Doug DeYong

Sr. Security Engineer

Doug DeYongDoug DeYong is a Certified Information Systems Security Professional (CISSP) with more than 20 years of experience in development of network and security architecture, programs, processes, and procedures. Doug has extensive expertise in reducing information security risk.  His work has involved information security risk management, program development, vulnerability assessment, internal control audits, and remediation. Doug has in-depth experience with industry standards such as ISO 27002, NIST-800 series and the IT Infrastructure Library (ITIL).  One of his major focuses has been on risk management as it pertains to compliance with government regulations such as Sarbanes-Oxley (SOX) regulatory compliance, which required consensus building among numerous business units.  Doug is highly adept at coupling technical vulnerabilities with business impacts for overall risk analysis relative to prioritizing remediation.  He provides solid strategic and tactical direction to affect changes that result in reduced information security risk.


Risk Management

Sarbanes-Oxley (SOX)

ISO 27002


IT Infrastructure Library (ITIL)

Information Security Auditing

Network Engineering


Vulnerability Assessment

Internal Controls

Incident Response Management


Policy Development

Process Development

Security Architecture


Payment Card Industry Compliance




Asset Classification

Program Management

Project Management

BioStar Consulting, Inc. 


Consultant – Sr. Security Engineer

Information Security Risk Management – Vulnerability Assessment Program Manager – Hospital Corporation of America, Nashville, TN

Known as “the face of Payment Card Industry (PCI) remediation.” Integrated PCI scanning, penetration testing, and remediation into the Vulnerability Assessment Program (VAP).

  • Developed processes that involved numerous business entities for identification and remediation of PCI vulnerabilities.

  • Identified risks using business oriented impacts combined with technical likelihood for presentation and understanding to business owners and project managers.

  • Team leader of the Sarbanes-Oxley (SOX) testing process. Led and guided others on the SOX team in testing, remediation, and professional development.

Sr. Sales & Security Engineer, Liaison to the CTO – Enterasys Networks, Inc., Lexington, KY

Formerly Cabletron Systems, Enterasys is a manufacturer of best of breed, enterprise class inter-networking and security technologies (routers, firewalls, VPN devices, switches, intrusion detection, wireless, etc.)

  • Served as a member of the Internet Engineering Task Force (IETF) Security Area Advisory Group. Provided direction for product and service development in response to new and developing Internet standards providing for increased viability and competitive advantages.

  • Developed, advised, designed, documented, and led project planning, budgeting, and implementation of large scale networks, security systems, security policy, and procedures for a variety of clients/industries, across numerous business functions.

  • President’s Club winner for top sales performance. 


University of Kentucky, MBA, GPA 3.75, emphasis on Finance, Marketing & Information Systems.

Middle Tennessee State University, BBA, Accounting, GPA 3.31. Member Beta Alpha Psi


United States Air Force

Worked directly under squadron commanders. Maintained cryptographic equipment and keying material, operating/maintaining the secure mainframe terminal & PC, high level security clearance (expired) (specific clearance designation upon request). Honorably discharged. 


  • Certified Information Systems Security Professional (CISSP)

  • Member ISC2 (International Information Systems Security Certification Consortium).

  • Former President and founding member of the BlueGrass Information Systems Security Association (ISSA) of Central Kentucky.

  • Member Middle Tennessee ISSA.

  • Member Information Systems Audit and Control Association (ISACA).

  • Held numerous technical certifications in switching, routing, firewalls, virtual private networks (VPN), intrusion detection, operating systems, wireless, and network management.

Content Protected Using Blog Protector By: PcDrome.