM)
- Project Management Professional (PMP)