James R. Wade

890 Clubview Boulevard North, Columbus, Ohio 43235-1217
Office (614) 560-2554 * Home Telephone (614) 846-0536

Work Synopsis I have more than 30 years of professional experience in managing complex technical projects & 25 years experience in providing information security services & solutions for government, industry, & financial organizations. My working experience indicates an ability for building strong teams & structuring them to achieve peak performance as well as includes being selected to create newly constituted management positions for a variety of organizations.

Summary of Experience

AirTouch Cellular

(formerly Cellular

One: OH & MI)

1996 - Present

Since joining AirTouch, I have tackled several challenges. In 1998, I was selected as the first chief information security officer for the $55 billion AirTouch wireless enterprise. As the Director, Enterprise Information Security & Business Continuity, I developed the program's centralized management & decentralized implementation structure & am responsible for the strategy of enterprise-wide business continuity, information & network security programs; establishing policies & processes; defining information security architectures; performing long & short range planning; preparing & managing budgets; formulating risk projections & analyses for senior management; determining information & network security requirements & approaches for addressing risks; providing subject-matter expertise on information & network security concepts & methodologies; directing enterprise-wide resources providing information security & business continuity program development & planning; teaming with senior management & technical staff to design security solutions based on business risks; measuring & monitoring the program's overall effectiveness; preparing & presenting reports & briefings for senior management; performing enterprise-wide information & network security oversight activities; integrating the efforts of business continuity & information security to assure risks are adequately addressed throughout the business; & managing a staff of information security & business continuity experts.

In 1996, I became the first Director of Fraud Management for Ohio & Michigan & recently assumed responsibilities to develop the position of the Eastern Region Director of Fraud Management. In this capacity, I am responsible for the overall strategy to counter wireless fraud for this multi-state wireless telecommunications business. Responsibilities include directing the development & deployment of technical solutions & processes to counter multi-million dollar fraud risks; executing management tasks including budgeting, staffing, & planning; policy development; managing a team of technical & fraud countermeasures specialists. Additionally, I designed & deployed a special unit that investigates fraudulent activities (internal & external); trains state, local, & federal law enforcement & court officials on wireless fraud; processes subpoenas & court orders for records; & provides expert testimony. Between 1996 & 1998, the impact of fraud was reduced by more than 70 percent & the number of customers impacted by fraud was reduced by approximately 85 percent. During 1997, I exceeded annual financial/operational goals by more than 400 percent & in 1998 by an additional 200 percent.

In addition to the duties outlined above, I am also responsible for intercarrier services which provides day-to-day control of relationships with wireless telecommunications carriers & more than two million customers. Responsibilities include managing a budget of more than $160 million per year & a staff of technicians; resolving technical issues associated with customer's roaming in other market areas; managing the roaming payables & receivables with other telecommunications carriers both nationally & internationally.

From August 1996 - May 1997, I also directed the Instruction and Reference Department that is trains new employees for the 600 person Customer Operations group. This training Department plans, develops, and facilitates basic & advanced training on customer service, accounts receivable, customer order processing, & administration. During the period I was responsible for this department, I completely reorganized the department while increasing the number of Customer Operations staff trained by more than fifty percent.

Battelle Memorial Institute

1988 - 1996

Program Manager & Research Leader. As the first Information Systems Security Program Manager, I managed the Information Systems Security Program Office for Battelle Memorial Institute, an international research & development company with volume of $1 billion per year & a staff of more than 8,500. Responsibilities included directing research of information systems security products; managing consulting services for government & industrial clients; executing management tasks including budgeting, staffing, strategic planning, & business development; managing a multi-disciplinary team of security, computer, & network specialists providing a wide range of contract research services. Accomplishments included:

- Designed the security architecture for a smart-card based financial system incorporating Open Systems Interconnection (OSI) standards & Distributed Computing Environment (DCE) model into a client/server environment.

- Managed vulnerability assessments of the network, firewall, & web servers for one of the top ten banks & the largest R&D lab in the United States.

- Designed the information security program for one of the largest personal computer manufacturers.

In 1990, I was appointed as the first non-federal government employee to lead the computer security topic for the US Department of Energy's (DOE) national-level, security inspection program of national laboratories & nuclear weapons sites. Responsibilities included planning, scheduling, & developing strategies for inspecting DOE computer & network security; managing teams of technicians & specialists in collecting & analyzing data, performing security tests, & preparing reports for DOE management; & preparing & briefing results to the DOE Deputy Assistant Secretary for Oversight & other senior management.

Figgie International

1987 - 1988

Manager of Information Systems Security. In creating this position for Figgie, a billion-dollar international manufacturing conglomerate, I was responsible for establishing policy; providing training, advice, & assistance to the operating units; conducting investigations of fraudulent activity; designing & implementing an information security awareness program; & developing a disaster recovery system for the corporate data center. Accomplishments included:

- Established the first corporate information systems security policies & standards.

- Designed & developed security features for the corporate-wide micro-to-mainframe financial reporting network.

The Scott & Fetzer Company

1980 - 1987

Director of Loss Control & Security. As the first corporate security & loss control director for this international Fortune-500 manufacturing & direct sales company, I developed policy & reported the status of the program to the corporate board of directors. I also performed security vulnerability analyses, provided advice & assistance, conducted investigations of fraudulent activities, developed an executive protection program, & managed several major corporate projects including constructing the world headquarters as well as other facilities, & relocated several manufacturing & financial operations. Accomplishments included:
- In conjunction with internal & external auditors, developed a fraud detection & prevention program that decreased company-wide losses of inventory & materials by 80 percent.

Manager of Communications Systems. In 1984, I was selected as the company's first chief information officer. In this position, I continued to be responsible for security but also assumed responsibility for managing corporate data processing, telecommunications, & facilities. In this position, I developed policy & budgets as well as managed a staff of technical & administrative personnel & provided direction to more than 30 operating units regarding investment decisions & capital requests for computer & communications systems. Accomplishments included:

- Designed & implemented a network for periodic reporting of financial data between operating units & the corporate headquarters. Developed a database for processing, consolidating, & presenting financial & operating results for senior management.

Computer Security Consulting

1978 - 1980

Manager/Senior Consultant. During this period, I developed a quantitative risk assessment methodology for computer security to identify & assess fraud & security risks for government & industrial organizations. Further, I performed responsibilities including budgeting & personnel actions, & managing a staff that increased from three to twenty five security consultants, technicians, & specialists in fifteen months. Accomplishments included:

- Conducted a vulnerability analysis of a worldwide funds transfer network.

US Army

1958 - 1978

Retired as a Chief Warrant Officer with 20 years service. In 1974, as a Special Agent for U.S. Army Military Intelligence, I was selected as a charter member of the first Department of Defense organization responsible for providing computer security services for the Army & Joint Chiefs of Staff. Also, I was a direct contributor to the Army policy & first regulation on computer security. Accomplishments included:

- Evaluated the security of the patient information system for the Presidential Care Unit at the Walter Reed Army Hospital.

Professional Affiliations & Achievements

I am a speaker on risk analysis, computer security, information systems management, Internet & network security, fraud & asset protection to organizations including the Computer Society of the IEEE, National Association of Accountants, & the Data Processing Management Association, as well as companies including Xerox, Dana, & Owens-Corning Fiberglas. I have lectured at the National Institutes of Health, University of Akron, FBI Academy, Department of Energy, Department of Defense Computer Institute, & U.S. Army Command and General Staff College. I have published papers in professional journals including Security Management & Information Security as well as contributed to Advances in Computer Security Management, Volume 2, a volume of the Wiley Heyden Advances Library in EDP Management.

Professional Affiliations & Achievements (Continued)

I have completed the second year of a four-year appointment on the Computer System Security and Privacy Advisory Board established by Congress in Public Law 100-235 to report to the Secretary of the U.S. Department of Commerce & provide advice to the congress & administration on computer security & privacy issues.

In 1997, I was elected to a three-year term to the Board of Directors for the International Information Systems Security Certification Consortium (ISC)2. I am currently the President of the Board of Directors. Prior to being elected as President, I was the Vice President & Executive Director of the organization as well as the Chairman of the Personnel Committee. I also served on the Recertification & Common Body of Knowledge committees.

In 1997-1998, I was the Chairman of the Board for the International Board of Directors for the Information Systems Security Association (ISSA), the professional association for information security practitioners. In 1993, I was elected to the ISSA Board as Recording Secretary & was re-elected the Director of Operations for 1994-1996. I also was the chair of the ISSA Oversight Committee for developing generally-accepted systems security principles & the chair of the 1998 & 1999 Nominations Committees. In 1996, I was elected to a one-year term as the ISSA President.

I have been a member of the Curriculum Advisory Committee for the College of Law Enforcement, Eastern Kentucky University; the Advisory Board for Datapro Reports on Information Security; the Reader's Advisory Panel for PC Magazine; & the Advisory Board for the MIS Training Institute. I was listed in the 1992-93 edition of Oxford's Who's Who of Professionals. Additionally, I have served on several working groups with the US Department of Commerce, National Institute of Standards & Technology.

From 1987 through 1991 & 1993, I was the Chairman of the National Standing Committee on Computer Security for the American Society for Industrial Security (ASIS), a professional society of 25,000 members worldwide. I was awarded the "Committee Chairman of the Year" each year for three consecutive years, 1989 through 1991, for my leadership of the ASIS Computer Security Committee. Additionally, I have been a member of the ASIS Educational Strategies Council & a faculty member for ASIS security management courses. I am currently serving on the ASIS National Standing Committee for Safeguarding Proprietary Information.

Professional Certifications

I am a Certified Information Systems Security Professional (CISSP) with the International Information Systems Security Certification Consortium, Inc. (ISC)2 from 1993 to the present. In 1994, the U.S. Department of Energy granted me a professional certification as a Certified Computer Security Inspector (CCSI). Further, I held a certification as a Certified Information Systems Auditor (CISA) with the EDP Auditors Association from 1979-1984.

Security Clearances

Until recently, I held a Department of Energy "Q" (Top Secret) Clearance. I previously held a Top Secret clearance with the Department of Defense & was also previously was cleared for Sensitive Compartmented Information by both the Energy & Defense Departments.