Career Summary
Strategic and results-driven Information Security Officer (ISO) with over 40 years of progressive leadership in information technology and cybersecurity across government, DoD, finance, healthcare, retail, managed services and manufacturing sectors.
Professional Overview
Background
Retired U.S. Army Staff Sergeant and former NASA Telecommunications Engineer with a strong foundation in secure communications and intelligence. Expert in cloud security architecture (AWS, Azure, GCP), threat detection, incident response, and modern security operations in agile and SAAS environments.
Certifications
Holds CISSP, CISM, and CRISC certifications along with numerous product certifications from industry leaders including Checkpoint, Okta, Ping Identity, Qualys, Cisco, Splunk, CrowdStrike, Cloudflare, and many others.
Approach
Adept at aligning cybersecurity strategies with business goals, reducing risk exposure, and driving innovation through AI and next-gen security technologies while maintaining regulatory compliance.
Signature Achievements
Security Services Program
Launched a comprehensive security services program integrating risk assessments for PCI-DSS, HIPAA, NERC-SIP, FedRAMP, and ISO-27001 regulations, driving $4.3M-$5.2M in managed service revenue and $6.8M in VAR sales.
Security Services Portfolio
Forged a security services portfolio encompassing managed firewall, networks, and content filtering, securing $2.3M-$2.8M in revenue from managed services.
Global IAM System
Forged a global Identity and Access Management (IAM) system for 36,000+ employees while establishing an Access Operations team of nine analysts, and personally mentored three junior analysts.
Global Security Infrastructure
Pioneered a global security infrastructure leveraging NIST-CSF and ISO 27001 standards during migration of five data centers and 6,000+ assets to hybrid cloud; realized $4M savings and 98% audit pass rate.
Core Competencies
Security Strategy
- AI Security Strategy (Zero trust, AI/ML, PAM)
- Cybersecurity Strategy Development
- Security Architecture Design
Compliance & Governance
- Regulatory Compliance (SOX, HIPAA, PCI, GDPR)
- Security Frameworks (ISO, NIST-CSF, NIST-RMF)
- Governance Risk & Compliance (GRC)
Leadership
- Strategic Leadership and Vision
- Executive Communication
- Cross-Functional Collaboration
Technical Expertise
- EDR/XDR Platforms
- Identity and Access Management
- Security Information & Event Management
Cozen O'Connor Legal Services (2024-2025)
Cybersecurity Enhancement
Assessed and enhanced existing cybersecurity policies, controls, and frameworks in accordance with industry standards such as NIST, ISO 27001, and HIPAA, ensuring compliance, and risk mitigation.
Third-Party Risk Management
Spearheaded the rollout of a third-party risk program encompassing 110+ vendors, decreasing potential supply chain vulnerabilities by 40% and aligning operations with NIST 800-161 standards.
Stakeholder Collaboration
Collaborated with legal, compliance, and IT stakeholders to develop and implement tailored security roadmaps, vendor assessments, and regulatory compliance strategies.
Security Metrics Development
Developed KPIs and other security metrics for ISO27001 certification and Information Security status reporting to the firm's IT steering committee and Data Privacy Council.
Choreograph / GroupM (2012-2023)
1
Global Cloud Infrastructure
Spearheaded the design, deployment, and management of global cloud infrastructure across AWS and Azure, ensuring 99.99% system uptime and scalability for enterprise-level applications supporting millions of users.
2
Security Operations Leadership
Directed cross-functional teams of security operations center, security engineers, DevSecOps specialists, and IT compliance to oversee the global security architecture for the cloud environments resulting in 99% security operational status.
3
Cloud Governance
Partnered with security and compliance teams to enforce enterprise cloud governance, resulting in a 40% reduction in cloud-related vulnerabilities and alignment with SOC 2 and ISO 27001 standards.
4
Cloud Migration
Led the migration of legacy platforms to modern cloud-native architectures, achieving a 50% improvement in application performance and a 25% reduction in operational costs.
Continuum Health Alliance (2016-2017)
1
Security Program Implementation
Developed and implemented a comprehensive enterprise-wide security program aligned with NIST 800-53, HITRUST, PCI-DSS, and HIPAA frameworks.
Risk Assessment
Led risk assessments and internal audits across all departments, identifying and mitigating 150+ high-priority vulnerabilities.
Security Protocol Design
Designed and enforced standardized security protocols organization-wide, ensuring full adherence to PCI-DSS, HIPAA/HITECH, and Medicare/Medicaid Payment System regulations.
Cybersecurity Posture
Strengthened organizational cybersecurity posture through proactive risk management, cross-functional collaboration, and continuous improvement.
Enterprise Trust Security, Inc. (2009-2012)
3
Strategic Leadership
Led comprehensive cybersecurity strategies, enhancing threat detection
MSSP Portfolio Development
Launched robust MSSP services driving $3.4M in annual recurring revenue
3
Risk Assessment
Conducted enterprise-wide assessments aligned with multiple frameworks
Strategic Partnerships
Served as VAR for major cybersecurity vendors enhancing client security
As Chief Security Officer & Security Strategist at one of the first managed security services companies on the East Coast, I was hired by the owner and CEO as a strategic advisor and head of Security both internally and for all clients, resolving 10+ critical security alerts weekly.
Cowen & Company / Societe Generale Bank (2006-2009)
2
Data Security During Divestiture
Orchestrated security separation of high-net-worth client data
2
Regulatory Compliance
Led efforts to comply with financial data security regulations
Cross-Functional Leadership
Spearheaded cybersecurity task force across departments
As Chief Security Officer & Security Strategist, I orchestrated the security separation of Cowen & Company's high-net-worth client data from Societe Générale's systems, impacting 1.2 million customer records with a 99.9% data integrity success rate during the divestiture. This complex project required establishing robust security strategies and incident response plans, ensuring zero data loss while maintaining full regulatory compliance.
Ogilvy & Mather Worldwide (2002-2005)
Global Security Program
Comprehensive program for 145 offices across four continents
Security Operations Team
Established and mentored global team of 26 security personnel
Security Strategy
Orchestrated global strategies aligned with regulations
4
4
Cross-Functional Collaboration
Forged inter-departmental security protocols and procedures
As Chief Security Officer & Security Strategist at Ogilvy & Mather Worldwide, I reduced security breaches by 22% year-over-year while bolstering incident resolution times by 35%. Strategic management of security budgets and resources optimized expenditures for maximum security effectiveness and return on investment.
Sun Microsystems (2001-2002)
Network Security Architecture
Orchestrated the design and deployment of cutting-edge network security strategies, ensuring alignment with industry regulations and leading to enhanced security posture for major financial clients including American Express, HSBC, Citibank and Chase Bank.
Threat Mitigation
Directed multidisciplinary teams in identifying and mitigating security threats, resulting in a substantial decrease in vulnerabilities and security breaches across client environments.
Security Protocol Development
Formulated and upheld network security protocols and guidelines, guaranteeing conformity with organizational objectives and regulatory mandates for Sun Microsystems consulting practice.
Stakeholder Collaboration
Collaborated with key stakeholders to delineate security prerequisites for network infrastructure initiatives, delivering secure and scalable solutions.
Merrill Lynch Financial Services (1998-2000)
Network Security Strategy
Orchestrated comprehensive network security strategies aligned with industry standards (BS7799, ISO 27001) and regulatory requirements for Market Data connections between multiple U.S. based and global Financial Exchanges.
Team Leadership
Directed and mentored a team of seasoned network security professionals, driving optimization of network performance and fortification against security vulnerabilities.
Security Testing
Championed regular penetration testing and vulnerability assessments across the network, pinpointing and remediating potential security loopholes, hardening critical infrastructure.
Cross-Functional Collaboration
Fostered collaboration with IT teams and key stakeholders, championing the establishment and maintenance of secure network architecture to elevate overall cybersecurity posture.
Military and Government Experience
US Army Service
Retired Staff Sergeant (SSGT) with the 2nd Signal Brigade, 39th Signal Battalion, 128th Signal Intelligence Company at North Atlantic Treaty Organization (NATO) Headquarters, Brussels Belgium (1983-1991).
NASA Assignment
Test Group Support Engineer with General Electric Aerospace assigned to National Aeronautical and Space Administration (NASA) for Department of Defense (DoD) classified Space Shuttle Launches (1991-1996).
Security Clearance
Maintained Top Security SCI / EBI with Poly clearance from 1983 to 1997, enabling work on highly classified government and military projects.
Education and Certifications
Bachelor of Science in Information Technology with specialization in Information Assurance & Cybersecurity from Capella University, Minneapolis, MN. Associate of Science in Electrical Engineering from Drexel University Computer Learning Center, Philadelphia, PA. Holds industry-leading certifications including CISSP, CRISC, CISM, and ITIL, along with numerous product certifications.
Key Strength Categories
Technical Expertise
40+
Years Experience
Decades of progressive leadership in information technology and cybersecurity
99.99%
System Uptime
Maintained for enterprise cloud infrastructure
98%
Audit Pass Rate
Achieved during hybrid cloud migration
$4M
Cost Savings
Realized through infrastructure optimization
Cloud Security Expertise
Extensive experience designing and implementing security solutions across major cloud platforms. Led the migration of five data centers and 6,000+ assets to hybrid cloud environments while maintaining rigorous security standards and achieving significant cost savings. Expertise includes cloud-native security controls, secure architecture design, and cloud governance frameworks.
Regulatory Compliance Expertise
PCI-DSS Compliance
Certified PCI-DSS Assessor and Auditor with extensive experience implementing and assessing payment card security standards. Led numerous PCI compliance initiatives resulting in successful certifications and reduced risk exposure for financial and retail organizations.
HIPAA/HITECH Compliance
Developed and implemented comprehensive HIPAA security programs for healthcare organizations, ensuring protection of electronic protected health information (ePHI). Conducted risk assessments and remediation planning aligned with HIPAA Security Rule requirements.
ISO 27001 Implementation
Led multiple successful ISO 27001 certification initiatives, developing information security management systems (ISMS) aligned with international standards. Established security controls, risk management frameworks, and continuous improvement processes.
NIST Framework Implementation
Expert in applying NIST Cybersecurity Framework (CSF) and NIST Risk Management Framework (RMF) methodologies to enhance organizational security postures. Implemented NIST 800-53 controls across various environments including government and private sector.
Leadership Philosophy
1
Strategic Alignment
Align cybersecurity initiatives with business objectives to ensure security enables rather than hinders organizational goals. Security must be a business enabler that protects while supporting innovation and growth.
2
Risk-Based Approach
Prioritize security investments based on risk assessment and business impact analysis. Focus resources on protecting the most critical assets and addressing the most significant threats to the organization.
3
Continuous Improvement
Establish metrics and feedback loops to continuously evaluate and enhance security controls. Security is not a destination but an ongoing journey of adaptation to evolving threats.
4
People Development
Invest in training and mentoring security professionals to build strong teams. The human element remains the most critical component of any successful security program.
Contact Information
Professional Profiles
Connect with me on professional networks to discuss cybersecurity leadership, strategic security planning, or potential opportunities:
- LinkedIn: www.linkedin.com/in/CurtisBlount
- Email: [email protected]
Speaking Engagements
Available for speaking engagements on topics including:
- Executive Cybersecurity Leadership
- Cloud Security Architecture
- Building Effective Security Programs
- Regulatory Compliance Strategies
- AI and Next-Gen Security Technologies