Heath Nieddu
VP, Cybersecurity at Ember River- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Experience
-
Ember River
-
United States
-
Defense & Space
-
1 - 100 Employee
-
VP, Cybersecurity
-
Aug 2023 - Present
San Diego County, California, United States In this role, Heath manages the development of the internal cybersecurity program, establishes risk management strategies and architectural priorities, and designs the best security frameworks possible for Ember River’s clients.
-
-
vCISO Consultant
-
Jun 2022 - Aug 2023
San Diego, California, United States He provides Ember River with vCISO services for clients who are looking to refresh a security program or start one for the first time. Heath's current project is focusing on a healthcare technology integrator to assess security maturity, creating a strategy, and build the team to execute that strategy.
-
-
-
Point Loma Nazarene University
-
United States
-
Higher Education
-
700 & Above Employee
-
Adjunct Professor, Management of Information Systems
-
Apr 2019 - Present
Greater San Diego Area Heath works with students to explore what it means to manage information systems in environments where business and technology activities are increasingly overlapping.
-
-
-
Cask
-
Wholesale Import and Export
-
1 - 100 Employee
-
Senior Security Consultant
-
Sep 2020 - Mar 2022
San Diego, California, United States As a Senior Security Consultant for Cask, Heath leads projects that require information system governance to be streamlined and a natural part of service delivery. Leveraging his diverse background in the military, federal government, healthcare and retail, he focuses on helping clients deploy security and GRC applications while considering a wide range of requirements. See below for recent consulting engagement descriptions: - Interim Global Risk Manager - Information… Show more As a Senior Security Consultant for Cask, Heath leads projects that require information system governance to be streamlined and a natural part of service delivery. Leveraging his diverse background in the military, federal government, healthcare and retail, he focuses on helping clients deploy security and GRC applications while considering a wide range of requirements. See below for recent consulting engagement descriptions: - Interim Global Risk Manager - Information Security Program Technical Writer / Program Developer - Senior Advisor for the implementation of ServiceNow Risk Management - Senior Advisor for the implementation of ServiceNow Security Incident Response - Senior Advisor for the implementation of ServiceNow Vulnerability Management Show less
-
-
-
EVOTEK
-
United States
-
IT Services and IT Consulting
-
100 - 200 Employee
-
Business Information Security Officer (BISO)
-
Apr 2018 - Aug 2020
Greater San Diego Area As Business Information Security Officer for EVOTEK, Heath shaped the company’s overall security service delivery operations, leveraging industry-recognized security controls and advanced technologies to address today’s most critical security threats for clients. His focus areas were vulnerability management, security metrics, insider threat, access management, governance frameworks and to drive strategy through integrity, character, and commitment to EVOTEK and clients.
-
-
-
DXC Technology
-
United States
-
IT Services and IT Consulting
-
700 & Above Employee
-
Vulnerability Analyst
-
Dec 2017 - Apr 2018
Greater San Diego Area Heath led vulnerability management efforts supporting the County of San Diego and DXC. Heath used vulnerability scan data and external data sources to: 1) make severity adjustments to CVSS scores, as well as 2) work with the rest of IT to prioritize, monitor and complete remediation steps. Interacting with application owners, architects, Wintel teams, infrastructure teams and third-party vendors to reduce exposure. Automation of vulnerability severity adjustment process reduced… Show more Heath led vulnerability management efforts supporting the County of San Diego and DXC. Heath used vulnerability scan data and external data sources to: 1) make severity adjustments to CVSS scores, as well as 2) work with the rest of IT to prioritize, monitor and complete remediation steps. Interacting with application owners, architects, Wintel teams, infrastructure teams and third-party vendors to reduce exposure. Automation of vulnerability severity adjustment process reduced time spent on adjustment from 2 minutes per vulnerability to only seconds per vulnerability. This allowed analysts to focus on mitigation coordination. Monitoring and alerting management about emerging vulnerabilities. Creating executive dashboards summarizing exposure. Assessing pen test results to prioritize and coordinate remediation. Show less
-
-
-
Nike
-
India
-
Online Audio and Video Media
-
Information Security Metrics Lead
-
Dec 2016 - Aug 2017
Portland, Oregon Area Heath helped develop a program to illustrate Nike's risk posture to the board of directors, CISO, and senior managers. Heath lead a five-person security metrics team. Team members conducted metric design discussions, performed data extraction and transformation from multiple security tools, and developed a front-end dashboard in Tableau. Heath collaborated with developers to wrap the Tableau dashboard in java script for integration with broader intranet experience. Heath's data… Show more Heath helped develop a program to illustrate Nike's risk posture to the board of directors, CISO, and senior managers. Heath lead a five-person security metrics team. Team members conducted metric design discussions, performed data extraction and transformation from multiple security tools, and developed a front-end dashboard in Tableau. Heath collaborated with developers to wrap the Tableau dashboard in java script for integration with broader intranet experience. Heath's data analysis covered the following topics: vulnerability management, end-point protection, pen testing, secure code and network security. These efforts included evaluating the coverage and effectiveness of security controls. Show less
-
-
-
Optiv Inc
-
United States
-
Senior Research Principal, IAM and Insider Threat
-
Jul 2015 - Nov 2016
Portland, Oregon / Denver, Colorado Heath created program strategies based on interviews of CISOs and security leaders across the country. These program blueprints illustrated effective ways to build insider threat and identity and access management (IAM) programs.
-
-
-
Providence Health & Services
-
Hospitals and Health Care
-
700 & Above Employee
-
Senior Information Security Analyst - Program Assessment & Development
-
Apr 2012 - Jun 2015
Seattle/Portland Provided reporting and analysis to the Board of Directors and senior management regarding information security threats facing this large healthcare organization. Created a set of six key performance indicators for the CISO. Aggregated over 100 base measures of security controls to create these six indicators. Used Qualys vulnerability scan data to prioritize the top 5000 workstations that needed enhanced policies, controls, and asset tracking.
-
-
Business Process Engineer - Information Security, Incident Response
-
Feb 2009 - Apr 2012
Seattle/Portland Created a process catalog covering the five core activities of the information security program. Enhanced analytic practice for a staff of 20 people. Pivoted operational focus from the process catalog to a set of standard tools that led analysts along the standard process path. This embedded standard processes into daily activities. Improvements included a set of core but flexible writing standards and creating a peer review process. These efforts increased cohesion between… Show more Created a process catalog covering the five core activities of the information security program. Enhanced analytic practice for a staff of 20 people. Pivoted operational focus from the process catalog to a set of standard tools that led analysts along the standard process path. This embedded standard processes into daily activities. Improvements included a set of core but flexible writing standards and creating a peer review process. These efforts increased cohesion between technical assessments and strategic priorities. Our enhanced analytic capability motivated changes such as: - Providing potential cost savings on multifactor authentication by focusing deployments. - Helping local management reverse asset loss trends. - Expanding full disk encryption policy to include high-risk desktops.
-
-
-
U.S. Department of State
-
United States
-
International Affairs
-
700 & Above Employee
-
Economic Analyst, International
-
Jun 2007 - Nov 2008
Washington D.C. Metro Area Created economic analysis focusing on international finance and financial intermediation. Answered questions regarding to what extent capital flowed from savers to investors in international markets.
-
-
-
US Navy
-
United States
-
Armed Forces
-
700 & Above Employee
-
Linguist
-
Jan 2001 - Dec 2006
US, Europe, and the Middle East Arabic Linguist
-
-
Education
-
University of the Cumberlands Graduate and Online
Doctor of Philosophy - PhD, Cybersecurity -
Portland State University - School of Business
Masters of International Management, Pacific Rim Economies -
University of Central Florida - College of Business Administration
Bachelor of Science (B.S.), Finance