Martin G Nystrom

Manages global engineering team for Cisco's Computer Security Incident Response Team (CSIRT). Leads solution development for detecting and investigating security incidents across Cisco's corporate network, hosted solutions, and new ventures. Provides guidance for incident response and security initiatives, both to Cisco staff and executive customers.

• Experience managing teams in multiple remote theaters
  

• Expertise in information security, particularly incident response, investigations, Advanced Persistent Threats (APT), monitoring, application and database security
  

• Skilled in security consulting, auditing, policy-writing, and system hardening
  

• Experience guiding large projects toward secure implementations in a variety of languages and environments
  

• High-energy speaker, guest lecturer at several universities, conferences, executive briefings
  

• Highly-developed communication skills requiring the ability to rapidly understand business needs
  

• Productive in high stress and fast-paced environments, requiring skills in problem solving and coordination

Manage 12 member global engineering team, chartered to build cutting-edge solutions for network security, Data Loss Prevention (DLP), Advanced Persistent Threat (APT) detection, forensic investigation, and rapid mitigation.

• Delivered vast global security portfolio including Splunk, Lancope StealthWatch + NetFlow collection, FireEye, Cisco WSA, Cisco IPS, Nagios, Symantec DLP suite, and custom DNS collection
  

• Built 24x7 support staff for portfolio, raising availability to near 100% uptime with no data gaps
  

• Partnered with Cisco product BU's to pilot innovative security solutions for enterprise readiness: WSA, ISE, IPS, and embedded solutions.
  

• Responsible for staff in USA, EMEA, and APAC; raised performance to enable strong teamwork and contributions from each engineer.
  

• Introduced tools for effective global collaboration using HD video, wikis

Manage security operations team, 19-person global staff conducting 24x7 security monitoring, operations, and routine investigations for Cisco's network

• Developed scheduling and workload distribution to provide 24x7 monitoring
  

• Negotiated, developed, and managed $750,000 portfolio of monitoring engagements for internal clients
  

• Coached staff to new areas of responsibility and aptitude, enabling senior engineers to take on larger projects
  

• Motivated team with creative rewards and growth, maintaining 0% attrition over 2 years
  

• Drove improvements using Capability Maturity Model (CMM) by improving quality assurance, engagement clarity
  

• Assured security in Cisco cloud services initiatives (TelePresence as a service) by providing risk-based monitoring and response (team recognized with "Collaboration Across Cisco" award)
  

• Continuously operationalized detection and response infrastructure for new acquisitions, data centers, and PoPs
  

• Investigated, mitigated, and provided subject-matter expertise for dozens of security incidents
  

• Lead and drove improvements to information security monitoring and incident response
  

• Developed strategy for broader team, ensuring project portfolio alignment with strategic objectives
  

• Conducted global threat summit with diverse IT staff, drove projects to mitigate identified threats
  

• Tested and drove improvements to Cisco products (CS-MARS, CS-IPS, others) by regularly engaging engineering/marketing based on deployment experience
  

• Developed standardized incident response handbook for global investigative staff, coordinated input and approval across HR, Legal, and internal auditors
  

• Selected to attend Cisco Technical Leader development program, 2008

Provided security direction for Cisco projects. Specializing in web security, consulted with IT project teams to provide secure architecture for large projects. Wrote policy and standards documents to address secure programming and deployment.

• Developed web auditing/remediation team to address web security vulnerabilities.
  

• Served as architect for web services security
  

Developed database security strategy

• Delivered a series of "Nerd Lunch" presentations to security staff on database, web services, and web security
  

• Authored work for O'Reilly Media - SQL Injection Defenses
  

• Developed and delivered Secure Web Programming in Java course for global development staff
  

• Provided on-call incident response support: troubleshot high impact incidents, deployed firewall changes, investigated security incidents

Provided technical direction to team of engineers. Acted as consultant to business clients in exploring concepts for new applications. Provided architectural guidance to Sales IT Architecture Team. Sized and delivered tool enhancements and integration efforts. Develop ed and articulated technical vision. Mentored engineers through coaching, training, and guiding through technical challenges. Delivered series of presentations to e-commerce staff on internationalization, queuing, and b2b data exchange via XML.

Developed Partner Business Central - a portal into e-channels applications that allow Cisco partners to select, compare, and configure Cisco products, then interact with Cisco distributors for pricing, availability, and ordering. Product built in Java, using XML/XSL, CORBA, and Oracle, allows data exchange with business partners using XML over HTTP. Enabled RosettaNet integration for standardized message exchange with Cisco business partners.

Architected, developed, and implemented distributed system for sample preparation, management, and distribution. Implemented development architecture; pioneered use of object technology for Sphinx. Hired and mentored staff in use of new development technique and language. Selected and implemented framework of reusable objects and patterns for software development, saving over a year of development time. Developed core object model and components for project teams. Implemented high-availability application infrastructure by deploying software to multiple servers, scripting all deployments, and implementing SOPs. New system reduced set plating time from 13 weeks to 5 days, and enabled preparation of 8 million samples in first year.

In role as application architect for Lilly Research Laboratories division, articulated guidelines, languages, tools for software development. Mentored developers in use of new technology (object-oriented design and programming). Selected contractors for projects. Established training plans for staff. Conducted proof-of-concept testing on various technologies (Java stored procedures, iPlanet, O/R frameworks, etc.). Helped developers launch projects by participating in first development cycles. Developed and published software development strategy for Lilly Research Laboratories worldwide. Delivered a series of global seminars on such topics as XML, Java & Oracle, Java with MQSeries, Java for web servers, getting started with Java, and EJBs. Architected, developed first phase of global compound registration system.
Developed and implemented Linea - a web-based spectroscopy data system. Built using Java and iterative development techniques. First version to production in only 60 days. System used for enhancing candidate lead optimization, stored over 20,000 spectra in just 4 months.

Developed system for global help desk and support. Created and deployed first client/server system using Remedy ARS toolkit on Sun Solaris servers with Oracle 6. Developed custom interfaces to e-mail and paging applications. Deployed global IT Service Management System (Remedy) to more than 800 users, ennabled a unified support organization to provide centralized support for all 32,000 employees.
Administered InfoSys - a MVS/TSO based problem tracking application. Developed policies and procedures for enterprise-wide problem tracking and change management. Developed system to enable new enterprise-wide processes. Developed interface to electronic mail system. Integrated system with VM and electronic forms.

Wrote reports to allow senior management to measure compliance with workforce diversity goals. Used PL/I with DB2, tuned and refined program and database performance.

Developed PL/I programs with IMS to control manufacturing of mainframe production lines.

Architecting Solutions for Security Investigations and Monitoring
Cisco Live Conference, June 2012

Deconstructing the Breach
RSA Conference, February 2012

Defending Fragile Applications
OWASP Ireland, September 2010

Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks
(co-author), O'Reilly Media, February 2009
Required reading for Network Forensic Analysis course at Boston University (2010)

SQL Injection Defenses
O'Reilly Media, March 2007

Cisco Networkers
Inside the Perimeter: Six Steps to Improve Your Security Monitoring, 2007, 2008, 2009, 2010

Forum for Incident Response Security Teams (FIRST) Annual Conference
Missing Clues: How to Prevent Critical Gaps in Your Security Monitoring, 2007, 2009

OreDev Developer Conference
invited speaker, Nine Ways to Hack a Java Web Application, 2006

Collaboration Across Cisco Award, 2010
_for teamwork in securing infrastructure for

Cisco's TelePresence offering during COP15_
Global Technical Leader Program, 2009
participants selected as high performers

Outstanding Customer Support Award, 2009
for customer feedback in executive briefing program (EBC)

JavaOne Rock Star Wall of Fame
for attendance and feedback at "9 Ways to Hack a Java Web Application" presentation, 2005

Certified Information Systems Security Professional (CISSP)
specialization: Information Systems Security Architecture Professional (ISSAP)

Cisco Certified Network Associate (CCNA)