Erik Avakian, CISSP, CRISC, CISA, CISM, CGCIO, ITILv3
Details
• Establishes and implements the security strategy, technical standards and security policies across the commonwealth.
• Manages and directed all aspects of operations and efforts for the commonwealth's information security and incident response teams
• Serves as a central focal point for coordination and communication among Commonwealth agency security officers and with external entities
• Prevents and defends against cyber attacks, reduces the commonwealth’s vulnerability to cyber attacks, minimizes damage and recovery time from attacks, and neutralizes remaining threats.
• Remains abreast of the current security threat landscape and security best practices
• Participates in security information sharing with entities such as the Multi State Information Sharing and Analysis Center, the Department of Homeland Security, the United States Computer Emergency Readiness Team, local government communities and municipalities.
• Handles cyber incident response and mitigation throughout the Commonwealth
• Ensures compliance monitoring and management over a multitude of enterprise security architectures to maintain and fortify the commonwealth's multi-layered security posture.
• Routinely validates the security of the Commonwealth resources by performing regular network penetration tests, conducting ongoing risk assessments, conducting and participating in cyber exercises, provide ongoing reporting for compliance initiatives and perform risk assessment and analysis
Deputy Chief Information Security Officer, Commonwealth of Pennsylvania, 2007-2010
Security Consultant, Commonwealth of Pennsylvania, 2005-2006
Security Administration / Architecture / Policy / Incident Response
Network Engineer, Getronics, 2005-2005
Network Engineer, Net Runners, 2004-2005
Skills
administration, Application Security, Business Continuity, CISA, CISM, cissp, Compliance, Computer Forensics, computer security, Customer Service , Cyber Defense, Cyber Security, Data Privacy, Encryption, Enterprise Architecture, Enterprise Risk Management, Firewalls, Governance, Government, incident handling, Incident Management, incident response, Information Assurance, Information Security, Information Security Management, Information Technology, IT Audit, ITIL, it management, IT Service Management, IT Strategy, leadership, Management, Network Security, PCI DSS, Physical Security, Policy, Privacy Law, program management, Project Management, Risk Assessment, Risk Management, Risk Mitigation, Security, Security Audits, Security Awareness, Security Policy, strategic planning, Vulnerability Assessment, Vulnerability Management, Penetration Testing, Enterprise Risk
About
A Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified Government Chief Information Officer (CGCIO) with over 20 years experience in implementing large scale enterprise deployments and security services and solutions for large scale Fortune 100 sized environments.
Certifications
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Government Chief Information Officer (CGCIO)
ITIL V3 Foundations in IT Service Management
Honors Awards and Recognition
2022 Recognition from PA Governor Tom Wolf for 16 Years of Outstanding Public Service
2022 Recognition from MS-ISAC for 8 Years of Distinguished Service, Loyalty and Dedication
2020 Finalist: NASCIO Award for Cybersecurity Risk Indicators
2019 GovTech Top 25 Doer, Dreamer & Driver Award
2018 StateScoop Top 50 in Cybersecurity Award
2017 Winner: NASCIO award for Risk Based Multi-Factor Authentication
2017 Winner: NASCIO Thomas M. Jarrett Cybersecurity Scholarship Award
2017 Recognition from PA Governor Tom Wolf for Outstanding Achievement in Security
2015 GovTech Top 10 Influencers in Government Award
2015 Finalist: NASCIO Award for Advanced Cyber Analytics
2014 Winner: 2014 Cybersecurity Leadership and Innovation Awards for Protecting Citizen Data
2013 Finalist: NASCIO Award for Managed Enterprise Internet and Security Services
2013 Finalist: NASCIO Award: Managed Enterprise Internet and Security Services
2011 Winner: GovTech Award: Outstanding Leadership and Innovation
2009 Winner: MS-ISAC Best of the Web: Cybersecurity.state.pa.us
2009 Winner: ISE Project of the Year: Safeguarding Citizen Data
2009 Finalist: NASCIO Award: PA Security Incident Response Process
2008 Winner: OA/OIT: Employee of the month for outstanding service
2008 Winner: SC Magazine: Best Security Team of the Year
2007 Winner: NASCIO Award: Pennsylvania Information Security Architecture
Specialties: Leadership, Security Governance, Strategy, Risk Management, Compliance, Assessment, Data Protection, Team Building, IT Policy, Incident Management, Response, Metrics, Enterprise Architecture, Auditing, Monitoring, Financial Management, Budgeting, Project Management, Training, Mentoring, Financial Analysis, Contract Negotiations, Process Improvement, Procurement, Change Management, Physical Security