• Hadi Shavarini, CISSP

    An Information Security executive committed to preserving the CIA triad!

    With a cyberpreneurial spirit, I am an accomplished, Certified Information Systems Security Professional (CISSP) who is result-driven with a deep passion and a strong commitment to applying my experience in preserving the CIA triad.

     

    As a CISSP with extensive expertise in leading digital platform settings, my most recent role was the co-founder and CEO at WebMedicPro, where I gained extensive knowledge and ultimately learned to implement and manage complex cybersecurity infrastructures for a medical application in a mobile environment.


    Under my leadership, my company assumed the highest responsibility of being the creator and custodian of millions of Protected Health Information (PHI) records. With my guidance, my team designed and developed one of the first HIPAA / NEMSIS3.0-compliant patient charting Pad for the EMS industry.
     

    Over the last twenty years, I have directed the design, development, integration, performance, and security of multi-site IT operations worth millions of dollars. I have cultivated highly-advantageous partner/vendor relations, and have collaborated cross-functionally across multiple time zones.
     

    I am proud of the end result. In 2014, through a multi-million dollar acquisition, I sold WebMedicPro to one of our competitors in Halifax, Canada.

     

    Throughout my career, I have used sharp business acumen to analyze, and manage risk. I have a management by exception style and my character thrives in tough situations.

     

    For more information, please review my resume.

  • My Practice

    Trusted Cybersecurity Advisor

    As a vCISO, I build successful working relationships and consult with C-Level executives, and key stakeholders to define, develop, implement, and enforce a corporate Cybersecurity policy to support the business objectives, meet compliance and regulatory requirements, while promoting security awareness within the entire organization. Specifically, I work with clients to accomplish the following:

    • CyberSecurity Architecture implementation, from planning through design and execution
    • Develop and deliver security standards, principles, governance and compliance across all required regulatory frameworks
    • Work with technology and business leadership to develop road maps for enterprise security technology strategy
    • Cybersecurity risk analysis to proactively identify and make recommendation to prevent future data breaches
    • Supervise security operations, including monitoring and mitigation of risks
    • Implementing identity and access management, tightly restricting access to protect sensitive information
    • Establish Cybersecurity awareness programs to be used throughout the organization.

    Although NIST and ISO are the two most common cybersecurity frameworks, for small and mid-size companies, I recommend the Center for Internet Security (CIS) framework whose controls can be directly mapped back to both NIST and ISO .

     

    There is no doubt that good IT operational practices drive a significant reduction in cybersecurity-related risks, and the CIS Controls can drive these operational practices. My goal is to help my clients develop and implement the CIS Controls and use my experience to make them even more effective.

    Cyber Security Framework

    With controls broken down into three categories of Basic controls, Foundational Controls, and Organizational Controls, the CIS Framework was originally developed in 2008 to help small and mid-sized companies cope with complex cybersecurity requirements.

     

    I work with clients to develop, establish and enforce a corporate cybersecurity policy that applies the following security controls:

     

    Basic Controls:

    • Inventory and Control of Hardware Assets
    • Inventory and Control of Software Assets
    • Continuous Vulnerability Management
    • Controlled Use of Administrative Privileges
    • Secure Configuration for HW and SW on Mobile Devices, Laptops, Workstations and Servers
    • Maintenance, Monitoring and Analysis of Audit Logs
       

    Foundational CIS Controls:

    • Email and Web Browser Protections
    • Malware Defenses
    • Limitation and Control of Network Ports, Protocols and Services
    • Data Recovery Capabilities
    • Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
    • Boundary Defense
    • Data Protection
    • Controlled Access Based on Separation Of Duties (SOD), Principle of Least Privilege (PoLP, and the Need to Know
    • Wireless Access Control
    • Account Monitoring and Control

     

    Organizational CIS Controls:

    • Implement a Security Awareness and Training Program
    • Application Software Security
    • Incident Response and Management
    • Penetration Tests and Red Team Exercises

     

  • Accomplishments

    Co-founded Blue Robin

    A DevOp company specializing in SaaS, Cloud Computing and Cybersecurity solutions for small businesses. (Sold partnership)

     

    Co-founded WebMedicPro

    A HIPAA-compliant, Electronic Patient Care Reporting (ePCR) system for the EMS industry. Successfully exited in 2014 (acquired by a Canadian competitor)

     

    Project Lifecycle Management System

     

    Established a revenue-sharing partnership with one of the largest media management software companies in the USA, and collaboratively we developed a complex, web-based book publishing and royalty management system. (License sold to the client)

    WebDMC

    Collaborated with multiple Destination Management Companies (DMC) and developed the first web-based, workflow driven system for event planners and destination management professionals.

  • Recommendations

    broken image

    Mazdak Rafaty

    Columnist covering Middle East and Africa at fDi Magazine of Financial Times

    I have known Hadi for many years and as a business partner, I have come to know him really well as a business man. He has a truly exceptional grasp of both visionary strategy and detailed tactics that are needed for success. He fully understands the drivers that compel companies to establish fruitful partnership. And above all, he has a rare work ethic and can comfortably deal with people in different cultures in an international setting. He can be an effective leader for any organization.

    broken image

    Elizabeth Blanco

    Nonprofit Manager Specializing in International Partnerships, Employee and Program Development, and Project Oversight

    I worked with Hadi when Blue Robbin was heading WorldTeach'sCRM migration. As one of his clients, Hadi was attentive to ourneeds and built a strong relationship with our team to push theproject through on a tight timeline. It was a pleasure to work withhim to serve our organization's unique needs.

    broken image

    Armen Pischdotchian

    IBM Watson, Academic Tech Mentor at IBM Corp

    What stood out for me as I worked with and for Hadi in developing his web app for the DMC industry, was the immense sense of integrity that I witnessed first hand. He regarding handshakes and verbal promises (from his end for sure) as binding contracts and throughout the entire undertakings that we forayed into, his drive for transparency of information flow was something that frankly deserves a Tedtalk just on the practices of what it means to be ethical in business dealings.

    broken image

    Edwin Miguel Ortega

    Regional Director at International Medical Transport Inc

    I have had the pleasure of knowing and working with Hadi since 2010, when he helped me launch one of the most innovative and advanced ePCR systems for a few ambulance companies, including the city of Ponce. He was instrumental to help us roll out, equip and support these ambulances in our beautiful island of Porto Rico. Hadi has an entrepreneurial spirit. He is intelligent technically and can build credibility, trust and opportunity with clients and colleagues. He is organized and can keep everyone on track. Hadi always has a positive attitude, and never afraid to get involved. Hadi engages with his clients confidently and responds to their needs with a sense of urgency. He has a great inter personal and communications skills with which he can build solid friendship even with people whose language he doesn’t speak. He is a great asset to any organization.

  • Education 

    CISSP Certificate

    (ISC)² - The International Information System Security Certification Consortium

    CISSP - 2021

    CISSP Certificate

    broken image

    Northeastern University, Boston MA.

    D'Amore-McKim School of Business

    MBA - 1999

    Masters in Executive Business Management

    broken image

    Wentworth Institute of Technology, Boston MA.

    BSEE - 1983

    Bachelor of Science in Electrical Engineering

  • Skills & Knowledge

    Skills & Tools

    Kali Linux | Vulnerability Scanning (Nessus) | Tripwire | Wireshark | Lucidchart UML | Multi-vector Protection (Webroot) | Acronis Backup | Zoho ManageEngine MDM | Continuum RMM | G suite | Microsoft 365 |

    Knowledge

    Defense in Depth | Zero Trust Network Architecture | NextGen Firewall | Kerberos | Diameter | Website Architecture UI/UX | NIST | PCI-DSS | HIPAA | BCP/DRP | (Agile SDLC) |

  • Public Appearances

    Storytelling

    I grew up with no TV but with my grand mother's stories. I have developed an interest and have become quite a storyteller myself.

    Public Television (WGBH)

    How an immigrant who grew up in a traditional, Shia' Muslim family, created his own Christmas tradition by bringing his Persian holiday spirits to an otherwise traditional celebration. 

    broken image

    Short Films

    I have a passion for short films. The first film I helped a friend to make (and I acted in it), ended up to be an award-winning effort. 

  • My Journey

    "We cannot afford to shrug off the threat."   Dorthy E. Denning

    Without knowing a single person, nor being able to speak a word of English, I was barely seventeen years old when I landed in New York City in 1978. I was able to self-finance my education and graduate from college. After having worked for multiple high tech companies in the Boston area (ranging from start ups to fortune 500), I decided to start my own business,

     

    My first success dates back to the era of 9/11 when just months before the infamous attacks, I had started my own business. At at time of political and economic uncertainty, I was able to raise enough seed money to purchase a small dying web hosting company in the Boston area. In the span of 5 short years, I was able to fully turn that small company around by developing multiple SAAS products which generated recurring revenues at high margins.

     

    During the recession of 2008, I successfully prepared my company and responded to the demands of the marketplace. I employed the deep and disruptive technology that iPad had just unveiled and began my carrier in Information Security in the healthcare industry.

     

    With an entrepreneurial spirit, a strong business acumen, and an appetite to learn tirelessly, having sold my business after 17 years, I am now working as a consultant for security-conscious organizations where my consensus-driven leadership, extensive knowledge of compliance, risk management standards, and reputation for pushing the boundaries are most at home.

     

  • My Blog

    Cookie Use
    We use cookies to ensure a smooth browsing experience. By continuing we assume you accept the use of cookies.
    Learn More