Experience

Edward S. Ferrara, CISSP, MSIA, MA                  

436 North High Street — West Chester, PA 19380
Phone: 610.213.5100 (c)
E-Mail: esferrara@outlook.com — Edward.Ferrara@fortiumpartners.com   

Career Synopsis

  • A proven information IT executive with over 20 years of security business management experience. Specific experience developing and implementing security strategy, management frameworks, technology for both in-house and managed security services.
  • A clearsighted C-Level Executive and security professional who:
    • Responds quickly to strategic risks and tactical issues. liUnderstands the importance of compliance across multiple industries including healthcare and financial services.
    • Develops clear action plans that incorporate the right process improvement, technology, and people to close critical technology gaps and ensure business value creation.
    • Builds collaborative and matrix structured teams to solve complex processes and technical problems using a services-based approach. 
    • Focuses on customer service using active listening and creative thinking to create and deliver cost-effective security solutions to meet business partner needs.
    • Ensures tight financial management for $100M+ plus capital and operational budgets.
    • Communicates with outstanding written and verbal communication skills to synthesize and communicate the value provided by best-in-class technology solutions, creating business value.

Selected Accomplishments

  • Governance, Compliance, Security & Risk
    • Met with CSL Board of Directors bi-annually and Board Risk Committee quarterly to characterize cybersecurity risk globally for a $12B global bio-pharma manufacturing operation. Worked with the board and risk committee to make cybersecurity a true addressable board level issue.Developed a comprehensive security and infrastructure strategy to create a more secure business, focusing on cloud and hybrid network, server, and endpoint security.Designed and implemented a cybersecurity and compliance organization from the ground up. This strategy focuses on four core security competencies – compute, network, data, application, and identity & access management.Designed and implemented a robust information security management system (ISMS) using ISO 27001/2.
    • Developed the strategy and led a team of security architects and engineers to:
      • Create a worldwide multi-zone network to harden the global network using segmentation gateways and zero-trust networking as a design approach. The project will provide a new design that includes a complete redesign of the network, implementation of next-generation firewall technology (IDS/IPS), network access control, and micro-segmentation in the enterprise core. The new network system provides the ability to control application and system access at the network layer.
      • Create a modern and secure global manufacturing infrastructure using an old village, new village model for a network, compute, and storage capabilities, modernizing seven manufacturing process control and manufacturing execution systems.
      • Create global identity management to address single-sign-on, and system account provisioning, de-provisioning, and role changes. The new solution will replace a manual identity and access management process with an automated process cutting identify provisioning from weeks to hours – saving $1.8M in administrative costs annually, streamlining account provisioning and de-provisioning, and ensuring better security and compliance. 
  • ERP
    • Led the implementation of a multi-year SAP system focused on regulatory compliance for environmental, health, and safety.  The project goal was to meet product and material compliance regulations for a large Fortune 50 chemical company (A.I. Dupont) to ensure the right to market products in Europe. The solution ensured ongoing compliance with product-related laws with support for legal, safety, and sustainability obligations along the company’s supply chain.
  • Budget Management
    • Effectively manage operational, capital, and operating budgets (OPEX: $15M, CAPEX:125M), all within +/- 5% of plan.
  • Communications and Thought Leadership
    • Established a very successful personal brand while at Forrester Research to be rated as a “Top 20 Industry Analyst”. 
    • U.S. patent holder for innovative software engineering/enterprise architecture process for software requirements engineering using Unified Modeling Language (UML) and Business process Executional Language (BPEL). 
  • Enterprise Architecture and Software Engineering
    • Led a staff of 12 engineers to develop an innovative new way to address software engineering. Techniques based on the IBM Rational Unified Process changed the software development lifecycle (SDLC) for over 1000 software engineers working in North America, Europe, India, and Australia. The project included methodology, software engineering tools, a knowledge management portal, and training programs.
  • Business
    • Successfully met P&L requirements for while consulting with A.I. Dupont as an engagement partner for Computer Sciences Corporation. Successfully met meeting client expectations on delivery and cost.

Areas of Expertise

  • Advisor to the Board of Directors – Deep experience in working with CSL Behring’s Corporate Board and Risk Committees to develop a global cybersecurity strategy and assess the risk appetite for cyber operational risk.
  • Business technology and security strategy – Expert in the development of information security strategies, using an enterprise architecture approach to ensure business and technology alignment.
  • Consultative solution delivery – Strong ability to determine customer needs and design solutions to meet or exceed those needs. 
  • Consulting practice management – Excellent capability to lead large and globally diverse service delivery organizations recognizing cultural differences and business norms.
  • Cost management – Expert in cost management, including expense and value to risk for security projects
  • Cybersecurity process and technical controls – Broad-based and specific expertise on cloud security, security strategy, managed security services, security economics, security incident event management (SIEM), security incident response, network security, security metrics, threat intelligence, and identity and access management.
  • Cybersecurity Regulatory Compliance – Key leader in the development of CSL Behring’s privacy and regulatory initiatives including GDPR, and FDA medical device cybersecurity requirements and Good Manufacturing Practice (GXp).
  • Employee development and coaching – Successful mentor and employee coach, causing employees to meet and exceed expectations.
  • Infrastructure – Networking, Database administration (Oracle, MySQL), Linux Administration
  • Program and project management – Project planning, work breakdown structure development, security program plan development, security maturity assessment planning, and execution.
  • Public speaking and communications – Excellent ability to communicate to both large and small groups to make complex technical topics understandable
  • Security strategy development tied to business goals and objectives – Successful security and compliance strategy leader performing strategy development and organizational readiness projects for information security in Fortune 100 companies.
  • Microsoft Office – Excellent Word®, Excel®, and PowerPoint® skills, including macro development and advanced graphics presentations with integrated audio and video

Employment History

Interim CIO and CISO, Thorne Laboratories 
Jan 2023 to present

Provide interim Information Technology leadership for clients looking to solve cybersecurity challenges including zero-trust, defense in depth, security organization design, data protection, and regulatory compliance.

Partner, Fortium Partners
Jan 2023 to present

Fortium’s technology leadership-as-a-service platform quickly delivers leadership to fill a role, produce an outcome, or offer an expert opinion through the largest group of world-class, operating technology leaders in the world. Our expert CIOs, CTOs, and CISOs are available immediately to fill leadership roles in your organization. Full-time or part-time, short-term or long-term, on-site or remote. Fortium Partners know what to do. Our partnership gets the job done as part of your team.

436 Research LLC
Jun 2020 to Jan 2023

436 Research is a digital forensics and cybersecurity services firm offering services to address the needs of small, medium and enterprise organizations.  After retiring from CSL Behring I created a consulting firm to provide technical Services to SMBs and non-profits. I also provided free-lance editorial services to International Data Corporation.

Chief Information Security Officer, CSL Behring
Apr 2015 to Jan 2020

Responsible for global cybersecurity for a large $10B bio-pharmaceutical organization. Leadership focuses on the areas of identity and access management, network, data, and application security. The Chief Information Security Officer is a new role at CSL Behring. It is accountable for the ground-up creation of the information security organization across North America, Europe, and Asian theaters. The role’s mission was to develop a cybersecurity organization from scratch using a matrix management structure across application, infrastructure, and business operations organization. Built the cybersecurity organization from two to thirty-five direct reports in four years. Successfully lead security improvement projects to improve the company’s security posture. Programs include manufacturing network redesign, data center upgrades, and security in a U.S. FDA Good Manufacturing Practice (GxP) environment, global network segmentation, global identity management, global vulnerability management, continuous compliance security review, and risk management.

Adjunct Professor, Temple University
Jan 2015 to present

Teach classes on data analytics for fraud, network security, and intrusion detection. Course content includes the use of Splunk, Palo Alto firewalls, Cisco Packet Tracer network simulator, MySQL, Excel, and Audit Control Language (ACL) to detect fraud and cybersecurity breaches. Courses taught:

  • MIS5208 – Data Analytics for Fraud Investigation
  • MIS5216 – Organizational (Digital) Forensics
  • MIS5217 – Network Security
Research Vice President, Principal Analyst, Forrester Research
Apr 2011 to Jul 2015

Lead analyst for security services in Forrester’s Security and Risk practice. A globally respected speaker and author on information security topics, including managed security services and supporting technologies – SIEM, log management, incident response, and threat intelligence. Rated a Top-20 analyst while at Forrester. A leader in client engagement and business development by an analyst. Other coverage areas include threat intelligence, network security, cloud security, information security, strategy, analytics, and metrics.

Client Engagement Partner, Computer Sciences Corporation
Apr 2009 to Apr 2011 

Account Manager and Global Engagement Partner responsible for the P&L of a portfolio of I.T. projects for A.I Dupont a global Fortune 500 Specialty Chemical Manufacturer. Served as the Engagement Partner responsible for the successful delivery and profit & loss for a complex project portfolio, including regulatory ERP implementations, regulatory, supply chain, business intelligence, and network infrastructure projects. In this role, I was responsible for the deliverable revenue growth, profit & loss, quality, and overall client satisfaction for all consulting projects for a Fortune 50 client.

Certifications, Awards, and Patents
  • Forrester Top-25 Analyst 2014, 2015
  • CISSP #316968
  • U.S. Patent #7472374-B1- System and method for using blueprints to provide a traceable software solution for an enterprise
Select Publications
    Education
    • M.S. Information Assurance (Cybersecurity), Cum Laude, Norwich University, Northfield, Vermont
    • M.A. Computer-Based Instruction and Learning, University of Delaware, Newark, Delaware
    • B.A. Economics, Franklin & Marshall College, Lancaster, Pennsylvania