Carl Carpenter

Honor. Integrity. Respect. Excellence. Honesty. These are the words I live by. I love collaboration and success!!

ADVISOR BIOGRAPHY

While I primarily am involved in information security and privacy related matter, I am also a highly focused, mission-oriented person capable of handling any size project and viewing the "big picture" as well as developing others to excel better.  One area I am constantly considering is cost and how to improve margin or stretch the dollar.  I am far from being just a number in a sea of other numbers.  In my ideal world, I just need to know “what hill to take” and then given the green light to accomplish the mission.

Fully capable of holding simultaneous positions of equal importance such as CISO, CPO, DPO, or CCO.   Additionally, a fully certified and experienced Senior Network Engineer and Chief Information Security Officer (CISO) working for Fortune 100 companies, NASA, and various Federal or State Government Agencies.  Certifications include ISACA, ISO(PECB), PCI, Cisco, Microsoft, Novell, CompTIA, Sniffer, ITIL, and Citrix.  Client space include medical, financial, state government, federal government, energy, and aerospace.

Bachelors of Information Security - Western Governors University

Current and past certifications include:  PCI QSA, CISA, CISM, ISO27001 Senior Lead Auditor, ISO 27032 Senior Lead Cybersecurity Manager, CCNP, CCNA R&S, CCNA Security, MCSE, MCP+I, CNA, CCDA, Net+, Sec+, Linux+, A+, Project+, Cloud Essentials, CIOS, CLNP, CSIS, CSSS, SCP, ITILv3, CCA, iNet+, LPIC-1, SUSE CLA

CISSP, CEH Candidate

July 2016 - Present

Arrakis Consulting, LLC

Senior Security Consultant

  • Policy writer and reviewer for regulated or highly sensitive environments.
  • Active penetration tester involving compromising security for regulated environments including physical testing.
  • Evaluate all aspects of security for regulated environments.
  • Key leader in critical projects involving critical infrastructure clients.
  • Assessments and audits for PCI, HIPAA, ISO127001, GDPR, NIST, and CCPA.
  • Teach CCNA/CCNP bootcamps
  • Teach ISACA CISA, CISM bootcamps

July 2018 - Present

Confidential

Senior Security Consultant

  • Key leader in critical projects involving national security.
  • Evaluate all aspects of security for regulated environments.
  • Active penetration tester involving compromising security for regulated environments including physical testing.
  • Policy writer and reviewer for regulated or highly sensitive environments.
  • Assessments and audits for PCI, HIPAA, ISO27001, and NIST.

September 2015 - July 2018

OpenSky Corporation (a TÜV Rheinland company)

Regional Practice Manager (Security)

  • Policy writer and reviewer for regulated or highly sensitive environments.
  • Assessments and audits for FFIEC, HIPAA, ISO127001, GDPR, and NIST.
  • Evaluate all aspects of security for regulated environments.
  • Active penetration tester involving compromising security for regulated environments including physical testing.

December 2012 - August 2015

State of Arizona - Department of Economic Security

CISO

  • Responsible for all aspects of security for a $6B entity, 15K employees, 1.4M end users
  • Transformed a young and mismanaged team of eager individuals into a multi-tiered Information Security team.
  • Stopped largest case of data theft in history of the State of Arizona.
  • Reduced vulnerability count by 4000%
  • Increased vulnerability remediation by 1500%
  • Instrumental in passing numerous Federal and State audits.
  • Involved in numerous investigations of all types...including leading the team that investigated the Arizona "Not-Investigated" CPS scandal that resulted in the Arizona Governor creating an entirely separate CPS department.

I’m Available To Advise On The Following Subjects

Commercial Banking

Compliance

Network Security

Cyber-Security

Company or executive-specific business strategy

Business advice related to my role at my company

Feedback on my company’s product/service

Input and advice on a key project