RALPH SPENCER POORE, CISA, CFE, CISSP, CHS-III, CTGA, PCIP
EMPLOYMENT HISTORY
2011 – Present PCI Security Standards Council, LLC
Director, Emerging Standards
2008 – 2011 Cryptographic Assurance Services, LLC, Arlington, TX
Chief Cryptologist and an Owner
2008 – 2008 GEOBRIDGE Corporation, Reston, VA
Chief Cryptologist and Senior Fellow
• Established with a colleague a new business area for company: financial services information assurance (e.g., TG-3, PCI DSS)
• Lead cryptologic services including assessment of cryptographic products and services
2005 – 2008 Innové LLC, San Antonio, TX
Chief Scientist
• Responsible for research and developmental grants program
• Cryptographic engineering and Information Assurance research and consulting
• Supported USAF Cryptographic Modernization Program
• Acting as Principal Engineer for Rockwall Collins on two Cryptographic Modernization programs (KG-3X and GEMS)
• Began commercial information assurance practice for Innové
• Establishing a NIST-accredited FIPS-140 lab
2001 – 2003 AdvancePCS, Irving, TX
Vice President & Chief Information Security Officer
• Created Information Security Organization (ISO) reporting to Vice Chairman.
• Assisted Privacy Officer in HIPAA-related policies and processes
• Instituted ISO/IEC 17799:2000 governance for information security
• Managed budget of $3+ million and organization of 32
2000 – 2001 Privacy Infrastructure Inc., Arlington, TX
Chief Technology Officer
• Designed Privacy Engine—a high-security technology for enforcing privacy policy
• Managed office and personnel including both technical and sales staff
2000 – 2006 Pi “R” Squared LLP, Arlington, TX
Senior Partner
• Established information security and privacy consulting firm specialized in compliance audits and privacy/security assessments
• Created joint venture for training professionals as Interchange Network Security Auditors (INSA)—R² Academy Ltd.
1997 - 2000 Ernst & Young LLP, Dallas, TX
Southwest Area Practice Leader, Electronic Commerce
• Instrumental in the sale and delivery of over $3 million dollars of e-commerce services
• Developed cryptography-related patents
• Exceeded MBO's earning maximum annual bonus
• Created new practice from scratch in area new to the Firm; transitioned from line staffing model to matrixed staffing model crossing all other ISAAS practice areas
• Represented the Firm at American National Standards and other national and international security bodies (e.g., X9F, GASSPC, ISC2, ISSA)
• Extensive public speaking and publishing on Firm's behalf
1990 - 1997 Coopers & Lybrand LLP, Dallas, TX
Director, Information Security Services
• Instrumental in the sale and delivery of over $10 million dollars of information-security related services
• Developed new product offerings; built practice from one to 6 people in region with no previous full-time presence
• Represented the Firm at American National Standards and other national and international security bodies (e.g., X9F, GASSPC, ISC2, ISSA)
• Extensive public speaking and publishing on Firm's behalf
1986 - 1990 Ernst & Whinney (became Ernst & Young), Baltimore, MD
Sr. Manager and Information Security Practice Director
• Responsible for management consulting sales, management, and technical support of information security projects for Mid Atlantic Region.
• Built a practice from zero to 5 people during a period of slow Firm growth
1980 - 1986 Total Assets Protection, Inc., Arlington, TX
Vice President, Information Security Consulting (1984-1986)
Director, Advanced Technology (1980-1984)
• Responsible for management consulting project management, sales support, product & service development and technical execution of information security projects
• Founded the Information Security consulting practice for TAP.
• Extensively developed market for services in Canada (in addition to USA)
1977 - 1980 Data Processing Security Inc., Fort Worth, TX
Director, Research & Development
1976 - 1977 Missile & Surface Radar Division, RCA, Moorestown, NJ
Member, Engineering Staff
1974 - 1976 United States Air Force, HQSAC/ADOP, Offutt AFB, NE
Systems Programming Officer & Data Security Officer
MILITARY
• 14 credited years (combined active duty and reserve) including Desert Shield & Desert Storm
• Supported Joint Strategic Target Planning Staff (AFSC 5144/5135)
• Served as Branch, then Division Security Officer (HQSAC)
• Trained as an Air Intelligence Officer (AFSC 8054); served as fusion analyst; PI & ELINT
• Served as Vault Security Officer
• Briefing officer for flag-level and SES-level executives
• Worked for both National Security Agency and Defense Intelligence Agency
• Previously held TS/SIOP/ESI and TS/SI/SCI; currently hold TS (SCI eligible)—inactive
ADDITIONAL ACHIEVEMENTS
• Awarded ISSA Distinguished Fellow (2013)
• Awarded ISSA Hall of Fame (2012)
• Received (ISC)² President’s Award (2010)
• Elected to Board, then to Vice President, and then to President of the International Information Systems Security Certification Consortium, Inc. [ISC2]; Founding Chairman of Test Development Committee for CISSP designation; honored for contributions to profession; served on both the Professional Practice Committee and the Governance Committee; now serving on Advisory Board for the Americas and CBK Committee
• Nominated to Who's Who in Information Security
• Editor and columnist for Journal of Information Systems Security (an Auerbach Publishing/CRC Press publication); currently on Advisory Board and a frequent author
• Appointed Chairman of ad hoc X9F committee for X9/TG3 PIN Security and Key Management Compliance Review document
• Appointed Recording Secretary for X9F Data and Information Security Committee
• Appointed Recording Secretary for X9A Retail Financial Services
• Appointed Chairman for X9A2 ISO 8583 US Working Group
• Contributor and editor for Generally Accepted Systems Security Principles (GASSP) document; now active on GAISP (GASSP successor initiative with ISSA)
• Contributor and editor for Guidelines for Information Valuation (GIV)
• Appointed Chairman of ISSA's Standards Review Committee
• Represented C&L at joint AICPA/Department of Justice forum on Key Escrow
• Member, Federal PKI Task Force
• Member, IETF TLS Working Group
• Member, IETF EDI Working Group
• Chartered a Toastmaster’s chapter (Advance Articulators #1630); served as President
• Competent Toastmaster (CTM) and Competent Leader (CL)
• Appointed to Advisory Board, University of Dallas, Graduate School of Management, for their new Master of Science in Information Assurance.
• Served as Chairman, ISSA Awards Committee
EDUCATION
BA, Texas Christian University
MA, Texas Christian University
(Extensive additional training averaging over 50 CPE's each year)
PROFESSIONAL CERTIFICATIONS AND MEMBERSHIPS
• Certified Fraud Examiner (CFE)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Homeland Security—Level III (CHS-III)
• Certified TG-3 Assessor (CTGA)
• PCI Data Security Standard (PCI DSS) Qualified Security Assessor (QSA) [2008-2011]
• PCI Profession (PCIP)
• President, International Information Systems Security Certification Consortium [(ISC)2], 1995-1996
• Vice President, (ISC)2 1993 - 1995
• Founding Chairman, (ISC)2 Test Development Committee, 1990 – 1993
• Chairman, (ISC)² Governance Committee, 2001-2004
• Member, (ISC)² Professional Conduct Committee, 2000-2004
• Member & Speaker, Information Systems Security Association (ISSA), 1987 - present
• Chairman, ISSA Standards Review Committee, 1992 - 1999
• President, ISSA North Texas Chapter, 1993 - 1994
• President, ISSA Baltimore Metro Chapter, 1989 - 1990
• Member, American Society for Industrial Security, 1982 - 1993
• Member & Speaker, Association of Records Managers & Administrators (ARMA), 1981 - 1991
• Member, American Management Association, 1980 - 1988
• Member, Association for Computing Machinery (ACM), 1972 - present
• Member, ACM Special Interest Group on Security, Audit and Control
• Affiliate Member, IEEE Computer Society, 1987 - 1999
• Member & Speaker, Information Systems Audit & Control Association, 1986 – present
• Member, Association of Certified Fraud Examiners, 19xx – present
• Member, High Technology Crime Investigation Association, 2002 – 2003
• Member, International Association for Cryptologic Research
CIVIC ACTIVITIES
• Chapter President, American Mensa, Ltd. Ft Worth, TX, 1984 - 1985
• Chapter V.P., American Mensa, Ltd., Ft. Worth, TX, 1984 - 1984
• Newsletter Editor, American Mensa, Ltd., Ft. Worth, TX, 1984 - 1985
• Chapter Board, American Mensa, Ltd., Philadelphia, PA, 1976 - 1977
• Member, American Mensa, Ltd., 1976 - present
• Certified Lay Leader, United Methodist Church, Ft Worth, TX, 1992, 93, 95 - present
• C&L Representative, Texas Special Olympics, Dallas, TX, 1993 -1993
• Member Toastmasters, 1994 –1999, 2002 – present
SKILL AREAS
• Extensive technical skills over both legacy and PC/Server systems and applications including system-level programming, application programming, computer operations, networking, and hardware
• Applied cryptographer in both symmetric-key and asymmetric-key technologies
• Inventor, problem solver, innovator, and visionary with the ability to present highly technical solutions to management in business terms
• Professional speaker and author
INSTRUCTOR QUALIFICATIONS
• Developed computer-based instruction courses for School of Nursing at TCU (1972) and for Geography Department (1973)
• Taught Introduction to Computer Science at TCU in 1974
• Developed and taught Structured Programming course for USAF in 1976
• Taught seminars in information security (many topics) while at DPS and TAP (1980-1989)
• Developed and taught Interchange Network Security and Audit classes (and trained a cadre of instructors) while at Coopers & Lybrand LLP and again at Ernst & Young LLP (1990-1999)
• Guest lecturer at University of Texas (Accounting and Auditing classes) (1998)
• Guest lecturer at University of Dallas (Information Security class) (2001)
• Guest lecturer at University of Texas at San Antonio (Information Security class) (2006)
• Provided support to courses at Purdue (Eugene H. Spafford, PhD), Idaho State (Corey Schou, PhD), and George Washington University (Lance J. Hoffman, PhD)
• Guest lecturer at University of North Texas (Information Security class) (2008)