Security Job: AVP Infosec


AVP Information Technology Security


Job Type: Full-time employee

Job Location:  Boston, MA area

Compensation: Base of mid $100’s plus bonus plans. (call for specific details)

Telecommute: No

Education: BS Degree and a Masters is a plus

Travel %: minimal

Relo Paid: Yes – case by case basis

Status: US Citizen or Green Card – Sorry, no Visa Sponsorship, a Security Search Firm, has been selected to conduct a search for a top shelf AVP candidate to manage the Security Operations Center (SOC) for a fortune 500 organization.

As the selected candidate, you will have knowledge of INFOSEC best practices and be responsible for overseeing the overall state of security for the organization and for working with management to ensure that INFOSEC objectives are aligned with corporate risk tolerance and strategic goals. You will also be responsible for developing and keeping up to date security policies and procedures to ensure operational compliance.

You will need a minimum of 8+ years of IT experience with at least 5 years developing and implementing security policies / best practices within a multi-platform environment. You will need good project management skills and excellent oral and written communication skills. Managing staff for at least 4 years in technical leadership roles is required.

Additional responsibilities and duties include:

  • Managing and mentoring a staff (2 direct and 25+ indirect) and developing them for future growth within the security department in additional to conducting performance appraisals, interviewing and proper discipline.
  • As relate to the needs of the SOC and OGC (operational governance groups), oversee the development and management of RFP’s, expense budgets and business plans.
  • Contributing to the design, maintenance and execution of Corporate Security Policy and Incident Response Plans.
  • Reporting on the state of Security of the computing environment to the executive level.
  • Must be knowledgeable of INFOSEC systems including SIEM platforms, firewalls, virus protection and vulnerability testing.
  • Must be knowledgeable in a broad range of technologies including OS, mainframes, mid ranges and client server.
  • Must be knowledgeable in SOX and PCI and understand how to deal with regulators when needed.
  • Must be able to make appropriate recommendations (and coordinate implementation) on the design / purchase of security tools to be utilized by the SOC, Operational Governance and the Security Intelligence groups.
  • Directing and creating remediation priorities based on level of vulnerability / scope of impact.
  • Implementing policies that will ensure there are correct levels of scanning, monitoring, and incident response when needed.
  • Developing procedures which will ensure there is as minimal impact and disruption to business operations and systems during any remediation of vulnerability issues.
  • Providing the appropriate direction and methodology for forensic analysis and reporting.
  • Developing and implementing security standards and procedures for controlling access / authentication to many systems and applications.
  • Must maintain or create procedures to continually evaluate security administration standards and procedures to ensure compliance with best practice standards and audit requirements.
  • Ability to partner with other departments and groups to understand the user needs for access to corporate data and applications and ensuring that data has been appropriately classified as public, private, sensitive, or confidential.
  • Reviewing and evaluating projections on the needed resources for INFOSEC projects (i.e. capital costs, FT staff, contractors, etc.)
  • Reviewing and prioritizing INFOSEC projects portfolio.
  • Partnering and/or working with other IT groups to secure participation from key people /contributors from other departments and notifying senior management for additional resources. Allocating resources as needed to support strategic company goals.
  • Collaborating and working with other departments (App Dev, Systems, Infrastructure, Architecture, etc) to clarify INFOSEC expectations for securing systems to ensure adherence to policies and standards.

To be considered for this position, please contact Wils Bell directly at 407-365-2404 or email a confidential resume to:

Wils Bell

POB 620298 * Oviedo, FL32762
Direct: 407-365-2404 l




  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Security Breaches, Security News & More (week ending 2-17-12)

Follow my Twitter feeds for daily breach and security news.

Wils Bell – President
Direct: 407-365-2404


  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches From Across the Net Week ending 1-13-12

Follow my Twitter feeds for daily breach and security news.



Wils Bell – President
Direct: 407-365-2404


  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Security Job: Due Diligence Marketing Representative

Security Job Title:   Due Diligence Marketing Representative

Job Type: Full-time

Job Location:  May be based anywhere

Compensation: Base of $80,000K to $120K  plus solid commission structure

Total Package:  Average Rep’s earn between $200K – $300K or more

Education: Prefer BS, but will consider work / education combination

Travel %: minimal, an Executive Search Firm, has been retained to identify and recruit a solid candidate to join an established and growing (20-30% annually) firm that performs due diligence background reports on both companies and individuals around the globe. My client works with a large variety of Corporations to include but not limited to 25% of the Fortune 100 Companies, Regulatory Agencies, Multinational Law Firms, Governments and other Service Providers who specialize in the Energy, Defense, Gaming, Technology, Medical, Manufacturing and Finance Sectors.

Corporations are expanding their services, products and brand globally. As such, many of these same corporations need to attain due diligence reports on partners, vendors, employees, etc. This is my client’s specialty and is one of the factors propelling their solid annual growth.

As a successful candidate you need to have solid experience in client development and sales. Experience selling a business risk product or service is a big plus.

My client’s service is generally sold to C Levels executives; General Counsel, Chief Legal Officer, Chief Risk Officer. As such, having relationships with these contacts is a must and will accelerate your sales cycle.

Duties & Responsibilities

  • Must have solid sales / marketing experience to C Level executives (General Counsel, Risk Officer, Legal Department) and have relationships with these levels
  • Must be able to develop new business through referrals and cold calling
  • Must be able (after training) to explain how due diligence services can and will benefit clients and what separates company from competitors
  • You must understand that client service is major selling point of the company
  • Will act as primary the point-of-contact for the client
  • Will thoroughly read due diligence report and discuss findings with client
  • Must have ability to maintain current client relationships while building new relationships
  • Ability to work independently and in a telecommuting capacity in required
  • Must be very detailed oriented
  • Must have good written and verbal communication skills


Wils Bell


Breaches & Security News From Around the Web 12-06-11

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter


Ex-Army researcher links Conficker to Stuxnet

Russian media, election watchdog silenced through cyberattacks

Small firms have fewer resources to deal with more cyberthreats, House panel told

MIT researchers: US needs single agency to protect electric grid from cyberattacks

Getting Past Security’s Fuzzy Math ROI

Is the Security Response System for SCADA-ICS Broken?

Holiday Shopping At Work Raises Risks

Raytheon Acquires Cybersecurity Firm Pikewerks

Executives Lack Confidence in Infosec Strategies

Controls Have to be Executed Perfectly Every Day

Carrier IQ Controversy Spawns Lawsuits

FBI Warns of New Fraud Scam

Congress Probes TRICARE Breach

Organizing a Breach Notification Team


Wils Bell

Bell (at )


Security Job: Manager; Security Breach Response

Security JobManager; Security Breach Response

Note: This is a great opportunity and the position is very detailed. Below is just a brief description to provide a general understanding of the basic responsibilities. For a full confidential discussion of this exciting opportunity, please call Wils Bell – 407-365-2404

Job Type: Full-time (not a consulting firm)

Job Location: Positions available in – New York City, Philadelphia or Chicago

Compensation: Base of up $140,000 (maybe higher) plus bonus

Telecommute: No

Education: 4 year degree is a must

Travel %: up to 40%

Relo Paid: Prefer local to either Chicago, New York City or Philadelphia, a Security Search Firm, has been selected to conduct a search for a client interested in hiring a Manager of Information Security Breach Response. The chosen candidate will be responsible for working closing with the upper management and C level executives at organizations that have had a serious cyber breach to direct and coordinate a response and remediation efforts with internal resources and outside 3rd parties as required. In addition to having a good understanding of Information Risk / Security, the successful candidate will probably have had positions working in a client facing role (Sales or Sr. Consultant), but not necessarily . A solid understanding of how Information Risk and business functions interact is a real plus.

Our client is an established organization with “excellent” benefits and a great career path.


  • Ability to direct and coordinate the breach response activities at affected organizations.
  • Direct internal resources and 3rd party service providers that are involved in the breach response and remediation. This could include but not limited to Forensics Consultants, Credit Bureaus, Lawyers, Law Enforcement and other services as needed.
  • 3rd party service provider relationships to include; selection, contract negotiation, and performance evaluation.
  • For major breaches, ability to coordinate and direct response efforts onsite at affected organizations location.
  • Provide onsite breach response assistance for clients as needed for significant breaches.
  • Ability to educate organizations on the need for proper incident response and the liabilities of failure to do so.

Skills and Abilities

  • You must have excellent written and verbal communication skills
  • Ability to work with people during high pressure and crisis modes.

To be considered for this position, please contact Wils Bell directly OR email a confidential resume to :

Wils Bell
President, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404


A Funny Thing Happened During the Interview

A Unique Security Interview

During a conversation today I was reminded of a situation that in some regards was funny and on the other hand was actually rude. It does have a lesson to those employees of companies involved in the interview process.

Here’s what happened. I had a position here in Florida for a senior hands-on technical Security candidate. The client was a solid company with operations around the USA, Caribbean and Central and South America. Even though this company had many bilingual employees due to their different business locations, it was not required on this particular position.

Since the candidate (let’s call them Dave”) I recruited was available ASAP,  had recently relocated to Florida and was local, the employer scheduled an in-house interview for one afternoon. ( I’d known Dave for several years since I recruited him for another opportunity when he lived in the Carolina’s. Still has his Carolina accent.)

The day of the interview arrived and Dave was off to meet everyone. Dave called me on his drive home from the interview  to share his thoughts of the company, the position, the people, etc. He met with Human Resources and got all the HR information and was taken on a brief tour of the facility by another HR representative on the way to interview with the technical security staff  and manager. Dave was taken to a conference room where  the manager and 2 project managers were all waiting to conduct a group interview, even though the interview  itinerary was stated differently, but no big deal.

Here’s where it begin to get a little funny and rude at the same time.  All three employees of the client were asking Dave questions related to the job.  As usual, the questions started out relatively easy and progressed quickly to more difficult questions since Dave was able to answer correctly without any issues. He knew he were doing well. He knew he knew more than the project manager he would report too. He knew the manager thought he would not be challenged for long in the job. He knew he blew away all the other candidates  interviewed thus far, and many other insights.

Now you ask, why would these employees conducting the interview discuss these comments directly in front of Dave. Simple, they were speaking Spanish. Yes they were interviewing in English, but discussing amongst themselves their comments about the candidate. How rude was that, but the fact that Dave was able to understand about 75% of the Spanish was the funny part.

Yes, here’s someone with a Carolina accent that had a real good handle on understanding Spanish. He had worked for a firm in the past with many Latin American clients and  spent 5 years travelling south and picked up Spanish enough to understand people fairly well.

Dave thought it was a real insightful interview situation that most people would never experience, while also being rude.

One we jot to the actual job,  regardless of the rudeness factor, Dave stated that the client indeed had some real security  issues, as I had indicted. Once those issues were resolved over the next many months, the job would not be challenging.  Even though he was ready to go to work, this was not going to present a long-term opportunity. (The client still made him an offer, even though I said it was not necessary)

The overall  problem I saw was the client was discussing Dave and his answers and comments right in front of  him in a language they thought he did not understand. Whether he understood or not I felt and he felt it was rude. Would that have been the normal work environment and atmosphere. In fairness, I did share with the CIO that Dave turned down the position based on opportunity, but for future reference he night want to discuss with his managers their interview style.

I supposed the moral of the story would be never assume anything, like you are not being overheard or understood by those around you.

Have a great Wednesday.