Zachery S. Mitcham
Wilmington, NC 28409
CHIEF INFORMATION OFFICER * CHIEF INFORMATION
SECURITY OFFICER * EXECUTIVE DIRECTOR
Information Technology Security ~ Network
Design ~ Strategic Planning
Technology and business visionary with executive
and hands-on experience in automating multi-million dollar enterprises. Strong
record of success in deploying robust IT security architecture and
infrastructure. Documented ability to bring the benefits of IT to solve business
issues while managing costs and risks. Led deployment of custom
healthcare network communications systems. Over 27 years of information
technology experience with emphasis on e-commerce and operational compliance.
Provided strategic direction to board of trustees, board of directors and senior
management on technological issues and challenges.
Technology Architecture and Integration
* Leading Edge WAN/LAN Design
Global IT Delivery and Project Management
* Electronic Commerce Strategy Development
Budgeting and Cost Control
* Staff Management and Team Builder
Organization and Staff Development
* Strategic Analysis and Internal Consulting
Dynamic management career with strong leadership,
consistent track record of excellence,
problem-solving, planning, team-building and project management skills.
Recruited, developed, motivated and retained diverse staff structuring them into
teams that delivered results and savings. Full responsibility for return on
investment (ROI) and managing multi-million dollar budgets. Proven record of
department profitability and cost savings realized within various business enterprise settings.
CENTRAL MICHIGAN UNIVERSITY, Mount Pleasant, MI
MERCER UNIVERSITY-EUGENE STETSON SCHOOL OF BUSINESS, Macon, GA
Extension School, Cambridge, MA
STANFORD UNIVERSITY - Center for Professional Development, Stanford, CA
CARNEGIE MELLON UNIVERSITY - Software Engineering Institute, Pittsburgh, PA
Fundamentals of Incident Handling
Certificate-Information Security for Technical
Certified Computer Security Incident Handler
VILLANOVA UNIVERSITY, Villanova, PA
UNIVERSITY OF CENTRAL FLORIDA- - National Center for Forensic Science, Orlando,
UNITED STATES ARMY SCHOOL OF INFORMATION TECHNOLOGY, Fort Gordon, GA
VP and Chief Information Security
Professional Services-Group, Wilmington, NC
Chief Information Security and
North Carolina Central University, 1801
Fayetteville, Street, Durham, NC 2770 (03/2017-04/2019)
Chief Information Security Officer
University of North Carolina Wilmington, 601 South College Road, Wilmington, NC 28403 (06/2006 - 09/2016)
State of NC-Public Schools of Robeson County,
11344 Deep Branch Road, Pembroke, NC 28372
(12/2003 - 06/2006)
Director, Network Services
Regional Medical Center, 2131 South 17th Street Wilmington, NC
(04/2001 - 12/2003)
United States Army Field Grade Officer (Systems Automation Functional Area)
States Department of Defense (Army), 200 Stovall Street Alexandria,
Social Service Case Manager
Division of Family and Children Services, Macon, GA 31201
Social Service Case Manager
of Central Georgia, Macon, GA 31201
SURGE Professional Services-Group, Wilmington, NC
VP and Chief Information Security Officer
Chief Information Security Officer for a group
of technical consultants. Plays a significant role in the strategic
planning and policy development for information technology security
programs, provides disaster recovery/business continuity support, leads risk
management and analysis assessments, insures compliance with federal, state
and local mandates, develops security plans, provides information security
awareness presentations and training, develops customized information
security programs, liaises with legal counsel and law enforcement for
electronic discovery support, and cyber-criminal investigations.
North Carolina Central University,
Chief Information Security and
Established the university's first full
service information security department.
Directed an internationally acclaimed,
recognized and awarded university information security program.
Nominated and recipient of the 2018
EC-Council CISO of the Year Award
Nominated and recipient of the 2017 SC
Magazine Reboot Award- Outstanding Information Security Educator
Developed and delivered a comprehensive
information security program for NCCU which purpose included assurance
that data created, acquired or maintained by the university and our
users were utilized pursuant to federal/state laws and university
regulations relative to information access and control, security and
privacy. Further, to protect university information and its
infrastructure from both internal and external threats.
Balanced security requirements of the
university's strategic plan, identified risk factors and recommended
mitigations controls and solutions to both.
Maintained management and oversight of the
IT security department, providing leadership and professional
development to the team.
Insured the university was up to date and
in compliance with ISO 27001, SOC2 and Payment Card Industry-Data
Coordinated the development of information
security policies, standards and procedures.
Ensured that university policies were in
compliance with external requirements.
Maintained oversight of the dissemination
of policies, standards and procedures to the university.
Served as the universityís representative
for inquiries from customers, partners, and the public regarding the
organizationís security strategy.
Liaised with law enforcement agencies with
respect to computer security incidents and security breaches.
Coordinated the development and delivered
university training on information security and privacy requirements for
faculty staff, students. employees, other authorized users and senior
Developed and implemented an Computer
Security Incident Reporting and Response system to address security
incidents, and response to policy violations and external complaints.
Developed and implemented a quarterly Risk
Assessment program with respect to information security and data
Planned for and managed the university's
Business Continuity and Disaster Recovery programs.
Coordinated for third party risk and
Maintained oversight of the
university information security Audit programs with the
Maintained knowledge of the
latest security and privacy legislation, regulations, advisories, alerts
and vulnerabilities pertaining to the university and its mission.
Served as the university's point of
contact for internal and external security audits.
Prepared and presented to the Board,
senior management, employees and external stakeholders on the university
information security program.
of North Carolina, Wilmington, NC
Chief Information Security Officer
Established the University of North Carolina
Wilmington's first full service Information Technology Security Department
consisting of 4 Full Time Equivalent IT Security professionals with
associated forensics tools and information security equipment.
Directed, managed, planned and administered the
operational and administrative activities of a full service IT security
Developed, implemented security standards,
procedures and guidelines for multiple platforms and diverse systems
Prepared responses to NC State inquiries
regarding UNCW information security related matters on behalf of the
Reviewed the development, testing and
implementation of security plans, products and controls techniques
Identified and assessed IT security risk/
exposure on new and existing infrastructure
Investigated and recommended appropriate
corrective actions for IT security incidents .
Developed and maintained security policies,
controls and their compliance.
Analyzed security incidents and escalation of
Liaised with customers with regards to
information security incidents.
Developed cutting-edge, innovative solutions
for IT network security.
Studied the proliferation of viruses; prevent
Conducted active penetration tests; discovered
vulnerabilities in information systems.
responsible for the University's
central data security and privacy policies, architecture, and procedures.
Prepared on-line and hard-copy documentation
of University security plans and procedures.
Worked with constituent groups to create,
document, implement, and manage policies, procedures, and practices that
ensured the availability, integrity, and privacy of information asset on
centrally managed computer systems.
Worked with functional groups and staff in the
creation of guidelines to ensure the security and privacy of information on
the University's computer systems.
Assisted the University in its compliance with
relevant information technology laws and policies.
Developed and implemented the overall
information security strategy and architecture to be used by the
University's centrally managed systems developers and administrators.
Served as facilitator of the Computer
Response Team (CSIRT) working in collaboration with other UNCW constituencies,
such as University Council and University Police, concerning information
security and privacy incidents.
Served as liaison between CSIRT, University
administration, and department representatives to maximize the adoption of
and support for IT security plans and procedures within UNCW.
Maintained expertise in
security-related technologies, trends, issues, and solutions.
Investigated security needs, and recommended,
plans, implements, tests, and monitors information security improvements.
Planned and coordinated information security
investigations, feasibility studies, and surveys, to include cost-benefit
evaluations of proposed and existing security solutions.
Provided instruction and information security
awareness training for a Faculty, Staff and Student body consisting of over
14,000 end users.
Insured State of NC regulatory requirements
with respect to information security procedures and their application are
Participated as appropriate in the planning
and implementation of hardware and software.
Maintained a broad knowledge of
state-of-the-art information technology security equipment, and systems.
Instrumental in the facilitation of the
Information Technology Systems (ITS)
operational change management program
Regional Medical Center, Wilmington, NC
Director, Network Services
Provided executive leadership as head of the network services section of the
fifth largest healthcare delivery network in the state of North Carolina.
Provided principal direction for all aspects of strategic IT planning, implementation and
support network wide as an integral component of the hospital business plan.
Engineered the turnaround of the network services performance and service
Prepared technical briefings and presented them to enterprise senior
leadership and Board of Trustees.
Transformed network services into a strategic business partner.
Managed and delivered multiple large scale projects on time and within
Directed all budgeting activities, design and support of all technology.
Successfully managed an Operations and Capital
Budget totaling over $3.5 Million dollars for a network services department
supporting the infrastructure of a 660 bed hospital with over 4000
Provided budgetary control and cost reduction
in information systems in excess of $200,000 dollars annually.
Supported the mission and goals of New Hanover
Health Network (NHHN) in a dynamic, evolving environment, while supporting a
strategic vision/plan for information technology.
Established credibility with the Senior
Management Team and executives across the health system.
Supported business growth, add value and
improve the information systems environment by managing over 300 information
Developed and implemented a project
methodology and coordinate projects across all departments.
Developed a technically competent, proactive,
customer-service oriented, high-performance team .
Created teams that are technically perceptive
and have a solid understanding of business processes.
Established vision and built consensus for
information technology endeavors
Functioned as a partner with the Chief
Information Officer, assisting and collaborating as appropriate.
Maintained oversight and coordinated the
day-to-day operations of the information technology systems for New Hanover
Health Network, including application development and support, operations,
and data networks.
Worked in collaboration with others that
reported to the Chief Information Officer to ensure smooth and effective
operations across the health system.
Led the deployment and maintenance of all
enterprise hardware for New Hanover Health Network.
Developed and fostered a culture of responsive
customer oriented services and internal accountability.
Taught and mentored project managers and staff
on how to apply standards, tools, and methodologies while delivering high
quality business focused customer service.
Provided technical expertise on systems,
market trends, technology directions, and product directions.
Established performance measures to ensure
project managers and staff are accountable and compliant in project
planning, risk and issue management, processes and procedures, and change
Worked with the Chief Information Officer,
developed and communicated the New Hanover Health Network information
systems vision to all levels of the organization.
Planned, developed and deployed New Hanover
Health Networks' first 802.11 wireless network converting it from a PROXIM
open air system to an IEEE 802.xx standard architecture
Managed the activities of 22 full-time
employees - Project Managers, Telecommunications Support Technicians,
Network Engineers, Systems Analyst, Computer Support Specialists and Help
U.S. Army Bosnia-Herzegovina Task Force Eagle HQs Tuzla Information Technology
Supervised automated information processing
for units, installations, and activities within the United States
Multi-National Division area of responsibility in Bosnia-Herzegovina.
Directed the activities of 12 system
automation professionals supporting United States, Russian, Turkish
and Nordic Polish forces throughout the Task Force Eagle area of
operations within Bosnia-Herzegovina.
Broke new ground in providing reliable
voice, data, and video teleconferencing capabilities to the
Multi-National Division-North's dispersed forces.
Advised commanders and staff on computer
information systems policy and technical matters.
Planned and managed the integration of
hardware, software and data communications at the user interface level.
Supervised the installation, operation, and
administration of all computer systems and local area networks at all
organizational levels to include combined, joint and service agencies.
Translated mission needs into computer systems
requirements and helped to define functional requirements.
Evaluated and optimized efficiency of computer
Performed economic analysis, planned,
programmed, and budgeted for information systems resource requirements
(equipment, people, and facilities).
Developed and implemented procedures for the
local procurement, storage, and distribution, and control of commercial
computer system products.
Managed computer information systems
resources, maintenance programs, and logistics support.
Established procedures for effective and
efficient use of computer systems resources.
Developed, implemented and managed data base
management systems and local area networks.
Established and prioritized computer systems
goals and objectives.
Wrote and maintained security accreditation
plans for computer systems.
Developed and managed information security
Configured and maintained security fire walls.
Provided networking security for one of the
largest WAN in the world.
Developed and coordinated procedures for
contingency operations during system emergencies, outages and degraded
operations, or downtime for maintenance.
Designed and maintained the installation of
web sites at major organizations and commands.
Developed and conducted customer education
V Corps Headquarters,
Intelligence (G2) Heidelberg, Germany
Director, Information Systems Security
Certified all Department of Defense
Intelligence Information Systems within the sensitive compartmented
information facility (SCIF).
Provided security for the sensitive
compartmented information systems (SCIS) within the largest U.S. Army
forwarded deployed headquarters.
Drafted intelligence systems security policies
and procedures for operations within a multi-national environment.
Analyzed foreign intelligence cyber threats
against sensitive Department of Defense agencies.
Identified operational sensitive compartment
information systems vulnerabilities and applied necessary fixes.
V Corps Headquarters,
Information Technology (G6) Heidelberg, Germany
Director, Information Systems Integration
Planned and coordinated all systems automation
support for a 30,000 person organization.
Forecasted and designed baseline automation
security systems architecture to meet the mission requirements of corps
Operationally tested and evaluated new systems
software and hardware.
Trained all information management officers
(IMO) throughout the corps
Managed the activities of two senior level
Developed and maintained oversight of the
Corps $20 million dollar systems automation budget.
Executed the Corps systems automation
operation spending plan.
Support Command, Fort Riley, Kansas
Director, Logistics Information Systems
Provided logistical automation support to a
16,000 person organization for Standard Army Management Information Systems
Managed and directed the operations of three
staff sections consisting of 16 full time employees.
Maintained logistics information systems
totaling over $2 million dollars.
Installed, operated and maintained over 300
tactical computer systems.
Maintained oversight of logistics software
Prepared and executed the operations plan to
deploy the largest rollout of Standard Army Management Information
Systems in Fort Riley history.
Cloverleaf SNMP End to End Network Monitoring, Network Security, Network
Essentials and TCP-IP, Gigabit Data Transfer technology (Native Mode LAN
Interconnection) Fiber optic and CAT 5 cabling plants.
FTK, Qualys, Nessus, Computrace, Symantec-Norton
Anti-virus enterprise solutions, Identity Finder and NMap
ENTERPRISE MOBILITY: Data Leakage Prevention Systems
INTERNET AND TECHNOLOGICAL
PROTOCOLS: Web Graphics, HTML coding, Microsoft Exchange, Internet
Information Server, popular web browsers, DNS, DHCP, PGP, RAS,
and Website creation.
Comprehensive knowledge of IT security
technologies, techniques and best practices that cover all levels of IT
architecture, including those that affect business processes, data
applications and network and systems infrastructure and their effects on a
diverse computing environment. Thorough knowledge of relevant
information security laws, guidance and policies applicable to the various
industries. Thorough knowledge of the various industry and government
standards in privacy and security including but not limited to
ISO 27001, SSAE16, SOC 1/2, NIST, GDPR. Knowledge of business
continuity planning, auditing and risk management. Extensive experience in
TCP/IP networking, intrusion detection systems, firewalls, virtual private
networks, access controls, encryption techniques, IT security solution
deployment strategies and management and vulnerability assessments.
Excellent Project Management, written and oral communication skills. Educator in Christian and Social Ethics, Well versed and
traveled throughout Euro-Centric and Asiatic cultures, Working knowledge of U.S.
statutes, court proceedings and Federal Codes with respect to (Electronic
Discovery, Electronic Communications Privacy, Identity Theft Protection, Export
Administration Regulations, Payment Card Industry Data Security Standards,
Health Insurance Portability and Accountability Act, Family Education Right and
Privacy Act and the National Incident Management System), Youth mentor, Joint Commission on Accreditation of Healthcare Organizations (JCAHO) preparation, Skilled adult
education instructor and trainer. Past recipient of United States of America Secret Security Clearance
HONORS, AWARDS, MEMBERSHIPS AND COMMUNITY
of the 2018 EC-Council CISO of The Year Award; 2018
SC Awards Judge;
SC Media Reboot Leadership Awards 2017-Outstanding Educator;
2013 McAfee Digital Government Cybersecurity Leadership and Innovation Award
Digital Government Award 2013; 2010 EC Council Certified CISO Honor Roll; 2009
University of North Carolina Wilmington Excellence Award Nominee;
2003 McKesson Corporation VIP Award; United States Army Meritorious Service Medal - 3
Awards; United States Army Commendation Medal - 4 Awards; United States Army
Achievement Medal - 4 Awards; Armed Forces Expeditionary Medal - Bosnian
Peacekeeping Mission; Armed Forces Service Medal - Bosnian Peacekeeping
Mission; Presidential Unit Citation; New Hanover
County Board of Health; EDUCAUSE-Higher
Education Information Security Council (HEISC) Awareness and Training
Working Group (former member);
HEISC Governance, Risk, and Compliance Working Group,
University of North Carolina System IT Security Council; UNCW
Chancellor's Council on Safety and Security;
UNCW Administrative Officer; Cape Fear Community College Information Technology Advisory Committee;
State of North Carolina Department of Corrections Community Volunteer
(Community Resource Council Chairman);
Former member of the New Hanover County Youth Empowerment
Services (YES) Advisory Board; American College of Health Care Executives (ACHE); Association of Military Surgeons of the United States (AMSUS);
Former member of the Salt Lake, Aliamanu and Foster
Village Community Board - Chairman Community Affairs committee- Honolulu, Hawaii;
Former member of the Volunteers
of the Heidelberg, Germany Community.
PROFESSIONAL TRAINING AND COURSES: National Incident Management System Training; The
University of Tennessee - Knoxville, TN - Strategic Management, 30 Graduate
Level Semester Hours; Managing Employees, 4 hrs, 6/2/2003; Disciplinary Process,
3.5 hrs, 8/15/2001; Effective Communications, 5 hrs, 5/21/2001; Employee
Relations, 2.5 hrs, 7/15/2001; Management Orientation, 8.5 hrs, 3/02/2002;
Management Support Tools, 4 hrs,10/12/2001; Performance Improvement/Problem
Solving, 4 hrs, 6/15/2001; Sexual Harassment, 2 hrs, 8/15/2001; Using Data to
Make Decisions, 4 hrs, 7/20/2001; Conflict Resolution, 4 hrs, 6/05/2001;
Counseling Employees, 5.5 hrs,10/22/2001; Emergency Response Planning for Your
Business -Disaster Recovery Course, 8 hrs, 8/2003; Contracting Officer's
Representative Course, 9 hrs, 10/15/1985; Personnel/Human Resources Management
Course, 244 hours, 12/12/1989; Information Systems Security Course, 24 hrs,
05/21/1999; Emerging Healthcare Trends: The New Economics of Care 3 hrs 3/26/02;
Health Insurance Portability and Accountability Act (HIPAA) Security 4 hrs
4/2/02; Bioterrorism Incident Command Training and Drill 8 hrs 8/8/02; Health
Safety Training ( Emergency Management, Hazardous Materials/Waste, Life Safety,
Medical Equipment, Safety Management, Security, Utilities, Domestic/Workplace
Violence, Latex Allergy Awareness, Infection Control: Blood borne Pathogens, TB)
3 hrs 2/19/02; 28 credit hours Combined Graduate and Undergraduate Finance and
PROFESSIONAL PUBLICATIONS AND PRESENTATIONS
Mitcham, Zachery S., CISO Magazine, 1
August 2021 "How Crytojacking and Cryptomining Assaults Work"
Mitcham, Zachery S., CISO Magazine, 7 March 2021,"Data Security-A Layered Approach"
Mitcham, Zachery S., CISO Magazine, 20
February 2021,"After the Breach
Mitcham, Zachery S., Bright Talk Webinar: 11
February 2021 "Don't Let Them Catch You With Your Work Undone-Today's
Mitcham, Zachery S., CISO Magazine, 21 October 2020,"Social Engineering: Life Blood of Data Exploitation
Mitcham, Zachery S., Bright Talk Webinar: 18
March 2020 "Phases of Incident Response"
Mitcham, Zachery S. 22 April 2018,
"Privacy and Security Implications of Using Smart Devices and Having
Intelligent Homes", NCCU Law School,
Legal Eagle Review Broadcast, WNCU Radio FM 90.7
Mitcham, Zachery S. 7 April 2018,
ABA Hackathon, abajusticehack.org, hosted by North Carolina Central
University Law School.
Mitcham, Zachery S. 17 February 2018,
"Social Media and the Emerging Cyber Threats to Personal Privacy",
Intellectual Property Law Institute and Information System Security
Association Cybersecurity Conference hosted by North Carolina Central
Mitcham, Zachery S. Sep 2018,
"Global CISO Forum Podcast Awards-2018", EC-Council Podcast
Zachery S. 17 September 2016,
"Information Security Awareness-What
Everyone Should Know", PMI-Metrolina and the Wilmington Community
Chapter, New Hanover County Public Library NE Branch Watkins Room,
Mitcham, Zachery S., SC Magazine, 1 April 2016,
"Stop Blaming The Victim"
Mitcham, Zachery S. , WECT News, 1 October
2014, "Expert Weighs In On Cybersecurity Threats to Protect You"
Mitcham, Zachery S. and Dr. Laurie Patterson,
15 November 2013, Department of Computer Science, Computer Information
Technology Lecture, "Computer Security and Client Privacy"
Mitcham, Zachery S. , 17 October 2013, Cape
Fear Community College, Cyber-Security Awareness Month Presentation, "Topics
in Information Security"
Mitcham, Zachery S. and Dr. Mahnaz Moallem, 19
February 2013, UNCW Watson College of Education, Masters of Instructional
Technology Lecture, "Security
Mitcham, Zachery S., 18 Apr 2012, Wilmington Information Technology Exchange and Conference, "The
Enemy Within" an Analysis of Insider Threats to Network Security, UNCW
Computer Information Systems
Mitcham, Zachery S. and Dr. Mahnaz Moallem, 7 February 2012, UNCW Watson School of Education, Masters of Instructional
Technology Lecture, "Information Technology Change Management
Mitcham, Zachery S. 5-6 December 2011 EC-Council CISO Executive Summit Panelist, "Implementing a High-Performing Information Security Program", Las
Mitcham, Zachery S. 5-6 December 2011 EC-Council CISO Executive Summit Panelist, "Managing
Insider Threats", Las Vegas, NV
Mitcham, Zachery S. 12 - 13 September 2011, UNCW Chancellor's Council of Safety and Security
Symposium, Program Coordinator and Presenter,
Mitcham, Zachery S. 18 May 2011, E Discovery
Panelist - The University of North Carolina General Administration
System Wide Attorneys Meeting-Center for School Leadership Development
("Electronically Stored Information Collection Methods and Procedures"),
Chapel Hill, NC
Mitcham, Zachery S. 8-10 November 2010,
Security Incident Response Framework", UNC CAUSE Conference, Wilmington, NC
Mitcham, Zachery S. 4 October 2010,
"Emerging Threats to Personal Information Security and Privacy", North Carolina University Auditors Association, Wilmington, NC
Mitcham, Zachery S. September-October
2010, "Protecting Portables", EdTech Magazine, CDW-G, Tommy Peterson
Mitcham, Zachery S. September 2009 "Information Security in Higher
UNCW Chancellor's Safety and Security Symposium,
Mitcham, Zachery S. 18 November 2008, "Information
Technology Tools used by Cyber Stalkers and Other Predators ", UNC CAUSE
Conference, Greensboro, NC
Mitcham, Zachery S. 17 November 2008, "E
Discovery - Planning Considerations for ESI Security and Containment", UNC
CAUSE Conference, Greensboro, NC
Mitcham, Zachery S., 3 March, 2008, "Information Security and NC Records Management Requirements", 2008 UNC Financial Systems Conference , New Bern,
Mitcham, Zachery S., 26 October, 2007,"Information Security Planning Considerations for Telecommuting" EDUCAUSE,
Computer Security Incident Handling ("Code Red
New Hanover Regional Medical Center Computer
Security Incident Response Team