John B. Weaver


Having a passion for Information Security has led to a career focused on information assurance.

John B. Weaver is an IRCA-certified ISO 27001 Information Security Auditor and British Standards Institute-qualified in Implementation with over twenty years experience in Internet and Information Security. He has participated in the evolution of the Information Security industry in leadership roles within technology companies and as an expert guiding the activities of others using his considerable knowledge and experience.

In one of his previous roles, John directed Information Security for a global IP network providing security architecture, policy, regulatory compliance, operational processes and security metrics for both public and internal networks. Today he uses that practical experience along with his extensive training to provide security consulting to Fortune 1000 and International companies in energy, telecommunications, financial and healthcare vertical markets.

John also shares his knowledge with others. He has trained Law Enforcement on Internet Security related to criminal investigations and regularly works with the FBI on information sharing with others working in this field. John is also a sought-after speaker and frequent media resource on issues of Internet and Information Security, Cyberterrorism, regulatory compliance and protection of the National Infrastructure.

Career Accomplishments

+ Expand - Collapse

Achieved Certified Information System Security Professional (CISSP) certification in July, 1998

Received Certified Information Systems Auditor (CISA) status in September, 2002

Completed requirements for Certified Protection Professional (CPP) in April, 2003

Fulfilled requirements for Certified Information Security Manager (CISM) in June, 2003

Certified as ISO 27001 Lead Auditor in May, 2006

Certified as ISO 20000 Lead Auditor in June, 2008

Worked with a Fortune 50 international telecommunications client in Japan to successfully develop Information Security Metrics and an ISO-conformant incident response program

Collaborated on a Health Insurance Portability and Accountability Act (HIPAA) Security Risk Assessment for a large health plan provider

Provided Business Continuity Management consulting to companies in energy, manufacturing, software development and other sectors

Consulted on Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX) and other regulatory compliance issues for multiple clients

Developed methodology and launched an information security consulting practice for a client consultancy targeting the financial vertical market

Provided Information Security Management System (ISMS) implementation consulting from project initiation through registration for an industry-leading company that achieved ISO 27001 certification on the first audit

Former Director, Qwest Worldwide and IP Network Security, overseeing Information Security, Security Architecture for an International Internet Protocol (IP) network spanning the United States, Europe and the Far East

Provided risk assessment and security consulting for new Internet-based products from inception to deployment to exit strategy including broadband transport and application hosting

Skills and Expertise

+ Expand - Collapse

Assist companies to achieve their business objectives by effectively and efficiently managing risk to their information assets

Design, develop and deploy business-driven, standards-based Information Security Programs

Lead ISO 27001 Implementation and preparation for third-party certification

Provide Security Assurance expertise in regulated vertical markets; Financial (GLBA), Healthcare (HIPAA), Public companies (SOX), Health-related manufacturing (FDA)

Provide Information Security Risk Assessment of critical business processes and security policy supporting corporate governance initiatives

Complete Information Security audit and assessment for Merger and Acquisition due diligence

Disaster Preparedness/Business Continuity Planning and Incident Response subject matter expert

Design and manage deployment of Security Architecture; secure network design, firewall and intrusion detection deployment, application security and physical security

Over twenty years experience providing Information Security consulting in North and Central America, Europe and the Far East

Professional Affiliations

+ Expand - Collapse

International Information System Security Certification Consortium (ISC)2 member

Information System Security Association (ISSA) member and past Program Director of the Minnesota Chapter

Information Systems Audit and Control Association (ISACA) member

International Information Systems Forensics Association (IISFA) member

American Society of Industrial Security (ASIS) member

Computer Security Institute (CSI) member

FBI's Minnesota chapter of InfraGard past VP on the Executive Board of Directors