John B. Weaver

John B. Weaver

CISSP, CISA, CISM, CPP, CSA — Certified STAR Lead Auditor
Principal Consultant

John is an IRCA-certified ISO 27001 Information Security Auditor and British Standards Institute-qualified in Implementation with more than thirty years’ experience in Internet and Information Security. He has participated in the evolution of the Information Security industry in leadership roles within technology companies and as an expert guiding the activities of others using his considerable knowledge and experience.

Certifications

  • Certified as ISO 27001 Lead Auditor
  • Certified as ISO 20000 Lead Auditor|
  • Certified Information System Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Protection Professional (CPP)
  • Certified Information Security Manager (CISM)

Career Accomplishments

  • Led ISO 27001 Implementation and preparation for dozens of successful third-party certifications
  • Conducted over 400 days of ISO 27001 certification audits for multiple registrars as lead assessor
  • Provided Information Security Management System (ISMS) implementation consulting from project initiation through registration for an industry-leading company that achieved ISO 27001 certification on the first audit
  • Provided Business Continuity Management consulting to companies in energy, manufacturing, software development and other sectors
  • Developed methodology and launched an information security consulting practice for a client consultancy targeting the financial vertical market
  • Provided risk assessment and security consulting for new Internet-based products from inception to deployment to exit strategy including broadband transport and application hosting
  • Worked with a Fortune 50 international telecommunications client in Japan to successfully develop Information Security Metrics and an ISO-conformant incident response program
  • Collaborated on a Health Insurance Portability and Accountability Act (HIPAA) Security Risk Assessment for a large health plan provider
  • Consulted on Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX) and other regulatory compliance issues for multiple clients
  • Former Director, Qwest Worldwide and IP Network Security, overseeing Information Security, Security Architecture for an International Internet Protocol (IP) network spanning the United States, Europe and the Far East

Skills and Expertise

  • Lead ISO 27001 Implementation and preparation for third-party certification
  • Assists companies to achieve their business objectives by effectively and efficiently managing risk to their information assets
  • Provides Information Security Risk Assessment of critical business processes and security policy supporting corporate governance initiatives
  • Designs, develops and deploys business-driven, standards-based Information Security Programs
  • Provides Security Assurance expertise in regulated vertical markets; Financial (GLBA), Healthcare (HIPAA), Public companies (SOX), Health-related manufacturing (FDA)
  • Completes Information Security audit and assessment for Merger and Acquisition due diligence
  • Disaster Preparedness/Business Continuity Planning and Incident Response subject matter expert
  • Designs and manages deployment of Security Architecture, secure network design, firewall and intrusion detection deployment, application security and physical security
  • Over thirty years’ experience providing Information Security consulting in North and Central America, Europe and the Far East

Professional Affiliations

  • International Information System Security Certification Consortium (ISC)2 member
  • Information System Security Association (ISSA) member and past Program Director of the Minnesota Chapter
  • Information Systems Audit and Control Association (ISACA) member
  • International Information Systems Forensics Association (IISFA) member
  • American Society of Industrial Security (ASIS) member
  • Computer Security Institute (CSI) member
  • FBI's Minnesota chapter of InfraGard past VP on the Executive Board of Directors

How Can We Help?

Our advisory, consulting and second-party audit services are tailored to each company we serve.

Let's Talk

  • Trust
  • Plain Dealing
  • Tailored Services
  • Safety First
  • Attention to Details