Brooke Drumm
CISSP, PMP
- Information Security Leader -

Currently, I lead a team of security analysts and engineers focusing on security operations, governance, data loss prevention, IAM, privacy, incident response, internal threat investigations, and security awareness. My role involves managing sensitive internal and external incident response activities, developing and implementing GRC policies and processes, and security program strategy development. The programs that I've I developed and implemented effectively protect sensitive information and regularly ensure policy adherence through assessments and audits. Strengthening vendor relationships, overseeing support agreements, and conducting negotiations are also integral parts of my responsibilities.

​

In addition to ongong security operations leadership, I'm solely responsible for running strategic cross-functional projects and programs. The programs include creating and running a secure development task force charged with creating a new project methodology, implementing company-wide initiatives like MDM-transformations, accounts provisioning resources, identity and access management (IAM) automation, HR systems implementations, and security-focused initiatives like SIEM integrations, password management implementations, and restricted access programs. 

 

Further, I've developed and implemented a strategic incident response program, created an end-to-end DLP operations process for compliance with regulations like PCI-DSS, HIPAA, GDPR, and CCPA, and serve as a formal mentor through a local mentoring program. Additionally, I created and continue to lead the global security awareness programs with custom training content, increasing participation rates from 70% to over 97% through various initiatives.

As the Technology Program Manager, I oversaw all aspects of complex IT Infrastructure and critical maintenance projects, totaling $2.5 million annually. My responsibilities included ensuring the successful execution of projects within schedule and budget constraints, executive reporting and communication, and change management. Notable projects ranged from data warehouse optimizations and MFA-enablement to security tool implementations, server upgrades, platform changes, telecom transitions, software development, and MDM implementation for a regulated financial services company.

 

Additionally, I led program management efforts for cross-functional teams of project managers, engineers, architects, and software developers, directing initiatives to identify, coordinate, and implement organization-wide security strategy. This encompassed a focus on budget management, cultural considerations, effective communication, change management, and the application of optimal delivery methodologies.

I managed a team responsible for producing 100+ legal education programs annually, concurrently overseeing a group of data analysts ensuring lawyers' compliance with regulatory requirements. During my tenure, I focused on creating cohesive and dynamic program initiatives delivering high-quality educational products directly to customers, providing flexibility and convenience. As a leader, I initiated a digital transformation program resulting in a 20% reduction in annual costs and delivering a higher-quality product to attendees.

​

Under the authority granted by the Washington State Supreme Court, I also interpreted APR 6 to grant, dismiss, or modify lawyers' requests for appeals and extensions, ensuring compliance with statutory requirements throughout the review process. Additionally, I facilitated the transition of the core regulatory database from an outdated platform to a custom, integrated system.

I demonstrated strong project management skills by successfully overseeing multiple engagements for a prominent software client, involving venture integration, IT program management, change management, and financial reporting. As a key member of the Integration Management Office for a $17B venture, I managed program workflow and provided crucial consultation on project sub-workstreams and technology onboarding.

 

I efficiently orchestrated the migration of over 200 Business Administrators, improving operational efficiency for executives. I conducted data quality assurance for a new internal digital platform launch, ensuring accurate information migration. Additionally, I performed financial reporting for the client's Legal and Corporate Affairs department using SQL Server and Excel queries, and collaborated with clients and stakeholders to develop playbooks for a large-scale technology platform change.