Jan Vandenbos, CISSP, ISSMP – Issaquah, WA

(m) +1 (425) 223-3483 (e)  jvandenbos@yahoo.com

 

CTO, Architect, DevOps, Information Security, Performance/Scalability/Capacity

Enterprise and Startups

 

Testimonials

 

" In his role as our Senior Security Architect, Jan Vandenbos has been the key individual responsible for driving our entire online security strategy and ongoing audits and assessments. He is an action-oriented, forward-looking thought leader who has provided both the technical tools and infrastructure as well as the processes and best practices rigor that have enabled us to dramatically reduce our vulnerability while increasing our code quality. He is an industry expert who has the rare ability to work at both the executive level as well as at the detailed application code level. "

" Simply stated, his talents and his work here have been top notch. Because of Jan’s efforts, we are now an exemplary eCommerce site leading the way. "

-- Tim RobertsTechnical Director  AT&T E-Commerce

 

"Jan's deep knowledge of the Security space was a real asset to the eCommerce development team. I was impressed with his ability to take high level direction and develop specific action plans and work items with little or no follow-on direction. A great team player and contributor, I have no hesitation recommending Jan as a Qualities: Great Results, Personable, Expert

 -- Jan Vlcek, VP Architecture , Bank of America

 

"I have had the pleasure to work with Jan numerous times during the past few years. He is not only one of the most seasoned security and software development professionals I know; Jan is also a fantastic business leader and life long student focused on process improvement. If I have challenging projects, I can rely on Jan’s consultations to look for the most efficient ways implementing a solution."

-- Brian Chan - Manager, AT&T Network Operations

 

"Jan is an expert in the field of information security and has helped out with exam development at (ISC)2 on numerous occasions. Jan is an extremely steady professional who input was greatly appreciated by the organization. Jan has a keen business sense and calmly approaches any problem with a level head. I highly recommend Jan!"

Garrett Smiley, Director, Exam Development(ISC)2

 

Adrian Fluckiger, IBM: "I had the pleasure of working with Jan when I was at IBM. Jan had a clear vision of what he was looking to achieve, was very knowledgeable, and a great person to deal with. I would welcome the opportunity to work with Jan again."

 

Campbell Gunn, Microsoft Live (Bing.com):  "I have worked along side Jan in a variety circumstances. Jan is calm, level-headed and gets the job done. He is a person that is trustworthy and committed to providing a high quality product and service."

 

 "We have consulted Jan on numerous occasions to find creative solutions for some of the problems we ran into. Being a not-for-profit, we rely on expert advice and need creative, cheap, but reliable solutions. Jan has come through every time. His recommendations are still in place and functioning perfectly." 

-- Wouter Van Wageningen, IT Director, Children's Home Society of Washington

 

"Jan is one of those very rare individuals who possesses the unique ability to see a way out of the toughest problems. His depth of technical knowledge is profound and is supported by his strong business acumen. I would work with Jan again anytime the opportunity presented itself."

-- William Barry, Enterprise Director -- Microsoft

 

 

"Jan has consistently received excellent feedback from our client! Jan is a true professional and an expert in his field. He has always represented Kforce extremely well and is a pleasure to work with!"

Erin Brawley, KFORCE

 

"In my short time working Jan I was very impressed with his professionalism, ability to handle extreme situations with efficiency and calmness, and attention to detail. Jan is very good at making sense of chaotic environments and offer high impact solutions. I have really enjoyed working with Jan." 

-- Joey Niem, Security Architect, AT&T Wireless (Data)

 

"Jan is a bright and curious man who thinks through big issues. He is an excellent networker, and I always look forward to seeing him."

-- Brenda Cooper, CIO, Kirkland, WA

 

 

Experience

 

AT&T (through KFORCE), Redmond, WA, July 2013 to Present

Devops / Infrastructure Manager and Enterprise Architect

 

I am currently managing, mentoring, and participating in the day to day activities of the Devops/Environments team that supports http://developer.att.com, the organization that exposes API’s and infrastructure to third party developers and enterprise partners for AT&T (Developer Ecosystem).

 

We manage a large number of Linux (and some Windows) servers on an Openstack cloud environment that is fully automated using tools like Chef, Saltstack, Fabric, Docker, Vagrant, Capistrano, Graphite/Statsd, Nginx, Apache and Nagios. We provide architecture, design, build and Tier-3 support to high availability, and geographically redundant environment currently running at five (5) 9’s (99.999%). Our team also manages capacity planning, security and performance engineering, as well as thr clustered database infrastructure including MySQL/Percona, Cassandra, and Postgres clusters using both relational and NOSQL concepts. We also manage (within the scope of an Agile / Kanban process environment) release processes/tools for applications written in languages from Java through Ruby/Rails and Python, and in source code repositories like Git.

 

 

CX.COM, Palo Alto, CA, March 2011 to April 2013.

Chief Technology Officer (CTO) and Chief Architect

 

I joined CX (a Social Cloud Storage) startup to help them build a technology organization as well as set technology strategy and product vision for their offerings.

 

During my tenure at CX, I helped implement:

 

A complete rewrite/rebuild of the application and infrastructure to meet the demands of our rapidly growing, high volume usage (Peta/Exabyte storage) customer base. In this rewrite/rebuild we migrated from an original Java proof of concept application hosted on traditional rack-and-stack hardware to a high performance, 5 9’s Scala server environment hosted in Amazon’s Cloud (EC2/S3/Glacier/ELB, etc.) and wrote mobile and desktop clients for Android, IOS, Set top boxes, and Mac/Windows.

A reorganization and scale-up of the development team from a primarily off-shore house to a distributed team encompassing project management, design, architecture, server and client/mobile development teams, quality assurance, release management, information security, and system administration.

A real solidified vision for our product and its direction and related product plan and roadmaps.

A move from traditional Waterfall software development lifecycles to an Agile/Kanban board based system that allowed for rapid release iteration and feature evolution.

A series B round of capital injection and work in progress on follow-on rounds.

A robust architecture that addresses feature integration, scalability and reliability and performance, as well as security.

A polyglot service oriented architecture that integrates disparate components and languages to allow for agile product releases and isolation of components.

A scalable underlying infrastructure to meet the needs of our products.

Regular travels around to advocate CX to investors, and regular media interviews/appearances to talk about storage/security/scalability and our products.

 

MPTech Consulting, Bellevue, Washington, November 2010 to December 2013

Chief Strategy Officer

 

During my tenure with MPTech Consulting (now Axelerate) I worked with the executive team  to define corporate strategies including: product strategies, industry roadmaps, marketing, portfolio analysis, growth strategy and merger and acquisition strategies.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Previous Industry Experience Highlights

 

 

AT&T (through KFORCE)  Redmond, WA, 2009 to 2011

Sr. Security Architect, AT&T Ecommerce (Wireless, DSL, Uverse)

 

In this position, I lead Information Security for AT&T e-Commerce assets including:

 

Managing enterprise projects and related architecture to address and mitigate security concerns.

Liaise between vendors, and between internal disparate teams to achieve goals.

Author Budgets and project justifications.

Author whitepapers, project plans, project justifications, KPI’s, assessments and project prioritization endeavors.

Educate business leaders on projects and endeavors.

Perform static and dynamic vulnerability analysis using tools like Fortify and WebInspect to evaluate risk/vulnerabilities.

Perform Risk Analysis to help prioritize risk across our assets.

Responsible for application security, focusing on the security and quality of the code, processes and underlying infrastructure.  This includes software security assurance and audit. As such, I performed regular code reviews and eventually built a team to scale out the information security organization.

Performed PCI DSS compliance audits/analyses and mapped Identity Breach Laws (California Senate Bill 1386, Wa Bill 6043, etc.)

Participated in application security architecture and design engagements to ensure our products were built with security in mind from the start.

Application Security Assessment/Audit (Software Assurance) including the deployment, audit, reporting and analysis using tools including:

Cenzic Hailstorm, Fortify, Appscan, WebInspect, Nessus, Nikto, ATG Dynamo, WebLogic, Eclipse, Java (J2EE), Javascript, PERL, Python, Linux, Solaris, Windows Server.

Consulting with developers and architects throughout the AT&T E-Commerce environment on security and privacy to ensure appropriate controls are implemented throughout the software development lifecycle (SDLC).

Perform security and compliance audits.

Develop remediation plans.

 

 

 

 

 

 

 

 

 

AT&T (through British Telecom/INS), Redmond, WA, 2007 to 2009

Sr. Security Architect for the Core Network and Smartphone related data infrastructure

 

At AT&T Mobility (prior to the switching to the E-Commerce group), I worked as the security architect in the engineering group responsible for evaluating and designing the next phase of their security layer on their delivery (GPRS/3G/HDPA) (iPhone) network supporting very large numbers (10’s of millions) of concurrent users. My other core responsibility was in instrumenting (network and applications monitoring for) the security layer in the network, deploying monitoring and performance/capacity planning tools to measure KPI’s and better plan for scalability/network growth.

 

Microsoft Corporation (Contract) – July 2006 – October 206

SME for Governance, Risk and Compliance Accelerator – Service Manager

 

During this engagement, I consulted with a team at Microsoft to provide subject matter expertise to a product accelerator group where I provided knowledge and expertise around the Governance, Risk and Compliance arena.

 

 

Dategrity Corporation, Bellevue, Washington, November 2005 to June 2006.

Chief Security Officer

 

Providing guidance and input into security and privacy product platform design around electronic voting and anonymous electronic transaction systems.

Building trust and community around security products.

Building Customer Base (Enterprise focused).

Evangelizing offerings and philosophies with customers and security community.

Guiding internal security and privacy efforts.

Creating innovative solutions and generating IP/protect able intellectual property (patent material)

Creating Product and integration architecture

 

 

 

 

 

 

Microsoft Corporation, Redmond WA

October 2004 to November 2005 (FTE)

Security Architect/Sr. Security Technologist, Microsoft Information Security

 

Responsible for Microsoft Information Security Data Protection Initiative - addressing concerns around Data Handling, Data at Rest, Data in Flight and Data Destruction (End-of-Life) across 400 line of business applications.

Working in the Threat, Risk Assessment and Policy (TRAP) group to provide enterprise risk analysis and risk assessments related to IT assets and Microsoft Digital Assets.

Deliverables include Risk Maps/Threat landscapes, Risk Assessments, Strategic Prioritization and Costing on projects to executive management (CIO), Security Requirements, and input into the Policy processes.

Threat modeling, Threat Traceability, SOX, COBIT/ITIL/ISO 17799, Calif. Senate Bill 1386,

Identification of specific tactics and risk areas to address, strategic prioritization thereof and presentation/education of senior management on risks.

Evaluating general security landscape, as well as specific risk areas including: Messaging and Collaboration, Storage Area Networks, and Data At Rest.

Regular speaker at executive briefings and Face-IT sessions to liaise with customers on “Security at Microsoft” (Top 10 Rated speaker)

Participation in conference one-on-one sessions and meeting directly with executives at key companies to discuss information security organization and management principles and share though leadership on addressing security risks.

 

Ascentium Corporation, Bellevue WA

January 2004 to September 2004

Practice Director, Security and Privacy

 

Building a security and privacy consulting practice to deliver security related solutions to organizations in the northwest.

Lead and participate in audit, vulnerability scanning and security roadmap design processes

Technical implementation of IT and security infrastructure including VPN’s, IDS, Firewalls, Wide area networks, Systems security (Windows, Unix/Linux)

Participated in process and policy engagements and reviews with customers

Infrastructure performance and availability engagements

Microsoft Across America, Speaking Engagements (Defense in Depth)

 

 

 

Valhalla Strategy – Issaquah, WA

August 2002-June 2013

Founder and Cybersecurity/Privacy Consultant

 

Working with companies throughout the nation to provide startup and technology consulting services including: (in between enterprise engagements with AT&T, Microsoft, Getty Images, etc.).

 

Gathering requirements, and designing architectures and roadmaps to address customer concerns and direction around information security and enterprise architecture.

Performing TCO and ROSI (Return on Security Investment) studies for customers

Authoring customer solicited white papers and research studies around security products.

Authoring technology and security roadmaps

Acting in an advisory capacity to business executives/leaders

Speaker at a number of events on the topics of information security, privacy and identity theft..

Authoring Information Security and Privacy audit guidelines and vendor assessment requirements

Evaluating authentication, access control and encryption solutions

Assessment, evaluation and architecture of identity management solutions (Sun, Microsoft AD/Infocard/Trustbridge/Higgins,Liberty,OpenID)

Advising technology startups with security, privacy and technology roadmap concerns (see Board memberships below)

Performing Business Impact Assessments (BIA’s)

Organizational preparedness, accountability and policy/procedure management processes for InfoSec.

Gathering requirements and designing security architectures to meet customer needs.

 

 

Recent projects for various organizations have included:

 

Working with executives and leaders to create awareness and educate on Information Security and Privacy, Organizational Preparedness and Security Culture, Environment and Philosophy.

Performing information security audits and vulnerability scans. 

Performing Risk and Threat Analysis, and evaluating ROI/TCO of Security and Infrastructure build-outs.

Security and IT Management Process and Policy review/improvement.

Helping customers plan for Risk Mitigation and ‘Security Roadmaps’ accompanied by project engineering.

Secure datacenter/hosting environment evaluations, architecture, deployment and project management.

Participated in a number of speaking engagements and educational sessions on Security, Privacy and IT Strategy

 

 

Hands on Technical Deployments of:

 

Identity and Access Management Solutions (SSO/WSSO/RSO) and PKI deployments (certificate infrastructure, token/smart card implementation)

Directory and Meta-directory solutions (LDAP)

Server and Network Hardening

Remote Access (VPN, SSL-VPN) implementation

Firewall, Intrusion Detection (IDS, HIDS, NIDS)

Antivirus, Anti-spyware, Anti-spam and content filtering

Secure Wireless Network Deployment

Network and Systems Policies (GPO)

Network infrastructure (Switches, routers, network connectivity, wireless)

 

Scheduling.com –Los Gatos, CA

January 2001 to August 2003

Chief Information Officer (CIO) and Senior Vice President, Technology

 

Scheduling.com is a Health Care Access Management startup that was one of the first real Software as a Service startups – we provided scheduling and access management solutions to a large number of health care institutions across the nation.

 

In my role as CIO, I:

 

Participated, as a member of a health care industry executive team with business strategy, technology vision and leadership.

Rebuilt and re-factored a large-scale health care focused ASP software delivery organization.

Had full responsibility for technology budget and forecasts.

Lead Architecture and Design and Engineer role for infrastructure, process improvement, strategic direction and security projects.

Software Development Process Review and rebuild, requirements, design, architecture, testing, scalability.

Helped redesign software development lifecycle, quality control processes, participated in strategic roadmap and prioritization committee.

Participated in integration projects linking disparate health care applications in process and technology frameworks (Neon, HL7, ADT transactions, etc).

Built, and participated in a sales support process, including: executive presentations; speaking engagements; training sales force on product and technical systems; acting as a pre-sales engineer early during sales cycles to educate and evaluate customer environments; and assisted with identification of new sales opportunities and development within existing and new client base.

Responsible for information security across the organization, including implementation of an identity management system, solid encryption for transport of patient (and other data), and authoring/developing information security, disaster recovery and business continuity plans, technical architecture and infrastructure, firewalls, IDS, VPNs, vulnerability/threat analysis and Antivirus/Spam/Spyware.

Responsible for HIPAA Security and Privacy rules efforts

Managed contract negotiations for service level agreements and vendor relationships

Managed and High end, High availability datacenter build-out, moves and day to day operations (from 88% uptime to 99.999% uptime)

Built a consulting practice for both pre-sales and post sales/product delivery support including: Authoring proposals, contract negotiation, service delivery

Created Emerging technologies group to watch industry trends/environment, assisted with evaluation of new technologies and trends in the industries (market watch)

 

 

 

 

Inteliant – Kirkland, WA

June 2000 to December 2000

National Director, Internet Technologies Practice

 

Created and built a national technology consulting practice focused on Application Integration (EAI and Business Process Management (BPM) and application enablement using Internet technologies. (Web/Portals/etc).

Worked as Lead Architect, Systems Integrator and Program/Project management for software development and integration projects (Vitria, Seibel, SQL2000, Oracle, Linux/Unix)

Had Full P&L responsibility for the practice area.

Led Software development and project efforts in practice area

Architected, Designed and Integrated legacy applications for customers and deployed web, portal and Internet infrastructure solutions for customers including: Terabeam, Tenzing, Bazillion, AT&T Wireless

Built relationships with partners and vendors including:

Vitria, Crossworlds, Tibco, Microsoft (Biztalk, CMS, Sharepoint, Commerce Server)

 

Compuware/DPRC – Seattle, WA

September 1999 to June 2000

Principal Consultant, Lead Architect, E-Commerce Practice

 

Began working with DPRC providing services to SAFECO as the lead architect designing and developing their new E-Commerce initiatives across their lines of business (Digital Infrastructure/One Company View project) – their web enablement and legacy system to client server integration efforts.

Moved into the lead technical architect/principal consultant position at the Compuware E-Commerce Group when Compuware acquired DPRC.

Worked as project manager, program manager, and lead architect with companies like Priceline (Perfect Yard sale), Schwanns, EZ Systems, Celebsites and many others across the nation, to architect, design and build/deploy large scale, high end web infrastructures and applications as well as helping them set direction and select/implement technologies for their new, internet enabled business directions.

Worked in concert with sales force to do early pre-sales presentations and guidance, trained sales force on technology offerings, and helped delivery collateral to customers.

 

Reliant Energy/Houston Lighting and Power, Houston, TX

Jan. 1999 to Sept. 1999

Project Lead and Senior Analyst, Information Security Group

 

Lead architect/Domain Expert in information security department with project management and lead technical roles in energy grid and other related information security projects (infrastructure, app design, deployment, management, change control, documentation).

Deployed PKI/Identity systems, Firewalls, Intrusion Detection, Router Configurations, high availability security devices, high end data-center monitoring and design

Helped Architect high performance client server based transaction systems for gas trading

Responded to incidents, preserved evidence, documented, collaborated with authorities

Performed enterprise security audits

Performed computer security forensic analysis

Assisted with user training and awareness

Acted as project manager, business analyst, requirements engineer and lead design engineer for information security projects

 

American InterMaxx Inc. (ISP and Hosting) – McHenry, IL

1994-2004

Founder, Technical Lead

 

Participated with a group of like-minded individuals in the development of a large-scale Internet Service Provider servicing rural areas around Chicago.  

Initial Rollouts of consumer dial-up internet access (Terminal Servers, Network Infrastructure, Internet Connectivity, Web, News, FTP, Shell, Accounting, Billing, Automation systems) which later evolved through a DSL offering, a storefront retail outlet (computer sales) and finally a mid-size Motorola Canopy Metropolitan area Wireless Network infrastructure serving a number of communities throughout the McHenry area before acquisition and consolidation by a third party.

 

 

 

Bloodhounds International Inc. - Calgary, AB – 1983 to 1998

Founder and CEO, Security and Infrastructure Consulting

 

Founded and operated a technology consulting company that provided software development and infrastructure and information security services to Alberta, Oil & Gas, and Legal markets (till 1993) Designed and deployed large-scale infrastructure, enterprise applications for organizations like Conoco Canada and DuPont Canada, including systems (servers – NT, Netware), Email (Exchange). Performed proactive and reactive information security service (vulnerability testing, audit, process, policy, and training) through incident response services for Western Canadian companies. Assisted local law enforcement and law firms with information security and computer consulting services.

 

 

OTHER ACTIVITIES:

 

ISSMP and CISSP test content author/contributor (for ISC2)

Moderator, Pacific Northwest Future Salon

Board Membership (Futurist and Education), Lifeboat Foundation

Brainbench Test Author/Validator for Firewall Principles, Checkpoint Firewall Administration and Network Security Exams

Advisor, Memotrax (Pandora) (Past)

Board of Advisors, Glide Systems (Past)

Board of Advisors, Cogneto (Past)

Board of Directors, Galileo Educational Research Network, Calgary, AB

Board of Advisors, TwoJet Technologies (Past)

Returning Officer, High Tech Crime Investigation Association, Calgary, AB (1996-1997)

FEMA - All Hazards Incident Team Management (Current)

FEMA – Communications Unit Leader (OEC) (Current)

 

Other Certifications/Notes:

 

Brainbench – Masters (top 25 in nation) in: Information Technology Security Fundamentals, Internet Security, Network Security, Networking Concepts, Linux Administration, Internet Concepts.  Completed: TCP/IP Administration, Disaster Recovery and Planning

Test Author/Validator for:  Firewall Principles, Checkpoint and Network Security Exams

FEMA/ICS: All Hazards Incident Management, Communication Unit Leader (OEC-COML)