Daniel Baron Senior Director Daniel Baron is a Senior Director in Technology Consulting practice specializing in Information Security. He has more than 25 years of IT experience, including information security strategy development, design and implementation of security architecture, information security risk management, vulnerability management, PCI compliance, systems and network management, incident response, and program and project management. His areas of expertise include in-depth knowledge of networking technologies, information security architectures, and program management. In the past 19 years, Daniel has been leading information security programs for clients, conducting PCI and IT Security reviews, as well as assisting clients with remediation of security vulnerabilities and compliance gaps.Major ProjectsIT Security Program Management – Designed and led security remediation programs for clients in retail, healthcare, and hospitality industries to improve data security and achieve PCI compliance. Projects within programs included implementation of centralized Security Incident and Event Management system, Vulnerability Management, Firewalls and Network Segmentation, Intrusion Detection System, File Integrity Monitoring system, development of Information Security policies and procedures, application security controls and many others. Defined Vulnerability Management program for a Fortune 500 company and led its implementation from deployment of tools through remediation of vulnerabilities, definition of performance metrics and configuration of management reports. Advised client management on Information Security strategy and its implementation. Conducted vendor security reviews. Trained client personnel on PCI compliance and various information security topics. Developed Security Incident Response plan for a client and trained personnel on incident response procedures.PCI Compliance – Reviewed IT control environments of multiple large corporations in hospitality, healthcare, retail and financial services industries for compliance with PCI Data Security Standards. Provided recommendations for improving controls to assure compliance with PCI requirements and assisted in remediation efforts. Performed PCI compliance readiness assessments for two large municipalities and developed remediation strategy to achieve compliance. Guided several large corporations through multiyear PCI remediation efforts and helped achieve full PCI compliance. Managed PCI control remediation programs. Helped large global organizations improve PCI compliance program governance and effectiveness.IT Security and Process Reviews – Assessed IT control environment and security related to critical business processes for a large gaming organization. Provided recommendations for enhancement of control environment where risks were identified and for improving controls to assure compliance with regulatory requirements. Performed review of information security and privacy as well as overview of infrastructure and application security controls for a worldwide hospitality organization. Identified controls weaknesses and assisted in remediation of vulnerabilities. Led gap assessment based on FFIEC Cybersecurity Assessment Tool for a regional bank in Southern California and developed a remediation roadmap and cybersecurity program for the bank.Areas of ExpertiseInformation SecurityPCI ComplianceVulnerability and Risk ManagementIndustry ExpertiseRetail/Consumer ProductsHealthcareHospitalityFinancial ServicesEducationBS Computer Science, Riga Technical University, Riga, LatviaMBA, Peter F. Drucker Graduate School of Management, Claremont, CaliforniaProfessional Memberships and CertificationsCertified Information Systems Auditor (CISA)Certified Information Systems Security Professional (CISSP)Certified Cloud Security Professional (CCSP)GIAC Certified Enterprise Defender (GCED)GIAC Certified Incident Handler (GCIH)AWS Certified Solutions Architect – Associate (AWS SSA)PCI Qualified Security Assessor (QSA)PCI SSF SLC Assessor
