Harris D. Schwartz

Fractional CISO/CSO

vSecurityAdvisor · United States

Aug 2021 – Present(4 yrs 9 mos)

Provide purposeful and strategic advisory to clients surrounding cyber security programs, information protection strategies, technology rationalization, privacy programs, regulatory concerns, security operations optimization, GRC, Compliance Readiness (ISO27001, SOC2, PCI, TISAX, and others) IOT/OT advisory, threat actor profiles, business-risk mitigation strategies, and other specialized projects. Advisory regarding the implementation of Guardrails and Governance around AI and Advanced Technology solutions. Examples of roles: Fractional CISO Manufacturing and Distribution Security Advisor, Threat Intelligence - Aerospace Security Advisor, UHNW Families Security Advisor, Specialty Education VCISO, Retail Company VCISO, Healthcare Security Advisor, Ally Security Fractional CIO - Healthcare Company - Product manufacturing and e-commerce/retail. ► Fractional CISO and vCISO opportunities through direct clients and sub-opportunities through other consulting companies. ► Build partnerships with technology and service companies as needed.

Advisory Board Member

City of Las Vegas · Las Vegas Metropolitan Area

Mar 2024 – Nov 2024(9 mos)

I am a member of the Chiefs Advisory Board for the Chief of the Department of Public Safety for the City of Las Vegas. The Department of Public Safety's responsibilities center around the Marshals which essentially provide law enforcement services for all parks and city buildings in Las Vegas. The DPS department also has responsibility for the Las Vegas Animal Protection and Detention Facility. The DPS also hosts a citizen police academy.

Vice President, Security Advisory | vCISO | Practice Leader

Aon · New York, United States

Jan 2020 – Dec 2021(2 yrs)

One of my key achievements is to establish a new practice that delivers consultation on incident response readiness, crisis management, security operations, inside threat, and security culture building. I deliver actionable insights and guidance on information security policy development, risk mitigation, and security governance implementation via executive advisory consulting engagements. Following are highlights of the key achievements that I attained: ► Developed solutions across Cyber solutions and Cyber Broking by establishing cross-functional collaboration. Planned, strategized, and successfully executed projects by leading teams. ► Built and aligned a high-performing team with strategic goals and the company’s vision. ► Secured large solution deals for clients in liaison with internal Aon groups. ► Identified and strategized with partnerships and channel alliances to support solution consulting. ► Partnered closely with Engagement leads and sales executives to sell practice services to the existing cyber insurance market and net new logos.

Executive Security Advisory | vCISO

NTT Ltd. · New York, United States

Jan 2017 – Jan 2020(3 yrs 1 mo)

I built a global Executive Security Advisory practice, delivering vCISO and Strategic Security services to Fortune 2000 companies. I created security programs for clients through vCISO consulting. I drove strategic and cohesive operations by fostering collaboration with senior leadership and staff members across other NTT security regions. Selected accomplishments include: ► Oversaw end-to-end implementation of data privacy protection and security projects for global clients through strategic planning and team leadership. ► Created, grew, and provided global vCISO service to multiple clients. ► Served as a trusted advisor to deliver CISO-level strategic advice to C-suite executives (clients) through Client Strategy group initiative. ►Increased customer satisfaction (CSAT) and maintained high levels of engagement with clients through strategy and thought leadership meetings. ► Solution selling of large service line projects, ranging from $1M to $3M with managed security clients.

Investigator

Outside the Box Consulting

Jan 2008 – Feb 2019(11 yrs 2 mos)

CA Licensed 26510 PI The majority of my work was centered around corporate and government projects related to insider threat, domestic terrorism, state criminal cases, surveillance, threat intelligence, anti-piracy cases, luxury goods counterfeit cases. Consulting related to corporate security travel security, travel advance work, security risk assessment, personal security vulnerability assessment and other projects.

Senior Manager, Cyber Security

Levi Strauss & Co. · San Francisco Bay Area

Jan 2015 – Jan 2017(2 yrs 1 mo)

As a Head of Global Cyber Security, (deputy CISO) I steered global cybersecurity operations by providing strategic direction and leadership. I led the successful implementation of UBA (insider threat), network analytics, advanced endpoint protection, CASB, and application whitelisting (MDM/MAM) for the enterprise, just to name a few. In addition to this, I actively participated in stakeholder committees to devise plans and design roadmaps. Key achievements for this role: ► Improved cybersecurity and increased compliance across a 160+-year-old global apparel company by executing a global cybersecurity program within 90 days. ► Ensured data protection and privacy by developing and implementing global privacy champions initiative in liaison with business partners. ► Changed and improved the overall company culture pertaining to cybersecurity and risk ► Led implementation of the first-ever manufacturing/supply chain security and intellectual property protection program.

Security Engineer 5 - Lead, Security Operations and Incident Response

Safeway · Pleasanton, California, United States

Jan 2014 – Jan 2015(1 yr 1 mo)

In this role, I ensured the proper execution of cybersecurity strategy to manage onshore and offshore security operations. I improved the security operations program, formalized the incident response plan, and developed a cyber threat intelligence program. I led the successful implementation of UBA, application whitelisting, CASB, network forensics and analytics, and web proxy/URL filtering in partnership with engineering. Key achievements for this role: ► Led the team in identifying/preventing cyber-attacks and safeguarding critical information resources by developing and executing cyber threat intelligence programs. ► Devised and executed enterprise-wide response programs to ensure efficient and proactive event monitoring and incident response management. ► Created robust solutions by collaborating with business units in the US and the Philippines to enhance information security/protection of customer and company data, remediate vulnerabilities, and ensure network integrity.

Sr. Information Security Specialist (Incident Response and Cyber Threat Intelligence)

The Walt Disney Company · Burbank, California, United States

Oct 2012 – Jan 2014(1 yr 4 mos)

One of my key accomplishments was to transform global incident response program, including cyber threat intelligence and insider threat investigation. I enhanced cyber security by overseeing successful deployment of DLP solutions, network analytics, and endpoint protection tools. I protected sensitive/confidential data and intellectual property by devising security solutions in collaboration with key BU stakeholders. Moreover, I provided an overview of threat trends, risk/information security issues/incidents to executive leadership. Key achievements for this role: ► Managed enterprise-wide incidents by building and developing new team while investigating and resolving security events in a timely and efficient manner by creating standards, processes, workflows, and robust policies. ► Spearheaded end-to-end implementation of major projects, including POS/PCI compliance and risk assessments. ► Developed first-ever working relationship with HR and Employee Relations, in supporting employee relations investigations and specialized monitoring surrounding bad leavers.

Vice President, Security & Intelligence

ICG/iThreat Solutions · Princeton, New Jersey, United States

Jan 2009 – Oct 2012(3 yrs 10 mos)

As a Vice President, provided effective advisory to C-suite executives, governments, and organizations. I provided awareness to diverse customer audiences on financial crime, anti-piracy operations, cybersecurity and high tech crime. I generated new business opportunities by building strategic partnerships/alliances and fostering trusted client relationships. I devised strategies to combat cyber/internet crime (SIEM, HIDS/NIDS, and HUMINT). Key achievements for this role: ► Resolved complex security incidents for global Fortune 250 clients surrounding pharmaceutical and biotech, financial services, consumer goods, and media/entertainment industries. ► Designed specialized insider threat, malicious activity, and advanced persistent threat investigations and programs for clients. ► Led successfully, organized crime investigations and coordinated with US Attorney's offices in the prosecution of major crime groups and nation-state entities responsible for actions targeting media and entertainment industries.

Director, Threat Intelligence

The STEELE Foundation · San Francisco Bay Area

Jan 2005 – Jan 2009(4 yrs 1 mo)

As a Director of Threat Intelligence, I built and implemented a multi-subject threat intelligence program to manage physical, piracy, and cyber threats. I led teams and coordinated with vendors to successfully steer various operational projects locally and globally. Key achievements for this role: ► Established business risk intelligence program aimed at preventing domestic terrorism, homeland security, and special interest group issues for Fortune 100 companies. ► Drove business expansion and profitability by maintaining 90% of existing clients and winning new customers. ► Led multiple investigations and special projects, based on client needs.

Senior Special Agent

Wells Fargo · San Francisco, California, United States

Jan 2001 – Jan 2005(4 yrs 1 mo)

Initially hired to build and develop a global investigations program for financial fraud committed against Internet Services at Wells Fargo. Due to extreme success within the short period (3 months), I was transferred to Corporate Security and promoted to Senior Special Agent to head up Major Criminal Investigations (globally) at Wells Fargo & Company. Key Achievements ► Co-founded the first digital forensics laboratory and trained by the DOJ in digital forensic tactics and techniques required for federal criminal investigation under DOJ-CCIPS. ► Established close working relationships with domestic and international law enforcement agencies, including the Secret Service, FBI, USPIS, US Marshal, IRS CID, NCIS, Interpol, and RCMP. ► Investigated large-scale criminal cases (internal and external) involving organized crime, money laundering, counterfeit operations, complex financial frauds, high tech, and Internet crimes, as well as Insider Threats and domestic terrorism cases. ► Testified in court as an expert witness ► Conducted special projects across the company, as assigned

Senior Director Network Policy

Excite@Home · San Francisco Bay Area

Jan 2000 – Jan 2001(1 yr 1 mo)

I was hired by the company to turn around current Customer Security (Trust and Safety) for Excite and @Home Broadband. The department fell into a backlog nightmare with customer tickets and issues. Key Achievements ► Led one of the largest trust and safety departments, including customer security of 100 staff. ► Made immediate (within 1 month) improvements on department processes and standards, and led the team to successfully close the 40,000 tickets in backlog, within 90 days. ► Improved relationships among cable broadband provider partners, through collaborative working sessions and in-person workshops. Improved and enhanced overall network trust and safety policies. ► Worked with legislative and regulatory bodies to improve community relations, including the Internet community-at-large to fight trust and safety issues, including child protection, privacy, and security issues.

Head of Security

Time Warner Cable Internet Holdings LLC · Herndon, Virginia, United States

Jan 1998 – Dec 1999(2 yrs)

Hired as the initial head of security with responsibility for both physical and information security at RoadRunner Internet Services; primarily owned by Time Warner. Key Achievements ► Built, developed, and hired a team for information security at the RoadRunner headquarters and all regional facilities, offices, and headend (signal facility) locations. ► Planned, designed, and implemented physical security, life safety systems, access control, CCTV, biometrics, panic systems, and other controls for newly built headquarters offices. ► Formed collective ISP efforts and industry group aimed at devising and discussing tactics and techniques for mitigating DDOS/DOS attacks targeting Internet Service Providers. ► Successfully collaborated with Time Warner's General Counsel and legal department on trust, safety, fraud, and abuse issues, implementation of policies and Acceptable Use Policy, and collaborative efforts with TW regional offices and providers.

Director Information Security

EarthLink · Pasadena, California, United States

Jan 1995 – Nov 1997(2 yrs 11 mos)

Hired in an early stage at Earthlink Networks as 33rd employee and quickly moved from special projects to becoming the first Director of Information Security. Key Achievements ► Successfully led a civil case against Sanford Wallace; the king of spam that resulted in a 2 million dollar award by the court. ► Built the first-ever trust and safety and information security department at EarthLink. Developed and implemented the first Acceptable Use Policy used by ISPs. ► Conducted cyber crime investigations resulting from customer complaints, working with a wide range of law enforcement agencies. ► Co-founder of the ISPSEC, a consortium of ISPs and Telecommunication heads of security ► Involved in government affairs and public policy for Internet privacy, cybercrime, child protection online and information-sharing initiatives.