Adam is part of RSM’s security and privacy risk consulting practice. With over two decades of experience in the information systems field, he has led, managed, and executed in a variety of domains, including IT operations, penetration testing, regulatory compliance, and risk management. He has served in various roles within RSM including regional payment security leader, independent security assessments leader, and technical trainer to support the firm’s quality and methodology standards.
His technical skills, paired with a business-focused approach to solving problems, has been applied in a diverse set of industries, which include utilities, oil, manufacturing, higher education, financial services, health care, federal government, and national defense. Through a broad career in consulting and industry, Adam has a demonstrated ability in advising companies to identify, prioritize, and manage IT risk.
Adam’s experience includes work on the following projects:
- Performed information security assessments for private, federal and Fortune 100 clients to evaluate security posture, communicate IT security risk and provide guidance to close identified security gaps (Project activities included network architecture and firewall rule-base reviews, infrastructure, application and wireless penetration testing and physical security assessments.); responsible for planning, execution and post-execution test phases
- Conducted customer data security and privacy protection reviews for clients; identified key process areas managing sensitive customer data and logical information flows within the enterprise environment; reviewed corporate policies and procedures, and recommended technical security controls and privacy safeguards; examined privacy objectives, vendor contracts, customer information collection practices, record retention policies and other practices to align with multiple legal requirements
- Reviewed IT risk management processes and information security management structure for clients; conducted a review and gap analysis of corporate information security policies and standards against the International Organization for Standardization (ISO) 27001 standard; developed a framework for communicating information security risks, monitoring security operations and classifying IT assets
- Led international teams and participated in application and network security testing for a global manufacturer; coordinated testing efforts, analyzed and documented results, and authored reports for senior management and executive audiences
- Performed cybersecurity assessments, architecture reviews and technical security testing on smart grid devices, energy management systems and industrial control systems for technology, energy and infrastructure organizations; evaluated system categorization, vulnerabilities, security management and other North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards
- Led Federal Information Security Management Act (FISMA) assessments for organizations in various industries, evaluating their compliance with National Institute of Standards and Technology (NIST) 800-53; provided planning and development guidance for management, operational and technical controls; provided authority to operate recommendations to agencies
- Participated in network security audits and Payment Card Industry (PCI) assessments and quality review for global retailers, financial services, and bank holding corporations reviewing architecture, system configurations and operations; identified business risks, tested network and host-level controls, and evaluated corporate and vendor compliance with established security management objectives
- Evaluated technical and administrative risk management controls and processes of organizations generating, storing and transmitting health information for compliance with regulatory requirements, including HIPAA/Health Information Technology for Economic and Clinical Health (HITECH) Act
- Conducted baseline development and review for operating systems, security devices and enterprise architecture at a global financial services corporation to meet security and FFIEC/Federal Deposit Insurance Corporation (FDIC) regulatory requirements
Professional affiliations and credentials
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- CompTIA Security+
- Payment Card Industry (PCI) Security Standards Council LLC (SSC) Qualified Security Assessor (QSA)
- Information Systems Audit and Control Association (ISACA)
- International Information Systems Security Certification Consortium (ISC)2 Education
- Bachelor of Science, information technology, Central Michigan University