Here are some of the information security projects that Orvin has worked on:
- A client was contacted by their bank forcing them to comply with the Payment Card Industry Data Security Standard (PCI DSS). Orvin helped this organization change its revenue processes to transfer the handling of credit cards back to the bank, substantially reduce the risk of a credit card breach and achieve compliance with the PCI DSS.
- An organization needed help deploying Mobile Device Management software to control cell phones and tables that employees were using. Sensitive data was at risk on many of these devices. Orvin developed and rolled out a program, which included policies, communications, training presentations, and help desk documentation.
- Several public-sector organizations wanted to share a private cloud environment to allow them to collaborate and share costs. Orvin assisted with developing a governance model, which included:
- setting up governance structures and security policies and standards,
- working with lawyers to develop the contractual agreements between the organizations,
- specifying security requirements and negotiating them into the contract with the cloud provider, and
- providing user security awareness training specifically tailored for the shared cloud environment.
- A client was dealing with the problem of too many security policies, some of which contradicted each other. Orvin consolidated and rewrote the policies, making sure they supported the client’s privacy and PCI compliance obligations. Risk matrices mapping the policies to ISO 27002 were also developed to support their Sarbanes-Oxley and PCI audits, reducing the time and effort consumed by the audits. Later, the company asked Orvin to update and revise the policies and matrices for new leading-edge networking technologies being adopted.
- An organization faced a review of its cryptographic key management processes, which involved hardware security modules. Orvin developed processes and supporting documentation.
- A company needed help with their PCI DSS implementation project. Orvin acted as a subject-matter expert to work with the company’s project manager. He helped with selecting a PCI Qualified Security Assessor (QSA), represented the company when dealing with its QSA, and provided advice on various parts of the project.
- A company had challenges dealing with security issues arising from its many contractors. Orvin reformed procurement processes and worked with lawyers to rewrite contract templates.
- Orvin has worked on many security threat-risk assessments, as well as security and privacy reviews.
Testimonials
Orvin is the complete consulting package; honest, hard-working, organized, detailed, and manages project scope, his time and client expectations effectively. He stays on top of the latest trends and continuously works to expand his knowledge in the field of Security and Privacy. I look forward to the many opportunities we will work on together.”
– Laura Wills, SecureWest Consulting.
“Orvin has been a great colleague to work with over the past two years. I found to be very professional, reliable, proactive and business oriented. He has great communication skills, a positive attitude and a good sense of humour. It was a great pleasure working with him, and would enjoy working with him again. I would definitely recommend Orvin for any security advice that you need.”
– Eugenia Kurganska, worked with Orvin at Central 1 Credit Union.
“It was a great pleasure to work with Orvin. He is extremely knowledgeable in Information Security and many more. He is a consummate professional and always delivers on time with quality. He can communicate at all levels; strategically, tactically, and operationally. I highly recommend him as a security expert consultant.”
– Vincent Chiew, worked with Orvin as a past client.
“Orvin has been working with CRNBC for a few years now, and I can honestly say, he is not just an “IT guy.” As a provincial regulator, we need to safeguard the personal information of 38,000 nurses across B.C. Orvin has helped us comply with numerous standards such as the Payment Card Industry Data Security Standard, brought our contracts and policies into line, and helped us ensure we comply with provincial privacy legislation.
Orvin is great at explaining security risks and our compliance requirements to staff from all our departments, in a way they understand, and makes sense. He’s also friendly and approachable, and always willing to take time to explain why we’re changing our processes, and how it helps us better protect the public.
And Orvin doesn’t just look at the IT and legal aspects—he really understands how compliance and standards impact the whole organization’s effectiveness, and how to support staff as they adapt to new processes and systems. I would recommend him to any organization.”
– Cynthia Johansen, Registrar/CEO, College of Registered Nurses of British Columbia