Mr. David Kim, B.S.E.E., is the Sr. Vice President of GRC Services & Principal Consultant with IT Professional Group, Inc. (ITPG) located just outside Washington, D.C. Kim is also the virtual CISO (vCISO) for various organizations providing strategic guidance on compliance and information systems security. As a consultant, Kim provides IT security training and consulting services for governments, international airports, large enterprises, banking, financial, manufacturing, healthcare, and retail verticals around the world. He has specific expertise and experience in enterprise IP data networking infrastructures, converged communications including VoIP and SIP, and service delivery models (i.e., FCAPS, ITILv3, etc.) for help desks, network operations centers (NOC), and security operations centers (SOC). In addition, Kim leads all governance, risk, and compliance consulting services for both public and private sector clients globally and nationally. Mr. Kim currently leads projects in the following areas:
- Business Process Re-Engineering/Business Process Management Services
- Translating Business Requirements into Solutions that Involve IT
- Enterprise IP Data Network Design (Layer 2/3 IP Switching/Routing, IPv4/IPv6, MPLS, WLAN)
- Enterprise Network Management & Service Delivery Models (FCAPS, ITILv3, etc.)
- Converged IP Data Networking, VoIP, SIP, & Unified Communications
- Internal & External Vulnerability Security Assessments & Network Penetration Testing
- Compliancy Services and Assessments (HIPAA, GLBA, FERPA, PCI DSS v2.0, SOX)
- Network & Vulnerability Assessments (Saint, Nessus, Qualys)
- Pre & Post Implementation VoIP & SIP Network and Security Assessment
- IT Infrastructure Security Architecture & Framework Assessment (Policies, Standards, Procedures, and Guidelines, CoBIT, GATE)
- Risk Management & Information Security Management Program (ISMP) Maturity Posture Assessments (NIST SP800-30, OCTAVE, ISO27001/27002)
- Computer Security Incident Response Team (CSIRT) Plan Development & Training
- Business Continuity & Disaster Recovery Planning Services
- Managed Security Services – 24x7x365 security/network monitoring & alarming
- ASP/SaaS (Front-End, Back-End, ASP and SaaS implementation and planning) Web-Based Application Solutions
- Web Application Security Assessments – XSS, OWASP, SQL Injection/Pene Testing
Kim’s IT and IT security experience encompasses over 25+ years of technical engineering, technical management, and sales and marketing management experience in the IT field as well as with large service providers. This experience includes LAN/WAN, internetworking, enterprise network management, and IT security for voice, video, and data networking infrastructures.
Currently, he is an active IT security consultant, trainer, and developer; and he is instrumental in defining ITPG’s security services as well as for clients including large service providers.
These IT security consulting services include risk and vulnerability assessments, compliance audits, designing layered security solutions for enterprises, business continuity and disaster recovery plans, and developing IT security strategic plans for large commercial, publicly traded, government, and higher-education clients throughout the world. He currently provides the following data networking and network management consulting services:
- Enterprise data networking LAN, WAN, WiFi/WLAN design and configuration (Cisco, Brocade, Nortel/Avaya, HP Networking)
- IPv4 & IPv6 migration and implementation design and planning (Cisco, Brocade, Nortel/Avaya, HP Networking)
- Real-time data networking & IP multicasting design and configuration (i.e., VoIP, SIP, Unified Communications, CCTV IP) – (Cisco, Brocade, Nortel/Avaya, HP Networking)
- Ethernet Campus, Building, & LAN switching & routing (OSPF v2/v3, MPLS) – (Cisco, Brocade, Nortel/Avaya, HP Networking)
Previously, Kim was responsible for content development, educational product development and management, and educational delivery and fulfillment for (ISC)2 (www.isc2.org) and their flagship professional certifications CISSP® and SSCP®. He was also involved in the initial launch of the CISSP® Concentrations: ISSAP®, ISSMP®, ISSEP® to provide more granular professional certifications in security architecture, management, and engineering. He was responsible for instructor development, quality control, and content development.
Currently, Kim is active in the Healthcare IT, Information Security, VoIP, and Unified Communications field. He is an active speaker and presenter at HIMSS, MGMA, NICE, NIST, and Cyber-Security conferences and trade shows around the world. He develops courseware and presentations on various information security related topics including Healthcare IT, Telemedicine, IT Security Architectures & Frameworks, Compliancy Laws and their Impact on IT Infrastructures. Kim is a former Cisco Systems Certified Instructor, Nortel Networks Certified Instructor, and HP Networking Certified Instructor for LAN/WAN, routers, and CPE equipment manufactured by these vendors.
Kim recently co-authored with his colleague in 2012 and 2011, Michael Solomon, two recent books entitled “Fundamentals of Network Communications” and “Fundamentals of Information Systems Security” for Jones & Bartlett Learning’s Information System Security & Assurance Curriculum (www.issaseries.com). In 2009, Kim, co-authored with his colleagues, Robert Decker and Michael Gibbs, a book entitled “Unified Communications Solutions” for Nortel Press/Avaya Press on emerging voice communication solutions including unified messaging and unified communications that are positioned to uniquely solve business communication challenges. In addition, he co-authored with his colleague Michael Gregg in 2005, “Inside Network Security Assessment – Guarding Your IT Infrastructure”, which discusses recent compliancy laws and their impact on IT infrastructures, conducting risk and security assessments, and implementing proper security controls (policies, standards, procedures, and guidelines) pertaining to confidentiality, integrity, and availability.
Professional Affiliations, Certifications & Teaching Experience:
IEEE Member – 1985 and on
Certified Cisco Systems Instructor – 1993 and on
Certified Nortel/Avaya Systems Instructor – 2006 and on
NSA 4011 – Information Systems Security Certified Professional
NSA 4013-Advanced – System Administrator Certified Information Assurance Professional
During the 1990’s, Kim founded a company called Network Evolutions, Inc. (NEI) which focused on enterprise and broadband network design, network implementation, and large-scale broadband IP networks supporting converged voice, video, and data communications. Network Evolutions, Inc. was acquired by IXC Communications, Inc./Broadwing, Inc. (NYSE: BRW) in 1999 during the Internet/Telecommunication’s boom of the late 1990’s.