Bradley

Brad Bemis, MS, CISSP, CISA

| Founder | Principal SecureIT Strategist | Cybersecurity Cultural Transformation Champion |


Hello, my name is Bradley and I’ve been working in the IT and Cybersecurity industry for over 30 years now.  My engagement portfolio includes time spent in the trenches with Microsoft, T-Mobile, Lucent, Clearwire, Integra, Starbucks, Nordstrom, Expedia, REI, Boeing, SAIC, BBA, Airborne Express, Symetra Financial, Overlake Hospital, Jefferson Healthcare, and countless other small to medium-sized businesses, enterprise customers, and consulting houses.  I’m also a U.S. Air Force veteran and have worked with a variety of military organizations and government agencies around the world. 

In 2012, I launched SecureITExperts as an Information Risk Management and Cybersecurity Consulting firm focused on providing strategic security management services to organizations of all types and sizes.  Then, in 2014, I experienced a rather profound personal shift in the way that I see the world, a transformational change in perception that was deeply psychological, heart-centered, and wisdom-based.  I stepped away from the industry for about a year, integrating new inner insights and doing volunteer work with the homeless.  After that, I started to split my professional work between cybersecurity engagements and teaching contemplative wisdom practices. 

Eventually, it became apparent to me that these two worlds were mutually supportive and deeply complimentary – that the same realizations that emerge through contemplative wisdom practice can play a major role in how we address the root-cause challenges present in cybersecurity today.  Ultimately, we are talking about transformation – transformation at the individual and organizational levels.  We are talking about the rich, complex world of the human mind; how it thinks, perceives its environment, and engages the systems and structures that it encounters.  What could be more applicable to exploring human risk factors?

After having formally studied behaviorism and motivational science, earning a master’s degree in counseling, and starting a Ph.D. in psychology, I’m now devoting the remainder of my career to finding new and novel ways to tackle the human risk factors present within organizational systems.  I’ve always made security awareness and training a central feature of my work. Going forward though, I’m taking this specialized skillset to a whole new level – SecureITExperts is reshaping itself to become an evidence-based, results-driven implementation champion for engaged information stewardship across the business enterprise.

Our new mission is entirely focused on security culture and transformation – specifically on issues of policy, awareness, training, and communications within organizations trying to enhance their protective postures by promoting the people-oriented processes and practices that are so critically essential within the domain of cybersecurity.  


Professional Experience

Over my 30-year career in cybersecurity, I have held nearly every type of security role imaginable and have enhanced my understanding of the human risk factors by branching out into psychology, education, and business.  To briefly summarize, my areas of professional experience and expertise include:

  • Built entire cybersecurity programs from the ground up using ISO, ITIL, COBIT, NIST, SANS, SSE-CMM, etc.
  • Directed compliance initiatives for SOX, HIPAA, GLBA, PCI, FISMA, GDPR, DFARS, breach laws, etc.
  • Partnered with executive-level committees to determine risk appetite, set priorities, and create metrics
  • Engaged in formal and informal security risk assessments leveraging OCTAVE, FAIR, FRAP, FIRM, etc.
  • Formalized risk management tools and techniques emphasizing ownership and accountability
  • Authored clear and functional enterprise security policies, standards, guidelines, and procedures
  • Defined and delivered structured security awareness, training, and education materials at all levels
  • Configured and monitored firewall, IDS, and VPN devices, malicious code defenses, and encryption systems
  • Created and implemented system hardening standards for applications, platforms, and devices
  • Aided development teams to incorporate security into the SDLC via AGILE, Waterfall, DevOps, and more
  • Administered and conducted penetration testing of systems, applications, databases, and networks
  • Streamlined threat management and vulnerability remediation capabilities across entire enterprises
  • Spearheaded business continuity, disaster recovery, incident response, and digital forensic initiatives
  • Conducted security audits and compliance validation checks against established control baselines
  • Managed multiple large and complex projects in a manner consistent with PMI PMBOK methods
  • Led the work efforts of other security professionals and IT personnel in teams ranging from 6 to 30
  • Formulated and administered budget plans for annual program allocations of up to 4 million dollars
  • Increased effectiveness of security operations, enhanced customer trust, and influenced profitability
  • Participated in advancing the security profession through blogging, forums, and social networks
  • Maintained strong professional relationships and actively contributed to the security community

Technical Skills

  • Network: TCP/IP, IPX/SPX, NetBEUI, RIP, IGRP, EIGRP, OSPF, BGP, bare, virtual, cloud, hybrid, HPC, CSPs
  • Security: AAA/IDM/IAM, VPN, encryption, PKI, Firewalls, IDS/IPS, pen-testing, incident handling, forensics
  • Services: Ethernet technologies, Frame-relay, ATM, Token Ring, FDDI, X.25, 802.11 (wireless), 802.1x, etc.
  • Support: Cabling, switching, bridging, routing, client-server, security, testing, troubleshooting, recovery
  • Operating Systems: Windows 3.1/NT4 to Win10/2019 (w/IIS & Exchange), Unix, Linux, Solaris, Novell
  • Network Management: SNMP, OpenView, CiscoWorks, Tivoli, Optivity, SunNet Manager, SolarWinds
  • Languages: HTML, PHP, SQL, C, Visual C++, Visual Basic, Delphi, Assembler, Pascal, Perl, JavaScript

Formal Education

  • Ph.D. Psychology, CIIS (Applicant for Fall 2022, August start)*
  • M.S. Counseling, Walden University (CACREP-accredited, 4.0 GPA) (2021)
  • B.S. Information Technology, Minoring in Business Administration, University of Phoenix (2004)
  • A.A.S. Information Systems Technology, Community College of the Air Force (1998)
  • A.A.S. Personnel Administration, Community College of the Air Force (1998)
  • Additional graduate studies in business and education

* Early placement in special student status possible starting January 2022 – course selection ‘Interpersonal Neurobiology’

Professional Certifications

  • Security Awareness and Culture Professional (SACP) [Pending: planned for Q1 2022]
  • Certified Information Systems Security Professional (CISSP) [Active: #24220, since June 2001]
  • Certified Information Systems Auditor (CISA) [Active: #0331778, since July 2003]
  • Associate Business Continuity Planner (ABCP)
  • Certified Lean Six-Sigma Greenbelt (CSSG)
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified Design Associate (CCDA)
  • Nortel Networks Certified Support Specialist (NNCSS)
  • CompTIA Certified Network Technician (Network+)
  • Microsoft Certified Systems Engineer, Microsoft Certified Professional plus Internet
  • Successfully completed 2 of the 4 CCNP exams (routing and switching)

Specialized Training

  • Teaching Adult Learners
  • Technical Training Instruction
  • Instructional Design
  • Registered Behavioral Technician
  • Behavioral Health Technician
  • Mindfulness for Professionals
  • Life Coaching
  • The Consultative Approach
  • Lean and Six-Sigma
  • Project Management
  • Military Leadership Training
  • Nordstrom Leadership Development Track
  • Seattle Institute for Management Studies
  • Crisis and Trauma Counseling
  • Dialectical Behavior Therapy
  • Nonviolent Communications
  • Cloud Security Management
  • Computer Security Incident Handling
  • Securing Microsoft Enterprise Platforms
  • Computer Crime and Investigations
  • Checkpoint Security Administration
  • Introduction to Cisco Router Configuration
  • Advanced Cisco Router Configuration
  • Accelerated Nortel Networks Router Configuration
  • Windows Architectural Design
  • Windows Server Administration
  • Exchange Server Administration
  • HP Openview Network Node Management
  • Introduction to UNIX
  • Advanced UNIX
  • Solaris Systems Administration
  • Solaris Shell Programming
  • Oracle Database Administration
  • Oracle Developer Application Design
  • Cabling for Voice and Data Networks
  • Motorola Voice Communications
  • Network Encryption Systems Administration
  • Network Planning
  • Network Systems Administration
  • Various ongoing security lectures, seminars, and events

Memberships and Affiliations

  • The Learning Guild
  • American Counseling Association
  • Florida Mental Health Counselors Association
  • Mental Health Association of Central Florida
  • Association for Contextual Behavioral Science
  • International Coaching Federation
  • Cloud Security Alliance (CSA)
  • Information Systems Security Association (ISSA)
  • Information Systems Audit and Control Association (ISACA)
  • Computer Technology Investigators Network (CTIN)
  • Agora Community – Seattle
  • InfraGard Affiliate – Seattle
  • Washington Software Alliance (WSA)
  • King County Bar Association (KCBA)
  • Pacific Northwest CISO Forum meetings and events
  • Former Seattle CSA Chapter Secretary
  • Former Puget Sound ISSA Chapter Secretary
  • Guest Instructor for the Pacific Northwest CISSP Study Group
  • Established the Security Program Management Forum for SecurityFocus.com
  • A key contributor in multiple online cybersecurity forums and communities
  • Maintained an information security portal and blog at www.secureitexperts.com
  • Regularly consulted on issues of security awareness and training, policies and procedures, leadership and management, career development matters

Projects and Programs of Interest

  • National Council for Workforce Education
  • H-Layer awareness and culture certification initiative
  • Behavioral Engineering as applied to cybersecurity 
  • The BJ Fogg Behavioral Model as applied to cybersecurity
  • The Huang and Pearlson Model as applied to cybersecurity
  • SANS research into cybersecurity and cultural transformation
  • The NIST NICE Framework for defining the cybersecurity workforce
  • Project Leader, CSA CCM 3.0 Mapping of ‘Jericho Forum Commandments’
  • Project Founder, Independent Council for the Advancement of Cyber Security Ethics
  • International Association of Awareness Professionals (IASAP) engagement activities
  • Actively researching MITRE ATT&CK mappings and DBIR data analysis for behavioral targeting
  • Currently developing an awareness matrix across all of the most common cybersecurity best practices and compliance requirements

Public Presentations

  • Writing Security Policies People Will Actually Read
  • How to Avoid a Mushroom Cloud
  • Applied Mobile-Chaos Theory
  • What ‘Hackers’ Do
  • Preparing to Meet the Black Swan
  • Data in Motion and the Wheels of Jeopardy
  • Getting Your Head Right with Mindfulness-based Security
  • Career Planning and Advancement in Cybersecurity
  • The Business Case for Cybersecurity
  • SMARTER Risk Assessments
  • Toward a Standard of Due Care
  • Intrusion Detection Systems From A to Z
  • The Legal and Ethical Perils of Minimalist Compliance
  • Panel on Security Culture
  • Panel on the Future of Cloud Security
  • Panel on Professional Development in Information Security
  • Multiple additional in-house presentations for awareness and training purposes

Honors and Awards

  • Chi Sigma Iota National Honor Society, 2018-2021
  • Golden Key International Honor Society, 2019-2021
  • National Society of Leadership and Success, 2019-2021
  • John Levitow Leadership Award (USAF), bestowed in 1996
  • Multiple awards and recognitions from employers and professional associations

Work History (Cybersecurity)

  • SecureITExperts, Founder and Principal SecureIT Strategist, Orlando, FL (2015-Present)
  • SeaWorld Parks and Entertainment, Manager, Cybersecurity Operations, Orlando, FL (2020-2021)*
  • BBA Aviation/Signature Flight, Data Protection and PCI Compliance Lead, Orlando, FL (2018-2019)*
  • SAIC Corp., Principal Security Analyst – Strategy, Policy, and Training, Orlando, FL (2016-2017)
  • Aspect Technologies, Senior Security Analyst – Policy and Compliance, Orlando, FL (2015-2016)
  • SecureITExperts, Founder and Principal SecureIT Strategist, Seattle, WA (2012-2015)
  • Network Computing Architects, CISO, Security Practice Lead, and Principal Consultant, Seattle, WA (2011-2012)
  • Expedia, GRC Program Manager and PCI Technical Lead, Seattle, WA (2010-2011)*
  • Microsoft, Program Manager, Security Operations and Communications, Seattle, WA (2009-2010)*
  • Clearwire, PCI Compliance Lead and Senior Security Engineer, Seattle, WA (2009-2009)*
  • T-Mobile, Manager – Security Operations, Seattle, WA (2007-2009)
  • Microsoft, Program Manager – Vulnerability Remediation, Seattle, WA (2007-2007)*
  • Symetra Financial, Senior Security Specialist and Program Manager, Seattle, WA (2005-2006)
  • Microsoft, Security SME and Lead Instructional Designer, Seattle, WA (2004-2005)*
  • Nordstrom, Senior Security Engineer and Department Supervisor, Seattle, WA (2003-2005)
  • Airborne Express, Senior Information Security Analyst and Engineer, Seattle, WA (2002-2003)
  • Lucent Technologies, Information Systems and Security Consultant, Seattle, WA (2000-2002)
  • U.S. Air Force (Enlisted), NCOIC/Information Systems and Security Engineering (1991-2000)

* Denotes a short-term contract position of 6 to 12 months in length

Work History (Mental Health)

  • Awakening Into Life, Teacher, Guide, Counselor, Coach, and Mentor, Orlando, FL (2015-Present)
  • The Meaningful Life Center, Student Intern, 6-month Clinical Internship, Mental Health Counseling, Orlando, FL (2021)
  • Holistic Integrated Mental Health Services, Student Intern, 3-month Clinical Practicum, Mental Health Counseling, Orlando, FL (2020-2021)

Volunteer Work

  • Hospice Care, 1 year
  • Working with the Homeless, 5+ years
  • Mental Health and Wellness Advocacy, 3+ years
  • Red Cross Disaster Preparedness Volunteer, 2+ years

Additional Information

  • Currently in the application stage of pursuing a Ph.D. in psychology which emphasizes transformational potential, with a fall 2022 planned start – looking for a role that will allow my professional work and my academic pursuits to support and inform one another over the next several years.
  • Devoted to ongoing professional development activities in diverse areas that depart from traditional notions regarding ‘what works’ in cybersecurity – pushing boundaries and evangelizing innovative new approaches.
  • Deep emphasis on organizational and cultural transformation based on the principles of organizational psychology, functional behaviorism, and motivational science within a specific cybersecurity context.
  • A strong advocate for humor and levity within the domain of cybersecurity cultural transformation, drawing from evidence-based research that supports the use of humor to help facilitate change.
  • Previously held (and still eligible for) a Top-Secret Department of Defense security clearance with access to Sensitive Compartmented Information (TS-SCI).