Our Experience
Four individuals who
managed information security operations and implemented key information security
programs at a Fortune 15
Company founded CyberEnsure in January 2004.
Collectively
the four principals of the firm have over 40 years of
Information
Security experience and over 100 years of experience in IT-related
fields. This includes:
- Planning,
deploying, and operating of one of the largest corporate
Information Security Programs in the country
- Practical
knowledge in all aspects of Information Security
-
Network Security (firewalls, remote access, penetration
testing, IDS)
-
Host Security & Access Control
-
Virus and Malware Protection
-
Creation of Policy and Practices
-
Computer Intrusion Response & Vulnerability Management
- ISO 9000 implementation
- PCI-DSS Assessments
- A
proven track record
-
Institution of “defense in depth” virus
protection and patch management programs in large telecommunications
firm
-
Successful dial-in modem compliance program
-
Facilitation of Senior Executive Steering Committee
- Certifications
-
Partners are Certified Information Security Managers
-
Team members have PCI-DSS QSA certifications
Principals:
Tom
Scurrah
Ken Brophy
Harry Zwiselsberger
Byron Stump - Retired
Tom
Scurrah, Managing Director
Tom
has over 30 years experience in information technology operations,
development, and information security. As Executive Director,
Tom managed the desk-side services and information security
organizations for the IT organization in Verizon’s Domestic
Telecom group, the single largest component of Verizon Communications.
Tom created and conducted quarterly meetings of the Verizon
Executive Security Council, the information security governance
body for the corporation. As co-chair of the Information Security
Council, a team of security professionals representing all
of Verizon’s business units, Tom help construct the 2002-2003
Verizon Information Security Plan. Consisting of four key
strategies and 17 programs, the plan increased perimeter protections,
eliminated unsecured modems, expedited the application of
security patches, and increased the number of third-party
penetration tests.
Prior
to joining Verizon, Tom was founder and president of The Ennismore
Company, a firm which combined information technology and
quality management disciplines. The firm specialized in developing
performance, productivity, and customer satisfaction metrics
for the IT function of Fortune 500 companies.
Tom
has presented to a number of organizations, including the
American Society for Quality Control, the Data Processing
Managers’ Association, and the International Quality
and Productivity Center. Tom has also published articles on
computing effectiveness for Information Week and has authored
a chapter entitled “Strategic Planning for Information
Systems” in R.L. Nolan’s Managing The Data Resource.
Tom
is a Certified Information Security Manager (CISM). He holds
a BA from Amherst College and a Master of Science degree in
management from M.I.T.
Back
To Top
Ken
has an extensive background in Information Security. Before
helping to form CyberEnsure, LLC, he was the Director of Information
and Network Security (INS) for Verizon Communications, and
its predecessor – Bell Atlantic. In that capacity, Ken
was accountable for managing all aspects of the Verizon’s
IT Information Security programs including network security
(firewalls, intrusion detection, remote access), host security
(ACF2/RACF); virus and malicious software protection; and
vulnerability management (wardialing, vulnerability scanning).
His staff consisted of 70 managers and security specialists.
Ken’s ability to successfully manage InfoSec functions
and staff was based on hands-on experience. He had previously
spent several years as a senior programmer/analyst providing
mainframe security software support for a CA-ACF2 environment
that spanned several dozen mainframes in multiple datacenters.
He has experience with incident response methodologies, security
policy/practices, and contingency planning.
Immediately before becoming the director of INS, Ken had been
the manager of its critical “Network Security” component.
In that capacity, he oversaw the initial deployment of firewall
technology at Bell Atlantic.
Ken
has presented at both the TheTraining Co.’s Techno-Security
Conference and Computer Associates’ CA World
conference. He has participated in Infraguard, Information
Security Forum (ISF), and Bellcore symposiums.
Ken
is a Certified Information Security Manager (CISM). He holds
a BS in Business Administration from Columbia Union, and a
Master of Science degree in Information & Telecommunications
Systems from Johns Hopkins University.
Back
To Top
Harry
co-founded CyberEnsure, LLC after 22 years in IT, the last
13 of which were in Information Security.
Most
recently, Harry was a Senior Manager in Verizon’s (formerly
known as Bell Atlantic) IT security organization, with responsibilities
in areas including firewall support, secure e-mail delivery,
intrusion detection(IDS) deployment and management, CIRT response
team, network security reviews, and compliance monitoring
for international outsourcing. Prior to that, through most
of the 90’s, he was manager of the organization directly
responsible for Verizon’s mainframe security infrastructure.
Harry
was directly involved in the creation of Verizon’s network
security architecture. He represented Verizon on various committees
working on integration of large disparate networks.
Harry’s
background for this work was 15 years of solid IT experience,
first as an Cobol Programmer, in which capacity he got his
first InfoSec experience by being on the team that selected
and implemented the first large scale general purpose access
control system (CA-ACF2) for New Jersey Bell, one of Verizon’s
predecessors. In addition, Harry was instrumental in developing
the first security policy for the then named New Jersey Bell
and worked to develop the support infrastructure required
to manage the CA-ACF2 product effectively from an administrative
perspective.
Harry holds CISM and PCI QSA certifications and
has participated in a variety of industry forums. He has presented
at the Computer Associate’s annual international conference
on 5 different occasions, and was an active member and participant
on the East Coast – ACF2 User group.
Back
To Top
