David Martin

Managing Global Compliance Project for core regions (LAC/APAC/MEISA/Europe):

* Performing risk/security assessments of Core applications globally
* Experience and Knowledge of Sarbanes-Oxley requirements and IT control frameworks such as
CoBIT
* Demonstrated written and oral communication skills and ability to effectively manage communication (remotely or in person) with global stakeholders
* A strong understanding of assurance related guidelines, standards and frameworks including but not limited to FISMA, ISO\IEC, COBIT, ITIL, NIST, HIPAA, SSAE 16 SOC1/2, PCI-DSS is required
* Assessing applications through a designed security questionnaire inline with company InfoSec
standards
* Creation of detailed security remediation plans directed to application stakeholders
* Presenting security findings and remediation progress to Senior Management on a regular basis

Managing Digital Forensics/Application Assessments - Europe

* Supporting various functions through Digital Forensics capabilities
* Leading forensic investigations from acquisition to reporting
* SME for Data Security, Fraud and Endpoint security for global application assessments

Data Privacy:

* Performing DPIA (Data Privacy Impact Assessments) for company applications
* Data Breaches - Supporting with data breaches, working directly with legal Counsel

Global Patch Management:

* Aligning Patch Management processes/procedures to ISO27001/ISO27002
* Onboarding of Central Patch Management processes for International
* Ensuring coverage of legacy acquisition networks
* System Hardening - Creation and updating of system hardening documentation

Managing forensics investigations for FedEx Europe:

* Building and managing the FedEx International forensic capability
* Security Awareness for the business, notably Cyber Security Events and Forensics awareness
* Supporting the investigations team with a variety of high profile investigations
* Working with forensic tools such as Cellebrite, Nuix, Encase, Linux, customs developed tools
* Build a forensic framework that works on a Global level
* Legal Litigation support
* Providing C3 Incident Response forensic support
* Forensic Data Recovery Service

Global DMARC Project:

* Ensuring the core domains have DMARC (DKIM,SPF) implemented
* Following up with various stakeholders to ensure changes are made to DNS txt records
* Ensure company domains/subdomains are monitored and any mailbox abuse is handled

• IT Security adidas group, Managing Digital Forensics, Threat Intelligence and supporting the Incident Response Team
• My areas of involvement included:
• Digital Forensics:
• Managing Forensic Investigations globally for teams within the organization such as incident response
• Network intrusions, malware, cryptolocker, mobile forensics, leaked data, account misuse and fraud were some of the areas covered by forensics
• Updating processes and procedures for Digital forensics in alignment with Incident
• Response among other functions
• Staying up-to-date with existing and emerging legal issues within information security environments (i.e., data privacy
• Analysis of a range of artifacts + reports and documents case details, development and outcome
• Threat Intelligence:
• Providing day-to-day operational reporting/tracking for indicators of compromise
• Communicating tactical threat information to assist in defensive mitigations
• David Martin - page 2
• Monitor social media, blogs and Dark Web for content presenting risk to the firm
• Maintaining technical proficiency in the use of tools, techniques and countermeasures
• Incident Response:
• Lead incidents, coordinating and directing multiple subject matter experts internal and external to the organization
• 24/7 on call supporting the Incident Response directives and business needs
• Vulnerability Management:
• Management and removal of end of life software (Windows Servers, Endpoints)
• Working with Stakeholders to remediate and creating reports for Senior Management

• Working for the application security team, focusing on building a Global Digital Forensics Framework and pen testing company applications
• I also created a Security Awareness program for the team focusing on OWASP Top ten and digital forensics
• Digital Forensics Responsibilities:
• Creating the first Global Digital Forensics Framework for the Corporation
• Working with stakeholders across the business to introduce forensics capabilities
• Providing Digital Forensic support to Legal and Incident Response
• Application Security Responsibilities:
• Pen testing applications for global functions
• Working with tools such as Burp Suite, Acunetix and custom security tools
• Writing security assessment reports for application owners and remediation plans
• Live demonstrations of security tools to bring awareness to the business on InfoSec practices