Senior Security Consultant
Jonathan White started his IT career in the United States Marine Corps as a Computer Programmer. After the Marine Corps, he started a job as a Computer Operator and advanced to serve as Manager of the company’s 24 X 7 data center. This is when he realized that providing solutions to issues and customer interaction was his passion. The next step in his career was as a Network Engineering Consultant for one of the national credit bureaus. In this role, he was responsible for the IP network for as many as 14 local offices in the Southern Region.
Education & Certifications
Bachelor of Science in Business and Information Systems, CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), QSA (Qualified Security Assessor), SSCP (System Security Certified Practitioner).
Passion for Security
During his tenure at the national credit bureau, he was exposed to various regulatory compliance frameworks, developing an appreciation for the need to protect customers’ personal information. He secured a position with an Application Service Provider company as an IT Security Compliance Auditor responsible for monitoring their control environment and handling areas of both logical and physical security. He served in this capacity for over six years becoming familiar with several compliance frameworks, including SSAE18 SOC 1 and SOC2, ISO 27001, NIST, PCI DSS, and GLBA.
Recent Blog Posts
In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:...
Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by...
There are certain items contained within the 12 PCI requirements that have to be performed based on defined frequencies. In my experience, companies sometimes struggle with adhering to some if not all of these items. There are a number of reasons that this might happen, whether it’s related to employee turnover, unfamiliarity with the items,...
The Cloud Makes Compliance Better! …And Worse. The necessity of complying with cloud regulations, frameworks, and third-party risk requirements has been on the radar for several years. However, the importance of satisfying these requirements skyrocketed as organizations scrambled to accommodate...