Mandy Huth, CISSP
Details
Bachelor of Arts, Spanish | Xavier University
CERTIFICATIONS (past and present)
Boardroom Certified Qualified Technology Expert (QTE)
Certified Information Systems Security Professional (CISSP)
Certified Information Privacy Technologist (CIPT)
AWS Certified Cloud Practitioner (in progress)
SANS GIAC Security Leadership (GSLC)
Human Factors International (HFI) Certified Usability Practitioner
A $9B global manufacturer of (smart) kitchen and bath products, (connected) energy products, and hospitality services.
Global Chief Information Security Officer (VP - Cybersecurity), Privacy Center of Excellence, Digital Workplace, Divisional CIO - Hospitality
Cross functional role to secure Kohler’s digital transformation using industry frameworks and best practices. Focused on creating a trusted ecosystem, increasing associate productivity, and accelerating delivery of business value drivers. Managed a cybersecurity team of 50+ to develop and execute strategic risk reduction projects, ensure secure architecture of technology and products, run secure operations, and ensure compliance through supplier management and regulatory alignment. Managed a $10MM operating budget and a multi-million-dollar strategic budget.
Executed a 5 year road map to modernize security practices for IAM (22k identities), Micro-segmentation, DLP (millions of data files monthly), Vendor Risk Management (>3,000 vendors), Pen Testing (>100 apps), and EDR (millions of weekly signals), leading to enhanced visibility and more proactive, risk based response to ecosystem security.
Developed Privacy Center of Excellence, ensuring compliance to all applicable privacy regulations relevant to our data ecosystem and a secure and private design in business applications and data usage globally. Spearheaded GDPR, PCI-DSS compliance, creating credibility with external auditors and with consumers.
Led creation of DevSecOps process for cloud connected Smart products, resulting in improved early design gating and improved security of release to production process for Web DevOps teams.
Built AppSec teams for Digital/Web, Data & Analytics, and IoT engineering teams. Included application security process development focused on API management, SAST/DAST (Checkmarx), WAF (Akamai), access control and penetration testing, yielding lower risk deployments and more secure maintenance status for the platform teams.
Partnered with Enterprise Architecture to build cloud security architecture for Microsoft Azure, enabling faster, more secure build times and outcomes and allowing accelerated platform delivery for digital, web, and data product teams.
Partnered with business operations to recommend and deliver transformational technology to Kohler guests and associates. Reviewed agile practice start up processes to enable product teams, precipitating accelerated delivery of results for the business.
Partnered with privacy, legal, and business teams to build out an AI framework for enterprise integration. Propelled preliminary Data & Analytics machine learning (ML) models for security and privacy integrity. This resulted in LLMs that had been checked for bias, hallucinations, and an incident response plan specific to AI.
Presented risk profile and maturity capability to Board of Directors and Senior Executive Leadership.
Executed CIS Control Improvement of +5-8 points YoY. Designed and implemented standardized frameworks and controls for security operations. Standardized enterprise reference architectures. Accomplished audited reliance of our IT General Controls for financial systems.
Served as Executive sponsor of DE&I business resource group(s) and partner programs with the Milwaukee Urban League and Stillman College (AL).
Skills
Security Domains| Cloud (AWS, Azure) | DevSecOps | MLSecOps | Agile | AI security | Security Automation | Containers | Pen testing | Secure Web Gateway | EDR | SIEM | IAM | IDS, IPS
Strategy & Operations (Secure Design) | Security Frameworks | Risk Management |
Privacy Regulation| Incident Response| OWASP Top 10 | Data Security |Supplier Risk Management | M&A Integration | IoT | Industrial Control Systems (ICS) | Board Presentation
Business Enablement (Value Creation) | Technology Enablement Roadmap | Operations Efficiency & Resilience | Innovation | Application Security | PCI Compliance | Data Integrity
About
CISO | PRIVACY | DIGITAL WORKPLACE | DIVISIONAL CIO - HOSPITALITY
My superpower is inspiring people. Accountability is the foundation of my work.
TRANSFORMATIONAL, HIGH-IMPACT Security and Privacy leader with business partnership experience, having worked in industries spanning software, consumer goods, and manufacturing. Strategic thinker with passion to execute. Builds and leads high performing and goal focused teams and programs, adapting to changing environments. Forms strong and authentic relationships across the business. Transforms and optimizes processes; matures security mindsets; and creates a culture of balancing secure technology with business enablement and acceleration. Public speaker and LinkedIn Learning instructor with over 400k global learners. Dedicated to helping make a difference in the world and the challenge of driving strategy, changing culture and influencing relationships.