Welcome!
I am Mike Hillier

Two decades ensuring that information security, risk management & regulatory compliance have been designed and implemented appropriately.

Learn moreGet in Touch

This is me. Auditor by day & whitehat hacker by night. I never sleep… almost.

Certified Information Security System Professional (CISSP)
Checkpoint Certified Security Expert (CCSE)
Microsoft Certified System Engineer (MCSE)
Certified Novell Engineer (CNE)
Certified Anti-Money Laundering (CAM)

320

successful projects

8762

days of experience

87

happy clients

my approach & delivery

Compliance strategies reflect the needs of the business, at all stages of growth typically these topics align with business strategies, but not always, not for everyone.
The danger is that technology models supporting them can become fragmented and non-responsive. My perspective is a unique and simple approach focused on the relevant “What, Why, When and How."
Rapidly sorting through complicated regulatory compliance requirements and even more complicated technology architectures. Striving always to simplify technology architectures I will detect the risks then identify improvement and mitigation measures.
I can navigate through the maze of diverse international, federal and state regulations on matters of compliance and their precise relevancies within the technology theater. Sound governance coupled with the right balance of standards, policy and procedures are my guaranteed results.
My opinions and acumen are disinterested and proven throughout a broad technology compliance and regulatory theater. My manner of examination insure reviews place no reliance on existing business process.
I diligently expand my technical knowledge with a leading edge mentality to continually achieve compliance, network and security certifications.

experience

2004 to Present: Bank of America – Corporate Audit: Vice President, Senior Auditor in the Cyber Monitoring & Investigations Group

  • Designed and led Audit’s first independent cyber monitoring and investigations program where numerous insider threats were discovered & corrected before risks were realized.
  • Evaluated the effectiveness of same with first and second line risk partners.
  • Engineered Audit’s first application source code assessment program.  Then led execution where numerous internet facing vulnerabilities were unearthed and remedied before exploits were exercised.
  • Chief liaison for encryption compliance directly and indirectly executing reviews for credit card applications (PCI) and its immense interchange network and infrastructure throughout the banks global financial network.
  • Architected and automated at the scale of the company Audit’s first Active Directory and RACF access control measurement program. For the first time Audit began independently assessing its multiple role and discretionary based access review frameworks within the business.
  • Assessed, deliberated and reported control effectiveness for all aspects of the master data governance, classification and quality assurance programs.
  • Identified regulatory technology requirements, determine methods to apply or address, then monitored oversight to assure regulators, customers and shareholders its control effectiveness is sustainable.
  • Effected numinous improvements to enterprise information technology (IT) policies and system baselines. Determined scope and objectives for complex technology audit programs and testing criteria.

2001 to 2004: TeliStar – Principal & Senior Technology Security Consultant

  • Architect and led onsite inspections for Bank of America’s critical suppliers within corporate audit. Provided direct oversight evaluating the effeteness of supply chain compliance with internal Global Information Security. Established than directed oversight of supplier remediation efforts. Directed the reading and redlining of contracts and service level agreements (SLA).
  • In partnership with Odell International built the application and technology infrastructure for the construction of the Military Medical Complex in Riyadh and UAE in Saudi Arabia.
  • General consulting at large performing intrusion and vulnerability assessments for companies like BASF, BMW and Stabilus.
  • Expert analysis skills to implement countermeasures immediately reducing risk exposure.

1996 to 2001: Hoechst Celanese – Chief Firewall & Security Architect

    • Architect providing the IT security designs for DMZ, intranet and extranets for its international chemical and pharmaceutical corporations.
    • Down-sized and de-merged these complex networks with three fortune 500 companies.
    • Integrated firewalls, virtual private networks (VPN) and commerce solutions throughout the U.S., Asia, and Europe.
    • Implemented countermeasures to reduce risk and provided designs for continuous monitoring.
    • Implemented encryption technologies such as IPSEC, HSM, PGP, SSL, SSH, Secure FTP and VPN.
    • This included Public Key Infrastructure (PKI) CA design, piloting, implementation and the operational adoption of user, service tokens and computer certificates.

1992 to 1996: Duke Power – Senior Problem Resolution Engineer

      • Preformed network analysis for debugging the performance and capacity of business applications and network infrastructure (DNS, DHCP & VPN) used throughout the utilities wide area network (WAN).
      • Disseminated innovative expertise in analyzing, diagnosing and resolving complex IT problems without existing guidelines or procedures.
      • Severed as expert using Ethernet, Token ring, FDDI network packet analyzers for advanced protocol troubleshooting in all layers of the OSI model.

1986 to 1992: ComputerCare – Partner & General Manager

      • Designed turnkey network and application solutions for U.S. Government agencies; U.S. District Court, U.S. Attorneys, Bureau of Prisons, FBI and DEA.
      • Responsible for managing service and support contracts with key relationships in diverse IT implementations while supervising four field engineers.
      • Doubled hardware sales during first two years and captured 13% of sales in new banking-related business by conducting software training, troubleshooting and consulting services the third year.

1984 to 1986: TRW Defense Group – Programmer

      • Contractor working in the beltway area of Washington D.C. on various defense and intelligence efforts.
      • Maintained a Top Secret government clearance.

1978 to 1984: United States Army – Air Traffic Control Radar & Navigational Aids Electronic Technician

      • Assigned to the U.S. Army Communication Command (Information Systems Command) at fort L.J. McNair supporting the Military District of Washington (MDW).
      • Detached to the Pentagon servicing radar, computer, encrypted communication, transponders and navigational equipment at the heliport and other metropolitan aircraft landing zones.
      • One year of duty in Seoul Korea at K16 repairing Identification Friend or Foe surveillance (IFF) transponders, computers and Surveillance & Ground Control Approach radar.
      • Honorably Discharged, Good Conduct, Overseas and Army Service Ribbon, maintained a secret security clearance and qualified as Sharpshooter with M16.

Public Service, Boards & Speical Interest Groups

Board member for the YMCA Y-Guides program, The Meckcha Federation Charlotte Chapter (since 2014 ).

      • 2015 Committee Chairperson for building Holiday float.
      • Responsible for fundraising and leadership to build and make ready a float for Christmas parade in Mecklenburg county North Carolina.

More can be learned here: Yguides.org National or YMCA Charlotte

Sector Chief of Banking & Finance for the FBI’s North Carolina Infragard program (since 2013)

      • 2015 – CyberCamp Instructor and Facilitator for FBI Information Sharing Initiative.
      • 2014 – Published in the quarterly Infragard newsletter. Topic was Cyber Firesale and the importance of sharing of information & Speaker at chapter meeting on identifying Bitcoin network traffic.
      • 2013 – Published in the quarterly Infragard newsletter. Topics of expanding membership and the importance of timely sharing.
      • 2012 – Participated in part 1 and final part 3 of tabletop exercises; responding to simulated cyber-attacks for key infrastructures.

More can be learned here: Infragard.org Brochure PDF.

Want to get in touch? Use this form.

6 + 2 = ?