Poincaré Díaz Peña
San Juan
Summary
As the first Chief Information Security Officer (CISO) appointed after Puerto Rico's Law 40-2024, I have led the implementation of the law’s cybersecurity requirements, focusing on protecting critical infrastructure and sensitive data. With over 10 years of experience, I manage advanced security platforms like CrowdStrike Falcon, Tenable, Splunk, and Microsoft Sentinel, and oversee Puerto Rico’s comprehensive cybersecurity plan. I am responsible for the security of information across Puerto Rico’s government infrastructures, providing cybersecurity training for public employees and citizens, and collaborating with agencies to enhance security posture. Additionally, I lead incident response and ensure compliance with national cybersecurity standards.
Overview
15
15
years of professional experience
Work History
Chief Information Security Officer
Puerto Rico Innovation and Technology Service
San Juan
10.2023 - Current
- Developed and implemented security policies, standards, and procedures to protect government information systems.
- Monitored compliance with data protection regulations and internal policies across government agencies.
- Oversaw incident response teams in the event of a security breach or system failure within government systems.
- Conducted regular vulnerability assessments to identify weaknesses in the infrastructure of government agencies.
- Coordinated with other government departments on security initiatives such as risk management, disaster recovery planning, and business continuity planning.
- Assisted in developing strategies for responding to cyber threats such as malware attacks, phishing attempts, or distributed denial-of-service attacks targeting government systems.
- Led investigations into potential breaches of confidential government data or unauthorized access to critical information systems.
- Evaluated current technologies used by government agencies for their ability to meet security requirements.
- Established procedures for responding promptly to any suspected information security incidents within government systems.
- Maintained up-to-date knowledge of emerging threats and vulnerabilities within the IT industry, with a focus on government-related threats.
- Provided executive leadership team with updates on the status of IT security programs across government agencies.
- Managed the security posture of government networks by monitoring for potential threats, cyber espionage, malware, and internal sabotage.
- Analyzed system risk to identify and implement appropriate security countermeasures in government systems.
- Made recommendations to improve security procedures and systems within government infrastructure.
- Promoted security awareness among government employees, clients, and the general public to mitigate risks and prevent breaches.
- Audited networks and security systems across government agencies to identify vulnerabilities.
- Designed, implemented, and maintained security systems and controls specific to the needs of government infrastructure.
- Collaborated with government stakeholders to implement and update disaster recovery plans.
- Led public awareness campaigns to educate citizens on cybersecurity best practices, including phishing prevention and secure online behaviors.
- Collaborated with local and federal law enforcement agencies to exchange information and support investigations related to cyber incidents, ensuring coordinated responses to threats affecting government systems
Information Security Officer
Puerto Rico Innovation and Technology Service
San Juan
06.2022 - 09.2023
- Monitored security systems across government agencies for unauthorized access and suspicious activity.
- Developed and implemented information security policies, procedures, and standards for Puerto Rico government agencies.
- Investigated data breaches and other cyber-security incidents within government entities.
- Provided technical support for the installation, configuration, and maintenance of security solutions such as firewalls, intrusion detection systems, and antivirus software across multiple government agencies.
- Evaluated network architecture designs of government systems to identify potential vulnerabilities.
- Analyzed system logs from various government agencies to detect any malicious activities or policy violations.
- Implemented user authentication protocols, such as two-factor authentication, across critical government systems.
- Coordinated incident response efforts within and across government agencies when a breach was detected.
- Made recommendations to improve security procedures and systems for government information infrastructure.
- Investigated information security breaches in government systems to identify vulnerabilities and evaluate damage.
- Promoted security awareness among government employees and external partners to mitigate risks and prevent breaches.
- Managed security audits and vulnerability assessments to continually improve the security posture of government systems.
- Spearheaded security initiatives such as encryption of sensitive data and the implementation of secure communication channels within government networks.
- Developed and maintained a comprehensive incident response plan that aligns with government-wide protocols.
- Collaborated with external security agencies and organizations to enhance the government's security posture.
Chief Information Officer
Puerto Rico National Guard- State Affairs
San Juan
02.2013 - 06.2022
- Advises the Adjutant General in the establishment of public policy related to the development and implementation of Information Systems.
- Recommends, develops and establishes the necessary procedures to attend to everything concerning the establishment of information systems, acquisition of computerized equipment, peripherals, programming, guides, policies, regulations, among others.
- Coordinates with government agencies and departments, the establishment of interconnectivity systems, networks and pilot programs using information systems in which the Agency participates.
- Establishes, maintains and evaluates the development of the Strategic Information Technology Plan of the Puerto Rico National Guard State Affairs.
- Ensure that backup programs or systems run with integrity, recovery and availability of data and information
- Prepare or submit budget requests, annual work plans, progress reports, special projects and others that may be required.
- Customized technology systems to fit company needs.
- Oversaw IT staff and general system maintenance.
- Monitored changes and updates in technology systems.
- Identified issues and resolved problems with hardware and software to improve end-user experience.
- Developed and implemented short and long-term technology programs to determine performance measurements, outcomes and investment needs.
- Designed contingency planning, formal training and employee development plan to increase staff quality performance.
- Designed standardized employee development processes to expedite onboarding and verify skills and competencies among new personnel.
- Directed global network infrastructure strategy, guiding network installations in multiple locations and connecting facilities.
- Coordinated, managed and prepared RFPs and RFQs for purchasing department, recommending software and hardware specifications.
- Facilitated leadership to community and internal staff by conducting technology trainings and workshops.
- Collaborated with and mentored technology staff, promoting synergetic partnerships, credibility and teamwork.
- Consistently tested and developed strategies to improve information flow throughout organization.
- Orchestrated high-level IT vendor relationships, selecting voice, data and other providers in addition to verifying and maintaining advantageous service level agreements.
System Administrator
Puerto Rico National Guard - State Affairs
San Juan
06.2016 - 02.2017
- Set up user accounts, permissions and passwords and defined network policies and procedures.
- Set up, optimized and managed network equipment.
- Determined and alleviated hardware, software and network issues.
- Orchestrated and oversaw upgrades to system hardware and software.
- Researched, recommended, configured and supported hardware and software for multiple departments.
- Managed network-related projects from concept to implementation.
- Delivered reliable support for server-class systems.
- Managed day-to-day storage equipment administration to promote optimal system asset application.
- Assessed latest innovations to recommend and adopt cost-effective, useful solutions.
- Maintained cloud-hosted and on-site servers by applying appropriate patches and monitoring hardware health.
- Designed endpoint management strategy for operation of various systems and devices.
- Oversaw storage management, data migration, backups and drive replacements.
- Installed and maintained firewalls to secure on-site and cloud-based hardware against unwanted intrusions.
- Monitored application and print servers, rapidly responding to faults and malfunctions.
- Managed email routing and internal message protocols to support reliable delivery of communications.
- Created configuration guides for deploying new desktops, laptops and mobile devices.
- Automated repetitive administrative tasks to shorten work times and reduce required personnel.
- Generated reports outlining network performance, costs and downtime issues.
- Integrated cutting-edge infrastructure tools to migrate network operations to virtual server computing environment.
- It manages "Backups" systems in terms of making backup copies of servers, user files and their restoration.
- Provides support to the Chief Information Officer in the development of guides, policies or regulations for the proper use of information systems and in the creation of different reports.
- Gives technical support to users, when required.
System Administrator
Institutional Trust of the National Guard of Puerto Rico
San Juan
02.2010 - 01.2013
- Supervise, monitor and manage personnel hired for the provision of membership services in the operations of the Military Stores.
- Administration, configuration, installation and maintenance of the government network Active Directory, DNS, DHCP, print servers and cybernetic portal.
- Installation and Configuration of virtualization systems such as: Microsoft Hyper V and VMWare Esxi, among other products.
- Installation, configuration and maintenance of Microsoft applications such as: Office 2003, 2007, 2010, Microsoft Exchange Server 2003, 2007, 2010, WSUS, WDS, Isa Server 2006, Microsoft TMG and Microsoft SQL 2008.
- Installation, configuration of different operating systems such as: Windows XP, Windows Vista, Windows 7, Server 2003, Server 2008 and Linux.
- Set up user accounts, permissions and passwords and defined network policies and procedures.
- Development and implementation of networks, structured cabling and fiber optics.
- Set up, optimized and managed network equipment.
- Researched, recommended, configured and supported hardware and software for multiple departments.
- Installation, configuration and maintenance of Datacard identification systems.
- Installation, configuration and update of Peachtree accounting system and Blackberry Server Enterprise system for messaging to mobile units.
- Managed network-related projects from concept to implementation.
- Managed day-to-day storage equipment administration to promote optimal system asset application.
- Assessed latest innovations to recommend and adopt cost-effective, useful solutions.
- Designed endpoint management strategy for operation of various systems and devices.
- Oversaw storage management, data migration, backups and drive replacements.
- Installed and maintained firewalls to secure on-site against unwanted intrusions.
- Created configuration guides for deploying new desktops, laptops and mobile devices.
- Automated repetitive administrative tasks to shorten work times and reduce required personnel.
- Integrated cutting-edge infrastructure tools to migrate network operations to virtual server computing environment.
Education
MBA - Information System
EDP University
Hato Rey, San JuanBBA - Information Systems
University of San Juan
Hato Rey, San Juan06.2008
Skills
- Information risk management
- Firewall configuration and log ingestion via Forti Analyzer
- Data security
- Development of cybersecurity presentation content
- Compliance management
- Intrusion detection
- Forensic analysis
- Disaster recovery planning
- Risk assessment
- Information protection
- Collaboration with government agencies on cybersecurity initiatives
- Executive leadership in cybersecurity
- Team building and leadership in cybersecurity teams
- Cybersecurity strategy and planning
- Incident response and threat detection
- Advisory on PRITS services for agencies and municipalities
- Implementation of CrowdStrike Falcon, Tenable, Splunk, and Microsoft Sentinel
- Security analytics and vulnerability management
- Cybersecurity training for public employees and citizens
- Cloud security management in Microsoft environments
- Cybersecurity policy creation and enforcement
- Business continuity and disaster recovery planning
- Task prioritization and scheduling in cybersecurity projects
- Diagnosing cybersecurity issues and performance analysis
- Specifications understanding related to cybersecurity tools
- Analytical skills and attention to detail in security processes
- Technical instruction and cybersecurity awareness training
- Effective communication and interpersonal skills in cybersecurity
- Knowledge of cybersecurity frameworks
- Managing security breaches and incident response
- Security planning and procedure documentation
- Decision-making in cybersecurity incidents
- Collaboration and relationship building
Trainings
- Cybersecurity for Managers
- Gerencia de Proyecto
- Introduction to Control Systems Cybersecurity
- Intermediate Cybersecurity for Industrial Control Systems
- Cybersecurity Evaluation Tool (CSET) Training
- Office 365 SharePoint Online: Administration and Configuration
- Administration and configuration of MS System Center 2012
- Administration and configuration of MS SharePoint 2010
- Windows Server 2008 & 2012 Active Directory Domain Services & Networking Infrastructure.
- Windows Administration and Automatization Using Powershell
Languages
Spanish
First Language
English
Intermediate
B1
Timeline
Chief Information Security Officer
Puerto Rico Innovation and Technology Service
10.2023 - Current
Information Security Officer
Puerto Rico Innovation and Technology Service
06.2022 - 09.2023
System Administrator
Puerto Rico National Guard - State Affairs
06.2016 - 02.2017
Chief Information Officer
Puerto Rico National Guard- State Affairs
02.2013 - 06.2022
System Administrator
Institutional Trust of the National Guard of Puerto Rico
02.2010 - 01.2013
MBA - Information System
EDP University
BBA - Information Systems
University of San Juan
Similar Profiles
Kevin RoigKevin Roig
Programming Intern at Puerto Rico Innovation and Technology ServiceProgramming Intern at Puerto Rico Innovation and Technology Service
María MéndezMaría Méndez
Urban Planning & Research Specialist at Puerto Rico Science, Technology & Research TrustUrban Planning & Research Specialist at Puerto Rico Science, Technology & Research Trust
Veronica GonzalezVeronica Gonzalez
Procurement Specialist at Puerto Rico Science, Technology and Research TrustProcurement Specialist at Puerto Rico Science, Technology and Research Trust
Juan Daniel NavedaJuan Daniel Naveda
Auxiliar limpieza at Trabajaba de limpieza particularAuxiliar limpieza at Trabajaba de limpieza particular
ANGY NIKYOLI GONZALEZ ALCANTARAANGY NIKYOLI GONZALEZ ALCANTARA
Sales Representative at Grupo BacháSales Representative at Grupo Bachá