Rob Hornbuckle

Rob Hornbuckle CISO, Speaker, Board Advisor / Member, VP information Security, Cybersecurity, Cyber, DDN QTE Greensboro, North Carolina, United States Summary A results-oriented Technology Leader experienced in building inclusive, cross-functional, remote, results-oriented and global teams/systems. Expertise includes IT and Product Strategic Goals/ Plan, Technical Vision, Corporate Governance Mapping, Leadership and Coaching, Cloud Computing and more. Seeking a technology leadership opportunity in a fast-paced environment that can benefit from passion, innovation, strategic vision, creative ideas, and original thought. Clifton Strengths: STRATEGIC–FUTURISTIC–IDEATION– COMPETITION–ANALYTICAL-INDIVIDUALIZATION–ACHIEVER– LEARNER–MAXIMIZER Education: Masters of Business Administration Temple University Master of Science in Information Security East Carolina University Certifications: Certified Information Systems Security Professional (CISSP) Certified Information Systems Security Management Professional (ISSMP) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Experience Allegiant 3 years 6 months CISO / Chief Information Security Officer January 2020 – Present (3 years 6 months) Las Vegas, Nevada, United States Distributed Teams: Designed remote distributed team environment, focused on collaboration and driving deliverables to accepted timelines. Embedded a security champion on each persistent team, created systems to train and reward security champions, aligning performance review metrics with hygienic security practices. Implemented coaching techniques to promote engagement and assist with team building. Best in Class Application Security Program: Formed a scalable world class application security program based on agile, allowing business to double persistent teams to meet projected expansion plans. Increased release rate from 30 releases a year to 250 releases a year over 22 persistent teams, without any known security vulnerabilities. Managing Leaders: Worked in a supportive way to help management teams drive objectives and employee growth, tailoring strategies to the needs of the individual person and the goals of the organization. Utilize a servant leadership mindset to manage daily operations, service delivery, and up-times. Technology Evangelism: Recognized as CISOs Connect Top 100 CISOs of 2020 and 2021. Spoke in multiple conferences on leading edge technologies, talent vacancy and retention within industry, active and practical approaches to management, and the importance of emotional intelligence among leadership. Continued – CISO / Chief Information Security Officer January 2020 – Present (3 years 6 months) Las Vegas, Nevada Area Strategic Technical Vision Realignment: Evaluated, designed, and executed a realigned information security short-term and long-term risk-based strategy focused on business enablement and culminating in a zero-trust architecture, updating board quarterly and CEO monthly. Led reputation overhaul of department, formed effective business relationships, and developed interdepartmental trust. Crisis Leadership: Led information security, compliance, risk, privacy, and security operations programs including firewalls, identity and access management, and DevSec during COVID crisis. Managed risk mitigations during transition to work from home and met all business objectives despite constrained resources. Helped position Allegiant as the first cash flow positive airline post-crisis. Departmental Development: Expanded security and compliance program from 16 team members into a cohesive 35-member team; incorporated AI and process efficiency to triple department productivity. Resource Allocation: Managed initial 13 MM total budget, grown to 22 MM. Leveraged personal network to discover best in class customer identity technology, reducing project costs by 53%, and laid groundwork for next generation application features to drive differentiation while meeting regulatory compliance. Information Security / Regulatory: Developed a view of IT risks within the broader context of the enterprise risk management framework. Collaborated with the Chief Legal Officer to build a full corporate risk program. Implemented enterprise cybersecurity strategies for corporate IT asset protection, operational, and governance programs to comply with applicable laws, including emerging privacy laws. JN Managed Services Inc. Member Board Of Directors February 2021 – Present (2 years 5 months) AttackIQ Member Of The Board Of Advisors October 2020 – Present (2 years 9 months) United States CionSystems Inc Member Of The Board Of Advisors September 2019 – August 2022 (3 years) United States UTC Aerospace Systems 2 years 4 months Interim CISO / Chief Information Security Officer September 2017 – December 2019 (2 years 4 months) Charlotte, North Carolina Area IT and Product Strategic Planning: Evaluated, designed, and executed IT short-term and long-term strategy. Developed innovative problem-solving approaches using secure SDLC concepts and OWASP. Implemented security testing and product improvements for product development and implementation. Increased quality and drove down DevOps timeline to least viable product by aligning technology and business strategies to ensure effective, secure, reliable, and efficient delivery of technology development and product security. Technical Vision: Led brainstorming sessions to incorporate emerging technology trends and original ideas, create new solutions, discover business opportunities, improve current products, and assist with research initiatives within the ERP, CRM, infrastructure, data breach response, SSO, SAML, RBAC, and security program systems. Corporate Governance Mapping: Organized analysis of all applicable laws and directives affecting business units and then mapped the applicable policies and standards, including firewalls, intrusion detection/prevention systems (IDS/IPS), vulnerability management/scanning (Nessus, Qualys, Rapid7), Web Application Firewalls (WAF), wireless LAN, NAC, Data Loss Prevention (DLP), DDoS Mitigation, WAN security, SIEM (SEIM, Splunk), content filtering, cloud security gateways, secure proxies, IAM, malware protection and crypto solutions, to define gap analysis and prioritize projects in order to implement controls and strengthen security posture. Leadership and Coaching: Regularly mentored junior team members to help establish career direction and increase job satisfaction. Incorporated volunteer work to help build team skill sets, confidence, and experience. Strove to help build the best team possible through talent development and servant leadership. Continued – Interim CISO / Chief Information Security Officer September 2017 – December 2019 (2 years 4 months) Cloud Computing: Assisted in the development of cloud security framework strategy including the architecture for moving functionality to the cloud and the use of Microsoft Azure, Amazon Web Services (AWS), and other cloud-based utilities using SaaS (Software as a Service), IaaS, PaaS, and traditional cloud services. Customer Interaction: Handled all compliance and security-based customer interactions including due diligence. Drove customer satisfaction in compliance and security matters such as DFARs, FIPS, NIST, VPN, OWASP top 10, GDPR, CCPA, PIPEDA, FCC, FDIC, FTC, CFPB, SEC, FINRA and Privacy. Risk Identification: Conducted ISO, NIST, CSA CCM, outside vendor/3rd party and SOX gap analysis and identified major risks with network design, policy, process, and applications. Defined and implemented risk mitigation strategies. Aligned security policies utilizing penetration assessments and security architecture review. Security Metrics: Defined a set of data-driven measures from within the cybersecurity program inclusive of security operations, security engineering, risk management, policy and compliance-based metrics. Information Security / Regulatory: Developed a view of IT risks within the broader context of the enterprise risk management framework. Implemented enterprise cybersecurity strategies for corporate IT asset protection, operational, and governance programs to comply with applicable FTC, Sarbanes Oxley (SOX), HIPAA, HITRUST, PCI-DSS, FAA, CIS CSC, FISMA, SSAE 16 SOC 2 and U.S. State, Chinese, and EU (European Union) Laws. Continued – Interim CISO / Chief Information Security Officer September 2017 – December 2019 (2 years 4 months) Threat Management and Risk Assessment: Developed a view of IT risks within the broader context of the enterprise risk management framework. Evaluated complex requirements and communicated inherent security risks and solutions to business stakeholders. Developed strategies to mitigate IT risks to acceptable levels through security threat modeling and advanced threat protection. Translate Technical Topics to Non-Technical Audiences: Regularly presented and communicated with executives, management, customers, public, and individual contributors to explain the technical vision, strategic direction, and methodology in easy to digest ways and specifically designed for the audience receiving the message. Pioneering: Developed inventive methods to meet security and regulatory compliance goals while balancing international law in China, Russia, and the European Union. Leveraged negotiation skills to drive down costs. Internet of Things (IoT) Ecosystem: Architected and deployed an innovative system of sensors and controls to monitor antiquated and next generation industrial control systems (ICS) during production, allowing for the collection of metrics and performance analytics to increase production efficiency and reduce factory operating costs. Business Unit Collaboration: Developed strong collaborative relationships with enterprise-wide, multinational groups (Legal, Compliance, Business Development, Internal Audit, Physical Security, Application Development, Networking, Systems, etc.) highly integrated into the business, IT and IO departments. Earned the trust of the company’s leadership to become the “Go to Advisor” and the “Thought Leader” on information technology solutioning, technology selection, and regulatory topics. Arby’s Restaurant Group, Inc. 2 years 5 months CISO / Chief Information Security Officer May 2015 – September 2017 (2 years 5 months) Greater Atlanta Area Executive Management Collaboration: Routinely met with the Chief Legal Officer, Chief Information Officer, Chief Operations Officer, Chief Financial Officer, and Chief People Officer on the Executive Security Council to discuss information security concerns and direction. Key Board Member: Chaired the Executive Security Council. Active member of Arby’s Policy Review Board, Change Management Board, and Enterprise Operational Risk Committee. Board Presentations: Presented regularly to the Chief Information Officer, Senior Executives, and the Executive Security Council. Adapted presentation style to various audiences. Increased Staff Job Satisfaction: Measurably improved staff job satisfaction by integrating career development initiatives with tangible deliverables within information security programs. Hired, developed, and engaged all staff to help maximize performance. Department Building: Developed, implemented, and monitored a comprehensive enterprise-wide information security program to protect electronic data resources. Built a technology strategy and roadmap including a security operations center (SOC). Provided expert strategic and tactical security guidance. Hired/developed talent and modernized environment to support scalable growth and cost reduction. DevOps: Worked with internal and outsourced development teams to assist in delivering the first Arby’s mobile app by driving down costs of time extensions and incorporating secure application design concepts to deliver a product within budget and on time. Continued – CISO / Chief Information Security Officer May 2015 – September 2017 (2 years 5 months) Budget and Leadership: Directed an annual budget, staff, and a large outsourced security function. Prioritized projects, services, and systems with the greatest ROI. Contract and Service Level Negotiation and Management: Collaborated with Procurement, Legal, and HR departments to review and negotiate all outside vendor contracts, information security policies, and employee policies to support acceptable security controls and adequate protection of customer information assets. Disaster Recovery and Business Continuity Planning: Maintained business continuity plans for all applications and infrastructure. Drove planning and execution of enterprise-wide preparedness and recovery. Technology Selection: Selected, implemented, and maintained key industry technology solutions within the retail industry. This included a full implementation of encryption on swipe, a mobile application deployment, register technology and time tracking, and multi-factor authentication. Insurance Cost Reduction: Collaborated with the CIO and CFO to present security solutions to the Cyber Insurance company that when implemented, resulted in year-upon-year reductions in insurance premiums. Global Regulatory Compliance: Implemented strategies for digital asset protection, operational, and governance programs to comply with applicable Payment Card Industry Data Security Standard (PCI-DSS) and U.S. State Laws. Steritech CISO / Chief Information Security Officer November 2013 – May 2015 (1 year 7 months) Charlotte, North Carolina Area Leadership: Managed project and teams to drive security initiatives for an international company of 1300 including: preparation of security assessment across corporate structure, development of security architecture, implementation of an security incident response program, a full physical security program, and development of an enterprise-wide employee security awareness program. Security Strategy Planning: Developed and implemented long-term information security strategy and developed supporting corporate policies including: Acceptable Use Policy, BYOD, MDM, SSL, Security and Privacy, System Acquisition/Disposal, Patch Management, Testing, Sensitive Data Handling, Encryption Key Management, Physical Security, and Systems Access Control Procedures. Cyber Security Budget and Leadership: Prioritized projects by balancing cost and risk. Developed and maintained yearly IT security budget, managed vendor relationships, and reduced costs. Leadership Presentations: Advised executives to drive competitive business strategy with supporting goals, initiatives, and high impact projects ultimately leading to the sale of the company. Tekelec – Oracle Information Security Engineer December 2006 – October 2013 (6 years 11 months) Morrisville NC IT Strategy Planning: Responsible for recommending next-generation solutions, with cost analysis, for emerging IT issues. Conformed practices to ISO27001 framework; conducted yearly IT process audit for SOX compliance. Risk Identification: Conducted SOX gap analysis and identified major risks with network design, policy, process, and applications. Defined and implemented mitigation strategies to protect information communications technology (ICT), address identified risks, and align to security policies, practices, and risk tolerance. Mergers/Acquisitions/Divestiture: Assisted in the integration of multiple smaller companies. Assisted in the integration of organization into Oracle during merger. People-centered Leadership: Matrix managed team of help desk and PC technicians. SmartPACS PACs Engineer August 2004 – March 2006 (1 year 8 months) Phillipsburg, NJ HEALTHCARE INDUSTRY EXPERIENCE: Specialized in the installation of servers/wireless systems within the hospitals networks and grounds. Created secure storage and retrieval for medical images while balancing HIPAA regulations. Education East Carolina University M.S. Network Technology, Concentration in Information Security Fox School of Business and Management – Temple University Master of Business Administration (MBA), Innovation Management and Business Model Disruption East Carolina University B. S., Electronics and Network Technology