Help people and their businesses establish and maintain healthy third party relationships involving sensitive data. We can help you assess third party privacy and security practices; detangle your technology portfolio; demystify a security questionnaire; train your employees, develop organizational data policies; and prepare for various types of information technology audits and assessments.
Created and led subsidiary third party risk governance program for over 20 lines of business (~7,000 employees) including bSwift, PayFlex, and Aetna International. Collaborated with enterprise legal, procurement, privacy, and compliance as well as subsidiary management to assess and manage varied and complex 3rd party relationships.
Led security and risk management initiatives across multiple technology heavy lines of business focused on alignment with major industry frameworks e.g., HIPAA, HITECH, NIST 800-53, PCI-DSS, WCAG, BSIMM, etc.
Produced privacy design recommendations for the smart grid; aided privacy management team in assessing new products for compliance with Microsoft Privacy Standard.
Developed custom web solutions for local businesses in multiple web languages and frameworks; additional duties in system administration, requirements elicitation, proposal drafting, and legacy system analysis.
Here's a bunch of letters I spent years of my life on.
Advised by Travis D. Breaux, my researched focused on how multi-jurisidictional organizations contend with information privacy and security laws, regulations, and the like. I received funding from the HP Innovation Research Program, the Institute for Information Infrastructure Protection (I3P) as well as the National Science Foundation via their IGERT program. In addition, I served as a TA for an undergraduate senior capstone course on the digital divide as well as graduate level courses on Privacy, Policy, Law and Technology.
Coursework in policy analysis, data modeling, statistics, human judgment and decision making, risk analysis, and privacy and security.
TA'd Introduction to Computer Science; member of Phi Beta Kappa, Dean's List, Computer Science Outstanding Student Scholar Award, Golden Key Honor Society
TA'd Intermediate Music Theory and led numerous student performing organizations, including NARD (barbershop quartet), SouthSide Boys, (male a capella), Exit 8 (coed acapella, 4), Chamber Singers, Musical Theatre Club, and Student Music Association. Stage performances included Forever Plaid, Urinetown, The Grey Zone, Assassins, and Pacific Overtures.
I'm also "certified" in a number of areas, meaning I took a one or two day seminar and/or passed a multiple choice test given by an overblown professional networking organization. These include a CISM (ISACA), a CSPO (Scrum Alliance), a CIPT (IAPP), a vBSIMM (BSIMM), and a CTPRP (Shared Assessments).
I'm not a full stack developer and will never claim to be, but I still spend a lot of time in text editors or a terminal.
Most of Amazon Web Services (AWS), some Azure and Google
Google for Business, Office365, Owncloud
Debian Family (incl. Kali, Raspbian), Arch, OS X; GNOME, XFCE, e17
R, Scheme (LISP), Perl
I've spent a significant amount of my free time on stage singing, acting, and duping choreographers into ignoring my two left feet. Some of my favorite experiences have included:
|Gaston||Beauty and the Beast||Vintage Theatre|
|Ensemble||Hello Dolly||Performance Now|
|Smudge||Forever Plaid||Performance Now|
|Aaron Fox||Curtains||Vintage Theatre|
|Officer Lockstock||Urinetown||Equinox Theatre|
|Ivan||Women on the Verge||Equinox Theatre|
|Ensemble||Don Giovanni||Pittsburgh Opera|
|Ensemble||Handel's Messiah (staged)||Pittsburgh Symphony|
|Principal Singer||Multiple performances||Buffalo Philharmonic|
I've had some research published, most of it relating to IT privacy and security governance. For a full list please contact me.
David G. Gordon, PhD Dissertation, Carnegie Mellon University, 2014.
David G. Gordon, Travis D. Breaux, IEEE International Requirements Engineering Conference. 2014.
David G. Gordon, Cloud Computing Encyclopedia. Wiley Publishing, 2015.
David G. Gordon, Travis D. Breaux, IEEE International Requirements Engineering Conference. 2013.
David G. Gordon, Janice Tsai, Workshop on Risk Perception in IT Security and Privacy. 2013.
David G. Gordon, Travis D. Breaux, Requirements Engineering Journal. 2013.