Resume

Carmelo Walsh

Cybersecurity Executive

Professional Summary

With 30+ years in Information Security, I excel in developing and advancing security programs. My expertise spans Business Information Security, GRC, Security Operations, Incident Response, and more. A seasoned leader, I navigate complex challenges with precision in cost analysis, project funding, and team direction. Certified in CISSP, CCSP, CISM, CRISC, CDPSE, FAIR, ITIL v3, with proficiency and certification in AttackIQ Mitre ATT&CK and Purple Team Foundations. Hold a bachelor’s in information technology. Committed to excellence, continuous learning, and securing digital landscapes.

Experience

Magellan Health, a Subsidiary of Centene Health
Vice President, Information Security: Cyber Defense
August 2021 – Present

Strategic Cybersecurity Leader with a proven track record in enhancing organizational resilience. Accountable for Cyber Threat Intelligence, Detection Engineering, Cybersecurity Incident Response, Security Data Analytics, Vulnerability Governance, Application Security, and Remediation & Mitigation.

Key Achievements:

Leadership Achievements:

  • Established a dynamic Threat Intelligence Program, fortifying proactive threat identification.
  • Optimized the Detection Engineering Team, enhancing the organization’s ability to swiftly respond to evolving threats.
  • Tripled the size of the Incident Response Team, bolstering incident handling capabilities.

Performance Metrics:

  • Attained a >95% True Positive Rate on SIEM Alerts, streamlining threat detection.
  • Maintained a >99% adherence to SLAs, ensuring operational excellence.

Operational Excellence:

  • Strategically reconfigured the SIEM environment, aligning it with enterprise data retention policies.
  • Implemented engaging team-building activities, fostering a collaborative work environment, and accelerating problem-solving capabilities.

Strategic Hiring and Team Building:

  • Recruited a Security Data Analyst, elevating vulnerability data analysis capabilities.
  • Expanded staffing for the Vulnerability Governance Team, collaboratively addressing aging vulnerabilities.

Financial Impact:

  • Contributed to annual savings of over a quarter million dollars through strategic changes in the Application Security Program.
  • Achieved a significant annual cost saving of $300,000 in SIEM licensing through reconfiguration.

Strategic Vision:

  • Envision a proactive and adaptive cybersecurity approach, aligning security measures with overarching business objectives.

Communication Skills:

  • Demonstrated ability to communicate complex security concepts effectively to diverse stakeholders.

Magellan Health, a Subsidiary of Centene Health
Director, Business Information Security Officer
August 2020 – August 2021

As the former BISO leader for our organization, I orchestrated a range of critical information security initiatives and consistently delivered results that exceeded our customers’ expectations. Through my innovative approach, I successfully demonstrated the effectiveness of our controls by presenting compelling metrics to our customers, ensuring that we met our contractual obligations.

Key Achievements:

Leadership and Strategic Initiatives:

  • Orchestrated critical information security initiatives as the former BISO leader, consistently exceeding customer expectations.
  • Demonstrated the effectiveness of controls through innovative approaches, presenting compelling metrics to showcase adherence to contractual obligations.

Business Relationship Development:

  • Drove business relationship capabilities, fostering customer value through information security.
  • Collaborated closely with teams to ensure alignment with customer needs and exceeded expectations.

Performance Oversight:

  • Oversaw the delivery of information security programs related to customer-facing services.
  • Implemented processes for effective account management, ensuring swift and efficient responses to customer needs.

Leadership Collaboration:

  • Contributed as a key member of the leadership team, regularly raising awareness of information security operational effectiveness.
  • Collaborated with teams on Corrective Action Plans (CAPs) and Plans of Action and Milestones (POAMs), providing regular status updates to enhance service delivery.

CSAA Insurance, a AAA Insurer
Governance, Risk, and Compliance: Risk Manager
August 2013 – August 2020

For 7 years, I’ve influenced the development of a robust Governance, Risk, and Compliance (GRC) program, seamlessly harmonizing a Common Controls Framework that integrates ISO 27001, PCI-DSS, and Department of Insurance controls. As the leader of our Archer development team, I orchestrated the alignment of Archer with the established framework, ensuring precision and efficiency.

Key Achievements:

Framework Development and Alignment:

  • Collaboratively built a GRC program, aligning controls from ISO 27001, PCI-DSS, and the Department of Insurance into a cohesive framework.
  • Directed the Archer development team to configure the Archer platform to mirror the established framework.

Risk Management Expertise:

  • Employed risk frameworks such as RMF and FAIR to craft intuitive mathematical formulas.
  • Engineered a semi-quantitative risk calculation integrated into Archer, enhancing risk assessment accuracy.

Third-Party Risk Assessment Program:

  • Played a pivotal role in creating a robust third-party risk assessment program.

Compliance Leadership:

  • Led compliance efforts and collaborated seamlessly with external auditors, ensuring successful completion of audits.

Security Awareness and Phishing Program Management:

  • Significantly influenced the security awareness program, contributing to enhanced organizational cybersecurity posture.
  • Managed the phishing program, proactively addressing evolving threats and bolstering organizational resilience.

Wells Fargo, TekSystems
Technical Risk Analyst IV: Contractor
June 2012 – July 2013

Risk Identification and Assessment:

  • Proven track record in identifying, assessing, and evaluating system and organizational risks through comprehensive risk assessments, vulnerability assessments, and business impact analyses.

Strategic Risk Management Consulting:

  • Consulted with senior management and stakeholders on effective risk management strategies, ensuring compliance with legal and regulatory requirements.

Performance Monitoring and Improvement:

  • Monitored and reported on the effectiveness of risk management activities, providing recommendations for improvements when necessary.

Cross-Functional Collaboration:

  • Collaborated with cross-functional teams to develop and implement risk management policies and procedures, resulting in successful risk mitigation and reduced exposure.

Continuous Learning and Adaptation:

  • Kept abreast of industry trends and emerging risks, providing recommendations for evolving risk management strategies and tactics accordingly.

Effective Communication:

Communicated clear and concise risk management advice to stakeholders, including senior management, facilitating informed decision-making.

Arizona Department of Education: Business & Decision
Information Security Officer: Contractor
January 2010 – May 2012

Information Security Policy Development:

  • Proven expertise in developing and implementing effective information security policies, procedures, and standards.

Comprehensive Risk Management:

  • Conducted thorough risk assessments and implemented robust security controls to safeguard against potential threats.

Incident Response and Disaster Recovery Planning:

  • Managed incident response and disaster recovery planning, ensuring organizations can respond effectively to security incidents and minimize disruptions.

Compliance Leadership:

  • Maintained a strong focus on ensuring compliance with laws, regulations, and industry standards, including HIPAA and GLBA.

Security Monitoring and Reporting:

  • Monitored and reported security threats and vulnerabilities to senior management, providing crucial insights for informed decision-making.

Security Awareness and Training Programs:

  • Led security awareness and training programs to ensure all employees are well-informed and trained on information security best practices.

Incident Investigations and Audits:

  • Managed security incident investigations and audits, identifying root causes and implementing corrective actions to prevent future occurrences.

Technology and Tool Management:

  • Adept in managing security-related technology and tools, ensuring regular reviews and updates to maintain the highest levels of security.

Corbins Electric
Director of Information Technology
November 2008 – January 2010

Strategic IT Leadership:

  • Directed the Information Technology department for Corbins Electric, reporting directly to the CFO.
    • Managed all enterprise systems and homegrown solutions, overseeing a small staff.

Stabilization of IT Operations:

  • Successfully stabilized IT operations with a limited budget, ensuring the reliability and efficiency of technology infrastructure.

Headquarters Migration Leadership:

  • Led the seamless migration of the company headquarters to a new building, involving new cabling and no downtime.
    • Coordinated the entire process, ensuring minimal disruption and optimal functionality in the new location.

Comprehensive Support Management:

  • Managed comprehensive support for remote workers, office workers, mobile construction sites, CAD development, billing, and human resources.

Physical Security Systems Oversight:

  • Additional responsibility for overseeing and maintaining physical security systems for the organization.

Operational Efficiency Enhancement:

  • Implemented strategies to enhance operational efficiency and streamline IT processes within a dynamic and challenging environment.

Budget Management:

  • Effectively managed IT operations within budgetary constraints, optimizing resources for maximum impact.

Cross-Functional Collaboration:

  • Collaborated with various teams and departments to ensure IT solutions aligned with business objectives and supported diverse operational needs.

Result-Driven Problem Solving:

  • Demonstrated problem-solving skills by addressing challenges and ensuring continuous IT support during critical business transitions.

Scottsdale Insurance Company: A Nationwide Insurance Company
Senior Information Security Analyst
December 2004 – November 2008

  • Established expertise as a Novell NetWare specialist, contributing valuable insights to optimize system functionality.
  • Led the configuration and rule-setting for an identity provisioning system, leveraging LDAP calls to enhance identity management processes.
  • Conducted thorough risk assessments, bolstering the overall security posture of Scottsdale Insurance Company.

Arizona Department of Health Services
Information Security Manager
July 2002 – December 2004

  • Spearheaded institutionalization of HIPAA security controls, ensuring compliance across the department.
  • Played a pivotal role in the Data Security and Privacy Working Group, driving uniformity in encryption practices across departments for data at rest and in motion.
  • Led the implementation of email encryption measures.
  • Orchestrated the upgrade and redesign of Novell NetWare, optimizing the network access.

Alltel Communications
Senior Technical Analyst
October 2000 – July 2002

  • Successfully upgraded and redesigned directory services, significantly enhancing network infrastructure.
  • Served as Server Admin, File Server Admin, Exchange Admin, and Desktop Tier III support, showcasing comprehensive technical proficiency.
  • Conducted Cisco Routing, Switching, and Firewall administration to fortify network security against cyber threats.
  • Oversaw seamless migration of data centers with minimal downtime, ensuring uninterrupted business operations.
  • Established desktop deployment standards, ensuring consistent and secure device deployment for streamlined operations.

First Horizon National Corporation
Regional Information Technology Coordinator
April 1999 – October 2000

  • Provided exceptional Tier III support, ensuring seamless and efficient IT operations.
  • Coordinated office moves, additions, and changes with IT teams, contributing to smooth transitions for employees.
  • Responsible for delivering reliable directory services support, maintaining optimal system performance.

Arizona Department of Corrections
Network Specialist
July 1996 – April 1999

  • Promoted to Network Specialist at Arizona State Prison Complex Yuma within 8 months of joining as a Corrections Officer.
  • Contributed to the successful transition of the organization’s workstations from stand-alone to peer-to-peer workgroup systems, using a range of technologies including thicknet, thinnet, cat-5, and Novell Netware client-server environments.
  • Played an integral role in a large-scale project to prepare for Y2K, ensuring that all systems were ready to handle the date change.
  • Managed Windows 3.1, Windows for Workgroup, and Windows 95 workstations with Novell client software.
  • Designed and built peer-to-peer networks utilizing various technologies such as hubs, switches, concentrators, and repeaters.
  • Maintained a Meridian phone switch and oversaw basic management of AS400 iSeries.
  • Established and set up telemedicine networks and systems to support remote medical consultations.

United States Marine Corps
Corporal (Non-Commissioned Officer): Aviation Ordnance Technician
March 1992 – March 1996

  • Non-commissioned officer in charge of the night crew, performed weapons and defense systems testing, preloaded aircraft with weapons to prep/expedite morning missions.
  • Led the team to perform appropriate aircraft weapons systems maintenance and coordinated work with flight control.

Additional Duties:

  • Technical Publications Compliance
  • Nuclear, Biological, Chemical Decontamination Warfare
  • Emergency Reclamation

Education and Certification

Certified Novell Engineer (CNE) – Novell – January 1998 – Expired

Bachelor of Science, Information Technology – University of Phoenix – From 2001 – 2003

Cisco Certified Network Associate (CCNA) January 2000 – Expired

ITIL v3 Foundation (ITIL) – Acquiros – October 2011

Certified Information Systems Security Professional (CISSP) – International Information System Security Certification Consortium – February 2014

Certified Payment Card Industry Security Auditor (CPISA) – PCI Security Standards Council – November 2014 – Expired

Certified Payment Card Industry Professional (PCI/P) – PCI Security Standards Council – December 2014 – Expired

Certified Cloud Security Professional (CCSP) – International Information System Security Certification Consortium – September 2019

Certified In Risk and Information Systems Control (CRISC) – Information Systems Audit and Control Association – October 2019

Certified Information Security Manager (CISM) – Information Systems Audit and Control Association – November 2019

Open FAIR Certification Program (OpenFAIR) – The Open Group – March 2020

Amazon Web Services Certified Cloud Practitioner – Amazon Web Services – April 2020 – Expired

Certified Data Privacy Solutions Engineer (CDPSE) – Information Systems Audit and Control Association – May 2020

Foundations of Operationalizing MITRE ATT&CK – AttackIQ – September 2021

Foundations of Purple Teaming – AttackIQ – October 2021