About Ed Ferrara
Ed Ferrara, CISSP, MSIA
Ed Ferrara created 436 Research to assist small to medium size businesses in achieving a practical level of cybersecurity that meets the need of the organization.
Career Synopsis and Selected Accomplishments
Information Technology and Cybersecurity Leadership
- A proven information IT executive with over 20 years of security IT management experience. Specific experience developing and implementing security strategy, management frameworks, and technology for in-house and managed security services.
- A clear-sighted C-Level Executive and security professional who responds quickly to strategic risks and tactical issues, Understands the importance of compliance across multiple industries, including healthcare and financial services. Develops clear action plans incorporating process improvement, technology, and people to close critical technology gaps and ensure business value creation.
- Builds collaborative and matrix-structured teams to solve complex processes and technical problems using a services-based approach. Focuses on customer service using active listening and creative thinking to create and deliver cost-effective security solutions to meet business partner needs. Ensures tight financial management for $100M+ plus capital and operational budgets; communicates with outstanding written and verbal communication skills to synthesize and communicate the value provided by best-in-class technology solutions, creating business value.
- Effectively manage operational, capital, and operating budgets (OPEX: $15M, CAPEX:125M), all within +/- 5% of plan.
Governance, Compliance, Security & Risk,
- Developed a comprehensive security and infrastructure strategy to start a more secure business, focusing on cloud and hybrid network, server, and endpoint security.
- Designed and implemented a cybersecurity and compliance organization from the ground up. (This strategy focuses on four core security competencies – compute, network, data, application, and identity & access management.) Designed and implemented a robust information security management system (ISMS) using ISO 27001/2
Developed the strategy and led a team of security architects and engineers to:
- Implement a multi-zone network to harden the global network using segmentation gateways and zero-trust networking as a design approach. The project will provide a new design that includes a complete redesign of the network, implementation of next-generation firewall technology (IDS/IPS), network access control, and micro-segmentation in the enterprise core.
The new network system provides the ability to control application and system access at the network layer. Create a modern and secure global manufacturing infrastructure using an old village, new village model for network, computing, and storage capabilities
Create global identity management to address single-sign-on, system account provisioning, de-provisioning, and role changes. The new solution will replace a manual identity and access management process with an automated process, cutting identify provisioning from weeks to hours – saving $1.8M in administrative costs annually, streamlining account provisioning and de-provisioning, and ensuring better security and compliance.
Enterprise Resource Planning for Compliance (ERP)
Led the implementation of a multi-year SAP system focused on regulatory compliance for environmental, health, and safety (The project goal was to meet product and material compliance regulations for a large Fortune 50 chemical company to ensure the right to market products in Europe.
The solution provided ongoing compliance with product-related laws with support for legal, safety, and sustainability obligations along the company’s supply chain.)
Communications and Thought Leadership
- Established a successful personal brand at Forrester Research – rated as a “Top 20 Industry Analyst.”
- Awarded a US patent for innovative software engineering/enterprise architecture process for software requirements engineering using Unified Modeling Language (UML) and Business process Executional Language (BPEL)
- Led a staff of 12 engineers to develop an innovative new way to address software engineering.
- Techniques based on the IBM Rational Unified Process changed the software development lifecycle (SDLC) for over 1000 software engineers working in North America, Europe, India, and Australia. The project included methodology, software engineering tools, a knowledge management portal, and training programs.