about

These are the personal web pages of Allen Pomeroy, a senior information security consultant based in Austin, Texas.

My background consists of over 20+ years of industry experience, with a focus on the IT information security sector both professionally and educationally. With an extensive large systems and networking background, I leverage discipline, systems knowledge and security related skills together to manage, design and implement information security programs.
I have worked with several industries (Banking, Telecom, Oil & Gas, Manufacturing, Finance) to identify and implement security controls used to improve security postures and help attain regulatory mandate compliance (PCI, SOX/CSOX, NERC-CIP, HIPAA, GLB).
Currently I hold ISC(2) CISSP, CIPS ISP and ISACA CISA certifications as well as numerous industry vendor certifications, including Checkpoint and Juniper. I also have a Master of Science in Information Systems – with a thesis topic “Effective SQL Injection Attack Reconstruction using Network Recording”.
I now work for Exabeam, a security software company that specializes in detection and response

exabeam

assistance with anomalous
User (or system) Behavior.  It’s the only UBA vendor I’ve worked with that has satisfied customers and technology that works to reduce the time to detect compromised credentials in an environment.

Previously I worked for HP in their Enterprise Security Products group, which tries to focus on improving security visibility and enterprise risk management.  Also I have worked with the Alberta electric grid independent system operator (ISO) as their IT Enterprise Security Architect offering expert assistance to grow their IT security program. I am able to provide purist security architecture advice and blend that with pragmatic (near) real-time threat mitigation. It is a challenge focusing simultaneously on both ends of the IT security continuum that has regulatory compliance on one end and real-time information security threat management on the other.

Specifically, I’ve helped clients by managing projects such as:

  • development of IT security policies, standards, guidelines and procedures
  • development of IT DRP plans
  • perform IT security risk assessments
  • network segregation and application isolation
  • infrastructure security event monitoring (SIEM design and deployment)
  • server hardening standards, process and implementation
  • user identity management process re-engineering
  • application security standards and assessment
Feel free to check out my resume (HTML) (PDF) for more detail or my LinkedIn page .. although I’m not looking for new job opportunities right now, since I’m pretty happy with the team and technology at Exabeam.  I welcome the opportunity to elaborate on any area of my skills or thesis – please feel free to contact me at 1-512-705-6840 or   a at pomeroy dot us