Michael Porier Managing Director Michael Porier is a Managing Director in Protiviti’s Houston office specialising in executing and managing information technology risk consulting engagements since 1994. His expertise includes evaluating the risks and controls related to managing a company’s enterprise-wide technical processes, performing detail security assessments, and implementing business continuity solutions. He has experience in various industries, but has specific expertise in the energy and government services areas. Michael leads the IT Security, Privacy, and Business Continuity Management solution segments, overseeing related assessments and remediation projects for clients. On these topics, he has presented at numerous conferences, published various articles, and has been interviewed by industry periodicals and local newspapers. Major Projects Michael has performed detailed technology security audits, ISO 27001/27002 maturity assessment, and business continuity projects for multiple Oil & Gas companies evaluating controls related to various aspects of the organisation’s technical infrastructure. These projects consisted of an analysis of the existing control structure, reviewed for vulnerabilities, and assisted in the implementation of remediation solutions. Security evaluations consisted of internal and external IT vulnerability assessment, privacy reviews, SCADA assessments, Active Directory evaluations, and Internet application security assessments. Michael worked with a large governmental agency to assist them in implementing security controls and applications to comply with PCI standards for secure credit card processing. Additionally performed privacy review, implemented new change control procedures, and provided continued risk management consulting regarding their major initiatives and projects. Consulted with various organisations to provide remediation assistance for PCI and related privacy requirements. This has entailed activities such as quarterly vulnerability scans, internal and external vulnerability assessments, developing applicable policies and procedures, and reengineering IT processes to ensure PCI and privacy compliance activities are appropriately designed. Michael has performed an enterprise-wide assessment of a company’s security administration procedures related to managing user access and permissions for networks and critical applications. Oversaw major business continuity projects in the Middle East for clients in energy, financial services, and manufacturing. These projects involved multi-disciplinary teams to ensure high quality technical solutions were implemented for recovering clients’ critical business processes and supporting technologies. Areas of Expertise Information Security & Privacy IT Audit and Risk Management •Business Continuity Management Industry Experience Energy Government Services Financial Services Education B.S. Management Information Systems, University of Houston Professional Memberships & Certifications Member of IIA and ISACA Certified Information Systems Security Professional (CISSP) Certified Information Security Mgr (CISM) Certified Internal Auditor (CIA) Certified Information Systems Auditor (CISA) Certified Business Continuity Prof. (CBCP) Qualified Security Assessor (PCI-QSA) PCI Professional (PCIP) Accounting Advisory Board Member – University of Texas at Austin