Mark Lane

Current

Manager at Deloitte
Web Risk Management Lead at Vancouver Organizing Committee for the 2010 Olympic and Paralympic Winter Games

Past

Senior Consultant at Deloitte
Security Consultant at Unit 4 Agresso
IT Support & Systems Administration at CRH

see less...

Education

Dublin City University
Dublin City University

Recommended

1 person has recommended Mark

Connections

142 connections

Industry

Computer & Network Security

Websites

Mark Lane’s Summary

Mark Lane is a Manager in the Enterprise Risk group in the Vancouver office of Deloitte working within the firm’s Security Services practice. He has worked in several industry sectors including health care, government, telecommunications and financial. He specializes in technology & risk services. Mark has several years of experience providing companies and government institutions with information security services ranging from performing security threat & risk assessments to leading forensic investigations on IT systems.

Currently Mark is on Secondment to the Vancouver Organizing Committee for the 2010 Winter Olympic and Paralympic games (VANOC). His role there is to assist VANOC with their web security.

Mark Lane’s Specialties:

Mark holds a Masters Degree in Security & Forensic Computing and a Bachelors degree in Computer Applications with Software Engineering from Dublin City University. Mark also holds CISSP, CISA and CISM certifications. Mark is also a PCI Qualified Security Assessor. Mark is one of Canada's leading experts in the field of web security.

Mark Lane’s Experience

Manager

Deloitte

(Partnership; Management Consulting industry)

August 2009 — Present (5 months)

• Managed internal and external resources (e.g., finances, people, equipment, systems) required to execute engagements.

• Provided information security awareness, training and education to stakeholders (e.g., business process owners, users, information technology).

• Monitored, measured, tested, and reported on the effectiveness and efficiency of information security controls and compliance with information security policies.

• Ensured that non-compliance issues and other variances were
resolved in a timely manner.

• Developed and implemented processes for detecting, identifying, analyzing, and responding to information security incidents.

• Provided information security advice and guidance (e.g., risk analysis, control selection) to organizations.

• Ensured that the information security controls agreed to in contracts (e.g., with joint ventures, outsourced providers, business partners, customers, third parties) were performed.

• Established escalation and communication processes and lines of authority.

• Establish the capability to investigate information security incidents (e.g., forensics, evidence collection and preservation, log analysis, interviewing).

• Organized, trained, and equipped teams to respond to information security incidents.

• Periodically tested and refined information security incident response plans.

• Managed the response to information security incidents.

• Conducted reviews to identify causes of information security incidents, developed corrective actions, and reassessed risk.
Web Risk Management Lead

Vancouver Organizing Committee for the 2010 Olympic and Paralympic Winter Games

(Non-Profit; Sports industry)

March 2009 — Present (10 months)

• Developed an information security strategy aligned with business goals and objectives.

• Aligned information security strategy with corporate governance.

• Obtained senior management commitment to information security.

• Defined roles and responsibilities for information security.

• Established internal and external reporting and communication channels that support information security.

• Established a process for information asset classification and ownership.

• Implemented a systematic and structured information risk assessment process.

• Integrated risk, threat and vulnerability identification and management into lifecycle processes (e.g., development, procurement, and employment lifecycles).

• Developed and maintained plans to implement the information security strategy.

• Specified the activities to be performed within the information security program.

• Designed and developed a program for information security awareness, training, and education.

• Oversaw the development, communication, and maintenance of standards, procedures, and other documentation (e.g., guidelines, baselines, codes of conduct) that support information security policies.

• Integrated information security requirements into the organization’s processes (e.g., change control) and life cycle activities.

• Established metrics to evaluate the effectiveness of the information security program.
Senior Consultant

Deloitte

(Partnership; Management Consulting industry)

September 2007 — August 2009 (2 years )

• Developed business cases justifying investment in information security.

• Demonstrated ability to identify current and potential legal and regulatory requirements affecting information security.

• Identified drivers affecting varous organizations (e.g., technology, business environment, risk tolerance, geographic location) and their impact on information security.

• Conducted business impact assessments.

• Ensured that threat and vulnerability evaluations were performed on an ongoing basis.

• Identified and periodically evaluated information security controls and countermeasures to mitigate risk to acceptable levels.

• Reported significant changes in information risk to appropriate levels of management for acceptance on both a periodic and event-driven basis.

• Ensured alignment between the information security program and other assurance functions (e.g., physical, HR, quality, IT).

• Identified internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program.

• Ensured the development of information security architectures (e.g., people, processes, technology).

• Established, communicated, and maintained information security policies that support the security strategy.
Security Consultant

Unit 4 Agresso

(Public Company; U4AGR; Computer Software industry)

June 2005 — April 2007 (1 year 11 months)

• Developed antivirus response procedures and standards for client organizations.

• Developed and presented training courses on McAfee VirusScan Enterprise, McAfee ePolicy Orchestrator and McAfee Host Intrusion Prevention System.

• Responsible for large-scale deployments of antivirus (McAfee & Sophos) products to global networks (>25,000 nodes).

• Deployed various security products including Checkpoint, Fortinet, Clearswift and Ciphertrust products.

• PGP certified engineer with an indepth knowledge of PGP mail encryption, disk encryption and PGP universal server.

• Gained an indepth knowledge of networks, operating systems and their associated technical security controls.
IT Support & Systems Administration

CRH

(Public Company; CRH; Building Materials industry)

March 2003 — March 2007 (4 years 1 month)

• Performed level 1 & level 2 IT support to a user base in excess of 3,000 staff.

• Frequently provided out of hours / on-call support.

• Gained a deep understanding of Microsoft products, ranging from Exchange to Active Directory.

Mark Lane’s Education

Dublin City University

MSc , Security & Forensic Computing , 2004 — 2006

Forensic Computing is often regarded as a primarily computer-related problem with technical solutions. In reality, however, Forensic Computing actually draws on a number of disciplines: namely, computer science, information systems, law, and social science. In recent years, technologically-competent criminals have been increasingly exploiting the use of new technologies in the commission of crime. The investigation of such crime has led to the emergence of a new field of specialisation termed "forensic computing", which involves the detection, storage, analysis and exhibition of digital evidence in a legally admissible manner.
Dublin City University

BSc , Computer Applications , 2000 — 2004

Computing technology is all around us in our everyday life now from the mobile phone that wakes us in the morning to the GPS system in the car to the networking webpage we post photos on, and it is in use for everything from booking concert tickets to securing a job.
As intelligent, innovative and forward-thinking people continue to grow technology, it can help us solve problems in a great range of applications (i.e. traffic circulation, climate modelling, study of diseases, systems engineering, business modelling, ecology).Mark specialized in Software Engineering, with particular emphases on computer graphics technology such as OpenGL & DirectX.