SUMMARY:

A dynamic Security Consultant and Security Architect and Engineer providing effective leadership of financial, Health, IT Cyber Security programs. An experienced leader of cyber security operations, design and engineering, crisis management and policy development. Analytical, results - oriented professional with proven success in streamlining procedures, realizing corporate goals and increasing efficiency through effective business strategy. Substantial experience encompassing a variety of cyber security tools, procedures and policies. A respected systems engineer with the ability to conceptualize and rapidly implement creative solutions that efficiently meet the business requirements. Proficient in documenting business and functional requirements for customer-facing audiences, technical support and processes based on business policies. Exceptional track record and experience with setting up and maintaining security tools and have done first time deployment for Public and Private Sector.

TECHNICAL SKILLS:

OS & Enterprise Apps: Windows NT/ 2000/2003/2008 Server, Exchange Server, ISA firewall, Proxy Servers, Load balancers, Linux (Centos, Ubuntu and Red hat), VMware ESX, Terminal Server, Citrix Netscalers, Cisco IOS, NX-OS, MS Outlook/Exchange 5.5/2003/2010 , Juniper NOS, Palo Alto PA-OS, Checkpoint OS SPLAT/Gaia OS, F5 LTM/GTM., A10 networks, McAfee, TOSTechnologies AD, DNS, WINS, DHCP, VPN, RIS, Remote Desktop, IIS, Checkpoint

Connectivity & Hardware: Cisco Access/Distribution/Core Routers and Switches, Nexus 1k/2k/5k/7k Switches, ASA, Palo Alto PA-4000/5000 Firewalls, Wireless Controllers, Ethernet, Cable/DSL Modem, Dell Servers, ProLiant, HP Servers, Citrix Netscalers NSSDX11515, F5 BIG-IP, Riverbed Steelhead, Cisco WaaS, FireEye NX/EX and CM7400, HP Tipping Point N/NX series, Web Sense Triton, RSA SecurID 250Programming & Database MS-SQL Server, MySQL, Oracle 10G, Python, Perl

Software & Tools: Solar Winds, Kiwi CAT tools, Cisco Works NCM, Site scope, MRTG, SDM, Arc serve, Splunk, Cisco WLS, NetScout Sniffer, Snort, Tenable Nessus Security Center, Proventia, Websense, Bluecoat, HP Open view, Algosec Firewall Analyzer, Splunk, Panorama, CUCM, CUPM, Indeni, Wireshark, Net brain, SIEM Tools, Trust wave, Log Rhythm, Vormetric, Safenet, Thales nshield.

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Security Architect and Encryption SME

Responsibilities:

• Performing project-based engineering, design, installation and troubleshooting of data/security networks.
• Works with the engineering team to successfully implement secure network solutions.
• LAN routing and switching configuration and deployment in medium to very large Confidential .
• Provide network engineering consulting services, including: assessment, design and implementation of data and secure networking environments
• Provide Engineering call presentations to Confidential all across the US to get court buy-in to the project.
• Supports client through planning, design and implementation of Palo Alto Firewalls to over 600 sites.
• Develop comprehensive graphical and text-based design documentation and effectively manage the implementation process from design to customer acceptance.
• Conducts Operations and Maintenance and configuration management for all SOC tools.
• Provides security engineering, integration and implementation of security tools for the SOC.
• Provides analysis related to the design, development, and integration of hardware, software, man-machine interfaces and all system level requirements to provide an integrated IT solution.
• Performs design, and development of security infrastructure for SOC.
• Performs O&M for SOC tools including incident response and tracking system, NIDS, SIEM, Log Management architecture, DLP, Forensic tool suites, Vulnerability Assessment scanners, and many other SOC-tools.
• Conducts troubleshooting of mission-critical system issues on a 24x7x365 basis.
• Successfully configured and managed the deployment of 300 Palo Alto Firewalls in cluster to various court sites.
• Provide supports to all Palo Alto firewalls through monitoring of traffic and logs.
• Configured zones, interfaces, Virtual Routers to support OSPF routing and Multicast network.
• Setup Panorama M100 and configured user-id, app-id, content-id, ssl-decryption, templates, device groups and policies for all 1200 Palo Alto Firewalls.
• Maintained and managed PAN-OS 7050, 5050, 4050, 3050 and 3020 Firewall that protects PACER, BLAN and DCN’s data.

Confidential, Greenbelt, MD

Infrastructure Security Architect

Responsibilities:

• Performing project-based engineering, design, installation and troubleshooting of data/security networks.
• Integrated Thales nshield Connect 6000 with Microsoft CA by creating Security World for Census project.
• Integrated Thales Vormetric 6000 with Census 2020 Cloud and ONPrem environment for data at rest encryption and Key management requirements.
• Works with the engineering team to successfully implement secure network solutions for DBProtect, Vormetric, nShield and other security tools based on requirements.
• Designed, Engineered and Integrated Security tools for Census 2020 project.
• Completed the ATO process as both Infrastructure and Security SME for Thales and Vormetric products.
• Reviewed existing security architecture, identifies design gaps, and recommends security enhancements.
• Stayed abreast of current and emerging security threats and designed security architecture to mitigate them
• Stayed abreast of emerging security technologies and integrated them into security architecture as needed.
• Ensured alignment between security architecture frameworks and standards and overall business strategy
• Worked as an information security expert and trusted advisor to Census Technical Integrators and Census Management Staff..
• Achieves security architecture compliance on requirements, including but not limited to: Sarbanes-Oxley, payment card industry standards, HIPAA/HITECH, global data privacy requirements, FISMA and other state and federal IT security regulations.
• Led the development of plans of actions and milestones (POAMs) to address system weaknesses and vulnerabilities.
• Led the development and maintenance of system security documentation for Security Operations Team.
• Led the development, maintenance, and execution of a continuous monitoring strategy to ensure situational awareness of the security posture and risk exposure of the system on an ongoing basis.
• Advises the information system owner and authorizing official of information security risks and mitigation strategies
• Acted as the primary POC for information security audits and assessments. Used various tools such as CSAM and RMP for Security assessment and management.
• Led the development, updates and maintenance of system and application security controls and documentation for the public facing websites.

Confidential, Center Valley, PA

Consultant and IT Security Advisor

Responsibilities:

• Set overall Information Security strategy for Confidential Corporation of the Americas, working in conjunction with Confidential Tokyo to define and implement global security initiatives.
• Promote, exhibit and develop a corporate culture that is committed to Governance, Risk & Compliance, and Information Security best practices throughout the organization.
• Maintain responsibility for all SAP security matters, ensuring compliance, remediation and security of application information.
• Conduct periodic security risk/vulnerability assessments, assessing overall exposures and identifying the actions required to address any gaps.
• Create a process to manage and approve exceptions to the security policy.
• Planned and Design SOC for Confidential America.
• Lead cross-functional teams to design and implement new security solutions, such as identity management, data leakage protection, Full Disk Encryption, Endpoint and Advanced threat protection.
• Collaborate with key stakeholders to validate, verify and address audit findings, control deficiencies and remediation plans.
• Oversee an ongoing security awareness program for employees across the business and ITS.
• Provide subject matter expertise and consultative support to application developers in the identification of information security issues and requirements.
• Manage System Policy Compliance and Configuration within the SAP GRC application.
• Manage SAP Security and Access Management and Privileged Access Management functionality.
• Lead the OCA Information Security Response Team to minimize effects of viral outbreaks and zero day vulnerabilities.
• Perform annual Information Security reviews, vulnerability assessments, penetration tests, and assessment of organization s security posture.
• Remediate identified security weaknesses, assess the risk, and recommend appropriate compensating controls.
• Work with other ITS, Corporate, and Business groups to participate in meetings and to provide security solutions related to, but not limited to SOX, HIPAA HITECH, PCI DSS, Massachusetts Data Law.
• Research and evaluate latest in Information Security technologies and liaison to IT colleagues.
• Participate in implementations and deployments of new technologies.
• Respond to escalated requests for technical assistance regarding viral outbreaks and assist in troubleshooting hardware failures.
• Work both independently and with a team to accomplish multiple tasks and projects.
• Develop and maintain technical documentation including design documents, test plans, project plans, procedures, incident reports and troubleshooting guidelines.

Confidential, Washington, DC

Network Security Engineer Team Lead

Responsibilities:

• Managed Firewall team of 5 that maintains and support BLS Checkpoint Firewalls, IPS, IDS, and Endpoint servers, PKI and network security Infrastructure.
• Engineer and Support the agencies security infrastructure consisting of Firewalls, IDS, Proxies, Endpoint Security products and PKI.
• Engineered BLS Checkpoint infrastructure which consists of 100+ firewalls running different flavors of hardware and Checkpoint OS such as (R71, R75, R76 and R77).
• Configured, installed and maintained checkpoint endpoint security E80.40/E80.50 management and policy servers.
• Migrated four Checkpoint management servers to Multi-Domain Management server as part of the consolidation projects.
• Maintains Entrust servers and manages PKI environment.
• Maintains McAfee Web Gateway Appliance that protects the agency from cyber-attacks.
• Provide guidance and leadership to the Network Operations Team to enforce and maintain the Agency’s information security policy.
• Successfully rebuilt E80.40 mgmt. and policy servers to fix issues in production.
• Checkpoint log server upgrade from R71.40 to R75.40 to take advantage of Smart logs.
• Firewall management server redesign and consolidation to one management server environment.
• Manages all upgrades and engineering projects which include McAfee Web Gateway, PKI upgrade, Check Point Firewall upgrade and Endpoint server upgrade from E80.40 to E80.50 etc.
• Conducts Operations and Maintenance and configuration management for all SOC tools.
• Provides security engineering, integration and implementation of security tools for the SOC.
• Provides analysis related to the design, development, and integration of hardware, software, man-machine interfaces and all system level requirements to provide an integrated IT solution.

Confidential, Washington, DC

Network Security Architect (Checkpoint SME)

Responsibilities:

• Designed and implemented Checkpoint Endpoint solution for Confidential .
• Designed and implemented Checkpoint mobility access and site-to-site solution for Confidential . This helped to save money spent on T1 lines.
• Validated and updated configurations for all of the Checkpoint software blades.
• Recommended changes that improved performance of the CheckPoint gateways 13500 appliances.
• Ensure that the fully implemented solution meets industry standards and conforms to customer requirements

Confidential, Arlington, VA

Network Security Engineer Team Lead

Responsibilities:

• Led team of 3 Security Engineers providing subject matter expertise in Palo Alto firewalls.
• Successfully configured and managed the deployment of 46 Palo Alto Firewalls in cluster to replace existing Firewall.
• Provide monitoring of all Palo Alto firewalls traffic and logs.
• Configured user-id, app-id, content-id, ssl-decryption and policies on Palo Alto Firewalls.
• Maintained and managed PAN-OS and 5050, 4050 and 3050 Firewall that protects Confidential ’s data.
• Integrated Checkpoint firewall into client’s existing network to provide security for applications
• Directly lead and provided oversight for multiple complex infrastructure projects.
• Represent Information Security on infrastructure governing boards
• Develop roadmaps, provide recommendations on projects, process and policy changes
• Manage staffing levels to minimize budgetary impact while providing maximum service
• Support service and equipment procurement activities
• Secure customer support for building Endpoint Security team, improving tool management
• Supports new design initiatives to secure the perimeter of Confidential ’s network.
• Creates SOPs and guidelines for Confidential .
• Provides support for PAN Firewalls and Cisco ASA Firewalls
• Managed McAfee Network Security Manager used to provide perimeter security.
• Managed Juniper Firewalls that support remote access for Confidential .
• Managed Sentrion Email Security Appliance to filter spam emails for Confidential .
• Managed ZixGateway appliance used for email encryption and filtering.
• Managed and Configured F5 BiG IP to provide Load Balancing for Email Server farm
• Configured SSL offloading, bridging and pass through for custom applications per business needs
• Act as Tier 3 support for the Security operations center.
• Performed peer review of work plans for standard changes as requested
• Provide security consultation as needed for product development and industry marketing solutions
• Investigate security incidents and recommend actions needed to resolve situations
• Coordinated all tickets associated with the adding, moving or decommissioning of network elements
• Monitor systems for unauthorized internal and external access attempts and recommend remediation needed.

Confidential, Columbia, MD

Security Consultant / Network Engineer / Architect

Responsibilities:

• Provided timely troubleshooting measures for employees to ensure a satisfactory resolution is provided.
• Configure, Support, update and install Checkpoint R75/76/77 firewalls.
• Provide monitoring of all Checkpoint firewalls traffic and logs.
• Maintained and managed Checkpoint software blades, licenses and updates. (R75/76)
• Provided day-to-day support for users Checkpoint and clients.
• Integrated Checkpoint firewall into client’s existing network to provide security for applications.
• Network Firewall Remediation project.
• Network Segmentation project.

Confidential, Silver Spring, MD

Security Consultant

Responsibilities:

• Tested and configured Checkpoint R77 to work with VMware.
• Configure, Support, update and install Checkpoint (R75/76) firewalls.
• Provide monitoring of all Checkpoint firewalls (R75/76) traffic and logs.
• Maintained and managed Checkpoint software blades, licenses and updates.
• Provided day-to-day support for users Checkpoint and clients.
• Integrated Checkpoint firewall into client’s existing network to provide security for applications.
• Installed configured and maintained security policies for ASA 5505 firewalls.
• Created custom firewall rules in VMware ESX platforms.
• Installed, configured and maintains security policies on Checkpoint Security Gateway firewalls.
• Installed, configured and maintains security policies on Palo Alto Firewalls for clients.
• Installed, configured and manages Centos Linux to support in-house requirements.
• Installed and configured VMware ESX to support in-house requirements.
• Tested, configured and Converted configurations from two Checkpoint appliances currently deployed in high availability mode to two CISCO ASA 5525 for Lottery Company.
• Migrated legacy F5 LTM appliance to newer version appliances
• Created complex rules utilizing TCL scripting to perform load balancing decisions
• Upgraded GTM modules from version 9, and 10 to version 11+
• Design and deployed F5 LTM load balancer infrastructure per business needs from the ground up approach
• Configured and deploy LTM for application such as Exchange, 2010, 2013, SharePoint, VMview, using iApp and manually
• Advanced skills of designing, coding, and troubleshooting iRules
• Strong understanding of the different load balancing options & features to include OneConnect, Persistence, SSL offload functions, HTTP profiles
• Provided SME Level 3 support and direction for production related issues.
• Deep knowledge of application requirements (such as persistence), understand SSL offload and implementation of SSL certificate and Key, and web acceleration and TCP optimization
• Advance experience with F5 configuration via CLI ( advance shell and traffic management Shell (TMSH) )
• Experienced with packet capture analysis (Wireshark, tcpdump) software for troubleshooting
• Configured F5 BiGip to provide Load Balancing for server farm
• Configured SSL offloading, bridging and pass through for custom applications per business needs
• Responsible for High and low Level design as it pertains to load balancing infrastructure and changes
• Deployed code upgrade from version 11.2.1 to version 11.4.1 on the LTMs
• Design and Deployed F5 LTM load balancer infrastructure per business needs
• Configured and deployed LTM with Inbound SNAT configurations and outbound NAT server to IP mapping.

Confidential, Washington, DC

Network Security Consultant

Responsibilities:

• Migrated both PIX 535 to ASA 5520 for Confidential .
• Designed and implemented new Sec network that includes 200+ cameras, 120 users and 40 servers.
• Implemented VRF LITE on core 7206 VXR router and 3750 switch for Sec network.
• Installed, configured and managed ASA 5500 firewalls.
• Installed and configured Juniper Net Screen ISG 1000.
• Configured and maintained security policies for Juniper and ASA firewalls.
• Installed and configured Riverbed Steelhead for WAN optimization
• Installed and configured Orion Solarwinds NPM version 10.2.2
• Migrated Orion Solarwinds NPM version 9.0 to 10.2.2 for Confidential DOI.
• Tracked network bandwidth and cut downtime by 25% while supporting Confidential OS VIPs.
• Installed, configured and managed 2 Cisco Wireless LAN Controllers 4402 to manage 100 Cisco Access Points.
• Installed, configured and managed Cisco Secure ACS appliance version 5
• Installed, configured and managed Cisco 7200 router to connect to VZB.
• Installed Solar Winds SNMP server, configured traps and MIBs to manage new SIB network.
• Eliminated single point of failover for MIB Confidential by setting up 2 6509 switches.
• Installed and configured 6509 switches and configured HSRP for redundancy going to ASA 5520 firewalls.
• Created network diagrams on MS Visio.
• Terminated T1 lines for Confidential IOC.
• Replaced DS3 line cards on Cisco 2900 router at AFRH.