Dr. Marcelo Peredo

Experience – Expanded Version

Simple Version
Expanded Version
Detailed Version
  • Global CISO
    • Advanced AI/Digital Transformations
    • Oct 2024 – Present
    • Silicon Valley, California
      • Founded Artificial Intelligence / Cybersecurity startup in Silicon Valley.
      • Developed Strategic Plan.
      • Built strong partnerships for service delivery.
      • Developed short, medium, and long-term goals.
  • Chief Information Security Officer
    • City of San José
    • Apr 2018 – Oct 2024
    • San Jose, California
      • Implemented a Cybersecurity Program from the ground up.
      • Matured the Cybersecurity Program year over year.
      • Won Digital Cities award two consecutive years 2020 and 2021.
      • Won the Cybersecurity of the year award in 2019.
      • Reviewed and validated architecture designs for hundreds of systems over the years.
      • Reviewed and validated all IT purchases.
      • Attended leadership academy program led by Colin Powel.
      • Presented at the Smart Cities CIO summit at Harvard University.
      • Co-Founded the Coalition of City CISOs with members across the country.
      • Implemented a fully functional Virtual Security Operations Center.
      • Led the largest City procurement effort with over 220 vendor solutions reviews.
      • Implemented and matured NISTS-CSF encompassing the entire portfolio of systems and networks (600+ systems)
      • Led the implementation of the city resiliency strategic plans encompassing Incident Response Plans, Disaster Recovery Plans, Business Impact Analysis, and Cyber Drills.
      •  Responsible for all aspects of Cybersecurity for all systems in all departments.
      • Full institutional knowledge of people, culture, business functions, and technical aspects of the IT systems across all departments.
      • Led IT presentations to large audiences with technical and non-technical backgrounds.
      • Managed ~$21M budget over 6 years.
  • Chief Information Security Officer
    • Hewlett Packard Enterprise / DXC Systems
    • May 2015 – Mar 2017
    • San Diego, California
      • Worked every aspect of the IT Security RFP Response for County of San Diego
      • Secured over 400 systems that include core business supporting Finance, Accounting, HR/Payroll/Benefits, Business Intelligence and Mobile.  Additionally, my expertise/knowledge in Mobile devices is further supported by Doctoral dissertation efforts focusing in Mobile Device Management.  
      • Responsible for strategic leadership of County of San Diego security program.
      • Responsible for the creation and maintenance of the IT Security Roadmap and execution
      • Reported security posture and strategic security plan to San Diego County CIO on a monthly basis.
      • IT Security Policies and procedures development and upkeep.
      • Implemented risk management practices based on current risk factors and needs.
      • Implementation of a NIST based Risk Management Framework for compliance.
      • Developed dashboard capabilities based on NIST standards.
      • Oversight of all aspects of IT Security.
      • Provided strategic risk guidance to DXC team as well as to County CISO.
      • Developed and implemented Risk Assessment methodology.
      • Reported and maintained an IT Security Maturity model.
      • Continuous process improvements across all aspects of the security program.
      • Provided NIST based guidance on all aspects of the security program.
      • Instrumental in the delivery and implementation of a custom Governance Risk and Compliance tool.
      • Developed the County of San Diego Risk Management guide.
      • Developed all artifacts for the County of San Diego Risk Management Guide.
      • Provided training and guidance to security staff on RMF, NIST, and the County of San Diego implementation.
      • Developed and maintained an Enterprise wide Risk Register.
      • Responsible for compliance with HIPAA, CJIS, IRS, State of California, Privacy, and PCI rules and regulations.
      • Assembled and guided team of IT security experts
      • Created a strategic plan for the deployment of information security technologies and program enhancements
      • Ensured development of (and ensure compliance with) corporate security policies, standards and procedures
      • Integrated IT systems development with security policies and information protection strategies
      • Collaborated with key stakeholders to establish an IT security risk management program
      • Audited existing systems and provided comprehensive risk assessments
      • Anticipated new security threats and stay-up-to-date with evolving infrastructures
      • Prioritized and allocate security resources correctly and efficiently in conjunction with Security Delivery Manager
      • Prepared financial forecasts for security operations and proper maintenance cover for security assets during proposal efforts
      • Worked with senior management to ensure IT security protection policies are being implemented, reviewed, maintained and governed effectively
      • Spearheaded education programs focused on user awareness and security compliance
  • Program Manager
    • Hewlett Packard Enterprise
    • Jul 2012 – April 2015
    • Washington D.C. Metro Area
      • Managed ISSO teams supporting a portfolio of all FBI field offices and Enterprise Systems. Ensured that all goals and objectives were met as well as provided technical advice, planning, staff management, and directing all aspects of the operations.
      • Secured over 600 systems that include core business supporting Finance, Accounting, HR/Payroll/Benefits, Business Intelligence and Mobile. 
      • System Discovery across Field Offices.  Created a central repository for all project data.
      • Established a collaborative approach for data sustainment of system collection process to include data manipulation, analysis, and reporting utilizing Web Services.
      • Performed Data Analytics for all IT related incidents and performed root cause analysis in a collaborative manner.
      • Supporting a program of 80+ people with several projects in all areas of security.
      • Day to day project management of multiple task orders with up to 19 individuals per task order.  Management and supervision of employees in all labor categories within the program.
      • Contract deliverables such as quarterly program reviews, monthly status reports, and weekly status reports.
      • Subject Matter Expertise in all areas of IT Security with emphasis on risk management, complex technical heterogeneous environments, problem solving, and customer service.  In depth knowledge of architectures, networks, and operations.
      • Created a SharePoint solution to track artifacts throughout the C&A lifecycle.  Solution included data migration from prior system as well as a custom reporting module with a dashboard.
      • Created, implemented, and maintained Quality Assurance plan to meet government quality standards.  Process entailed the maintenance of a Knowledge Management system providing a mechanism for continuous process improvement.
      • Provided direct oversight of Certification and Accreditation team managing Enterprise wide Security Document Deliverables such as SSP, IRP, CP, CPT, ST&E, STR, POA&Ms, ATOs, amongst other documents to include in the C&A Package.
      • Compliance with FISMA, NIST Guidance, ICD 503, and FBI Certification & Accreditation Handbook.
      • Implemented a reporting tool for the IT Solutions Division that enabled stakeholders to report status of systems, documents, artifacts, as well as project management risks, issues.  Solution is currently in use with a dashboard with several canned reports.
      • Security Policy Analysis and implementation throughout the field offices.  Analyzed ever evolving security requirements that impacted policy, helped implement policy changes, and provided analysis on effectiveness.
      • Participated in bringing systems into dynamic Continuous Monitoring utilizing a customized Governance Risk and Compliance tool (COTS). Supported the deployment throughout the pilot phases as well as the enterprise-wide deployment to include training.
      • Constant analysis of emerging threats and vulnerabilities impacting the field operations.
      • Conducted SA activities for several systems as ISSO, ISSR, and PM.
  • IT Associate
    • TEKsystems
    • Jul 2011 – Jul 2012
    • Washington D.C. Metro Area
      • Established an Enterprise Security Program consisting of several project areas such as Training, Incident Response, POA&M management, Vulnerability Management, Inventory Management, System Boundary Definition, System Categorization, Privacy Impact Assessments, Policy Review, Defining Procedures, Contingency Planning, Annual Assessments, and ISSO Support for all FISMA systems in the inventory.
      • Additional responsibilities include oversight of ISSO staff, FISMA audit support, C&A, onboarding and departure of staff.
  • IT Director
    • Dynamics Research Corporation / Kadix Systems
    • Feb 2006 – Jul 2011
    • Washington D.C. Metro Area
      • Conducted Inventory Site Visits to several agencies under DHS such as USCIS, USICE, USSS, OPS, ISO, and OHA.
      • Produced meeting reports as well as Annual Refresh yearly final reports for each agency in which Site Visits were conducted.
      • Developed versions 1.4, and 1.5 of the FISMA DB that tracked all DHS IT Systems.  Implemented the same versions in the Homeland Secure Data Network (HSDN).  This is the classified network under DHS.
      • Defined a process to perform DHS-Component inventory audits to validate and verify the current reported IT systems
      • Analyzed the “As Is” Inventory Management process and designed the “To Be” process utilizing existing tools and infrastructure at DHS.
      • Participated in building the Inventory Management team.  Conducted several interviews and identified suitable candidates for the team.
      • Systems Architect for FBI enterprise application solution using ASP.NET, Visual Basic.NET, SQL Server, and BizFlow.
      • Created technical documentation such as the COOP plan, Architecture Diagrams, Collaboration Diagrams, Transition State Diagrams, Class diagrams, Entity Relationship Diagrams, and Interface Prototype.
      • Managed the development team to the conclusion of the Foundation Module.  The foundation module included the framework of the Enterprise solution performing Access Control, Records Management, Encryption, Audit Trail, and Account Management.
  • Software Engineer
    • Audia Digital, Inc
    • Feb 2000 – Jan 2006
    • Washington D.C. Metro Area
      • Software Engineer,
      • Systems Analyst
      • Project Manager
      • Network Engineer
      • Database Developer
  • Software Engineer
    • American Federation of Teachers
    • 1995 – 2000
    • Washington D.C. Metro Area
      • Software Engineer,
      • Systems Analyst
      • Project Manager
      • Network Engineer
      • Database Developer