Old Soul, Young Heart, Likes Memes
Also a Dad, a Lifetime Learner, an Information Security Swiss Army Knife, and a Volunteer for Just Causes Around the Area
Original Stuff © 2023 Christopher J. Marcinko, All Rights Reserved
(All Other Content Property of Their Respective Copyright Holders)
Old Soul, Young Heart, Likes Memes
Also a Security and Privacy Swiss Army Knife â I Own Things, Solve Problems, and Mentor Peers â Drawing Daily from 28+ Years of Practical ExperienceÂ
(and Backed by 108 Certifications)
#AKATrusted  #LetsTalk
About Me
I am an enthusiastic Information Security and Privacy Specialist with a myriad of practical experience and demonstrated success leading a cavalcade of initiatives, including:
Crafting, managing, and auditing internal security controls aligned with global standards, including GDPR, HIPAA, PCI DSS, FISMA / NIST 800-53 / CSF, ISO 27000 / 27700, SOC2, SOX, CCPA, CIS20, NERC CIP, FedRamp, CSA STAR, and more.
Building, and leading information security and privacy management frameworks, policies, and programs, ensuring streamlined processes and strong team direction.
Strategic thought leadership driving internal and client teams to effectively address complex internal and customer facing challenges.
Extensive coaching and mentoring security consultants, emphasizing technical expertise, interpersonal soft skills development, and cross-team knowledge-sharing practices.
Being a seasoned problem-solving ninja, with a knack for complex troubleshooting and providing innovative solutions tailored to both business and technical needs.
Self-driven and collaborative, with strong written, verbal, and interpersonal communication skills, enabling effective cross-functional collaboration and leadership.
My Scenic Career Journey
Accenture
Full-Time âą Remote
Senior Manager, Lead of Avanade Global Client Information Security (GCIS) Worldwide Team
April 2025 - Current
In my current role, I lead with a people-first mindset and hands-on execution. With GCIS Tampa, I built and mentored a team of early-career security and privacy analysts, equipping them with the skills, confidence, and experience to thrive in complex environments. Iâm now expanding that proven model to our India peersâmore than doubling the size the reachâand combining our strengths to grow as âone GCIS,â setting the âpurpleâ standard of trusted support for internal teams and Clients.
I also lead Avanadeâs ISO team, supporting legal, architecture, sales, and delivery through complex security and privacy challengesâbehind the scenes and directly with Clients. Whether shaping strategy, handling escalations, advising on architecture, or representing Security and Privacy across broader initiatives, we focus on driving clarity and building trust with internal stakeholders and Clients alike.
Regardless of role or workflow, I emphasize practical growthâcritical thinking, soft skills, and unscripted problem-solving. Real understanding comes from real experience, so instead of leaning on theory or KB articles, we prioritize cross-training, shadowing, and real-time operationsâbecause real-world problems rarely come with real-world instruction manuals.
Beyond team development, Iâm leading the GCIS transition into Accentureâaligning people, processes, and technology while unifying India, Tampa, and ISO teams under a shared framework. Weâre also strengthening Sales Team support by improving integration, streamlining workflows, and creating the collateral and evidence clients need to trust our security and privacy practices as we deliver their solutions.
Senior Manager, The Americas Area ISO - Avanade Global Client Information Security (GCIS)
January 2020 - Current
As a trusted advisor representing Avanade's Office of the CISO, I guide internal teams, sales, and delivery stakeholders through complex security and privacy challenges, ensuring they are managed effectively and strategically. I also serve as the face of Avanade's Security and Privacy program, engaging directly with clients during pre-sales negotiations and post-sales vendor management reviews to articulate our practices and build trust.
Thriving in a dynamic, fast-paced environment, I excel in roles requiring adaptability and strategic thinking. I regularly partner with C-level executives to shape strategic direction, provide architectural recommendations to client stakeholders, and lead collaborative sessions to design robust procedures. I also deliver clear insights to our clients, ensuring they understand and have confidence in the scope and effectiveness of Avanade's security and privacy program and aligning our efforts with their business objectives.
Additionally, I manage leadership and incident response escalations. Collaborating with sales and delivery stakeholders and peer teams, I address complex challenges, remove roadblocks, and drive resolutions. My approach is grounded in clear communication and alignment with organizational goals, fostering trust and focusing on solving the root cause of whatever the problem might be.
Director, Lead of Avanade GCIS Tampa Team
April 2019 - April 2025
In this role, I built and actively mentor a team of analysts starting their careers, providing comprehensive training about industrywide security and privacy methodologies as well as both Avanade and Accenture internal practices.Â
I lead my team to consistently deliver high-quality outcomes while prioritizing their professional growth and development. I focus on sharpening their overall security and privacy expertise, broadening their ability to navigate complex challenges where responses cannot be scripted, and mentoring them through special projects where they take ownership of impactful solutions. By developing strong problem-solving and soft skills, I prepare them to succeed in future client-facing consultancy roles, ensuring they can easily hit the curveballs that will undoubtedly be thrown their way.
International Information System Security Certification Consortium, Inc. (ISC2)
Contract âą Remote
Authorized (ISC)2 Trainer
September 2014 - December 2019
As a secondary role, I delivered ISC2 certification training, including CAP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CCSP, HCISPP, and SSCP. My training sessions, conducted both live and virtually, blended in-depth technical expertise with practical advice tailored to security professionals.
I taught these ISC2 structured training classes over multiple weeks, guiding groups of 20+/âstudents per session. I ensured an engaging learning environment by presenting content enthusiastically and encouraging students to share personal stories related to the material to foster active participation. I also provided additional study resources tailored to their needs and backgrounds and proactively followed up before and after certification attempts to ensure continued success.
SHI International
Full Time âą Remote
Senior Security Solutions Consultant and Auditor - SHI Security Solutions Practice
July 2011 - November 2016
In this role, I led the execution of detailed risk assessments, balancing regulatory compliance with the mitigation of emerging security risks and alignment with broader business goals. These comprehensive security posture assessments of client environments ranged from best practice reviews to in-depth evaluations of HIPAA Security and Privacy compliance, and other recognized industry standards. My reports delivered actionable insights, detailing threats and potential impacts and prioritized remediation steps, ensuring clients could address risks effectively. Findings were presented in an objective vendor-agnostic manner, maintaining neutrality and avoiding the perception of a conflict of interest with SHIâs other technology reselling and services practices.
Additionally, I managed installing and upgrading security technologies, including Check Point and Palo Alto firewalls, Symantec Endpoint Protection (SEP), and Symantec Data Loss Prevention (DLP), addressing legacy system upgrades and full technology replacements.
I also provided Governance, Risk, and Compliance (GRC) consulting to assist clients in developing and refining internal security management programs. These efforts involved designing tailored policies and practices (often from scratch) to align with their client-specific risk management strategies, compliance mandates, and business goals. These deliverables included strategic roadmaps to implement and integrate recommended controls, ensuring both a successful rollout and an effective risk management approach.
United Surgical Partners International (USPI)
Full Time âą On-Site
Information Security Officer / Security and Privacy Engineer
March 2009 - July 2011
In this role, I designed and implemented continuous improvements to the Information Security program, ensuring alignment with regulatory frameworks such as HIPAA/HITRUST, SOX, PCI, and other mandated requirements. I also led DLP and configuration hardening and other initiatives to enhance risk mitigation strategies, compliance protocols, and incident response readiness while minimizing disruption to core business activities.
During my tenure, I actively monitored security firewall, access control, and other system logs, identifying and investigating suspicious anomalies with peer stakeholders. Additionally, I led policy updates and drove continuous improvements within the security program, working closely with legal, compliance, and operational teams. I supported external audits, represented the security team in change control discussions, and ensured security integration into new solutions developed within the environment.
Electronic Data Systems (EDS)
Full Time âą On-Site
Security Solutions Architect
(TVMR / SIEM Service Offering)
July 2006 - March 2009
In this role, I provided comprehensive lifecycle support for Enterprise Security Event Management (ESEM) architectures, driving development, implementation, and ongoing optimization. Our team ensured all solutions adhered to compliance frameworks such as PCI, HIPAA, and SOX while aligning with security audit protocols. We also proactively identified areas for improvement to ensure the system continued to meet the client's regulatory compliance needs.
In this capacity, I designed solution architectures tailored to client requirements, overseeing hardware deployment and developing security policies for the Network Intelligence SIEM solution. I also managed the configuration of Check Point firewalls protecting the overall ESEM managed services environment and defined alerting rules to notify SOC teams of anomalies requiring further investigation. Additionally, I troubleshot hardware failures, resolved policy glitches, and addressed ad-hoc client reporting requests, ensuring smooth and secure operations.
Security Solutions Architect and Lead
(Enterprise Firewall Risk Audit and Lockdown)
July 2006 - October 2009
In a secondary role, I conducted a granular enterprise-wide firewall policy risk audit for a billion-dollar European Financial Client. This project required exporting approximately 14+ million Check Point firewall event logs from 18 separate locations, creating a comprehensive snapshot of the Client's baseline internet activity. All event logs were consolidated into an ad hoc centralized log management server to analyze, identify traffic patterns, and establish baseline metrics. I also collaborated with Client Stakeholders to validate findings and clarify observed traffic behaviors.Â
Based on the findings, I streamlined existing firewall configuration policies, eliminating unused and overly broad access through an iterative deployment approach. I also coordinated with the Client's network and applications teams as policy updates were implemented, troubleshooting and making firewall policy adjustments as needed to minimize disruptions. These efforts strengthened the Client's network perimeter, mitigating overall security risk and ensuring compliance with industry best practices.
Security Solutions Architect
(DLP Service Offering)
July 2005 - July 2006
In this role, I supported the architecture team tasked with creating a Data Loss Prevention (DLP) managed service offering, contributing to its strategic design and implementation, and aligning it with internal and client business goals.Â
These efforts started by helping define overall security requirements and evaluating available Reconnex and Vontu DLP solutions. I facilitated the integration of test appliances into the network for performance evaluation and collaborated on creating management policies to protect confidential data. I also helped define alerting mechanisms, addressed legal concerns regarding the privacy of logged data, and integrated investigation techniques into existing incident response practices. These efforts helped ensure minimal operational impact while evaluating overall system performance as the team tested the technology options.
Technical Lead, Security Infrastructure Specialist, and Risk Auditor
(Managed Firewall Services)
November 2000 - July 2005
In this role, I delivered Check Point and Cisco PIX firewalls within our managed services offering and conducted risk assessments covering the applications traversing the firewalls and the solution architecture as a whole. I worked closely with Clients to gather requirements, define policies, and create customized configuration solutions, seamlessly integrating them into client environments. I conducted comprehensive risk assessments of proposed traffic rule bases and collaborated with the firewall administration team to deploy, test, and troubleshoot solutions.
Starting with smaller projects, I quickly advanced to managing large-scale, high-impact solutions, including EDS termed 'Megadeals' and other complex installations.Â
As Technical Lead, I mentored my Team to help them develop their skills and performance through peer reviews, coaching, and constructive guidance. I also managed the quality control process for the Team's firewall solutions, testing configurations before deployment to safeguard our Clients from potential security risks or operational impact during installation.
Team Lead, Systems Administrator, and Quality Assessor
(Remote Desktop Support)
May 1998 - November 2000
In this role, I provided second-level support for desktop, server, RAS/VPN, and security network infrastructure, ensuring the integrity and functionality of critical systems. I guided users through troubleshooting over the phone, implementing solutions, and verifying results. I also worked with vendors to address infrastructure issues, writing scripts to resolve application-related problems.
Growing into the Technical Lead role, I also mentored new team members, sharing technical expertise and writing knowledge-base articles to improve overall team performance. I also took ownership of third-level troubleshooting, diagnosing, and resolving complex technical issues to ensure seamless business continuity.
Distribution Analyst and Quality Assessor (DAOPC)
January 1997 - May 1998
In this entry-level role, I focused on processing bulk print jobs at the Dallas Area Output Processing Center (DAOPC) for internal EDS Teams and our clients. I initially performed manual envelope stuffing and later transitioned to automated machines to manage higher volumes while ensuring accurate and timely delivery under tight deadlines.
As the role evolved, I took on additional responsibilities, including implementing an ISO 9001-certified quality management system, writing procedures to document workflows, and collaborating with leadership to identify key metrics. I also supported corporate audit teams during both internal and external third-party assessments. Additionally, I assisted and shadowed the desktop support resource with troubleshooting workstation issues onsite.
Owens Family Restaurant
Full Time âą On-Site
Server, Store Trainer, 803 and 813 Locations
July 1993 - Janary 1997
My first sales role laid the foundation for the skills I've continued to build upon in all the days and years since. As a server, I provided exceptional, customer-focused service across all shifts, consistently earning an average 99.4% satisfaction score on 'Secret Shopper' evaluations and ranking among the top five waitstaff in Sales Per Customer (SPC).
Additionally, I trained new restaurant managers and waitstaff on menu knowledge, day-to-day store procedures, and effective suggestive selling and customer service techniques, contributing to their overall success.
Additionally, I trained new managers and waitstaff on menu knowledge, operational procedures, and effective customer service techniques, contributing to a high-performing and cohesive team environment.
City of Garland, Texas
Full Time âą On-Site
Library Page, Children's Department, Central Branch, Nicholson Memorial Library
November 1990 - July 1993
In a part-time role as a teenager, I managed and maintained library collections by accurately organizing and reshelving books and media, repairing materials, and assisting with routine daily operations.Â
I also played an active role in supporting Summer Reading Children's Programs and special events by designing creative print promotions and delivering interactive performances, including bringing characters like Waldo from the Where's Waldo series to life. On event days, I contributed to setup, live-show coordination, and teardown, ensuring smooth operations and memorable experiences for attendees.
Original Stuff © 2025 Christopher J. Marcinko, All Rights Reserved
(All Other Content Property of Their Respective Copyright Holders)
Old Soul, Young Heart, Likes Memes
Also a Security and Privacy Swiss Army Knife â I Own Things, Solve Problems, and Mentor Peers â Drawing Daily from 28+ Years of Practical ExperienceÂ
(and Backed by 108 Certifications)
#AKATrusted  #LetsTalk
Saying ther Quiet Part Out Loud
Original Stuff © 2025 Christopher J. Marcinko, All Rights Reserved
(All Other Content Property of Their Respective Copyright Holders)