Derek
H Johnson
Program
Committee Chair
Derek
Johnson is an Information Security Specialist III for The
Coca-Cola Company. He is experienced with various areas of
information security, risk management, and network design with
particular specialization in the fields of financial services,
healthcare, and manufacturing. Mr. Johnson has extensive knowledge
and experience implementing, administrating and securing complex
heterogeneous installations including technologies.
Derek
has a B.S in Computer Studies from the University
of Maryland University College. He previously worked for Project
Networks, LLC as a Principal, KPMG
LLP as an Information Systems Senior Associate, Syncor
International as the IT Manager, Data Center Operations, Crawford
& Company as a Systems Lead Architect, Paper
Handling Solutions as a Field Systems Engineer, and the United
States Naval Submarine force. Mr. Johnson is a frequent participant
and trainer on the topics of Internet, network, and telecommunications
security with the Information Systems Security Association.
Representative
Accomplishments
Designed
and commercialized an enterprise technology for HIPAA compliance
architecture including Perimeter Access Controls, Network Security,
Monitoring and Controls, Data Center backup facilities Policies
and Procedures, and Virus/Content Protection for a Fortune 1000
pharmaceutical products company. This included detailed cost/risk
analysis, requirements identification, and vendor/tool selection.
Conducted
BCP/DRP vulnerability risk assessments for First Union/Wachovia
merger
Performed
network security analysis and associated penetration tests for
financial institutions. This included a custom threat identification
and exploitation process to identify strategic and tactical weaknesses
in network and client server deployments. Detailed suggestions
and presentations on strategic redeployments, quick fixes, and
ongoing monitoring/assessment processes were provided.
Designed
and implemented an internationally secure extranet for pharmaceutical
and manufacturing companies. This included development of technical
architecture, governing policies and procedures, controls and
maintenance facilities, development guidelines for application
deployment, and implementation of required technologies.
Designed
and implemented a range of secure Internet gateways for Fortune
500 and 1000 manufacturing, risk management, and, pharmaceutical
companies. This included technical risk assessment, development
of a technical architecture, and coordination into existing technical
environments, development of governing policies and procedures,
and implementation and administration of key technological components.
Established
a Program Management Office for a Fortune 500 transportation company
for enterprise information security projects.
Certifications
1. Certified Information Systems Security Professional
2. Certified Business Continuity Professional
