Brian Taylor - CISSP, MSIT
Information System Security Officer at Aquila Technology- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Ann C.
I had the pleasure of working with Brian to implement the product security risk assessment process for our PACS (Picture Archiving and Communications System) product at Philips Healthcare and also on several project teams where he served as the security expert. I found Brian to be meticulous and efficient in assessing new system requirements for potential security pitfalls as well as identifying mitigations to system vulnerabilities. He partners well with all members of the cross functional team whether it be Engineers to implement effective network solutions and security policies, with Program Managers to ensure critical security issues are addressed to meet the project deadlines or with Quality and Regulatory personnel to ensure that the quality system regulations are adhered to and appropriate security standards are met. His detailed understanding of system vulnerabilities led to the identification and fix of a critical security issue prior to release of our product. In addition to his technical expertise, Brian has an impressive ability to multitask. He not only manages in-house and field-found security issues for PACS product line but is also responsible for patient monitors and home healthcare solutions. Further, he stays on top of the latest security standards and works with the Business Unit to implement them. With his affable personality and great sense of humor, Brian is a joy to work with. I strongly believe that Brian will be a great addition to any company he joins. I highly recommend him for any security officer or other similar leadership positions.
Denise Haley
I have known Brian for over 6 years as an outstanding colleague who excels at his position and always goes above and beyond the call of duty to find sound and compliant IT/network solutions. With his many certifications in the data security area and his extensive data privacy knowledge, Brian has made numerous contributions to product development for both domestic and international markets. Brian has led projects that have ranged anywhere from helping with complex customer IT solutions (hospital data management) to improving basic network designs (for more secure and efficient network systems) to implementing quality improvement initiatives (static analysis software tools) to finding solutions to meet strict government regulations (for both medical device and military applications). Brian has been successful with these projects through interactive teamwork, the ability to multitask, and his discipline to meet timelines. In addition, Brian has excellent knowledge of Quality Systems and has contributed to security and safety risk assessments, design controls, field support strategies and SOP development. Overall, Brian is just a wonderful person to work with; he brings to the table not only a solid technical background but also a straight-forward communication style, which with his quick sense of humor and approachable manner, makes him a great leader. Brian would be an asset to any organization and I highly recommend Brian for any Security Officer, Program Manager, or other managment role.
Ann C.
I had the pleasure of working with Brian to implement the product security risk assessment process for our PACS (Picture Archiving and Communications System) product at Philips Healthcare and also on several project teams where he served as the security expert. I found Brian to be meticulous and efficient in assessing new system requirements for potential security pitfalls as well as identifying mitigations to system vulnerabilities. He partners well with all members of the cross functional team whether it be Engineers to implement effective network solutions and security policies, with Program Managers to ensure critical security issues are addressed to meet the project deadlines or with Quality and Regulatory personnel to ensure that the quality system regulations are adhered to and appropriate security standards are met. His detailed understanding of system vulnerabilities led to the identification and fix of a critical security issue prior to release of our product. In addition to his technical expertise, Brian has an impressive ability to multitask. He not only manages in-house and field-found security issues for PACS product line but is also responsible for patient monitors and home healthcare solutions. Further, he stays on top of the latest security standards and works with the Business Unit to implement them. With his affable personality and great sense of humor, Brian is a joy to work with. I strongly believe that Brian will be a great addition to any company he joins. I highly recommend him for any security officer or other similar leadership positions.
Denise Haley
I have known Brian for over 6 years as an outstanding colleague who excels at his position and always goes above and beyond the call of duty to find sound and compliant IT/network solutions. With his many certifications in the data security area and his extensive data privacy knowledge, Brian has made numerous contributions to product development for both domestic and international markets. Brian has led projects that have ranged anywhere from helping with complex customer IT solutions (hospital data management) to improving basic network designs (for more secure and efficient network systems) to implementing quality improvement initiatives (static analysis software tools) to finding solutions to meet strict government regulations (for both medical device and military applications). Brian has been successful with these projects through interactive teamwork, the ability to multitask, and his discipline to meet timelines. In addition, Brian has excellent knowledge of Quality Systems and has contributed to security and safety risk assessments, design controls, field support strategies and SOP development. Overall, Brian is just a wonderful person to work with; he brings to the table not only a solid technical background but also a straight-forward communication style, which with his quick sense of humor and approachable manner, makes him a great leader. Brian would be an asset to any organization and I highly recommend Brian for any Security Officer, Program Manager, or other managment role.
Ann C.
I had the pleasure of working with Brian to implement the product security risk assessment process for our PACS (Picture Archiving and Communications System) product at Philips Healthcare and also on several project teams where he served as the security expert. I found Brian to be meticulous and efficient in assessing new system requirements for potential security pitfalls as well as identifying mitigations to system vulnerabilities. He partners well with all members of the cross functional team whether it be Engineers to implement effective network solutions and security policies, with Program Managers to ensure critical security issues are addressed to meet the project deadlines or with Quality and Regulatory personnel to ensure that the quality system regulations are adhered to and appropriate security standards are met. His detailed understanding of system vulnerabilities led to the identification and fix of a critical security issue prior to release of our product. In addition to his technical expertise, Brian has an impressive ability to multitask. He not only manages in-house and field-found security issues for PACS product line but is also responsible for patient monitors and home healthcare solutions. Further, he stays on top of the latest security standards and works with the Business Unit to implement them. With his affable personality and great sense of humor, Brian is a joy to work with. I strongly believe that Brian will be a great addition to any company he joins. I highly recommend him for any security officer or other similar leadership positions.
Denise Haley
I have known Brian for over 6 years as an outstanding colleague who excels at his position and always goes above and beyond the call of duty to find sound and compliant IT/network solutions. With his many certifications in the data security area and his extensive data privacy knowledge, Brian has made numerous contributions to product development for both domestic and international markets. Brian has led projects that have ranged anywhere from helping with complex customer IT solutions (hospital data management) to improving basic network designs (for more secure and efficient network systems) to implementing quality improvement initiatives (static analysis software tools) to finding solutions to meet strict government regulations (for both medical device and military applications). Brian has been successful with these projects through interactive teamwork, the ability to multitask, and his discipline to meet timelines. In addition, Brian has excellent knowledge of Quality Systems and has contributed to security and safety risk assessments, design controls, field support strategies and SOP development. Overall, Brian is just a wonderful person to work with; he brings to the table not only a solid technical background but also a straight-forward communication style, which with his quick sense of humor and approachable manner, makes him a great leader. Brian would be an asset to any organization and I highly recommend Brian for any Security Officer, Program Manager, or other managment role.
Ann C.
I had the pleasure of working with Brian to implement the product security risk assessment process for our PACS (Picture Archiving and Communications System) product at Philips Healthcare and also on several project teams where he served as the security expert. I found Brian to be meticulous and efficient in assessing new system requirements for potential security pitfalls as well as identifying mitigations to system vulnerabilities. He partners well with all members of the cross functional team whether it be Engineers to implement effective network solutions and security policies, with Program Managers to ensure critical security issues are addressed to meet the project deadlines or with Quality and Regulatory personnel to ensure that the quality system regulations are adhered to and appropriate security standards are met. His detailed understanding of system vulnerabilities led to the identification and fix of a critical security issue prior to release of our product. In addition to his technical expertise, Brian has an impressive ability to multitask. He not only manages in-house and field-found security issues for PACS product line but is also responsible for patient monitors and home healthcare solutions. Further, he stays on top of the latest security standards and works with the Business Unit to implement them. With his affable personality and great sense of humor, Brian is a joy to work with. I strongly believe that Brian will be a great addition to any company he joins. I highly recommend him for any security officer or other similar leadership positions.
Denise Haley
I have known Brian for over 6 years as an outstanding colleague who excels at his position and always goes above and beyond the call of duty to find sound and compliant IT/network solutions. With his many certifications in the data security area and his extensive data privacy knowledge, Brian has made numerous contributions to product development for both domestic and international markets. Brian has led projects that have ranged anywhere from helping with complex customer IT solutions (hospital data management) to improving basic network designs (for more secure and efficient network systems) to implementing quality improvement initiatives (static analysis software tools) to finding solutions to meet strict government regulations (for both medical device and military applications). Brian has been successful with these projects through interactive teamwork, the ability to multitask, and his discipline to meet timelines. In addition, Brian has excellent knowledge of Quality Systems and has contributed to security and safety risk assessments, design controls, field support strategies and SOP development. Overall, Brian is just a wonderful person to work with; he brings to the table not only a solid technical background but also a straight-forward communication style, which with his quick sense of humor and approachable manner, makes him a great leader. Brian would be an asset to any organization and I highly recommend Brian for any Security Officer, Program Manager, or other managment role.
Credentials
-
INFOSEC Professional - CNSS 4011
National Security Agency, Comittee on National Security SystemsJul, 2003- Sep, 2024 -
CISSP
ISC2Jun, 2003- Sep, 2024
Experience
-
Aquila Technology
-
South Africa
-
IT Services and IT Consulting
-
1 - 100 Employee
-
Information System Security Officer
-
Oct 2022 - Present
Aquila Technology, Lincoln Laboratory 10/2023-Present Major Duties and Accomplishments • Provide cybersecurity support to Special Programs and validate the organization against cybersecurity policies/guidelines/procedures/regulations/laws • Develop input into the development and maintenance of System Security Plans (SSP) Plan of Actions and Milestones, Risk Assessment Report, and Continuous Monitoring strategy • Generate technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to key stake holders • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections • Perform periodic cybersecurity reviews of network, system, and application vulnerability scanning, configuration assessment, and remediation • Interpret patterns of to determine their impact on levels of risk and/or overall effectiveness of the s cybersecurity program Show less
-
-
-
Oasis Systems LLC
-
United States
-
Defense and Space Manufacturing
-
700 & Above Employee
-
Senior Cyber Security Engineer
-
Jun 2019 - Sep 2022
• ISSM for a large AF/Joint program Develop Program Protection Plan (PPP), collaborate on Software Assurance, Cyber Security Strategy • Identify requirements for Cyber Resiliency, and Cyber Survivability • Formulate an approach for the Risk Management Framework for an aircraft and C2 mission system • Lead the Cross Domain Solutions effort for Access, Transfer, and Multi-Level Security CDS • Develop System Requirements Document, and Capability Design Document Cyber section • ACAT I program include Aircraft, Mission Systems, Radar Communication, networking Show less
-
-
-
-
Senior Cyber Security Engineer
-
May 2018 - Jun 2019
• Provide Cyber Security engineering services and consulting for Fast Moving R&D organization • Support Cyber Security effort for numerous programs involving proof of concept, experimental, pilot type programs, involving Ground Systems, Jet fighters, reconnaissance, and satellite communications • Develop strategic Cyber approach toward Moving Target Indicator Data Analytics project • Identify Cyber activities related to a Cloud Computing environment. • Support several Unmanned Aerial System (UAS) and counter UAS programs • Perform Technical Evaluation of a variety of proposals/SOO/SOW • Support IATT/ATO and Cross Domain Solutions projects Show less
-
-
-
ActioNet, Inc.
-
United States
-
IT Services and IT Consulting
-
300 - 400 Employee
-
Senior Cyber Security Engineer
-
Nov 2015 - May 2018
• Information System Security Manager (ISSM) for various environments to include a Cross Domain Solution (CDS) • Achieve/Acquire ATO and DSAWG approval for a Cross Domain Solution • Achieve/Acquire ATO for a FVEY coalition network • Achieve first known Air Force Authorization To Operate (ATO) for a software application under RMF • Develop Distributed Common Ground Surface/System (DCGS) road map and plan on how to achieve an Authorization To Operate (ATO) under Risk Management Framework • Execute Risk Management Framework process for DCGS software only platform • Author of Security Plan, Security Requirements Trace-ability Matrix, Vulnerability Management Plan, and Continuous Monitoring Plan • Initiate Security Categorization for all data types, and analyze associated risks • Select security controls appropriate for a software platform and select various overlays for National Security Systems, Classified systems, and Intelligence Community for ISR systems and applications • Perform security control gap analysis and initiate developer work flows to close gaps • Review security artifact sufficiency, identify missing documents, or gaps in existing artifacts • Track security control implementation and develop metrics to trend status and improvement • Generate HP Fortify reports and create JIRA Tickets to fix vulnerabilities • Sustain Continuous Monitoring effort through scheduled and iterative security control review Show less
-
-
-
Jacobs Technology
-
1 - 100 Employee
-
Cyber Security Engineer
-
Jul 2013 - Nov 2015
• ISSO for ACAT 1 Major Automated Information System (MAIS) • Cyber Security team member performing DIACAP implementation • Authored the No Security Impact process for the AOC WS program • Reviewed Architecture, security boundary and overall topology • Audited and Validated Security Technical Implementation Guide (STIGs) implementation • Evaluated ACAS and STIG vulnerability output audited SCAP scanning effort • Reviewed and provided feedback on Cyber Contract Deliverable Requirements List (CDRL) • Developed strategy for IATT extension including incorporating a temporary large test suite • Reviewed HP Fortify findings and recommended prioritization of vulnerability mitigations • Perform DIACAP activities for a financial payroll and personnel ACAT 1 MAIS program • Perform Annual Security Review per FISMA requirement • Authored the payroll system Database security policy • Executed SCAP scan and STIG implementation effort including road map and schedule • Consulted on developing the baseline STIGed VM image Show less
-
-
-
Schneider Electric
-
Appliances, Electrical, and Electronics Manufacturing
-
1 - 100 Employee
-
Cyber Security Project Leader
-
Nov 2011 - Jul 2013
• Author Risk Management and Threat Modeling procedures for the Industry Business Unit (BU) • Wrote BU Technical requirements based on for ISA/IEC 62443 standard for SDLA • Lead the Secure Coding initiative for the Industry BU • Lead the Industry BU Incident Response process; respond to ICS-CERT and Researchers • Interface with Legal and PR departments on Incident notifications • Author Cyber training and trained groups on various Cyber Security topics • Author Risk Management and Threat Modeling procedures for the Industry Business Unit (BU) • Wrote BU Technical requirements based on for ISA/IEC 62443 standard for SDLA • Lead the Secure Coding initiative for the Industry BU • Lead the Industry BU Incident Response process; respond to ICS-CERT and Researchers • Interface with Legal and PR departments on Incident notifications • Author Cyber training and trained groups on various Cyber Security topics
-
-
-
-
Information Assurance Engineer
-
Jan 2011 - Nov 2011
• Lead Cyber Engineer for a ACAT 1 Major Automated Information System (MAIS) program • Provided strategic and tactical direction for Cyber Team in process of C&A activities. • Made EITDR/eMass entries, identified Cyber controls, formed DIACAP Team • Identified appropriate IA artifacts necessary for C&A activities • Worked with engineering to develop appropriate Cyber documentation • Participated in Program Management Review, functional analysis, design reviews • Lead Cyber Engineer for a ACAT 1 Major Automated Information System (MAIS) program • Provided strategic and tactical direction for Cyber Team in process of C&A activities. • Made EITDR/eMass entries, identified Cyber controls, formed DIACAP Team • Identified appropriate IA artifacts necessary for C&A activities • Worked with engineering to develop appropriate Cyber documentation • Participated in Program Management Review, functional analysis, design reviews
-
-
-
Philips Healthcare
-
Medical Device
-
100 - 200 Employee
-
Security Officer
-
2005 - Jan 2011
• Member of Security Leadership Council, which sets global strategic initiatives in security and privacy • Collaborated, developed, implemented and maintained information security policies, procedures, standards and guidelines at both the global level and at the Business Unit (BU) level. • Developed and reported on metrics and key performance indicators relating to compliance and effectiveness of policies and procedures • Participated in global emergency and incident response for security and privacy breaches, including interfacing with high visibility customers, internal management, and legal counsel • Promoted and presented security and privacy education, training and awareness sessions • Cultivated effective partnerships with stakeholders to ensure security and privacy considerations in product development consistent with risk based security mitigations. • Authored risk assessment process/procedure for the BU • Built, led and motivated cross-functional teams in the risk management program, identified and recommended mitigation controls and tracked remediation to plan • Drove engineering and organizational changes through leadership, communication, and technical means. Monitored security landscape, researched industry trends, and recommended best practices. • Provided occasional wired and wireless penetration testing capability • Identified HIPAA/Meaningful Use compliance gaps and provided plan to mitigate • Leader in Philips global core DIACAP team working on Department of Defense Certification and Accreditation of medical products. • Lead BU effort to integrate static code analysis into various development teams Show less
-
-
-
NERI
-
Serbia
-
Food and Beverage Manufacturing
-
1 - 100 Employee
-
Security Analyst
-
1998 - 2005
• Planned, designed, implemented and managed security architecture and strategy for corporate infrastructure to ensure confidentiality, integrity, and availability of data and systems. • Developed security policies, procedures, best practices and standards in an IT environment. • Conducted scheduled and unscheduled security audits • Ensured IT projects met security objectives and were consistent with business objectives. • Developed Disaster Recovery strategies. • Developed and led Incident Response effort, breach investigation, and hands-on response. • Installed, configured and maintained various perimeter and internal security protection • Troubleshot security, network, infrastructure, and application problems using protocol analysis • Correlated various security events from disparate systems to resolve security problems. • Deployed various infrastructure servers for example IIS, DNS, legacy WINS, AD servers. • Implemented redundancy e.g. clustering, load balancing, high availability, failover, RAID, etc • Planned, designed and implemented a series of wireless access projects • Designed role based access control matrix for protection of Oracle database instances. • Condensed server population through installation of SAN, NAS and ISCSI SAN array • Managed layer 2 LAN switching architecture, as well as routing • Upgraded domain from a Windows NT to Windows 2003 AD including Exchange upgrade. Show less
-
-
-
Financial Consulting
-
Slovakia
-
Financial Services
-
Security/Network Consultant
-
2002 - 2002
-
-
-
MITRE
-
United States
-
IT Services and IT Consulting
-
700 & Above Employee
-
Consultant
-
1998 - 1998
-
-
Education
-
2016 - 2019
University of Massachusetts Lowell
Master of Science - MS, Information Technology -
2016 - 2017
University of Massachusetts Lowell
Graduate Certificate, Network Security -
UMass Boston
BA -
Boston University
Certificate Program, Microsoft Certified Systems Engineering - MCSE -
Boston University
Certificate, Business Analysis -
CISSP
-
United States Department of Homeland Security
Certificate, Control Systems Cyber Security
Community
