Who am I?

Personal Details

  • Name: Christian Reina
  • Phone: (844) - CHRISTIAN
  • Email: christian@christianreina.com

Professional Profile

Information Risk Management Executive with a strong security background and over 16 years of demonstrated leadership with a wide security and infrastructure knowledge base. Goal-oriented team leader and player with strong negotiation, communication, and presentation skills. Have a strong background in financials and insurance.

My Professional Background

Work Experience

2010 July - Present


Assistant Director, Information Risk Management

Act as the Information Security Officer for the 1199SEIU Funds.  Responsible for information security policy and the coordination of information security efforts across across 23 operating funds as well as a shared service organization.  Coordinates the process to build a system-wide information security strategy and vision that is aligned with organizational goals and objectives. Managed compliance and security to four different set of standards for the NIST, ISO/IEC, COBIT, HIPAA, and PCI. Also Information Security lead for Business Continuity Planning and IT Disaster Recovery.

  • Responsible for Information Security Program Management Develop and monitor practices to reduce risks
    • Partner with Chief Information Security Officer (CISO) to organize the design and implementation of a comprehensive information security program and strategy for the Funds.
    • Provide guidance and advocacy regarding prioritization of investments that impact security.
    • Establish and communicate standards, procedure and guidelines to prevent the unauthorized use, release, modification, or destruction of data in any form.
    • Conduct research and keep abreast of latest technologies and innovations in information security and monitor industry trends.
    • Collaborate in developing strategies and plans to provide timely business resumption.
    • Develops and communicates enterprise level security strategies and operational plans to leaders, staff, business partners, stakeholders and customers.
    • Develop and implement a security plan including architecture, goals, schedules, resources, risks and opportunities.
    • Maintain a collaborative team environment.
    • Cultivates collaborative partnerships with IT, operations, facilities, human resources and senior leaders to establish and maintain organizational structures and practices to ensure security and privacy policies are implemented.
  • Responsible for working collaboratively with IT, PMO, Internal Audit, and professional staff to understand the business to effectively assess the current state of IT security, the risks associated with the current state of security, and plans to address current risk and proactively improve  IT security.
    • Works with technology teams on strategic architecture planning that embeds information security needs for multi-year planning horizon.
    • Works closely with other IT leaders and serves as an expert advisor to management in the development, implementation, and maintenance of an effective information security structure.
    • Serves as the coordination point with IT leaders, analysts and the Project Management Office to deploy and insure that system and technology implementations and changes follow appropriate information protection, implementation governance and change management protocols.
    • With Internal Audit, work with departments in consideration of information security risks for ongoing and planned operations.
  • Responsible for Enterprise Vulnerability & Threat Management Program
    • Identify, manage and respond to security risks for the 1199SEIU Funds information and information systems.
    • Monitor information security trends, internal and external to the organization and keep management informed about information security-related issues and activities affecting the organization.
    • Understand potential threats, vulnerabilities, and control techniques and communicate appropriate information to departmental system administrators.
    • Vulnerability Assessment & Analysis
    • Threat Analysis o Impact Analysis
    • Penetration Testing
    • Patch Management
    • Email Security
    • Internet Security
  • Responsible for Enterprise Security Monitoring & Incident Response
    • Develop the roadmaps, processes, procedures, and actions to be taken in the event of different IT security breaches.
    • Serve as the primary control point during significant information security incidents and advise the CISO on information security risks. Provide recommendations and actions in support of the enterprise's wider risk management programs.
    • Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters.
    • Maintain relationships with local, state, and federal law enforcement and other related government agencies.
  • Responsible for Enterprise Information Systems Risk Assessment Program
    • Responsible for ensuring a high quality, effective and efficient general IT controls framework and performance.
    • Perform periodic risks assessments to identify current and future vulnerabilities. Identify risks and lead risk mitigation approaches that balance the need to conduct business efficiently with protection of the business and its information assets.
    • Provide oversight and leadership with respect to the Disaster Recovery program assuring process, procedures and testing requirements are met.
    • Responsible for coordination of security audit efforts with internal and external auditors.
    • Application Risk Assessment
    • COBIT, ISO27001, NIST
    • Systematic Risk Analysis
    • Gap Analysis
    • SSAE16 Review
    • Code Review
  • Responsible for Enterprise Network & Endpoint Security
    • Network Access Control
    • Endpoint Security
    • Data Loss Prevention
    • Endpoint Encryption
  • Responsible for Enterprise Security Metrics
    • Strategic
    • Tactical
    • Operational
    • CSF, KGI, KPI

1998 June - 2010 July


Information Security Officer, Enterprise Risk Administration

Manage all security technology within the infrastructure. As principal information security technology resource, responsible for directing all aspects of the technical information security program including: development and execution of strategy policy and procedure, day-to-day technical operations management, and management of security service providers. Managing security operations, developing/implementing strategic security vision and regulatory/audit compliance.

  • Assess risks, threats and vulnerabilities associated within the architecture design, application, O/S and complex network infrastructure.
  • Control and management administrative, technical, and physical controls to protect confidentiality, integrity, and availability of personal information.
  • Meet with 3rd party vendors and management to review risk mitigation strategies and other compensating controls.
  • Manages Information Security Program from design to execution.
  • Responsible for development, maintenance, and enhancement of Information Security standards, guidelines, procedures, and controls objectives.
  • Identify security requirements, monitor, track security access rights and system controls.
  • Evaluate security infrastructure with monitoring components for anomalous patterns and unknown behaviors.
  • Perform security testing and vulnerability analysis of new and existing systems, working with the responsible teams to ensure vulnerabilities are mitigated.
  • Provide comprehensive consulting to IT management and other business units.
  • Provide Risk Analysis of the technical aspects of IT applications and infrastructure to ensure adequate levels of security are deployed. Work to identify any potential vulnerability both within an application, impact on other applications and the infrastructure. Recommend suitable countermeasures to mitigate such vulnerabilities.
  • Work to ensure the organizational security policies and standards are and remain applied to the defense in depth security model.
  • Acts a liaison with business partners to ensure interfaces between entities are secured and managed consistent with applicable laws, policies, standards, guidelines and best practices.
  • Develops and leads a unified security management structure including the establishment of policies, procedures and audit mechanisms that ensure a cost effective, verifiable and consistently applied security management systems.

1998 September - 2009 December


Information Technology Consultant

Managed a Network Security staff responsible for the operation of Firewalls, IDS, Proxy, Web Filtering, Egress Filtering, Network Architecture, Forensics, and e-Discovery. Served as lead security network architect for all projects.

  • Responsible for the design of security countermeasures based on security risk assessment.
  • Researches, recommends and implements changes to procedures, tools, and systems to enhance security.
  • Responsible for the development and documentation of IT security procedures.
  • Directly manages employees. Carries out manager responsibilities to ensure business requirements are met.
  • Analyzes the client's current network architecture and device configurations in order to identify potential weaknesses in the network infrastructure.
  • Customize security policies for your organization that are relevant, compliant with regulatory requirements, and address the business objectives.

My Education


2009 September - 2014 May

Boston University

M.S. Computer Information Systems, IT Project Management


The Master of Science in Computer Information Systems concentration in IT Project Management provides students with:

  • Specialized techniques for software risk management, software cost estimation, and software quality management
  • Virtual project management skills that enhance the ability to manage geographically distributed software development
  • Advanced knowledge in the analysis and documentation of requirements for architecture, design, and implementation of computer applications systems.
  • Proficiency in software and computing skills as they pertain to the design and implementation of database systems, data communications, systems analysis, and design.
  • Competence sufficient to identify current and emerging information technologies that may have strategic value for enterprise; assess where those technologies have value; and manage the implementation of those technologies in the enterprise.

2005 September - 2008 December

Thomas Edison State College

BSBA Computer Information Systems


The Bachelor of Science in Business Administration (BSBA) degree program in Computer Information Systems provides an applied information systems educational base for business students who are or will become either managerial users of computers, managers of computer service units or applications staff members supporting computer using organizations.

The emphasis of the BSBA in Computer Information Systems is on management information systems. This includes systems for the collection, organization, accessing and analysis of information for the planning and control of operations.

2002 March - 2004 May

Middlesex County College

CSNN.CER Network Administration


Object oriented programming in C++ or Java and event driven programming in Visual Basic, client/server architecture, analysis & design of database systems, networking technologies, Windows and LINUX System Administration. Network administration of Windows and LINUX operating systems. Hardware operating systems technology, networking and security and Microsoft Windows MCP (Microsoft Certified Professional).

1995 September - 1997 May

Rutgers University

Bioenvironmental Engineering


Bioenvironmental Engineers utilize engineering principles and the physical, chemical and biological sciences to prevent and solve environmental problems related to human activities. Broad and thorough education in bioenvironmental engineering fundamentals, applications, and design to meet the technical and social challenges of the future.

Practice environmental engineering with technical competence:

  • Competently and efficiently collect, analyze and interpret data relevant to problems in the environmental engineering sectors
  • Demonstrate methodological and computational skills to operate effectively within the environmental engineering sectors.
  • Demonstrate skills in current technologies and fundamentals to be able to adapt to future challenges.
  • Function and skillfully communicate complex issues orally and in writing, individually and within multidisciplinary teams.
  • Be ethical and professional in performance of their duties.


  • Brian Okun


    I've had a working relationship with Chris since 2011. During that time he has shown a tremendous grasp of the security, risk and compliance landscape. He has endeavored to bring best practices into his organization and implemented technology solutions in support of those efforts. Additionally, he has built a strong team and provided guidance and encouragement to enable them to succeed.

  • Michael McCasland

    Senior Manager

    Christian is a thoughtful consultant and advocate for reducing risk and implementing best practices for the organizations I have worked with him in. This includes a thorough and phased implementation of DLP, Security Event Management and Managed Security Services. It has been my pleasure to work with him deploying not only technology but building a program of continual risk reduction

  • Jack DaSilva

    Vice President

    I have worked with Christian in the Enterprise Risk Administration Department of Affinity. He is a dedicated and hard working individual who has demonstrated his vast knowledge in the IT/Security field by all of his certifications he has rightfully earned. I feel Christian would make a very fine asset to any organization.

  • Sam Ching

    Systems Analyst

    Working together with Christian at Affinity for over eight years, I found him to be a hard worker and very knowledgeable. Christian frequently came up with solutions and shortcuts that helped our department to become more efficient in serving our clients.

  • Brian McKenna

    Systems Engineer

    He's very knowledgeable about IT and Information Security. He always stays on top of the latest trends and is eager to help colleagues. He also has an excellent work ethic. He's a well informed and well educated technology professional.

  • Jeromie Jackson

    Director of Security

    Christian is a highly articulate security professional. Working together on projects he continually impressed me with his ability to focus on business results and risk regardless of how technical the discussion became. I highly recommend Christian and will certainly look to hire him if/when I build a stout security bench.

What I am good at

Skills & Knowledge

Access Management

  • Network Access Control
  • Identity Governance & Administration
  • User Authentication

Data Protection

  • Endpoint Protection Platforms
  • Data Masking
  • Web Content Filtering
  • Secure Email Gateways
  • Mobile Data Protection
  • Enterprise Information Archiving

Risk Management

  • Security Awareness & Training
  • Change Management
  • Portfolio Management
  • Vendor Risk Analysi
  • Application Security Testing
  • Business Continuity Planning
  • IT Disaster Recovery  Management
  • IT Service Support Management
  • Enterprise Governance, Risk, & Compliance
  • Enterprise Architecture
  • Vulnerability Management
  • Mobile Application Development Platforms

Endpoint & Network Security

  • Intrusion Prevention Systems
  • Wired & Wireless Infrastructure
  • Mobile Device Management
  • Unified Communications
  • Cloud Security (PaaS, IaaS, SaaS)
  • Managed Security Services
  • Network Performance & Forensics
  • Security Event Management


Metasploit, NeXpose, Nessus95%
SunGard Availability Services, Modulo BCP95%
Amazon Web Services, Rackspace, Digital Ocean API90%
Dell SecureWorks, Symantec Managed Security Services100%
Modulo IT GRC, Xacta GRC100%
Daptiv, Clarizen90%
Autonomy, Symantec SourceOne85%
BiZZdesign, Mega 85%
LANDesk, FrontRange ITSM95%
SkillSoft, Inspired eLearning, Articulate100%
Avaya, Cisco Unified Communications80%
Dojo, Antenna, Apple Development Platform80%
Shared Assessments95%
Symantec Altiris 90%
FrontRange Change Management, Remedy100%
Cisco, SourceFire AMP90%
Cisco NAC75%
Oracle OIG, SailPoint95%
Entrust IdentityGuard, PhoneFactor, Yubico100%
DataGuise, DMSuite70%
SharePoint, WP, Dupral, Joomla100%
IronPort Email Gateway, Symantec MessageLabs, Sophos100%
Symantec WDE100%
Cisco Wireless Infrastructure80%
Fortinet, Cisco, m0n0wall85%
McAfee EPO, SEP100%
Veracode DAST, White Hat SAST90%
Citrix WAF80%
McAfee ESM, HP SIEM100%



IT Project Management
Database Management
IT Strategy & Management
Business Data Communication & Networks
Systems Analysis & Design
Quantitative Methods
Web Application Development
Policies & Procedures
Distributed Software Development
Enterprise Architecture
Enterprise Information Security


Business Law
Financial & Managerial Accounting
Strategic Management
System Analysis & Design
System Development Methodologies
Computer Programming
Database Management
Network Architecture
Quantitative Analysis and Information Systems
Design Theory and Decision Making


Network Architecture
Network Devices
OSI Model
Data Communication
Network Security
Remote Network Access




License Number: 0136083811

PMI’s Project Management Professional (PMP)® credential is the most important industry-recognized certification for project managers. Globally recognized and demanded, the PMP®demonstrates that you have the experience, education and competency to lead and direct projects.


License Number: 336436

CISSP® certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. Certified Information Systems Security Professionals are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. This was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.


Certified Novell Administrators® (CNAs) provide companies direct support for software users in various work environments, including professional offices and small businesses, workgroups or departments, and corporate information services (IS).


License Number: 336436

The management-focused CISM is the globally accepted standard for individuals who design,  build and manage enterprise information security programs. CISM is the leading credential for  information security managers.


License Number: 1085540

The CISA certification is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems.


License Number: 336436

The CRISC is the only certification that positions IT professionals for future career growth by linking IT risk management to enterprise risk management, and positioning them to become strategic partners to the business.


Microsoft Certified Professional (MCP) is a certification that validates IT professional and developer technical expertise through rigorous, industry-proven, and industry-recognized exams.

My best work


  • + >

    Cloud Computing – Benefits and Risks

    Boston University - 2009

  • + >

    21st Century E-Commerce

    Boston University - 2009

  • + >

    Cost Management

    Boston University - 2009

  • + >

    Business Models and Competitive Strategies

    Boston University - 2009

  • + >

    CISM Summary

    version 1.0 - 2010

  • + >

    CISSP Summary

    VERSION 1.1 - 2009

  • + >

    CISA Summary

    VERSION 1.0 - 2010

  • + >

    PMP Process Diagrams

    PMBOK4 2011

Cloud Computing - Benefits and Risks

Cloud computing promises to deliver a new, modern, 21st-century IT infrastructure for your business. Before investing heavily in this technology, you need to make sure that you fully understand cloud computing benefits and risks so that you can reap the most gain while avoiding unintended consequences.

Download: Cloud Computing


This document may be used only for informational,
training and noncommercial purposes.

21st Century E-Commerce 

How the Rules have changed for Second-Movers

Download: 21st Century E-Commerce


This document may be used only for informational,
training and noncommercial purposes.

Focusing on Cost Management

The Window for Competitive Advantage is Open Only Briefly

Download: Focusing on Cost Management


This document may be used only for informational,
training and noncommercial purposes.


Business Models & Competitive Strategies

Business Models & Competitive Strategies

This assignment details the business model framework for Affinity and this organization’s competitive strategies in the financial industry. In order to create a balance for the managerial, technological, and strategic issues of Information Technology, it is important to analyze and understand what makes an organization compete, evolve, and sustain a competitive advantage.

Download: Business Models & Competitive Strategies


This document may be used only for informational,
training and noncommercial purposes.


CISM Summary

General Description

The classroom training for CISM provides information on value and requirement for this certification, substitution for work experience, domain mapping slide as well as some reference materials. This guide will augment your study preparation.

Download: CISM Summary V1.0


This document may be used only for informational,
training and noncommercial purposes.


CISSP Summary

General Description

The classroom training for CISSP provides information on value and requirement for this certification, substitution for work experience, domain mapping slide as well as some reference materials. This guide serves as a learning tool for those who want to be information security professionals. The main job of an information security professional is to evaluate the risks involved in securing assets and to find ways to mitigate those risks. Information security jobs include firewall engineers, penetration testers, auditors, and the like.

Download: CISSP Summary V1.1


This document may be used only for informational,
training and noncommercial purposes.


CISA Summary

General Description

The classroom training for CISA provides information on value and requirement for this certification, substitution for work experience, domain mapping slide as well as some reference materials. Compliances, regulations, and best practices for IS auditing are updated twice a year, and this guide will help you prepare aspiring CISAs for the next exam in addition to other relevant study materials.

Download: CISA Summary V1.0


This document may be used only for informational,
training and noncommercial purposes.


PMP Process Diagrams

General Description

The classroom training for PMP provides information on value and requirement for this certification, substitution for work experience, domain mapping slide as well as some reference materials. This guide only includes PMBOK4 process diagrams to augment your study preparation.

Download: PMP Process Diagrams


This document may be used only for informational,
training and noncommercial purposes.



© 2018 ChristianReina