Andrew H. Stravitz, CISSP, CISM & ITIL
We are seasoned information security professional protecting national critical infrastructure, holding CISSP, CISM and ITIL certifications with over 20 years of management and technical experience as innovative leader.
We have managed and mentored staff at all levels of the organization on a variety of information security initiatives, building strong teams to protect corporate assets. Provided input to industry leading vendors for numerous product enhancements, and commentary on regulatory legislation. Extensive experience in implementing web application security, rapid incident response programs and operating in a highly regulated environment. Developed impactful and measurable security awareness training.
- Security Transformation
- IS Strategy & Execution
- Executive reporting (metrics)
- Program development
- Information risk management
- Security architecture
- Security roadmap
- Regulatory compliance
- Business continuity planning
- Strong cryptology design knowledge
- Business Resilience
- Security in the cloud
- Critical Infrastructure (Financial & OT ICS SCADA)
Accomplishments
Developed new information security and computer risk management programs from inception based on the NIST, ISO27001 and PCI DSS standards. Authored numerous security articles, white papers, information security policies and performed security risk assessments. Presented on a variety of security topics, including web application security, data-centric approach, security awareness and information risk management. Speaking engagements as a SME at Evanta, IANS conferences, SC Magazine, CISO Executive Summit, Security 500, Tech Managers Forum and Polytechnic University.
Additional Skills:
- Executive & Board level reporting (metrics)
- Program development
- Information risk management
- Security architecture
- Security roadmap
- Regulatory compliance
- Business continuity planning
- Strong cryptology design knowledge
- Expert level knowledge of the PCI Standard
- Budgeting