Hello, World.

I'm David A. Scovetta

Cyber Security Information Security & IT Compliance

More About Me
About

Let me introduce myself.

Profile Picture

I'm an enthusiastic Bay Area-based information security guru. I dabble in all things security-related and have recently expanded my expertise into data privacy and digital forensics.

Profile

A little more information about me...

  • Fullname: David A. Scovetta
  • Job: Cyber Security, Information Security, Audit & Compliance
  • Website: www.hiredavid.com
  • Email: [email protected]

Skills

This is a rough assessment of where I am in my career development, taking into account the skill sets I am still seeking to further develop.

  • 90%
    Security Defense
  • 85%
    Training & Awareness
  • 70%
    Security Compliance
  • 65%
    Technical Prowess
  • 75%
    Data Privacy
  • 40%
    Forensics
Resume

More of my credentials.

Work Experience


SaaS Startup

2019 - Present

Senior Program Manager

• Reduce security/compliance risk by onboarding Okta for zero-trust modeling, streamlined access de-provisioning, and authentication profiling. Secure corporate endpoints with DISA/CIS benchmarks through Jamf policy design/management.
• Streamlined risk prioritization through unified risk management methodologies based on internal (SOC-2/PCI) and external (NIST, Open Threat Taxonomy, and Open Security Architecture) standards to identify, measure, and mitigate risk.

FinTech

2018 - 2019

Director, Security & Compliance

• Built and maintained security and SOC-2/PCI compliance programs, policies, budget, service portfolio, and technical roadmap for a 100+ employee series-C FinTech organization with a post-money valuation in the range of $500M.
• Established response methodologies for new business ventures focusing on security; facilitated two major banking partnerships.
• Improved business preparedness through development of continuity/response program and execution of $0-retainer IR agreement.

SaaS Startup

2015 - 2018

Corporate IT Security Manager

• Promoted and built/managed a team of 3 responsible for operation/execution of security and SOX/SOC-2 internal IT controls.
• Facilitated first SOX audit engagement and project planning following IPO with zero IT deficiencies in our first 10k filing.
• Planned and executed an internal audit reliance strategy that reduced audit overhead by 20% by negotiating reliance on internal audits with measured risk-rankings of internal controls against probability/impact of material misstatements.

Banking

2011 - 2015

Senior Information Security Analyst

• Mediated security and privacy gaps in vendor engagements and contractual negotiations; reduced risk in 25+ new proposals.
• Facilitated development of SIEM (ArcSight) architecture, rules, response runbooks. Investigated threat indicators with SOC.

Banking

2007 - 2011

Information Security Analyst

• Managed vulnerability remediation planning for 200,000 systems in North America; facilitated reduction to less than 1/10th of prior mandates by streamlining processes to identify, investigate, and escalate issues in the critical path of remediation.


Certifications

CISSP

2011

Certified Information Systems Security Professional

GCCC

2017

Critical Security Controls Certification

GLEG

2013

Law of Data Security & Investigations

CIPP

2013

Certified Information Privacy Professional (Foundational)

GSLC

2014

Cyber Security Leadership


Security Classes & Training

SANS Institute

2017

SEC501: Enterprise Security Defender

SANS Institute

2017

SEC433: Building Cyber Security Awareness Programs

SANS Institute

2017

MGT514: IT Security Strategic Planning, Policy, and Leadership

SANS Institute

2016

SEC566: Implementing & Auditing Critical Security Controls

SANS Institute

2015

AUD507: Auditing & Monitoring Networks & Systems

SANS Institute

2014

FOR408: Windows Forensic Analysis

SANS Institute

2013

MGT512: Security Leadership Essentials For Managers

IAPP

2013

CIPP: Privacy Professional Training & Certification Class

SANS Institute

2012

LEG523: Law of Data Security & Investigations

M.S., Cybersecurity

Project to graduate 2022

New York University

Bachelor of Arts

Graduated 2007

Syracuse University

Where to find me

San Francisco, CA
New York, NY

Email Me At

[email protected]

Call Me At

Phone: [redacted due to spam]