Jonathan J. Thompson


Education


The University of Iowa

Bachelor of Business Administration in Management Information Systems


Iowa City, Iowa

 

Experience

 

Ernst & Young, LLP. - Technology & Security Risk Services (TSRS)

Senior Consultant

·   Managed a large project team where we assisted a Mortgage Investment Company's Controls Organization in triage and re-design of several hundred IT application controls over a period of 6 months. Designed strategy, built consensus with Director and Vice President level management, met aggressive deadlines, contributing to the timely release of the 2005 financial statements. By request, returned to the Mortgage Investment Company to re-design security controls.

·   Selected for a triage team responsible for the rapid re-design and implementation of a broken SDLC process and represented our executive leadership during strategic planning sessions with client Vice Presidents.

·   Developed platform security standards for a Fortune 500 company’s nuclear energy facilities.

·   Selected to assist a Fortune 50 healthcare client identify, contain, eradicate, and recover from a financial systems failure. Guided triage efforts, developed project strategy, and monitored the execution of the strategy.

·   Developed minimum baseline standards and tested platforms for numerous clients. Platforms included including Cyberguard, Pix, Checkpoint, Windows 2000, Windows XP, Windows Server 2003, Unix, Mainframe, OS400, Oracle, SQL Server, Linux, RACF, and more.

·   Assessed security configurations, conducted a policy & procedure review, and re-designed the Incident Response Plan for a Fortune 50 international financial data services company

·   Authored an Intrusion Detection System (IDS) evaluation guide and a supplement to guide clients in determining whether they should consider selection of an Intrusion Prevention System (IPS).

·   Assessed perimeter security configurations, host based security configurations, IDS rules, and provided guidance on a layered security model for an outsourced payroll processing company.

·   Provided over 3000 hours of Sarbanes – Oxley related IT services. These services included: outsourced Project Management, outsourced Internal Audit services, process documentation, process re-design, process design, control identification, control re-design, control design, procedure documentation, procedure training, test plan creation, test plan execution, test management, stakeholder training, triage compliance services, monitoring, process improvement, and executive reporting.

·   Assisted numerous clients with year 1 Sarbanes – Oxley, section 404 compliance project scoping and execution.

·   Developed and coached junior team members.

·   Served clients from a variety of industries including 3 of our firm’s 100 top global Office of the Chairman Accounts; Fortune 500, 100, and 50 companies including: 2 of top 5 Financial Data Services, top 2 Diversified Financials, top 2 Health Care Managed Care, top 2 Industrial & Farm Equipment.

·   Identified sales opportunities and developed relationships with clients.

·   Maintained a client billable utilization rate of 99.5% (FY04) 114% (FY05), top 2%.

St. Louis, Missouri /
Washington, DC.

2004 – Present

 

 

Microsoft Corp. / Microsoft Research

Student Consultant

·   Facilitated the development and implementation of a MCP training class, which was integrated into the course elective credit offerings of the MIS program

·   Increased corporate donations to the Management Information Systems Dept.

·   Instructed training workshops for Microsoft technologies and methodologies

 

Iowa City, Iowa

2003 – 2004

 

 

 

 

 

Maytag Corp.

IT Process Improvement Intern (invited to extend to full time)

·   Assisted in managing a Sarbanes Oxley 404 compliance project

·   Guided incident response efforts for a security incident; designed an IR plan

·   Performed enterprise IT Risk Analysis and designed remediation plans

Newton, Iowa

2003

 

 

The University of Iowa

Systems and Security Administrator

·   Conducted a departmental IT gap assessment, designed an IT infrastructure, obtained budget approval, implemented servers (file, print, web, firewall), UPS and backup devices.

·   Served as the systems administrator, maintaining infrastructure and software housing medical research data valued at over 50M

·   Served as the security administrator, responsible for host based security configuration, monitoring, and response

·   Increased the paper based procurement process efficiency by 50% by designing, developing, and deploying an ASP web-based application

·   Hired as a freshman to fill a position vacated by a CS masters program graduate

 

Iowa City, IA

1999 - 2002

 

 

HolliThomp Web Marketing

Founder / Consultant

·   After being laid off due to state budget cuts, I created a web marketing and web based process improvement group where I designed and developed product and service offerings, developed client relationships, negotiated terms, sold contracts on products and services prior to establishing a proven track record on that service offering to clients up to $13M in annual revenue, recruited staff, managed teams, and delivered projects on-time with high client satisfaction

·   Established a value-driven bill rate which averaged over $100 an hour

·   Earned a client's business over all the web development firms in the state, including a competitor with over 40 employees who bid 40% less than our professional fees

·   Designed and managed the web marketing and process improvement project (previous bullet) where we delivered a web site: ranked by Google in the top 10 listings for the client's preferred search terms, containing a full content management back-end so the technically challenged can administer the site, providing fully paperless processes, demonstrating a significant increase in web traffic, and providing a fully paperless back office automation system complete with time logging and inventory tracking

 

Iowa City, IA

2001 - 2004

 

 

The SANS Institute

Research Assistant

·   Managed a database containing over 100,000 members

·   Developed the NS 99 conference CD

·   Reviewed conference thought leadership submissions for technical accuracy

 

Bethesda, MD

1999

Activities

·   Elected to the College of Business Young Alumni Board at the U. of Iowa

·   Served as Chairman for the Career Workshop and Networking Event

·   Alumnus of the fraternity of Phi Gamma Delta

·   Rocky Mountain Elk Foundation (RMEF)

·   Avid outdoorsman, hunting, fishing, camping, sporting clays, chess, financial strategy, baseball, softball, boating, photography

 

 

 

Certifications

·   Certified Information Systems Security Professional (CISSP #106956)

·   FEMA NIMS Certified

 

 

Publications

Thompson, J. (2000) Good Intentions, InfoSec Policy and Ethics- A Case Study. Information Security Bulletin 45

 

 

Technologies

Perimeter security technologies, such as firewall, VPN, DMZ, IDS and host-based security solutions; Windows, Unix, AS/400, Oracle, networking (switches, routers, protocols), ACE- SecurID, SAP, ISS Real Secure and/or Cisco IDS. Standards and regulations include HIPAA, Sarbanes-Oxley, and ISO17799. Project management tools include Microsoft Project, Visio & Excel.

 

Languages

ASP.NET, VB.NET, C#, C, CGI, HTML, Javascript, PERL