Tod Gotori

Information Security Officer

  • Orange County California

Proven information security leader in building security programs that are aligned with the business. Successful security compliance

Work experience
Work experience
Apr 2014 - Present
Senior Manager-Information Security Officer

Build and lead the information security program for the Taco Bell brand. Drive efforts to secure all Taco Bell restaurants including franchisees, licensees, and corporate owned restaurants(over 6000 locations). Deliver strategic direction and guidance to Taco Bell's executives. Build the brand's first information security program from the ground up. Established relationships and protocols for engaging TB's information security. Deployed information policies and standards for franchisees and licensees. Drive information security Taco Bell while working with the parent company to ensure alignment. Selected Contributions: Set and drive security program direction Developed and deployed restaurant security policies and standards. Created franchisee and licensee security compliance program Lead incident response efforts including table top exercises, and engagement with law enforcement Drive PCI Compliance and audits Develop and manage program budget

Aug 2008 - Jun 2014
Senior Manager-Information Security

Lead all cyber security aspects for San Onofre Nuclear Generating Station. Champion consultative and collaborative approach to security and security design, promoting a disciplined, repeatable, self-improving security program for one of the nation's largest electric utilities(16K employees). Lead the nuclear industry's exemplary cyber security program which is still the benchmark that the Nuclear Regulatory Commission uses to assess other nuclear facilities' cyber security programs. Drive the nuclear plant's NIST/NEI and NIST based cyber security program's defense in depth strategy incorporating a wide array of security controls and tools, including: physical security integration, psychological testing, policy and procedure development, advanced end point protection, network and computer forensics, cyber surveillance rounds for air-gapped systems, etc. Manage all aspects of Nuclear Cyber Security Development including executive reporting, strategy development and initiatives, manage the program's budget, and staffing. Selected Contributions: Lead the overall cyber organization at San Onofre including strategy and vision development, staffing, budget management($6M/year), developing and delivering executive briefings, interfacing with regulatory bodies, lead workshops and technical discussions with nuclear industry organizations(Nuclear Energy Institute, Nuclear IT Strategy Leadership, STARS Alliance), vendor and contract management, prepare departmental testimony to support justification of projected three-year budget for the California Public Utilities Commission. Spearheaded development and implementation of Secure Development Life Cycle to reinforce" secure by design" directive that strengthened security during application development through threat modeling(based on STRIDE/DREAD), and code reviews using static code analysis tools(OWASP Top 10). Deployed San Onofre's network security architecture consisting of four security levels separated by data diodes, Checkpoint Firewalls, and Sourcefire IDS appliances. Leverage and coordinate SONGS cyber security program and the larger enterprise program. Led the enterprise(Southern California Edison) incident response program and computer forensics team.

Nov 2003 - Feb 2008
Manager-Information Security

Projected security posture forward for financial services company with 4, 600 employees nationwide. Created and evangelized vision of progressive IS program built upon solid network security infrastructure, higher application development standards and improved compliance and testing processes, and progressing towards application-level security infrastructure; delivered cross-departmental solutions that allowed IS Team to enable new business processes while reducing risk exposures. Coached, led, and managed performance of onsite and offshore resources; assisted in career planning and developed effective methods for boosting morale including telecommuting and flexible work schedules, and online training opportunities with industry leading groups. Managed IS budget and analysis(~ 10% of overall IT budget); projected future projects for inclusion in new fiscal year budgets and controlled burn rates. Selected Contributions: Built and managed offshore IS capabilities in India; directed staffing and built competency set for India-based subsidiary, allowing U.S. personnel to focus on forward looking projects and grow new capabilities while maintaining aggressive cost containment strategy. Identified and capitalized on opportunities to streamline IS practices enterprise-wide, leading to significant process improvements and lower technology procurement costs. Leveraged Cisco technologies to develop and implement comprehensive network intrusion detection/prevention and event correlation system, providing company and IS Team with ability to actively monitor and quickly identify suspicious activity. Reinforced company policies via development of processes supporting Human Resources and Legal investigations; provided computer forensic analyses remotely or through local system acquisitions. Led team of consultants and internal resources to develop strategy for deploying encryption technologies organization-wide that were crucial for meeting legal and regulatory requirements.

Jan 1999 - Nov 2003
Manager - Information Risk Management
KPMG LLP - Los Angeles, CA

Advised clients of one of the world's largest professional services firms with understanding and mitigating business issues arising through use of technology.

Bachelor of Science, Computer Science
Juris Doctor
Apr 2002 - Present
Certified Information Systems Security Professional (CISSP)

Certification number - 29972

Apr 2004 - Present
Certified Information Security Manager (CISM)

Certification number - 0403952