Sean McBride, MBA

Experience

Co-founder, Director of Analysis Dec. 2008 – Present
Critical Intelligence, Idaho Falls, ID
• Co-founded open source intelligence firm to serve critical infrastructure industrial control systems (ICS) stakeholders
• Attracted landmark customers from electric power and government sectors
• Achieved organic growth (no external investment) to over USD 750,000 yearly revenue in five years
• Oversaw development of intelligence requirements, collection, analysis, and reporting
• Authored thousands of pages of analysis on the cyber threat to critical infrastructure control systems
• Wrote and was awarded a DOE grant of over USD 475,000 to create a training for electric sector security personnel to protect against sophisticated adversaries
• Briefed as a subject matter expert at numerous conferences and information sharing events, including ES-ISAC, Water-ISAC, the SCADA Security Scientific Symposium, and the RSA conference

Cyber Security Researcher/Analyst June 2006 – Dec. 2008
Idaho National Laboratory, Idaho Falls, ID
• Founded the situational awareness effort for the Department of Homeland Security (DHS) Control Systems Security Program (CSSP)
- Monitored open source channels for developments in control systems security
- Developed tools to aid in data collection and analysis
- Analyzed security implications of emerging trends in control system technology
- Interfaced with ICS vulnerability researchers, vendors, and third party disclosure coordinators
• Presented situational awareness briefings to national and international audiences at DHS- and
Department of Energy- (DoE) sponsored trainings
• Authored ICS security research papers, Estimating 0day Vulnerabilities in Control Systems and
Control Systems Security Metrics presented at the SCADA Security Scientific Symposium (S4), 2009
and 2008, respectively
• Authored ICS vendor security assessment reports
• Recommended techniques to mitigate threats posed by identified attack vectors

Information Assurance Research Analyst Sept. 2003 – May 2006
National Information Assurance Training and Education Center, Pocatello, ID
• Project manager for construction of university-level educational materials for Information Assurance (IA) courses dealing with certification and accreditation including NIACAP and DITSCAP, FISMA compliance, cryptography, access control, forensics, and physical security, based on NIST FIPS and SP 800 series, and CNSS Instructions 4009-4016
• Supervised other INFOSEC professionals in the development of IA curricula
- Assigned work packages, followed up with assignments, coordinated team efforts
- Scheduled and conducted meetings, briefed senior management on progress of assignments
• Developed training course for SSMs/DAAs according to CNSSI 4012 under federal grant
• Worked with an INFOSEC team to create an information assurance policy for a 15,000 person government institution
• Responsible for design and installation of network security measures at a national research facility

Information Security Intern June – Aug. 2005
Federal Reserve Board of Governors, Washington, D.C.
• Audited information security portion of the new employee orientation process; identified deficiencies in the process; developed and recommended a plan for improving process; presented recommendation to the Board Information Security Committee
• Developed the 2005 Personnel Information Security Awareness Test – mandatory for all Board employees with access to computing resources. Wrote introduction, questions, rationale, and references to supporting policy and procedure documents used for the test
• Researched implications of recent information security threats and presented findings to senior management
• Developed awareness training materials dealing with peer-to-peer file sharing programs and targeted email Trojan attacks posted to Board Intranet site
• Developed policy governing use of Board BlackBerry handheld devices including technology research and staff interviews
• Assessed the risk associated with the Board policy for spam-handling based on NIST SP 800-30 guidelines. Recommended policy changes to senior management based on the results of this analysis

Education

Masters of Global Management April 2010
Thunderbird Graduate School of Global Management
• 3.7 GPA
• Courses in Management Communication, Cultural Intelligence, Global Political Economy

Masters of Business Administration, Idaho State University May 2006
Emphasis in Computer Information Systems; Concentration in Information Assurance
• National Science Foundation Scholarship for Service Cyber Corps Student - $45,000 estimated worth
• 3.82 GPA
• Courses in: System Certification, Systems Security Management, Management of Information Systems, Systems Security Administration, Managerial Decision Making
• Thesis: A Qualitative Model for Measuring the Information Assurance Awareness Level and the Effectiveness of Awareness Efforts among University Students

Bachelor of Business Administration, Idaho State University May 2004
Major in Computer Information Systems; Minor in International Studies
• 3.91GPA – High Honors Graduate
• Crawford Moore Scholarship – merit-based, full tuition, $9,000 worth, 3 years
• ASISU Scholarship – merit-based, $3,000 worth, 6 semesters
• Courses in: Management of Information Systems, Advanced Networking, Advanced Business Programming, Database Management Systems, Business and Professional Speaking, Business Writing

Certifications

ISC2 CISSP No. 86290 Certified 06 June 2006
CompTIA Security+ Certified No. COMP001004436786 Certified 03 Nov. 2005

NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service