Derrick Coston

Derrick Coston, Information Security Consultant.
I am a results-driven information technology (IT) professional with current strengths in compliance, security and auditing. I have designed, developed, and implemented information technology solutions for many organizations using industry recognized standards including BS7799/ISO 27001:2005 and NIST 800 series and FISMA. I have drafted and obtained board of director approval for information security policies and implemented procedures based on the policies. Additionally, I have developed a risk-based approach to managing network infrastructures which comply with Federal Legislation including the Health Insurance Portability and Accountability Act (HIPAA), Gramm, Leach, Bliley Act (GLBA), and the Sarbanes- Oxley Act (SOX).


I have assisted financial institutions with their with compliance IT examinations by conducting pre-exam audits, penetration and vulnerability testing, document reviews, and process updates with emphasis in vendor, change and incident management. I have also designed, implemented and tested disaster recovery and business continuity solutions which comply with the requirements of the Federal Financial Institutions Examination Council.

I have conducted and managed internal technology audits, penetration and vulnerability testing, SAS-70 and PCIDSS reviews, and data center physical site reviews both nationally and internationally. I have also developed and taught numerous IT and security courses including the CISSP, CISA, Security+, Network +, CCNA and MCSE certifications for both in-house training as well s at the university level including Portland State and the University of California San Diego. I possess excellent research, communication, documentation, and project management skills and ensure that solutions or projects that I am assigned not only meet business requirements and integrate into existing business processes but also comply with current regulatory and industry recognized standards.