Areas of Expertise
Governance Risk and Compliance
Travis has extensive experience with ISO 27001/2, NIST, CMMI and several compliance and risk governance frameworks for Information and IT Security. From Security Program Development through assessment frameworks, tooling and analysts for Canadian and International Global Organizations, including Data Center and Cloud Security Controls.
Identity and Access Management
Travis has been the technical lead and primary consultant or engineer on several large scale identity and access management projects. Such projects were scaled for tens of thousands to several million identities. Since 2004 Travis has worked on nearly two dozen Identity and Access Management projects of all sizes and scale with budgets in access of 10M
Software Development and Architecture
Travis has extensive software development, system design and architectural experience with many programming languages and platforms. From working on open source application servers, programming languages, media players and Enterprise products. Travis remains and has been an active developer since 1995, with several programming languages.
As an established security professional Travis has conducted several penetration tests on Network Infrastructure, custom network protocols and web applications. Additionally, Travis has written custom tooling in the form of programs and workflows for automated, complex vulnerability assessments, reconnaissance, Open Source Information Intelligence and exploit testing.
As a former PCI QSA, current PCIP and Practice Co-Lead for a Telecommunications Security Practice, Travis lead and consulted on many engagements for compliance under PCI 2.x for several years. This experience included gap analysis, policy development, remediation planning and delivery of services to achieve and maintain PCI compliance. As a current PCIP holder, Travis remains current with Payment Card Industry best practices and standards.