Summary
Overview
Work History
Education
Skills
Certification
Jobskills
Timeline
Generic

Steve Coconis

Laval,QC

Summary

Senior IT Professional with a proven record in Security Cloud Architecture, Risk Assessment, Governance, Compliance, Operations, and Disaster recovery. Possess valuable experience with strategic projects, such as implementation of enterprise-wide infrastructure solutions. Successfully developed and implemented Information Security programs that are effective and align with corporate goals for a competitive advantage. Helped drive change to culture when new methodologies and technology were introduced where efficiencies were the key drivers.

Experienced with network security protocols and intrusion detection systems. Utilizes advanced techniques to identify and mitigate potential threats. Track record of successful implementation of comprehensive security solutions, ensuring data protection and compliance.

Cyber security professional with proven track record of safeguarding organizations from cyber threats. Known for implementing advanced security measures and enhancing system integrity. Valued team player with focus on collaboration and adaptability, leveraging analytical skills and proactive approach to ensure optimal security outcomes.

Energetic and analytical with strong aptitude for problem-solving and critical thinking. Proficient in network security protocols and threat analysis, with hands-on skills in firewall management and vulnerability assessment. Capable of implementing robust security measures to safeguard organizational assets and data.

Developed robust skills in cybersecurity within collaborative and high-stakes environment. Specialized in threat assessment and network protection, ensuring integrity and confidentiality of sensitive information. Seeking to transition into new field, bringing strategic mindset and commitment to maintaining security standards.

Cybersecurity professional with strong foundation in threat analysis, risk management, and network security. Known for adaptability and reliability in dynamic environments, ensuring robust protection against cyber threats. Skilled in incident response, penetration testing, and security architecture. Effective in team collaboration, driving results, and meeting organizational goals.

Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies.

Watchful professional offering comprehensive, hands-on experience identifying, investigating, and responding to information security alerts. Expertise in searching through data-sets to detect threats and anomalies and administering metrics to maintain security processes and controls. Focused on helping businesses safeguard sensitive data from hackers and cyber-criminals.

Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals.

Pursuing full-time role that presents professional challenges and leverages interpersonal skills, effective time management, and problem-solving expertise.

Thorough team contributor with strong organizational capabilities. Experienced in handling numerous projects at once while ensuring accuracy. Effective at prioritizing tasks and meeting deadlines.

Possesses versatile skills in project management, problem-solving, and collaboration. Brings fresh perspective and strong commitment to quality and success. Recognized for adaptability and proactive approach in delivering effective solutions.

Experienced leader with strong background in guiding teams, managing complex projects, and achieving strategic objectives. Excels in developing efficient processes, ensuring high standards, and aligning efforts with organizational goals. Known for collaborative approach and commitment to excellence.

Demonstrates strong analytical, communication, and teamwork skills, with proven ability to quickly adapt to new environments. Eager to contribute to team success and further develop professional skills. Brings positive attitude and commitment to continuous learning and growth.

Results-oriented achiever with proven ability to exceed targets and drive success in fast-paced environments. Combines strategic thinking with hands-on experience to deliver impactful solutions and enhance organizational performance.

Equipped with strong problem-solving abilities, willingness to learn, and excellent communication skills. Poised to contribute to team success and achieve positive results. Ready to tackle new challenges and advance organizational objectives with dedication and enthusiasm.

Tech-savvy innovator with hands-on experience in emerging technologies and passion for continuous improvement. Skilled in identifying opportunities for technological enhancements and implementing effective solutions. Adept at leveraging new tools and methods to solve problems and enhance productivity. Excels in adapting to fast-paced environments and driving technological advancements.

Detail-oriented individual with exceptional communication and project management skills. Proven ability to handle multiple tasks effectively and efficiently in fast-paced environments. Recognized for taking proactive approach to identifying and addressing issues, with focus on optimizing processes and supporting team objectives.

Proactive and goal-oriented professional with excellent time management and problem-solving skills. Known for reliability and adaptability, with swift capacity to learn and apply new skills. Committed to leveraging these qualities to drive team success and contribute to organizational growth.

Innovative technology professional with several years of diverse experience. Skilled in enhancing systems and aligning technical solutions with business objectives. Proven success in leading projects from start to finish and contributing to organizational growth and success.

Overview

26
26
years of professional experience
3999
3999
years of post-secondary education
3
3
Certifications
2
2
Languages

Work History

Senior Cyber Security Specialist

Weir Canada Inc.
04.2024 - Current
  • Developed customized processes, and procedures for cyber security engineering based on top level DND policy instruments
  • Championed the customized cyber security engineering processes by providing guidance to group members in the application of cyber security engineering principles to the system development life cycle process
  • Adapted DND’s Vulnerability Management Program vulnerability assessment and mitigation process to support system engineering efforts and operational systems
  • Spearheaded technology product hardening efforts by providing guidance based on DISA, and CIS
  • Produced conceptual illustrations, diagrams and technical artefact of security concepts and solution architectures
  • Deployed and operationalized the Automated Security Validation process with accompanying documentation
  • Investigated and assessed the security posture of existing or proposed systems, networks or communication systems, identified potential gaps and vulnerabilities, and proposed more secure configurations or mitigation measures to address the identified gap areas and/or vulnerabilities
  • Incorporated DND policies, procedures and methodologies related to information systems security, including the Cyber Security and Risk Management Process (CSRMP), and Security Assessment and Authorization (SA&A)
  • Conducted vulnerability assessments, penetration testing, as part of security engineering validation in support of overall vulnerability management processes
  • Enhanced network security by implementing advanced threat detection and prevention systems.
  • Conducted regular audits of security infrastructure, identifying weaknesses and recommending improvements.
  • Established a culture of shared responsibility for cyber hygiene within the organization through effective communication of policies, procedures and expectations around securing sensitive information.
  • Strengthened risk management strategies by developing comprehensive risk assessments based on current threats facing the organization''s industry sector.
  • Reduced cyber attack risks by conducting thorough vulnerability assessments and penetration testing.
  • Collaborated with IT teams to integrate security measures into software development life cycles, ensuring secure product releases.
  • Evaluated emerging cybersecurity technologies and incorporated them into existing systems where appropriate for enhanced protection levels.
  • Implemented multi-factor authentication protocols, reducing unauthorized access to sensitive information.
  • Fostered relationships with external partners including law enforcement, fellow industry professionals and intelligence communities to stay informed about latest trends, threats and advancements in the field of cybersecurity.
  • Streamlined security processes, optimizing system configurations for efficient threat monitoring and mitigation.
  • Managed vendor relationships to ensure adherence to organizational cybersecurity standards and policies.
  • Improved incident response times with the development of comprehensive incident management plans and procedures.
  • Provided expert guidance on regulatory compliance matters, helping the company navigate complex legal requirements related to data privacy and cybersecurity.
  • Served as a subject matter expert and resource for both technical and non-technical staff on issues related to cybersecurity best practices, incident response and data protection requirements.
  • Achieved continuous improvement in overall system security through close collaboration with internal stakeholders such as developers, network engineers, and business leaders.
  • Spearheaded the adoption of industry best practices, resulting in a more robust cybersecurity framework for the organization.
  • Developed customized cybersecurity training programs to raise employee awareness and minimize human error risks.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Conducted security audits to identify vulnerabilities.
  • Created policies and procedures for emerging security technologies and proposals.

Senior Manager - Security Compliance & Monitoring Management

TD Bank Financial Group
Toronto, Ontario
01.2018 - 09.2022
  • Developed a team of 10 FTEs to implement the strategic direction for the Security Compliance & Monitoring
  • Key Consultant on Cloud Security Programs on security requirements, Governance, design controls, and ensure implementation in accordance with policies, regulatory requirements, and risk appetite of the bank
  • Managing a 1B & 2A line of defense function to challenge the execution of implemented of processes
  • Developed procedures for testing the effectiveness of controls and monitoring in accordance with risk control
  • Created excellent relationships with management, internal auditors, and risk & control teams
  • Managing the development and implementation of compensating controls to address residual risk until strategic solutions are available
  • Introduced a roadmap for the target future state environment
  • Leading evidence determination and responses to Internal Audit for regulatory RFI’s
  • Collaborated in Data Classification specifically when loads were moved into the Cloud Environment
  • Responsible for Process Flow Diagrams for new Cloud initiative
  • Identified key gaps with respect to Data Classification labelling with respect to new data risk profiles
  • Consulted Cybersecurity 1A teams to understand risks and ensure that compensating controls have been implemented and adhered to
  • Providing support and consulting in preparation for Audits and appropriate remediation activities
  • Governed information security related audits, and recommended remediation to address control gap concerns
  • Contributing to the review of internal processes and activities and assisting in identifying areas for improvement
  • Participating in programs as a subject matter expert helping to define Database Activity Monitoring (DAM), Data Loss Prevention (DLP) and Data at Rest (DAR) policies and controls that mitigate risks
  • Collaborated with Risk and Governance teams to develop processes based on security management frameworks
  • Created the policies for secure sensitive data, and ensure security and compliance with internal policies, contracts, regulatory requirements, and industry standards
  • Worked with Internal Audit with Risk Control Self-Assessments and improved processes, RACI, and controls
  • Proposed improved Use Cases for threats from recent incidents through monitoring of 1st line of defense and informed the lines of business for the Controls Assurance Program
  • Implemented the Configuration and Vulnerability management program with compliance reporting
  • Interpreted the business strategy and developed organizational objectives to align with the strategy and risk appetite of the bank
  • Defined information Security risk management methodologies and processes to close off audit gaps of controls
  • Development of Compliance Use Cases in MS Azure to help redefine security policies to enhance to risk posture
  • Spearheaded delivery of key projects to protect the company’s most valuable data assets
  • Developed metrics, KPIs, and KRIs related to cyber security assessments and initiated security awareness
  • Established strong relationships with clients and stakeholders, ensuring long-term partnerships and repeat business.
  • Implemented and developed operational standards, policies and procedures.
  • Held monthly meetings to create business plans and workshops to drive successful business.
  • Provided strong leadership to enhance team productivity and morale.
  • Led cross-functional teams to achieve project milestones and deliver high-quality results.
  • Consistently met or exceeded annual performance targets set by senior leadership.

Senior Manager - Information Security Risk Management Officers

BMO Financial Group
Toronto, Ontario
01.2014 - 01.2018
  • Managed project based security controls implementation as part of the Security Architecture
  • Managed a team that conducted risk assessments for infrastructure that included 10 FTE and 8 Consultants
  • Played a major role for the Architectural design of the enterprise Cloud-based DDOS and NAC solutions
  • Conducted Threat and Risk Assessments (TRAs) to analyze and quantify security risk
  • Provided the strategy for the IT Security Risk team overall information security governance
  • Acted as Firewall Governance Officer for the enterprise
  • Provided enterprise security controls for the Infrastructure Key Risk KRI & Performance Indicators KPI
  • Assessments for Identity & Access Management IAM across the applications with user access reviews
  • Consulted enterprise architecture teams on strategy for all security controls Cloud deployments
  • Principal contributor for the strategy of hardening, patching, as well as the enterprise reporting model
  • Responsible for threat and vulnerability assessments by establishing baselines and scoring for effectiveness across all platforms
  • Performed Qualys Scanner activities and guided teams in remediation with timelines
  • Responsible for Enterprise level innovative security Architecture design for all security controls
  • Conducted penetration test reviews, and introduced changes to hardening standards
  • Worked with Network and Server Engineering to define equipment standards communications protocols and/or technical components to align enterprise architecture and operational requirements
  • Ensured that BMO was current on legal and regulatory issues with respect to IT Security and Data Privacy
  • Provided guidance to Corporate Operational Risk Management and Internal Audit for audit findings
  • Ensured that teams understood and prioritized applicable security controls as well as implementation
  • Initiated and defined the needs of the bank with respect to the audit logs in the governance framework
  • Established Policies and procedures for access management ensuring that control gaps and are addressed
  • Consultant to the response teams after the occurrence of an enterprise-wide incident including root-cause analysis, log reviews, and vulnerability identification and remediation
  • Spearheaded and led the team in log management review for key Compliance Use Cases for policy effectiveness
  • Established strong relationships with clients and stakeholders, ensuring long-term partnerships and repeat business.
  • Implemented and developed operational standards, policies and procedures.
  • Held monthly meetings to create business plans and workshops to drive successful business.
  • Provided strong leadership to enhance team productivity and morale.
  • Led cross-functional teams to achieve project milestones and deliver high-quality results.
  • Consistently met or exceeded annual performance targets set by senior leadership.

Senior Security Architect Enterprise Cloud Architecture

BMO Financial Group
Toronto, Ontario
05.2017 - 01.2018
  • Provided Information Security focus Architecture for security based requirements
  • Lead Architect for design of BMO’s Information Cloud Security Strategy for PaaS/SaaS
  • Alignment of IT strategy with company's business goals/concerns
  • Responsible for development of MS Azure Use Cases for the cloud environment
  • Provide direction, and guidance Architecture to support the corporate business strategy
  • Optimization of information management through an understanding of evolving business needs and technology
  • Strategic responsibility for the company's IT Security systems
  • Work closely with other functional area architects and security specialists to ensure security solutions are in place
  • Defined the alignment of security governance with Enterprise Architecture governance
  • Evaluated new security products and advised on their ability to meet the requirements
  • Designed solutions for Hardware Security Module (HSM), Cloud Access Security Broker (CASB), AWS and Azure security Architecture services
  • Performed Data Classification for loads in Cloud Data
  • Optimized firewall configurations to ensure optimal network performance while maintaining a high level of protection against external threats.
  • Conducted audits of existing network infrastructure, identifying areas for improvement and recommending appropriate measures to enhance security controls.
  • Collaborated with cross-functional teams to develop secure software applications, reducing instances of data breaches and security incidents.
  • Worked closely with vendors to assess third-party products'' compatibility with existing systems while maintaining stringent security standards.
  • Drafted clear documentation outlining company-wide security procedures, enabling all team members to understand their roles in upholding organizational safeguards properly.

Senior Network Security Specialist

Quebecor Media Inc.
04.2011 - 08.2013
  • Installed robust security architecture utilizing Cloud Computing IaaS, PaaS, and SaaS
  • Designed the architecture for new implementations the network & endpoint IPS, NAC, and WAF solution
  • Participated in the Architectural Design of the external-facing Architecture by deploying the DDOS protection with Arbor PeakflowSP TSM as well as Web Application Firewall (WAF) protecting 480 managed web-sites
  • Developed the strategy for the global security model for including all the security elements
  • Advisor to the upper management of new waves of security threats, and how to act proactively to mitigate risk
  • Developed, installed, created operational procedures and support documentation for all McAfee ePO including Site-Advisor, Virus-Scan, HIPS, DLP, and Policy Auditor McAfee solutions
  • Tested company’s own web-sites for vulnerabilities and worked with web developers to mediate gap in security
  • Firewall policy optimization using Tufin software for very quick rule deployment
  • Performed risk assessment and the impact of the vulnerability
  • Conducted McAfee Scanner activities and helped teams to remediate the vulnerabilities
  • Define business strategies for penetration testing based on business needs of the company
  • Prepared IT risk assessments and reports on the results for presentation technology and business management
  • Set the standards in applying security patches on servers and workstations
  • Performed security design/architecture, and penetration test reviews

Directeur - Security Operations Center (S.O.C)

National Bank of Canada
03.2010 - 03.2011
  • Led the team that installed security patches on all 21000 servers and workstations at the bank
  • Supplied Cloud-based SaaS Architecture for Microsoft’s Forefront Cloud Service for Anti-Spam Email
  • Assured that monitoring of security incidents and responses is in place and functional
  • Acted as an expert on various committees and external activities with stakeholders involved in the business units
  • Aligned business IT needs, requirements, and with a focus on information security
  • Influenced policies related to information technology in order to ensure alignment with corporate strategies
  • Redefined strategies for detecting Internet fraud based on business needs
  • Recommended to LOBs on ways to reduce risk based on the results of studies based on correlation analysis
  • Contributed for the strategy of hardening standards, patching, and Vulnerability Management and developed the Scorecards to upper management
  • Defined business strategies for intrusion and management of security incidents based on bank’s needs
  • Coordinated the internal team and outsourcers of services for installation, and upgrade anti-virus, HIPS, and DLP
  • Central point of contact with the outsourcer to install patches (patch management) to operating systems
  • Align corporate security and IT security departments to reduce the risk
  • Responded to internal and external auditors
  • Advised executive management on information security in times of crisis to manage events
  • Evaluated and implemented security tools and increased accountability, according to company policies
  • Developed processes, and procedures according to company policies
  • Developed, and implemented, the enterprise wide security awareness program for all bank employees
  • Excellent communication skills, both verbal and written.
  • Skilled at working independently and collaboratively in a team environment.
  • Self-motivated, with a strong sense of personal responsibility.

Senior Network Security Solutions Architect

Accenture Inc.
02.2009 - 03.2010
  • Company Overview: (BDC - Business Development Bank of Canada & BC Hydro)
  • Responsible for new zoned Security Architecture for banking environment
  • Evaluate, recommend, and deploy of firewalls, IPS systems, SQL application firewalls, load-balancers, Reverse-proxy, network logging appliance & event correlation (SIEM), and WAN Optimization
  • Documentation on procedures and support of all new security architecture diagrams
  • Product conformance testing of all new equipment being installed in production and test environments
  • Apply security standards prescribed in the clients functional and non-functional IT requirements
  • Responsible for the transition of information security infrastructure to the latest industry's best standards
  • Responsible for the capacity planning for future growth of newly designed security infrastructure after having viewed all the latest internal and external audits
  • Risk assessment and impact of the vulnerability of client's environments
  • Implemented a Cloud-based solution for Disaster Recovery Plan (DRP) of the two redundant data centers
  • (BDC - Business Development Bank of Canada & BC Hydro)
  • Evaluated emerging technologies to stay current on industry trends, making informed decisions for technology adoption.
  • Developed comprehensive documentation for technical specifications, project plans, and user guides, streamlining communication across teams.
  • Enhanced application performance by integrating cloud technologies and microservices architecture.
  • Promoted collaboration between cross-functional teams by serving as a liaison between developers, product managers, and stakeholders during all phases of projects.
  • Managed project timelines effectively while juggling multiple priorities, consistently meeting deadlines without compromising quality.

Network Operations Manager (N.O.C)

Bell Canada Inc.
06.2003 - 02.2008
  • Co-ordinate, and manage telecom/security department activities such as incidents and work orders
  • Proposals on projects for capacity planning for LAN/WAN telecom equipment of $2 million/year
  • Work within budgetary constraints to control budgets for salaries and outsourced activities
  • Maximize efforts by empowering staff using a salary budget of $1 million/yr
  • Use strategies to enhance and diversify our services to promote client retention/attraction
  • Responsible for profit and loss statements in order to guide and budget the growth path
  • Monitor and manage the policies and procedures for department activities in accordance with ITIL
  • Ensure that the operational processes and procedures achieve maximum results
  • Set up control mechanisms to ensure activity execution complies with service level agreements
  • Operation’s principal contact towards the client with regard to service delivery agreements
  • Ensure follow-up of action plans resulting from annual client satisfaction surveys
  • Encourage the development of each resource and ensure corporate values are honored
  • Prime resource for 3 data centers Disaster Recovery Plan (DRP), 2 local and 1 remote location
  • Managed Network Operating Center (NOC) technical infrastructure and server performance.
  • Provided network debugging and troubleshooting services in response to user-reported faults and malfunctions.

Senior Network Security Analyst/Team Lead

Bell Canada Inc.
10.2000 - 06.2003
  • Architecture of Checkpoint Firewall Systems, and Intrusion prevention Systems (IPS)
  • Responsible for projects on capacity planning in line with future client requirements $4 million/year
  • Telecom/Security lead in change request committee
  • Integration and support for Canada’s largest private network of over 60,000 customers
  • Network design for LAN/WAN TCP/IP security architectures and feasibility studies
  • Key member of the Vulnerability Prevention Process group for a proactive approach to security
  • Implement appropriate countermeasures and defense strategies
  • Developed and coordinated Disaster Recovery Plans (DRP)

Network Security Engineer/Consultant

Westcon Canada Inc.
05.1999 - 10.2000
  • Responsible for support and service of all network security related products and services
  • Installation and troubleshooting of Checkpoint Firewall-1 Firewall Systems, and IDS
  • Optimized network performance through effective monitoring and troubleshooting of security devices.
  • Reduced cyber threats by conducting vulnerability assessments and recommending appropriate mitigation strategies.

Systems Integrator

Micro-Age Consultants Inc.
01.1999 - 05.1999
  • Mass roll-out of client computers converting 2000 workstations from Windows 3.11 to NT 4.0
  • Configuration of network devices
  • Troubleshooting connectivity issues to all corporate applications
  • Coordinated with IT support teams to resolve systems-related issues, minimizing downtime and disruptions for endusers.
  • Reduced project lead times for clients by developing comprehensive project plans and coordinating cross-functional teams.

Education

MBA -

Edinburgh Business School – Heriot-Watt University
Edinburgh, UK
05.2001 - 01.2020

Graduate Diploma in Applied Management -

McGill University
Montreal, QC
05-1993

Bachelor of Arts - Major Economics

Concordia University
Montreal, QC
05-1987

Skills

Exceptional communication abilities

Extensive IT experience

Results-oriented

Innovative ideas

Strong ties to Upper Management

Critical thinking

Decision making

Problem solving

Best practice technology control frameworks

ISO 27001

NIST Risk Management processes

Cyber Security Framework

ITSG-33 Risk Management Framework

undefined

Certification

CISSP, in progress, 02/01/25

Jobskills

  • Exceptional communication abilities to establish relationships with business and technology partners.
  • Extensive IT experience in the Financial, Telecom, and Military Industries.
  • Results-oriented, and willing to introduce innovative ideas to accomplish goals for reduced timelines.
  • Able to develop strong ties to Upper Management for changes to process and models.
  • Critical thinking, decision making and problem solving.
  • Strong grasp of best practice technology control frameworks ISO 27001.
  • Knowledge and implementation of NIST Risk Management processes including Cyber Security Framework, and the ITSG-33 Risk Management Framework.
  • Complex engagement and client relationship management abilities.
  • Proven ability to adapt and handle stressful situations.
  • Capable of making enterprise-wide changes to introduce efficiencies to the organization.
  • Enhanced strategic process models introduced and implemented.
  • Dynamic, detail-oriented, and highly regarded for demonstrating experience developing complex and effective secure infrastructures thus minimizing the attack exposure.

Timeline

Senior Cyber Security Specialist

Weir Canada Inc.
04.2024 - Current

Senior Manager - Security Compliance & Monitoring Management

TD Bank Financial Group
01.2018 - 09.2022

Senior Security Architect Enterprise Cloud Architecture

BMO Financial Group
05.2017 - 01.2018

Senior Manager - Information Security Risk Management Officers

BMO Financial Group
01.2014 - 01.2018

Senior Network Security Specialist

Quebecor Media Inc.
04.2011 - 08.2013

Directeur - Security Operations Center (S.O.C)

National Bank of Canada
03.2010 - 03.2011

Senior Network Security Solutions Architect

Accenture Inc.
02.2009 - 03.2010

Network Operations Manager (N.O.C)

Bell Canada Inc.
06.2003 - 02.2008

MBA -

Edinburgh Business School – Heriot-Watt University
05.2001 - 01.2020

Senior Network Security Analyst/Team Lead

Bell Canada Inc.
10.2000 - 06.2003

Network Security Engineer/Consultant

Westcon Canada Inc.
05.1999 - 10.2000

Systems Integrator

Micro-Age Consultants Inc.
01.1999 - 05.1999

Graduate Diploma in Applied Management -

McGill University

Bachelor of Arts - Major Economics

Concordia University

Similar Profiles

CREATE PROFILE
Steve Coconis