Hello, World.

I'm David A. Scovetta

Cyber Security Information Security & IT Compliance

More About Me
About

Let me introduce myself.

Profile Picture

I'm an enthusiastic New York-based information security guru. I dabble in all things security-related and have recently expanded my expertise into data privacy and digital forensics.

Profile

A little more information about me...

  • Fullname: David A. Scovetta
  • Job: Cyber Security, Information Security, Audit & Compliance
  • Website: www.hiredavid.com
  • Email: [email protected]

Skills

This is a rough assessment of where I am in my career development, taking into account the skill sets I am still seeking to further develop.

  • 90%
    Security Defense
  • 85%
    Training & Awareness
  • 70%
    Security Compliance
  • 65%
    Technical Prowess
  • 75%
    Data Privacy
  • 40%
    Forensics
Resume

More of my credentials.

Work Experience

FinTech

2018 - Present

Director, Security & Compliance (current)

Design and execute a security/compliance roadmap with NIST, FFIEC, SOC-1 and SOC-2 controls for the entire organization. Partnering with Engineering and IT to expand security programs such as penetration testing, bug bounty, and vulnerability scanning to scale. Working with sales on scaling internal SOC-2 program. Leading Incident Response and Security policy programs.

SaaS Startup

2015 - 2018

Corporate IT Security Manager

Responsible for development and execution of IT security strategy initiatives. Leveraging CIS Top 20 Critical Security controls to isolate high-profile security risks and design/execute security strategies to mitigate. Developing/executing corporate security training. Driving Security risk assessments across IT & Infrastructure and developing program strategies to address key risk areas and vulnerable environments.

IT Compliance Manager

Built and Managed a team of four in the development and execution of compliance strategy initiatives. Drove initial assessments of compliance/audit impact from Public Offering state. Developed and Maintained the IT components of annual SOX assessments (policy/process ownership and collection, organization, and distribution of audit material). Reduced budgetary costs by 20% by developing reliance strategies and streamlining internal/external audit processes.

Banking

2011 - 2015

Senior Information Security Analyst

Responsible for driving Security/Data Privacy and Regulatory compliance across IT programs. Developed and supported ongoing security risk reduction strategies through organizational procedural changes.

Banking

2007 - 2011

Information Security Analyst

Responsible for driving operational security for Citi North America, with a focus on managing operating system vulnerabilities across 200,000+ systems. Reduced IT risk by nearly 90% by streamlining patch management efforts and coordinating processes among system owners.


Certifications

CISSP

2011

Certified Information Systems Security Professional

GCCC

2017

Critical Security Controls Certification

GLEG

2013

Law of Data Security & Investigations

CIPP

2013

Certified Information Privacy Professional (Foundational)

GSLC

2014

Cyber Security Leadership


Security Classes & Training

SANS Institute

2017

SEC501: Enterprise Security Defender

SANS Institute

2017

SEC433: Building Cyber Security Awareness Programs

SANS Institute

2017

MGT514: IT Security Strategic Planning, Policy, and Leadership

SANS Institute

2016

SEC566: Implementing & Auditing Critical Security Controls

SANS Institute

2015

AUD507: Auditing & Monitoring Networks & Systems

SANS Institute

2014

FOR408: Windows Forensic Analysis

SANS Institute

2013

MGT512: Security Leadership Essentials For Managers

IAPP

2013

CIPP: Privacy Professional Training & Certification Class

SANS Institute

2012

LEG523: Law of Data Security & Investigations


Education

Bachelor's Degree

Graduated 2005

Syracuse University


Where to find me

San Francisco, CA
New York, NY

Email Me At

[email protected]

Call Me At

Phone: [redacted due to spam]