Transcription
9-OMOTION:July 21, 2020Regular MeetingRes. No. 20-SECOND:RE:APPOINT – DARRELL MUNEER A. BAIG – POTOMAC AND RAPPAHANNOCKTRANSPORTATION DISTRICT COMMISSIONACTION:WHEREAS, a vacancy exists for an Alternate At-Large Representative to thePotomac and Rappahannock Transportation District Commission; andWHEREAS, the Board of County Supervisors desires to appoint Muneer A. Baig asan Alternate At-Large Representative to the Potomac and Rappahannock Transportation DistrictCommission;NOW, THEREFORE, BE IT RESOLVED that the Prince William Board of CountySupervisors hereby appoints Muneer A. Baig as an Alternate At-Large Representative to thePotomac and Rappahannock Transportation District Commission.NAMEMuneer A. Baig6925 Cole Timothy CourtManassas, VA sent from Vote:Absent from Meeting:For Information:AppointeePotomac and Rappahannock Transportation Commission (PRTC) LiaisonBCC ManualATTEST:Clerk to the Board
MUNEER A. BAIG,6925 Cole Timothy CourtManassas, VA 20112CISSP, CISM, CRISC, CPEng, ITIL, C CISO, ISO 27001 LA/ Trainer, ISO 28000 la, ISO 17025 LA OverviewAn industry-recognized dynamic technology professional and visionary I have over 28 years of experiencein developing, implementing and managing Information Technology and Information Security programs.I served in several positions of responsibility focused on helping C-level executives analyze their currentorganizational information security and privacy programs. I led the evaluation, development, andimplementation of strategic security and technology initiatives across large and small enterprises. Isupported organizational transformation through mergers and acquisitions of new and evolvingventures. My goal is to ensure the continued security of the organization’s information assets, increasedresilience to cyber threats and maintain compliance with applicable laws and industry regulations.As a leader, with the ability to multi-task and successfully interact with a wide range of personalities atall levels of the organization, I am instrumental in building partnerships across business groups. As anadvisor on IT Strategy, Cyber-Security, Risk Management, Governance, and Regulatory Compliance, Ihave enabled the transformation of organizations into high performing, secure and resilient enterprises.Boards and Councils Member Board of Director George Mason University SciTech Campus Advisory BoardChairman Prince William Chamber of Commerce Technology and Security CouncilVice-Chair American Public Transportation Association Cyber Security Communications andControls working groupMember American Public Transportation Association Enterprise Cyber Security working groupCommonwealth of Virginia Cyber Security Initiative – Northern Virginia Node MemberMember of Prince William County Schools Career and Technology Education BoardMember of NVRC Cyber Training & Education Roadmap Steering CommitteeServed as Board Member ISC2 Quantico ChapterServed as Member of ISACA National Chapter.Certifications Certified Data Protection OfficerCertified Lead Auditor/Trainer ISO/IEC 27001/28000/17025ISO 27032 - Cyber Security Audit ManagerCISSP (Certified Information Systems Security Professional) # 49510CRISC (Certified in Risk and Information Security Controls) # 1002137C CISO (EC Council Certified Chief Information Security Officer)CISM (Certified Information Security Manager) # 0808838ITIL (Information Technology Information Library)Education BA in Business Administration, 1991 - the University of Kashmir, India University of Virginia,Political leaders Program - Sorensen Institute for Political Leadership 2006Candidates Training Program - Sorensen Institute for Political Leadership 2009Boston University – Small Business Entrepreneurship and Entrepreneurial Management 2013Frameworks & StandardsISO 27001, ISO 27005, ISO 31000, ISO 22301, ISO 17025, ISO 27032, ISO 20000, ISO 28000, PCI DSS, HIPAA,GDPR, NIST, FISMA, FedRAMP, COBIT, FERPA, ITILMuneer Baig ProfilePage 1 of 4Manassas Virginia 20112 USA (202) 800-6041 muneer.baig@sysusa.com
MUNEER A. BAIG,CISSP, CISM, CRISC, CPEng, ITIL, C CISO, ISO 27001 LA/ Trainer, ISO 28000 la, ISO 17025 LA Professional ExperienceSYSUSA Inc. Manassas, Virginia October 11 – PresentFounder & CEOUtilizing over 25 years of experience in the field of Information Technology and Information Securityoperations I serve as a trusted and strategic information security risk management and complianceadvisor to the leadership in the Technology, Healthcare, Education, Government, Transportation,Telecommunication, Cloud Services, Financial, Hospitality, Not-for-Profit, Software, and Utility industries.Responsibilities:As a member of the leadership team I am responsible for: Manage a team of network engineers, network administrators, IT support personnel, securityanalysts, security assessors, auditors, and business development managers. Develop risk management strategies for identification, evaluation, remediation, and monitoring oforganizational risks based on industry standards and best practices. Development of organizational information technology & security plan with an implementationstrategy. Execution of audit/assessment for clients across the diverse group of industries, based on industryspecific laws, regulations or industry standards, such as; PCI DSS, HIPAA, EUMC, FISMA, FedRAMP,ISO 27000 series, ISO 22301, ISO 31000, ISO 28000, NIST Special Publications, FIPS, etc. Support organizational vulnerability assessments and penetration testing. Lead IV&V efforts to help organizations assess their development compliance lifecycle. Manage end to end successful delivery of infrastructure and information security services to clientsin the public, private and government sectors with a strong emphasis on time, budget and quality. Organize, manage and deliver ISO-based training and certification courses.Projects Delivered VERIZON – evaluation of the current security strategies and programs across multiple business unitsto develop a strategic enterprise level security management program that enables collaboration andcoordination across the organization. USDOL- BLS – Architect, Plan and Implement ServiceNow to increase operational efficiency andcontinuous monitoring of systems and applications. BARRY WEHMILLER - Lead the Global controls assessment based on ISO 27001, ISO 27002, GDPR toidentify the gaps in the organization information security and privacy program and provide astrategic roadmap for achieving compliance and reducing risk. UHS - Manage the project team for designing, configuring, implementing, testing and migration thecurrent VPN connections Cisco ASA MCKESSON - Project lead migration of 500 VPN endpoints connecting various health services providersfrom Cisco FWSM to ASA, including developing the design, configuration, implementation, testingand knowledge transfer. MCKESSON - Cloud Application Migration, assess the environment based on NIST 800-171, HIPAA andPCI Security on the environment and develop remediation strategies to ensure compliance. ENERGIZER BATTERIES - Lead the ISMS assessment and gap analysis based on NIST 800-53, ISO 27002and ISO 27001 to understand the current state of security maturity and ability for organization togain ISO 27001 certification.Muneer Baig ProfilePage 2 of 4Manassas Virginia 20112 USA (202) 800-6041 muneer.baig@sysusa.com
MUNEER A. BAIG,CISSP, CISM, CRISC, CPEng, ITIL, C CISO, ISO 27001 LA/ Trainer, ISO 28000 la, ISO 17025 LA UMB - Lead PCI DSS compliance for a large organizational transformation project that includedsupporting the redesign of the environment to ensure compliance with PCI DSS. BAXTER LABS - Lead the Global controls assessment based on ISO 27001 Annex A to identify the gapsin the organization security and risk management program in accordance with the ISO 27001requirements. IRON MOUNTAIN - Lead the assessment of the organization in accordance with FISMA requirements tocomply with federal agency mandate and developed the complete package, including all documentsand artifacts, to obtain an Authority to Operate (ATO) MARYLAND PORT AUTHORITY - Assessment of current and 5-year IT and security needs to support thedevelopment of an IT and Security 5-year strategic roadmap SPACE PARTNERSHIP INTERNATIONAL - IT Infrastructure Management & Support MARYLAND DEPARTMENT OF REHABILITATION SERVICES (DORS) - Installation and Configuration of Cisconetwork hardware at 20 sites across the state FREDDIE MAC - Assessment of security risks across the loan application environment based on NIST800-53 and OWASP DEPARTMENT OF LABOR (OIG) – Oracle application FISMA Audit (ATO) based on NIST 800-53 Rev 4 SAUDI ARABIAN INSURANCE COMPANY - Assessment of Information Security Program based on ISO 27002and SAMA regulations. PEPCO HOLDINGS INC. - Smart Grid Security Assessment based on NIST IR 7628, evaluation of theAutomatic Metering Infrastructure (AMI) for potential cyber threats. MICROSOFT CORPORATION - Vendor Security & Privacy Assessments based on ISO 27002, PCI-DSS,HIPAA, NIST, Internal Security Policies and Industry best practices and Standards. Organizationsassessed included: GUCCI AMERICA - Responsible for conducting Supply Chain Audits based on ISO 28000 for GUCCIAmericas. CARROLL COUNTY HOSPITAL - PCI DSS v2.0 Security Controls Assessment. PRINCE WILLIAM COUNTY - Cyber-Security Readiness Assessment and Evaluation based on Industrystandards and best practices based on NIST and ISO guidelines PROFESSIONAL AND SCIENTIFIC ASSOCIATES INC. - FISMA (NIST 800-53) Controls assessment to meetcontractual obligation for a government contractPrince William County Board of Supervisors April 2019- November 2019Candidate for ChairmanParticipated as an Independent candidate in the 2019 Prince William County Board of Supervisors electionfor the position of chairman. Campaign platform was based on a Vision of “One Prince William” – Acommunity where people can come together to Live, Work, Retire and Enjoy.I was able to develop a strategic plan with a clear vision of the future of the county with clearly definedgoals and objectives to achieve the vision. I was able to get 5.6% of the vote in the general election.Namtra Business Solutions Inc., Reston, Virginia: January 11- October 11VP of Infrastructure & Security ServicesMuneer Baig ProfilePage 3 of 4Manassas Virginia 20112 USA (202) 800-6041 muneer.baig@sysusa.com
MUNEER A. BAIG,CISSP, CISM, CRISC, CPEng, ITIL, C CISO, ISO 27001 LA/ Trainer, ISO 28000 la, ISO 17025 LA Utilizing 21 years of experience in the field of Information Technology and Information Security operationsI was responsible for the development, marketing and delivery of Infrastructure and Security consultingservices to Private, Public and Government agencies.Responsibilities:Member of the leadership team - responsible for managing the successful delivery of Infrastructure andInformation Security services to the public and private sectors. Manage the delivery of infrastructure and information security services in the public and privatesectors. Manage and allocate resources to projects and ensure the adequacy of skills and evaluate trainingand development needs for team members. Supervise business development strategies for new and emerging markets. Support marketing campaigns and service collateral development. Develop an annual budget Conducted lessons learned briefings with project team members and managers to improve projectdelivery methodologies, increased efficiency in service delivery, enhanced performance, reducedcost and maintained a high quality of service delivery and customer satisfaction.Microsoft Corporation, Redmond, Washington: January 07- January 11Information Security Assessment Service ManagerDevelopment and management of enterprise information security assessment/audit program based onmultiple frameworks. The focus of the program was to identify high-risk areas across Microsoft. Our goalwas to assess information security management practices across business groups, vendors and thirdparties to ensure confidentiality, integrity, and availability of Microsoft’s information assets. Theprogram also included a training program, based on ISO 27002, for developing a team assessors/auditorglobally to assess Microsoft business groups, vendors, and partners in their regions.Responsibilities: Ensured security and privacy of Microsoft’s information managed by internal business groups,vendors, clients, partners and third parties globally. This included: Developed an information security assessment program based on ISO 27001/27002 to assess therisk to Microsoft’s Information assets globally. Execute security and privacy assessments of Microsoft businesses, partners and vendors globally. Manage Information Security Assessment Services (ISAS) team/projects worldwide. Work with M & A team to develop strategies for onboarding companies acquired by Microsoft. Develop a technology plan for newly acquired companies to ensure their continued security andprotect Microsoft from any threats and weaknesses in their environments. Develop training to train security professionals in performing security assessments based on ISO. Certify assessors globally to perform assessments of business groups, vendors, partners, etc. andensure the adequacy of resources globally. Managed certification of vendor compliance with established policies and standards globally. Engaged with internal audits to assess various business groups and function to identify and reducerisk to Microsoft and its customer information across the eco-system. Engaged with the supply chain to assess Microsoft suppliers based. Society for Human Resource Management, Alexandria, Virginia: May 1999– July 2006 NextGen Technology Consultants Inc., New York, New York: November 1998 – May 1999 General Telecom Inc., New York, New York: February 1998 to October 1998US CITIZENMuneer Baig ProfilePage 4 of 4Manassas Virginia 20112 USA (202) 800-6041 muneer.baig@sysusa.com
ACTION: WHEREAS, a vacancy exists for an Alternate At-Large Representative to the Potomac and Rappahannock Transportation District Commission; and . WHEREAS, the Board of County Supervisors desires to appoint Muneer A. Baig as an Alternate At -Large Representative to the Potomac and Rappahannock Transportation District Commission;
