Girrbach Projects: Information Security and IT Infrastructure

Information Security | Standards | ISO
Lack of standards is slowing innovation since medical device manufactures are unclear what is required for networked devices. The goal was to extend ISO 13485 standard to include networked medical devices to support the manufacturer when designing and building devices and clinics and hospitals when they are purchasing and installing.

Information Security | Partner Portal
Rearchitect partner portal for major telecomm equipment provider. A complex authorization/authentication scheme considering geography, partner levels, and product categories was a critical part of the system.

Information Security | B2B medical lab services
Complete a technical architecture review and risk assessment of B2B IT services strategy for health care provider where security and HIPAA compliance were important considerations

Information Security | Employee Fraud | Financial Restatement

I led an IT forensic investigation for 8 months. Senior executives at Rite Aid “cooked the books” to keep the stock price high and inflated pre-tax income by $2.3 Billion.

The issues were uncovered by Rite Aid’s financial auditors who quit because they could not certify our financial statements. The Security and Exchange Commission threatened to delist Rite Aid from the stock exchange if we were unable to submit audited financial statements.

We had to restore 4 years of financial data. During that period, the systems had undergone numerous changes so restoring the data was a challenge. We then had to correct and update the systems while saving evidence of the fraudulent transactions to be used in prosecution of the perpetrators in federal court.

There were 150 accountants and a core team of 20 IT professionals with 150 auditors watching the accountants and IT as we worked 7 by 12 for 8 months.

In addition, we developed and implemented new processes to mitigate future risks, which was similar to SOX. This pre-dated SOX and Rite Aid was one of the companies that drove the SOX regulations.

I can vouch for the “rule of thumb” that 80% of attempted security breaches are from the outside, but 80% of successful and significant breaches are an inside job.

Information Security | Debit cards
As first retailer to accept debit cards, it was critical to provide outstanding information security to gain and keep the trust of consumers:
  • Architected and developed bank reconciliation process to uncover “double debits” of consumer accounts. Established customer call center to resolve bank issues. 
  • Designed consumer entry device that encrypted at point-of-entry. 
  • Defined an offline authorization process at POS that ensured 100% availability. 
  • Defined security policy and procedures for key management to banks and stores. 

IT | Operations | Cost Reduction | Green
After interviewing leaders from Google, eBay, Apple and others, I put together a data center energy reduction strategy with IRR of over 20%