BRENT POTTER

201-638-2737 brent.potter@outlook.com

https://www.linkedin.com/in/brentjpotter

Information Security Leader | Vulnerability Management | Program & Process Management

Senior Leader who offers a diverse technology skill set with expertise in managing vulnerability programs and
process efforts while partnering with internal clients to define strategies for remediation efforts and themes.
Creation and execution of an Archer based GRC reporting program that is utilized to accept vulnerability feeds and
Firm scanning technologies to track open vulnerabilities, monitor days to remediate, type and severity, and risk
statistics for Morgan Stanley. Provided and led response to Audit inquiries.
Lead information technology efforts to identify and select existing technologies. As a Vice President of the
Vulnerability Management Group at Morgan Stanley, partner with leading business and information technology
units, along with vendors to deliver security testing solutions, automation, metrics, and ROI.
Core professional competencies include:

Resource & Capital Management

Budget Planning & Oversight

Application Risk Management: Designed and implemented Mandated FFIEC assessment program for Morgan
Stanley, initiated a pilot to refine and implement the program. Received executive sponsorship for this endeavor,
across technology groups and risk management. Resulted in Firm compliance, improved risk posture and customer
confidence. Data currently being used for the 2016 FFIEC Cyber Security readiness review.

Vulnerability Management Program: Initiated Professional Persistence to encourage remediation by partnering

with executive technology leadership to implement Morgan Stanleys vulnerability management program.
Contributed to advancing critical and high risk vulnerabilities and remediation strategies, as well as, adding value on
reporting and program tracking in addition to the Firm penetration testing program.

GRC Custom Implementation: Designed and managed the customization of the Archer GRC dashboard for Morgan
Stanleys C-level executive team. Participated in the analysis and customization of other reporting features that
incorporated network and application security components.

Strategy Development
Executive Planning

Program Process & Implementation

Security & Risk Management

HIGHLIGHTED ACCOMPLISHMENTS

EXPERIENCE AND SELECTED ACHIEVEMENTS

MORGAN STANLEYNEW YORK, NY

2000-2016

Vice President, IT Security, Vulnerability Management

2010-2016

Lead a team of Technical Professionals located in New York and Manila, providing vulnerability management oversight and
process efficiency. The team is responsible for daily monitoring of the VeriSign security feed, penetration program output
and Qualys scanning results. Review and security controls assessment is performed to determine environment impact
and a risk rating/priority is assigned. This is through interaction with our Asset Inventory and common CVSS scoring.
Asset owner is notified with a timeline for remediation. Initiated weekly follow up using our GRC dashboard to verify that
issues are being actively addressed and remediated, through team work and intergroup governance.
Provide security and application process services, including GRC reporting customization and security testing platforms.
Conduct ongoing process and implementation improvements while focusing on expediting mitigation efforts.

Analyzed overall company security vulnerabilities and responded with action plans for expediting time-to-live
and vulnerability process management. This improved the company security posture which enhanced our
Regulatory standing.

Provided input for new vendor tools, automation and security feed enrichment while developing and maintaining
vendor relationships- this improved the effectiveness and efficiency of the program.

Conduct Asset Management reviews of company network and application portfolio based on Asset Risk Ranking.
Company testing program was structured and built around the risk ranking effort to address security risk and
compliance initiatives which improved company risk posture and protection of the Firm brand.

Provide Penetration Testing program guidance and uniformity which improved program effectiveness.

Provide program management and reporting services to upper management, identifying major risk remediation
themes and compliance concerns/impact - this aligned and improved remediation timelines.

BRENT POTTER, Page 2

201-638-2737 brent.potter@outlook.com

Vice President, Entitlements Solution Group Manager

2006-2010

Established and managed the Global Entitlements Solutions Operations team. This strategic and tactical group operated
and managed the global platform that consisted of all in-house and vendor products including the Aveksa Entitlement
Management platform. Maintained budget responsibility for capital and operational services.

Managed projects through Plan, Build and Operate framework.

Led all strategic discussions with multiple business units and system groups within the company.

Participated in SOX controls implementation through the Firms Risk Control Framework.

Created a global portal that provided strategic operational alignment and continuity among all corporate
business units for assets under review.

Participated in security audits, assessed regulatory requirements, and provided guidance on discovery for
remediation.

Chaired RFP and vendor selection for commercial entitlements review platform. Ensured that SLAs and
performance metrics were being met for internal customers as well as vendor support.

Vice President, Enterprise and Client Technologies

2005-2006

Led company selection and implementation for the strategic messaging compliance archive. Managed team that
delivered the review process and determined the best solutions available while working with legal group to ensure
requirements were satisfied in the recommended solution identified.

Served as primary catalyst for determining the best solution for a strategic messaging compliance archive that
contained budgetary and policy requirements.

Managed the RFP process and vendor relationship during pilot phase. Negotiated contracts and determined SLAs
necessary for successful implementation and service and addressed Regulatory and Compliance objectives.

Vice President, Global ISG Messaging Engineering Manager

Managed the global messaging engineering team that supported over 40k company employees.
stakeholder for all group initiatives and corporate messaging strategies.

2000-2005
Acted as lead

Led an international desktop engineering team to support and deploy an enterprise-wide security program built
around specific messaging applications. Delivered long-term strategy and execution plan by conducting key
stakeholder interviews, documenting as-is state, developing conceptual to-be, and distilling strategy into
features/requirements.

ADDITIONAL EXPERIENCE
JP MORGANCHASENew York, NY

1997-2000

Vice President, Cross Platform Technology Manager

Managed engineering teams based in New York and London for a multi-platform web based infrastructure. Supported the
Global Trading and Investment Banking units internationally.
Vice President, Global Markets Development Support Manager
Led Global Markets Application Development Support Team for international team of 500+ developers. Primary catalyst for
program strategies and technical structure.
Previous Experience: AXA Equitable Life Insurance

1986-1997

EDUCATION & ADDITIONAL INFORMATION

Fairleigh Dickinson University Bachelor of Science, Electrical Engineering
Affiliations: OWASP (Open Web Application Security Project), ISSA (Information Systems Security Association)