Steven Lam, CISSP, CISM, CISA, CRISC

Experience

• 

  State Farm Insurance

  Dec 2008 - Feb 2011

  Insurance Agent

  Delivering personalized insurance solutions while cultivating lasting client relationships. I've consistently surpassed sales targets, provided tailored coverage options, and offered exceptional customer service.● Surpassed quarterly sales targets by an average of 25% through a targeted approach in identifying client needs and offering suitable insurance products.● Maintained a client retention rate of 90% through personalized service, regular policy reviews, and tailored coverage adjustments.● Expanded the client portfolio by 50% within a year by identifying new market segments and implementing targeted marketing strategies. Show less

• 

  Farmers Insurance

  Jul 2011 - Jun 2016

  Senior Information Security Consultant

  Developed and launched two information security departments leading cross-functional staff including digital forensics, legal, human resources, and investigative personnel. Established policies concerning information security across digital platforms and technology. Orchestrated business continuity and disaster recovery plans, identified application vulnerabilities with weekly health check reports, created proof of concept for third party software testing, and ensured alignment with PCI auditing requirements. Coordinated new consultant training encompassing information security processes and procedures. ● Realized $105K in savings with establishment of forensic capabilities and service book to a maturity level three achieving 68% ROI annually. ● Reduced vulnerabilities by 53% within a month through analysis of project metrics and resolution of organizational-wide cyber security audit. ● Drove post-implementation support for $35M Oracle Identity Management project. ● Directed large data center migration of more than 500 servers and appliances while maintaining 99.99% continuous uptime and reducing point of presence footprint. Show less

• 

  Entertainment Partners

  Jun 2016 - Jun 2019

  Executed security assessments to formulate remediation activities based on audit results. Conducted technical security testing of infrastructure and applications, prepared security reports, and established technical information security processes and guidelines. Outlined standard administration procedures for O365 DLP, CA PAM, and Vormetric platforms. Cooperatively developed system designs and project plans with security controls to meet established standards. Supported SOC2 Type 2 and ISO/IEC 27001 audit preparations. ● Deployed CA Privilege Access Manager for more than 200 administration and 1,000 service accounts with a hybrid cloud environment. ● Presented at Hollywood Innovation & Technology Summit on securing identities for internal and cloud systems.● Applied flexible mobile device and app management controls during deployment of Microsoft Intune. ● Utilized AES-256-bit key in multi-tenant environments for 10+ key applications for over 60 database servers during implementation of Vormetric Transparent Encryption. Show less Spearheaded analysis of more than 23 internal applications and activities identifying potential risks and ensuring security of organizational applications. Improved carbon black deployment, endpoint protection capabilities, and implemented security events, phishing campaigns, and upgrade to new MSSP provider. ● Successfully launched the PhishMe Simulator campaign reducing employee susceptibility to cyber-attacks.● Orchestrated Trend Micro deployments for more than 1,600 Linux and Windows systems. Show less

  • Senior Information Assurance Architect

    Dec 2016 - Jun 2019

  • Senior Information Security Analyst

    Jun 2016 - Dec 2016
• 

  Newegg

  Jun 2019 - now

  Established comprehensive strategies and protocols for information security functions. Executed and enforced information security and disaster recovery programs, assessed information risk, and cultivated information awareness of information security. Crafted functional strategies and goals, devised budgets and cost mitigation strategies while supporting functional infrastructure. Deployed security controls, identified security risks, and suggested procedures to alleviate threats. Instituted a security operations center (SOC) team tasked with continuous monitoring and ensuring global visibility. Oversaw team performance management, training, and mentorship opportunities. ● Implemented and ensured PCI-DSS, CCPA and SOX compliance resulting in full alignment and adherence across the organization.● Successfully recouped $50K monthly with consolidation of current tools and secured $1.5M in additional investments to address security gaps. ● Reduced vulnerabilities by 80% with effective asset management, incident response, risk and vulnerability management. ● Slashed IT costs by $1M while stabilizing application, security issues, and securing multiple environments. Show less Led and directed the development and implementation of comprehensive strategies and protocols, while overseeing the execution and enforcement of information security and bolstering the security infrastructure.● Improved incident response time by 40% through the implementation of streamlined protocols and effective coordination with cross-functional teams.● Conducted interactive security training programs resulting in a 30% increase in employee awareness and proactive involvement in maintaining security protocols.● Conducted comprehensive risk assessments, identifying high-risk areas and subsequently mitigating risks, resulting in a 50% reduction in potential vulnerabilities.● Implemented a robust third-party risk management program, reducing security breaches and incidents originating from vendors or partners by 70%. Show less

  • Director of Information Security

    Jul 2021 - now

  • Information Security Manager

    Jun 2019 - Jul 2021