Charles Herrin

Executive Summary

Mr. Herrin has a broad and deep knowledge of Information Technology and Security Auditing, with experience as an IT Auditor, Security Consultant, and Chief Information Security Officer.   

Mr. Herrin has performed multiple IT audits, with a particular concentration on Sarbanes-Oxley, for various Fortune 1000 clients nationwide.  His range of expertise has been involved with all facets of Sarbanes-Oxley Auditing: Assessment, Documentation, Remediation and Testing of key IT control environments.

Mr. Herrin also has technical skills and experience in specialty concentrations of Network Management/Design and Security Administration, having designed, implemented, and supported networks ranging from Windows NT 3.51 to Server 2003, Novell, Linux/Unix, and other platforms.  As Chief Information Security Officer and Chief Network Security Specialist for consulting firms, he has also performed vulnerability assessments and penetration tests for many medium-sized and Fortune 500 companies in NC and around the country.  He is certified as a CISSP, CISA, MCSE (Windows 2000), CEH, and CHCP.

Mr. Herrin is also an accomplished speaker in related areas of Security and Risk Management, having given presentations to groups ranging from local and state government associations to corporate users on network security.  Mr. Herrin founded and is President of the Winston-Salem Triad chapter of the ISSA.  Recently, he has been featured in a number of regional business newspaper articles on Information Security and Wireless technologies.

Key Career Accomplishments

·      As Chief Information Security Officer for international insurance and financial services company, designed and implemented an industry-leading Information Security program for domestic, international, and subsidiary companies.

·          Performed several IT Audits for Sarbanes-Oxley compliance with Fortune 1000 companies nationwide

·          Developed General IT Controls procedures for all facets of IT functions for a major semi-conductor manufacturer, focusing on: IT Administration, Security, Disaster Recovery, DBA, Networking, Operations, HW/OS, and Application Change Control

·          Performed extensive testing on Oracle and SQL databases and applications for a major utility company which allowed them to remediate major security risks for Sarbanes-Oxley compliance

·          Developed and implemented processes and procedures for Vulnerability Assessment and Penetration Testing

·          Project Manager for a large (~1600 user) network migration for a major financial institution.

·          Designed and Implemented Intrusion Detection Systems for various clients

·          Supported a variety of platforms and topologies for a very large financial institution and other clients, including Windows 95, NT, and 2000, Novell, and Mainframe, on Ethernet, Token Ring and Wireless topologies.

·          Designed and implemented NT and 2000 networks for financial institutions, law and medical offices, and others.

·          Installed, configured and managed Firewalls and VPN connections for a variety of client sites.

Professional Experience

·  Chief Information Security Officer - Company Confidential.  International financial services company with offices in 17 countries.         

· Director, Information Security – Company Confidential

·          IT Auditing and Security Professional – Jefferson Wells International

·          Chief Security Officer – Talon Network Security

·          Chief Network Security Specialist – Bald Eagle Technologies

·          Project Manager / Team Lead – NetTech Consultants

·          Systems Engineer – Nationwide TV and Appliance

·          Systems Engineer – Goldencare / American Independent Underwriters

Education, Certification, Memberships

·          Bachelor of Science – Biology / Lenoir-Rhyne College

·          CISSP – Certified Information Systems Security Professional

·          CISA – Certified Information Systems Auditor

·          MCSE – Microsoft Certified Systems Engineer on Windows 2000

·          CEH – Certified Ethical Hacker

·          CHCP – Certified Hacking and Countermeasures Professional

·          President – Winston-Salem Triad chapter of ISSA

·          Former local secretary – American Mensa

·          Contributing author – “The Security Sage’s Guide to Attacking and Defending Windows Server 2003”, 2004 by Syngress Publishing.

And my Author Bio that Syngress Publishing uses:

Chuck Herrin, CISSP, CISA, MCSE 2000, CEH, is an IT Security Consultant whose client list includes many of the Fortune 500.  His specialties include penetration testing and IT audit, as well as consulting on Active Directory, Exchange, and firewall / VPN configuration.  He is an accomplished public speaker, and enjoys giving “Hands-on Hacking” demonstrations which are highlighted by humorous and entertaining examples of how easy gaining access to resources can be.  He is founder of the Winston-Salem Triad chapter of ISSA, and a member of American Mensa.  When he’s not causing blue screens on his test lab computers, he is working on his PhD, which he swears he will finish as soon as he has the time.  He lives in NC with his wife and daughter.