Strategic Leadership | Secure Enterprise IT Busines Operations | Project Management
Mantra: “Speed to Business Results!”
Core Values: Service, Leadership, Excellence, and Growth
My happy place is at the intersection of Leadership, Technology, and Business.
Accomplished senior-level cybersecurity and technology risk executive with an outstanding record of successfully establishing globally recognized technology risk management program, cybersecurity programs, setting the vision, strategy and driving the strategy and governance framework, establishing effective policies and standards, and managing the cybersecurity risk and compliance functions within Higher Education, State and Federal Governments, Department of Defense, and Technology Industries.
Recognized within the information security community for knowledge, vision, leadership, and the collaborative nature of effectively approaching a constantly evolving and complex area of information security and risk management. Proven ability to establish positive internal and external C-level and boardroom relationships to effect significant change, drive a cybersecurity risk management strategy forward while enabling organization growth.
DoD TS/SCI Clearance, MBA, MSM, C|CISO, PCI DSS QSA, PCIP, PMP®, CISSP®-ISSMP®, CEH, MCT, MCSE:SECURITY, Security+, VCP, MCSA, MCDBA.
– Present, San Francisco, CA
Directly is an emerging leader in Customer Experience Automation (CXA), helping companies deliver better customer service at scale while creating economic opportunity for people in the Artificial Intelligence (AI) era.
Companies like Microsoft, Airbnb, and Samsung use the platform to put their expert users at the heart of their AI, resolving more customer questions at 60-80% less cost. Expert users identify gaps in self-service content and are paid to: create support content that’s delivered to customers automatically, teach AI algorithms to continuously improve, and resolve customer questions.
– Present, San Jose, CA
FY19 COMNAVIFORES Region SW Junior Officer of the Year (JOY) Award
• U.S. Navy Veteran (O-5) with 16 years of honorable service, USNR.
• Selected to promoted to CDR, USN, June 2020
• Provide advice, guidance, and expertise in information, command and control, and space systems through the planning, acquisition, operation, maintenance and security of Naval networks and the systems that support Navy operational and business processes.
• Foster development of the skills needed to conduct Network-Centric operations, both afloat and ashore, to maintain superior maritime operations in the information age.
• Maintain technical proficiency across the cyber domain.
• Help lead the Navy’s network warfare missions, developing tactics, techniques, and procedures to realize tactical, strategic, and business advantages afloat and ashore.
• Principal advisor to the chain of command on INFOSEC and technology related matters.
• XO of a 40 Information Warriors Unit supporting COMPACFLT, NR CPF INTEL 0419, Alameda, CA, OCT 2019-Present
• Qualified CPF HQ N833 Navy Communication Systems (CS) Coordination Center (NCCC) Watch Officer. Nov18
• DAU IT Level 3 Certification, AQD. Nov18
• DAU IT Level 2 Certification, AQD. Nov18
• Navy Reserve Augment Unit CO/OIC Eligible, AQD. Oct18
• Qualified Computer Network Defense Operations (CNO) Technical Integration Officer-Defensive Cyberspace Operations, AQD. Oct18
• N1/N6 Department Head, NR CPF INTEL 0419, Alameda, CA, Jul18-Sep19
• Operational Level of Warfare (OLW) Community of Interest (COI) Department Head (DH) for Plans (Doctrine), APR17-Present.
• Program Manager (PM/CO-equivalent), SPAWAR Reserve Program (SRP) Defensive Cyber Operations (DCO) & Collegiate Cyber Defense Competition (CCDC), OCT16-OCT17
• Deputy PM (DPM/XO-equivalent), SRP DCO & CCDC, OCT15-SEP16
• Associate PM Operations (APM OPS/N3-equivalent), SRP DCO & CCDC, OCT14-SEP15
• Manage a total budget of $501,559.26
• Lead 58 Information Warfighter Sailors who provided 6,355 Direct Operational Support (DOS) total overall hours to help monitor and report fleet cyber security readiness; train and assist the Fleet Cyber Security Workforce onboard 59 Naval ships, and develop emergent cyber security capabilities.
• Lead 51 Sailors who provided 876 DOS total overall hours to help the National CCDC organization monitor the controlled competitive environment used to assess the depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems of college students from more than 230 colleges and universities across the country.
• N1/N6/N7 Department Head, NR SPAWAR 220. MAR14-OCT17
• Qualified Cyber Systems & Operations SME, SSP. Sep16
• DAU IT Level 1 Certification, AQD. Aug16
• Qualified Project Manager, AQD. Aug16
• Qualified Digital Computer System Programmer, NOBC. Aug16
• Qualified Data Base Management Officer, NOBC. Aug16
• Qualified Resource Management and Analysis SME, SSP. May16
• Deputy Program Manager (DPM), SRP CND/CCDC, Nov15-Oct16
• Qualified Engineering Liaison Officer, NOBC. Oct 2015
• Assistant Program Manager (APM) for Operations (OPS), SRP CND/CCDC, Jul15-Oct15
• Qualified Resource Management and Analysis SME, SSP. May16
• NST, NSTv, CONVAL, CND & CCDC Evolution Team Lead (ETL), SPAWAR Reserve Program, San Diego, CA, May 2014-Oct2015
• Training Department Head, NR SPAWAR 220, NOSC San Jose, San Jose, CA, Apr 2014-Present
• Qualified Information Professional Officer (Intermediate), AQD. Apr 2013
• Qualified Joint Specialty-JPME Phase I, AQD. Mar13
• Qualified Knowledge Management Officer, AQD. July 2011.
• Qualified Information Warfare Officer, AQD. Oct 2010
• Training Department Head, COMPHIBRON FOUR, NOSC Bessemer, Bessemer, AL, Jun 2009-Oct 2010
• Qualified Information Assurance Officer, AQD. Aug 2009
• Expeditionary Strike Group 7 Deputy Knowledge Manager, Talisman Saber 2009, USS Essex, Australia. Jul 2009
• Qualified Information Systems Officer, U.S. Navy, NOBC. Mar 2009
• Qualified Information Professional Officer (Basic), AQD. Dec 2008
Leading the professional services team, providing guidance and hands-on leadership to deliver quality engagements across a variety of industries. Services include:
• Technical testing (vulnerability scans, penetration testing, red team exercises, etc.)
• Security program creation and remediation (policies, processes, technical architectures and security controls)
• Security compliance and governance analyses against standards: ISO27001, PCI DSS, CIS Controls, SOC 2, HIPAA
• PCI DSS Attestations
– April 2017, Palo Alto, CA
• Provide technical security expertise and leadership across a broad range of environments and technologies.
• Responsible for the oversight, and ongoing management of the information security programs and technical systems required to maintain the confidentiality, integrity, and availability of data within Groupon’s systems.
• Implement new security technologies as required to support a dynamic business environment.
• Work closely with the senior leadership teams in a collaborative environment to improve the current security framework and education of employees.
• Assist in the maintenance and development of security policies and procedures.
• Provide technical security support to IT, Engineering, and business units.
• Contribute to the development of the Global Security Engineering organization’s policies and processes.
• Help build the security team and provide people management and knowledge sharing.
• Communicate effectively to executive management.
– June 2016, Palo Alto, CA
• Implement, administer and use Pivotal’s information security systems, policies, and procedures.
• Develop and implement standard policies and procedures.
• Review and analyze logs and reports from Firm information systems such as IDS/IPS, Firewalls, Servers, Workstations, etc.
• Architect, design, implement, support, and evaluate security-focused tools and services.
• Conduct audits of the Firm’s information systems and policies with various third parties and clients.
• Perform investigations of security events, provide analysis results and develop and implement remediation plans.
• Respond to security incidents, including virus outbreak, malware detection and other security related incidents.
• Develop and deliver materials and perform security awareness training.
• Evaluate and recommend new and emerging security products and technologies.
– Monterey, CA
• DoD Contractor for the newly established DCSIT Organization (formerly CTO Organization) at the Defense Language Institute Foreign Language Center (DLIFLC), Presidio of Monterey, CA.
• Develop, implement and oversee a comprehensive enterprise-wide security program to ensure that appropriate policies, standards, and procedures designed to protect the security of information are documented and followed across the enterprise.
• Plan, design, analyze, test, integrate, and manage new and existing Information Technology systems and networks.
• Participate in the development of a comprehensive Business Continuity Plan.
• Provide IT security vision and leadership.
• Responsible for bridging the gap between business processes, policy directives, and technical security measures.
• Establish and modify strategic information technology plans and policies in response to new legislation, regulations, directives, or other guidance affecting Information Assurance Program.
• Advise senior management and the chain of command about risks, changes in the technical, legal and regulatory arenas affecting information security and computer crime.
• Draft departmental budgets and participate in the development of organizational strategic plans.
• Serve as the Information Technology System Security Manager and supervise the work of the Cybersecurity team.
– Tuscaloosa, Alabama Area
• Assist the Navy Recruiting Command in diversity officer recruiting.
• Help increase the diversity community awareness of the opportunities and upward mobility available to all persons in the Navy.
• Help increase Navy diversity officer accessions.
• Inform Officer Recruiters about campus politics, protocol, and student issues to help increase their effectiveness on campus.
• The source of continuity for the Navy Recruiting District Atlanta on the University campus.
• Identified 13 qualified Naval Officer prospects.
– Tuscaloosa, Alabama Area
• Perform advanced IT activities for specialized, complex and functional areas requiring the expert knowledge and professional application of IT principles, practices and techniques in accordance with industry standards and university policy.
• Develop, implement and oversee a comprehensive campus-wide network security and vulnerability management program to ensure that appropriate security technology, tools, processes, procedures, reporting, and remediation are put into place and maintained to protect the University’s computing assets.
• Help develop, implement, and revise University security policies.
• Lead projects and cross-functional activities to review security and ensures compliance with University security policy including industry and governmental compliance.
• Responsible for training and assisting lower level IT personnel and other staff.
• Research and evaluate regulations, risk and threats, and initiate changes in University security technology and processes and policy.
- Operating systems/Environments — Windows, Suse, RHL, CentOS, OS X, macOS High Sierra, iOS
- Middleware Technologies — AWS, VMware vSphere, ESX, Microsoft Hyper-V, Microsoft Azure, Google Cloud Platform
- Directory/Access Management System Technologies — Microsoft Active Directory (AD), LDAP, multi-factor authentication (SMART cards, tokens, fingerprints…), BANNER, PeopleSoft, homegrown/proprietary systems
- Applications — Adallom, Google Drive for Business, Symantec, McAfee, Sophos AntiVirus, Symantec Risk Automation Suite, Gideon SecureFusion, eEye Digital Security, LanDesk, Nessus, DISA Gold Disk, Tipping Point, Tripwire, Snort, Microsoft Internet Security and Acceleration Server, SCAP Compliance Checker, SPAWAR Remediation Tool, enSilo, Carbon Black, Casper, ManageEngine, WSUS, Microsoft Office, Visio, Project, SharePoint, ProtectWise
- UTM — McAfee ePO, HBSS, DLP, Check Point, Fortinet, Palo Alto Networks
- Networks — Windows networks from NT to 2012, Cisco switches/routers configuration, Safeconnect Network Access Control
- Security/Compliance Standards — AICPA SOC 2, CIS, PCI DSS, HIPAA, HITRUST, ISO27000, DIACAP, DoD RMF, FISMA, NIST, FIPS
- Vulnerability Scanners — Outpost24, Rapid7, Veracode, Tenable Security Center/ACAS, eEye Retina/SCCVI, NetSparker, Acunetix
- Other — Information Assurance, Security Architecture, Computer Network Defense, Information System Security, Identity Access Management, Data Loss Prevention, Risk & Vulnerability Management, Disaster Recovery Planning, Compliance & Assessment, Application & Network Security, Technical Training/Writing, Database Management, Project Management, Team Building/Staff Leadership & Development
To the best of my abilities, I will pursue integrity and excellence in every area of my life. I will learn from all of my mistakes and critics. I intend to be better tomorrow than I am today. Tomorrow, I will be a better person, husband, father, leader, colleague, employee, member of my community, and student. I will strive to be closer to my goals with each passing day. I will daily improve my skills and commit my life to continual learning.
I will always welcome change and learn to be flexible. I will not blame the government or other people for my current and temporary status in life. I will assume full responsibility for all of my actions. I welcome challenges in my life because they are the hidden opportunities that will force me to grow to the next level.
I have received favor and help from so many I will never repay in my life’s journey. However, I will return the favor by helping someone else in need. I will mentor anyone ready and willing to learn from my experience and help impart the wisdom that can only be received by learning from one’s mistakes or through mentorship. I will continue to seek out uncommon mentors who will inspire and encourage me to reach my full potential, be all I was meant to be.
I am committed and determined to be an asset and not a liability because I am dependable, reliable, and accountable for results; I am consistently increasing my value to the market. I say what I do, and I do what I say…ALWAYS! I am a man of execution; I get things done, period. I create a path and direction focused on business results; I am a problem solver. I relentlessly set and deliver on my highest priorities.
I empower people around me, delegate authority wisely, drive individual accountability, grow my people, develop leaders, and ultimately lead to better decisions.
My mantra: “Speed to Business Results!” My core values: “Service, Leadership, Excellence, Honor, and Growth.” My happy place is at the intersection of Leadership, Technology, and Business. My superpower is my unshakeable determination to succeed. My passion is leadership and cybersecurity.
My purpose is to help end suffering in cyberspace and inspire people to reach their highest potential. I help make living, working, and raising a family in cyberspace safer and more secure by minimizing exposure to confidential and privileged data and the impact of the next security breach. I inspire people around me through writing, speaking, training, and other meaningful engagements to help grow leaders who will impact their respective communities and make our world a better place.
I will get along and be as professional with everyone who crosses my path to personal and professional development. I will not procrastinate; I will start my journey TODAY!
Bob Fabien Zinga Proudly Supported these Employers, Clients, and More