Summary

Broadly experienced Information Security professional in health care, education, insurance, financial services, and municipal government.   With my deep knowledge of data protection, I believe that all organizations can better protect their data no matter their size, industry, or budget. I am interested in positions that would engage both my technical expertise and management skills to protect the organization.

 

Professional Experience

December 2015 - Present
Kuczenski Origami, LLC
Owner

  • Established a small retail business at http://www.jenniferkuczenski.com to sell fine art origami of my own design.

 

June 2015 – December 2015
UCSF via RealStaffing
Information Security Manager (Six month contract)

  • Consulted on the 20+ 90 day security response projects after UCLA announced the loss of 10M patient records.  With project management, organized the projects according to their dependencies.  
  • Championed a long-delayed project to install Bluecoat filters to block malicious websites.  The project was successful with no network downtime or serious business impacts.  
  • Led the IT Security operations move into UCSF’s first two remote datacenters.  Ensured that appropriate security controls were part of the design, and advised other central IT teams on best practices for the new system builds with a focus on data protection.  
  • Advised on the redesign of email architecture from local to cloud, with the goal of improving security controls and forensic abilities.  

 

August 2010 – May 2015
Blue Shield of California
Lead Security Engineer

Over four years, designed, deployed and optimized BSC's Data Loss Prevention (DLP) Program in order to:

  • Enforce BSC’s security and privacy policies for regulated and sensitive data constantly and automatically.
  • Reduce risk by preventing HIPAA, PCI, and other sensitive data from exiting BSC through unauthorized channels.
  • Provide greater insight into the use, storage and transmission of regulated and sensitive data within our environment, including on the desktop.
  • Facilitate user awareness and security training into everyday user activities through real time alerting on risky behaviors.

Implemented BSC’s DLP program components including:

  • Network Protect/Discover to scan and inspect data-at-rest
  • Endpoint Prevent/Discover to monitor all physical and virtual desktops
  • Outbound Web Protect in conjunction with web proxies.
  • Outbound Email Protect in conjunction with email gateway.
  • Network Monitor to inspect data in motion in conjunction with Gigamon.

In addition to the four years of DLP Program development:

  • Designed and implemented a user activity attribution system for BSC’s customer service environments.
  • Replaced an obsolete agent-based Windows log collection system with a centralized log system that saved hundreds of hours of engineering effort per year.
  • When necessary systems or data intelligence was not available, worked with outside teams to collect information and document findings.
  • Wrote, presented, and received approval for a monitoring strategy.
  • Assisted with the creation of policies and standards, SOWs and contracts.
  • Ensured that security designs and implementation priorities matched published policy.
  • When security tools provided intelligence useful to the business, proactively provided reports and metrics.
  • Created or advised on improvement plans for a number of security tools, including web filtering, mobile data access, and database activity monitoring.
  • Fully documented all systems for which I was the assigned engineer, including workflow. 

 

March 2009 – August 2010
East West Bank, formerly United Commercial Bank
AVP, Senior Information Security Engineer

  • Assisted with the Information Security integration of East West Bank and United Commercial Bank (UCB) after the FDIC-assisted acquisition of UCB.
  • Performed risk assessments of both applications and network segments.
  • Designed and implemented a managed IPS system, which included developing procedures and escalation trees to ensure that incidents are addressed quickly.
  • Designed and implemented a comprehensive DLP system that limited the exposure of both Banks’ personally identifiable information (PII).
  • Maintained the vulnerability management program I developed as a consultant.
  • Developed, implemented and maintained Tripwire for configuration change and policy management of Windows, Linux and Novell Netware servers.
  • Prior to the acquisition and along with the CISO, developed a top-down Information Security Program that was approved by UCB’s Board of Directors.
  • Developed and revised various UCB Information Security standards and procedures.
  • Reviewed UCB’s vendor contracts for information security and privacy implications, and assisted vendor management with drafting standard language for all contracts.
  • Performed the duties of UCB’s IT security liaison, attending IT department manager and project meetings to ensure that Information Security policies were communicated and built into all IT projects.
  • Developed and maintained a list of UCB’s enterprise-wide information security and privacy gaps, communicated the list to key stakeholders, and ensured that issues were addressed.
  • Upgraded UCB’s DLP system to ensure that PII did not leave the Bank, except through approved channels.
  • Acted as Interim CISO from June -July 2009 during Information Security’s move to the compliance department. 

 

December 2008February 2009 
Ascent Services/United Commercial Bank 
Network Security Specialist/Consultant

  • Developed and implemented a vulnerability management program, including vendor selection, implementation, and writing procedures.
  • Developed a risk ranking system that encompassed all the Bank’s network devices. 
  • Revised procedures for application access and auditing. 

 

May 2001 – October 2008
City of Lake Forest Park, WA
IT Programs Manager

  • Directed, managed, supervised and coordinated the activities and operations of the city’s information technology department, which was responsible for managing, administering, and securing all data and voice systems.
  • Established, implemented, maintained, and communicated information technology policies, standards, and procedures.
  • Managed, supervised, and coordinated the planning, design, development, and implementation of the city’s information technology plan, including budgeting, architectural design, systems applications, and user support services.
  • Consulted with departments in conducting needs assessments and developing recommendations and cost projections for technology acquisitions or major enhancements.
  • Developed, maintained, and implemented a disaster recovery plan.
  • Managed major information technology projects, including software or hardware improvements, development of complex systems, and replacement of existing systems.
  • Managed relationships with vendors and consultants to develop and implement new hardware and software systems and products, including developing requests for proposals and overseeing development of specifications for procurement of equipment and systems.
  • Developed, implemented, and maintained in-house training for software applications and security.
  • Oversaw the information technology installations for the new city hall and public works facility, including physical security considerations. 

 

Education and Certifications

CISSP since 2005

December 2002
University of Washington, Seattle

Master of Arts In English

August 1998
University of Wisconsin, Madison
Honors Bachelor of Science with a Major of English