Debra Baker

Debra Baker, CISSP CCSP GRCP --https://www.linkedin.com/in/debrabakernc/ LEADERSHIP PROFILE My passion for people and cybersecurity has led me on a career journey that began as a network engineer and evolved into leading people and programs including the Director of Information Security (CISO) at RedSeal, a software development corporation. While at RedSeal, the company transitioned from a traditional product to a Cloud Security Posture Management (CSPM) Software-as-a-Service (SaaS) product. A little about me: I have over 30 years of experience in Information Security with expertise in Governance, Risk, and Compliance (GRC). I have more than a decade of innovation and collaboration, leading programs, and demystifying complex cybersecurity topics into easy-to-understand controls and business processes. WORK EXPERIENCE 12/2022-Present President, TrustedCISO ● ● ● ● ● ● ● Lead and build Security and Risk Management programs Lead and build SOC2 compliance programs Lead and build CMMC compliance programs Gap Analysis, advise, and author FedRAMP documentation for customers obtaining FedRAMP Author and maintain information security policies, standards, and guidelines Conduct Business Continuity / Disaster Recovery Table Tops. Develop, implement, and maintain 3rd Party Vendor Risk Management Program. 08/2021-08/2022 Director of Information Security (CISO), RedSeal, Inc ● ● ● ● ● ● ● ● ● ● ● ● ● Developed and managed the entire corporation's Compliance, Information Security, Risk Management, Governance, and policy programs. Built SOC2 Compliance Program that successfully achieved SOC2 for RedSeal’s Stratus, a CSPM SaaS cloud compliance product in AWS. Obtained SOC2 certification in 6 months of managing program. Drove technology and security control deployment efforts in hybrid and multi-cloud (AWS, Azure, GCP) environments including Zero-Trust. Analyzed information security threats, vulnerabilities, and current trends. Assess the impact on the organization’s risk posture. Cross-functional coordination with IT, executive, and board-level leadership; advise and drive an appropriate level of security across RedSeal. Facilitated, tracked, and implemented cyber awareness training for the entire organization. Developed, implemented, and tracked a strategic, comprehensive enterprise-wide Information Security and Information Technology (IT) Risk Management program to ensure Personally Identifiable Information (PII) and critical asset data is owned, controlled, and managed. Conducted Risk Assessment of RedSeal against NIST Cybersecurity Framework (CSF) driving senior management and board-level awareness to gain budgetary support to develop the program. Developed and maintained risk registers for information security. Drove risk treatment efforts and board-level understanding of risk posture for the business - FISMA and CUI. Authored and maintained information security policies, standards, and guidelines. Developed, implemented, and maintained 3rd Party Vendor Risk Management Program. 07/2019-08/2021 Senior Technical Program Manager, RedSeal, Inc ● ● ● ● ● ● ● ● ● ● Drove process improvement both internally and externally at customers in deploying RedSeal cybersecurity cyber resilience product into their on-premises, hybrid, and cloud networks. Managed enterprise accounts to ensure customers can meet their business outcomes by leveraging RedSeal’s Classic and Stratus products that model and calculate untrusted network and cloud access. Built Customer Success Plans based on customer-defined business outcomes and use cases. Drove cross-functional team alignment to deliver software enhancements to meet and exceed customer expectations. Managed customer health checks to ensure that customers are achieving their desired outcomes which have driven renewals and expansions with an ROI of 183,668%. Collaborated on technical issues with Support and Engineering to drive issue resolution, ensuring root cause analysis, and corrective action. Created Python Script and built master compliance mapping and database of RedSeal product functionality to compliance frameworks, standards and regulations including PCI/HIPAA/CIS/NIST CSF/NIST 800-53B/CMMC/ISO27001/NERC-CIP/OSFI/ITSG-33/FedRAMP/GDPR. Managed all Product Certifications such as FIPS-140 and Common Criteria as well as the SOC2 and FedRAMP certifications for RedSeal's Stratus. Saved RedSeal over $100,000, by authoring SOC2 documentation and conducting internal Gap Analysis. Created and led the Cyber Protection Team at RedSeal where we discuss the latest threats and how to defend using RedSeal: https://www.redseal.net/high-severity-security-flaw-with-cisco-asa-find-it-and-prioritize-patching-quickly/. Wrote Ransomware Protection Strategies whitepaper. 08/2018-07/2019 Principal Security Engineer, Entrust Datacard ● ● ● ● Conducted PKI Security Audits. Managed Certificate Asset Management and Identity Management system in large scale environment. Wrote Architecture, CP/CPS, and ISO 27001 documents for PKI and Identity Management systems. Presented on securing the blockchain at ISC2 in DC. 04/2012-08/2018 Regulatory Compliance Manager, Cisco Systems: Security and Trust Org ● ● ● ● ● ● ● ● ● Managed the following Cisco product lines: Nexus, ESR, ISR, ASR, ESA/WSA to ensure they were Common Criteria (ISO 15408) certified. Determined and assessed the latest ISO and NIST compliance requirements and explained to developers how to update their products to meet requirements. Created GAP analysis smart form to streamline process from 8 hours of meetings to 1 hour. Engaged developers on latest cryptographic requirements to integrate into applications. Analyzed security controls, policies, and processes from development to product delivery. Wrote the test plans, procedures, and documentation for the Common Criteria evaluation. Reviewed developer test logs to confirm the product security functionality was successfully incorporated. Conducted sample tests of product functionality in the lab. Simplified and lowered the required documentation based on new collaborative Protection Profile methodology thus streamlining the CC process. 01/2010-04/2012 Principal Security Engineer, Corsec, Inc ● ● ● ● Interfaced with clients such as VMware, NetApp, Kaseya, Alcatel-Lucent, and Symantec. Analyzed complex compliance requirements and interpreted into product features for developers. Identified security compliance GAPs and recommended software code updates & development processes and procedures to accomplish government standards (ISO 15408). Drafted the Common Criteria documentation required for certification of IT Security products, including Security Targets, Functional Specification, Lifecycle, User Guidance, and Architecture Documentation. CAREER ACHIEVEMENTS ● ● ● ● Founded & Board member Johns Hopkins Cryptographic Knowledge Base which was a collaboration between Cisco and John Hopkins. Co-founded a non-profit known as the League of Women in Cybersecurity to provide training to women in cybersecurity. Developed Executive Dashboard that became reports in the RedSeal Classic product as Health Check and Executive Reports. Developed a GAP smart form questionnaire while at Cisco that transformed 8-hours of meetings into a one-hour follow-up meeting. AWARDS ● ● Featured in the book Women Know Cyber 100 Fascinating Females Fighting Cybercrime Executive Leadership training Alumni (JUMP) program at Cisco ● ● ● ● ISC2 Certified Information Systems Security Professional (CISSP) # 117705 ISC2 Certified Cloud Security Professional (CCSP) # 117705 OCEG GRC Professional Certification (GRCP) Cisco Secure Development Lifecycle (CSDL) Ninja Black Belt CERTIFICATIONS OTHER WORK EXPERIENCE ● ● ● ● - Senior Common Criteria Evaluator & Program Manager, Entrust Technologies PKI Security Engineer & Team Lead, Entrust Technologies Network Management Integrator and DNS Team Lead, IBM Global Services Communications Specialist, United States Air Force, Top Secret Clearance MEMBERSHIP ● ● ISC2, International Information System Security Certification Consortium ISSA, Information Systems Security Association Board Member (Previous) ● ● B.B.A., Majored in Finance, University of Houston, Cum Laude Graduate Certification Program, MIT Sloan School of Management, Executive Education, Cybersecurity for Managers: A Playbook, 2021 ACADEMIC CREDENTIALS