Perrysburg, Ohio
Matthew Haschak
matthaschak@yahoo.com
Experience
Bowling Green State University-http://www.bgsu.edu
419.346.4407
Director IT Security & Infrastructure
Director IT Security & Networking
Director IT Security
Bowling Green, Ohio
April 2010 - Present
August 2008 – March 2010
December 2007 – July 2008
Position Summary – Infrastructure Role
Develop strategic plan and manage the teams that architect, implement and administer the information
technology infrastructure used for all administrative, research, and academic systems at the University.
Infrastructure consists of all servers (physical and virtual), storage area networks, databases, networking,
telephony, and data center(s). It also includes all related infrastructure services such as DNS, DHCP,
LDAP/AD, email, Sharepoint, and identity management.
o Reduced physical servers in data center via cloud application migration and server virtualization (65
percent)
o Implemented centralized Oracle Identity Management system for the programmatic provisioning
and deprovisioning of IT resources for the campus community
o o Negotiate and review contracts for infrastructure equipment procurement and services
RFP Development
• University’s telephony and unified communication solution
• University’s outsourced data center
o Converted email system from on-premise based Exchange to Microsoft Office 365
(77,000+ users)
Implemented Cisco VoIP and Unified Communications solution across campus
• 3200 desktop phone
• 350 contact center agents
• 2500 Unity voicemail accounts
• Webex
• Jabber
o o Implemented Microsoft Office 365 Sharepoint OneDrive and Team Sites (38,000+ users)
o Participant in Pathways Leadership Development program “designed to prepare IT leaders for the
many challenges they will face as future CIOs”
• Evaluated and selected a remote data center partner to host DR systems
• Installed infrastructure to accommodate the critical business operations
Position Summary - IT Security Role
Serve as the Information Security Officer responsible for the security protection strategy and programs
for ensuring the confidentiality, integrity, and availability of information and information technology
resources and systems at the University.
o Transformed department from a reactionary based security strategy to a proactive vulnerability
identification and management strategy.
vulnerability scans, comparative log analysis of systems and networks and proactive security
assessments to mitigate the threats before they become a security incident.
This
is accomplished through a combination of
o Responsible for annual presentation to Board of Trustees regarding previous year’s issues and
accomplishments and to provide plan for upcoming year’s goals
Disaster Recovery Planning
• Coordinated priority of applications with constituents to identified necessary Return Time
Objectives (RTO)
o o Consolidated six disparate storage area networks into a homogenous and scalable solution
o Risk Management
• Review technology related security threats on a daily basis and determine relevance to
• Review technology implementations for security concerns and remediate any issues prior
to implementation
Bowling Green State University
o Developed policies with respect to protecting the confidentiality, integrity, and availability of
information technology resources at BGSU, including, but not limited to:
o Lead IT representative on compliance issues (FERPA, HIPAA, PCI DSS, FACTA Red
Flag and HEOA)
• Information Technology Policy
• Data Use and Protection Policy (Data Classification)
• Social Media Usage Policy
o Project manager for high impact program and technology implementation. Some
examples include the following:
• DMCA Safeguards program and HEOA compliance. Program was nationally recognized
by Educause as one of the “role model” schools for HEOA compliance
• Review departments’ use of protected data to identify exposure risks and develop
mitigation strategies
• VPN and secure authentication implementation
• Electronic signatures
• Data Destruction and Recycling Service, which is a centralized data destruction service for
the University community. This service completes the life cycle of data on systems by
destroying both hard copies and electronic copies of University owned data mitigating the
risk of remnant data being access by recycled systems and dumpster diving.
o Case manager and lead investigator for computer forensic investigations at University
• Emergency Alert Notification System
• Implemented enterprise identity management system that manages the life cycle and
account resources provided to the University community
o Emergency Management Planning
• Designed technology and communications for the Emergency Operations Center
• Member of Emergency Management Planning Committee
• Developed University’s information technology disaster recovery plan
Keynote presenter for Lima Regional Technology Alliance Annual Conference 2013 Topic –
“Preparing Your Organizations for the Impact of Cyberwarfare”
o o College of Business Administration – MIS 4220
Bowling Green, Ohio
August 2013 - Present
o o Coordinate and manage internal and external audits of information technology resources
Bowling Green State University-http://www.bgsu.edu
Adjunct Instructor
The objective of this class is to introduce students to the breadth of domains that encompass the
industry of Information Security. During the semester the students will be taught the foundation
principals of information security and how they apply to the specific areas from network security
and encryption to investigating cybersecurity incidents and security policies that protect the
information assets of an organization. Students will be exposed to the ever changing threat
landscape that we face today and also help them be prepared to plan for the threats they will face in
the future.
Ohio Cybersecurity, Education and Economic Development Council
Appointee
• (1)
resources and through partnerships between government, business, and institutions of
higher education;
Improving the infrastructure of
the state's cybersecurity operations with existing
2012-Present
o 1 of 12 council members tasked with conducting a study and to make recommendations regarding
both of the following:
• (2) Specific actions that would accelerate growth of the cybersecurity industry in the state.
InfraGard Toledo Members Alliance - http://www.toledoinfragard.org
Director
o Organized and provided leadership for the following:
• public meetings
Lead bi-weekly Board of Director meetings
Director - Vice President
Director - President
2008-2013
2007
2003 - 2006
o o Formally organized and officially established the Toledo chapter with the National organization
o Regular presentations to Toledo area organizations to promote InfraGard’s mission
• members only meetings
• collaboration events with the Northwest Ohio ISSA
Bowling Green State University-http://www.bgsu.edu
Information Security Analyst
o o Advise on security aspects of technology related projects
September 2000 – December 2007
Bowling Green, Ohio
o Monitor network traffic for security incidents and network anomalies using:
• Intrusion Detection Systems
o Perform incident response and conduct forensic analysis on compromised systems. This includes
regular interaction with local and federal law enforcement
• Intrusion Prevention Systems
• Network protocol analyzers (Sniffer, Wireshark)
o o Assist BGSU Police Department in their technology related investigations
Contribute to evolving University policies as they relate to technological advances and compliance
issues including, but not limited to, University Computing Policies, GLBA, HIPAA, and FERPA
Conduct security and vulnerability assessments of technology implementations
o Project member of a university-wide initiative to implement whole disk encryption, email
encryption, and electronic signatures
Regular analysis and investigation of various security related topics including, but not limited to,
virus issues, spam, phishing, network bandwidth management, wireless, policy, copyright issues,
and physical security
o o Responsible for advancing and maintaining the Security Office’s private network
o o Research and recommend network and desktop security technologies
Administer Information Security Offices’ servers
o Audit and scan network/systems using various tools on Unix and Windows platforms
Created and administered firewall architecture for campus LAN/WAN
Information Security in Academic Institutions - http://www.infosecurityresearch.org
Academic Institutions Expert
o Consulted on the following:
• Hypothesis development
• Survey creation
• Results interpretation
Corporate Intelligence Consultants – http://www.corpintel.com
Consultant/Investigator
Perrysburg, Ohio
o Operative in a four month undercover investigation
September 1999 – July 2000
2004 - 2006
• ResNet 2006 – “Incident Response and Forensic Analysis”
• University of Findlay Information Assurance Forum – “Understanding Botnets”
• Classroom and department presentations as requested
o o Image Maintenance Committee Member – review operating system images for security issues
o Security awareness initiatives (presentations, websites, meetings, etc.). Some presentations include:
• Open Registration Security Awareness for new students and parents
o Performed various categories of surveillance including worker compensation claims and employee
theft
Presented computer security awareness issues to various organizations including a seminar on
comprehensive computer security
January 1998 – August 1999
Cleveland, Ohio
o o Conducted computer forensic analysis on suspect personal computers
Key Bank– http://www.key.com
Security Analyst
o Investigated violations of computer policies and unauthorized access to Key’s computer systems
o Created Key’s initial methodology regarding the acquisition and preservation of electronic evidence
o o Researched and evaluated computer forensic tools for the forensic lab
Conducted investigations nationwide at KeyCorp facilities
o Supported investigations conducted by the federal
o Contributed to the development of INVEST, a Lotus Notes application used to alert and track the
process of securing newly discovered vulnerabilities within Key’s technology.
employees and computer equipment
law enforcement agencies involving Key
o Contributed to the development of Corporate Investigation Automation, a secure Lotus Notes
investigation database that logs and retains evidence of Information Security investigations.
management database using Lotus Notes
tracking, modem tracking, and project
o Contributed to the development of Key’s Information Security Awareness program
o Developed department’s Internet security tracking, call
Education
Bowling Green State University
o Degree: Masters in Business Administration
o Degree: Bachelor of Science in Business Administration
Specialization: Management Information Systems
Bowling Green, Ohio
May 2004
December 1997
Certification
Certified Information Systems Security Professional (CISSP)
Since 2006