SUMMARY:

• Life Cycle Enterprise Architecture and Framework, Guiding Principles & IT Governance Standards (COBIT, TOGAF & UML) have been published Security Architecture standards have been implemented using ISC2, ISO 27001, Confidential 800 - 30 Threat Risk Management, 800-37 RMF, 800-39 Risk Assessment, 800-53 r4, 800-63 Assurance, MITA3.0, SOX & COBIT IT Controls including Confidential, FISMA and CIP regulations Auditable Internal Control Policy, Process and Procedures have been initiated, documented, Agile and PMBOK project managed, implemented and institutionalized to conform to CMS/HIPAA/HHS/CobiT/PCI regulation Generated functional requirements from business requirements.
• Provided Current State, Future State, GAP Analysis & Roadmaps for Security Architecture Provided Security Architecture in Agile and PMBOK SDLC Waterfall Hybrid environment with Scrum process. Project Manager for Oil Refinery Process Controllers in the US & Off Shore Determined Threat Model, Threat Matrix, vulnerabilities, risks & alternative remediation’s
• Provided Security Architecture for Healthcare MMIS and HIE CMS Audit Compliance & RFP Initiative Supported PCI Assessment, Internal & External Audit Facilitated passing PCI Audit with virtually no open items Security Operations, Risk Assess and IT Security Bank Audits.
• I defined the APT Threat Landscape.
• I developed Confidential 800-53 Attestation Summary Reports, using Confidential 800-30 Threat Risk Approach.

TECHNICAL SKILLS:

• Unix & Linux Bash Shell Scripting, Perl, Ruby, JavaScript
• Chef, Knife, Puppet, PShell Cloud Automation
• AWS & MS Azure Cloud Automation, Node.JS, Python
• Jive SaaS Security Vulnerability Assessment
• Cloud Security, SLA & Contract Compliance, CSA Assess
• Confidential Cloud Proxy Services RFP
• PCI Compliance Project Manager: Identity Access Management/Access Control Audit & Integration
• Security Project Manager: Process Control Security Remediation - Oil Refineries US & Off Shore, Blue Works
• Security PM: SSO/Identity Management for Global Portal Design & Implement, Confluence, JIRA
• Project Control: Portfolio Process, Six Sigma TMAP, NSA-IAM, Risk Assessment, Guiding Principles
• Security Architecture Document for Credit Card Sys.
• .NET/WebSphere/VB Guidance & Patterns:
• Input Validation, Least Privilege & Secure Default
• System Security Plan for PCI Audit and Compliance
• Assessment: Sarbanes-Oxley Internal Control
• McAfee Vulnerability Assessment Security Operations Process & Procedure document, OAuth, SAML
• Web Inspect Web Server & Services Vulnerability Security Operations Process & Procedure document
• App Detective Application Vulnerability Assessment Security Operations Process & Procedure document
• Tipping Point Network Intrusion Detection Security Operations Process & Procedure document
• Cisco Security Agent Host Intrusion Detection Security Operations Process & Procedure document
• Cyber Crime Scene Investigation Security Services Process & Procedure doc., Cloud Vendor Assessment
• Security Operations PMO Project Management Process and Procedure & Security Operations Charter
• AWS & AZURE: VSG, NSG, ACL, Route Tables, Gateway
• Cisco Pix 515E, ASA5520, 7140 VPN, Nokia IPSO
• Palo Alto NG, Check Point FW- NG/AI, NGX, SPLAT
• Linux - Check Point Secure Platform, Axway
• Cisco 3030 VPN concentrator & Cisco IOS VPN
• ASA5520 VPN, Remote VPN, Tivoli ISAM
• Palo Alto NG, Cisco ASA5540 AIP Confidential, Tipping Point
• McAfee IPS/HIDS Cisco IPS Mang. Express IME
• Norton & McAfee Virus Detection, McAfee Confidential
• Cisco Security Agent (CSA), Tripwire IDS
• ISS, Nessus, Rapid7, Burp Suite & Cyber-Cop Scanner
• Web Inspect - Enterprise Assessment, Snare, Kiwi
• McAfee/Qualys, ArcSight SIEM, RSA Envision Syslog
• Enterprise Policy Orchestrator: ePO, AuditCon

CONTRACTUAL EXPERIENCE:

Confidential, Mountain View, CA

Architect

Responsibilities:

• Confidential architect / SE specialist for the West Region. Responsible for supporting Sales Engineers across the west region with technical knowledge of Confidential 's Confidential (Data Loss Prevention) product.

Confidential

Threat Risk Attestation Independent Assessor

Responsibilities:

• Developed Confidential 800-53 Attestation Summary Reports, using 800-30 Threat Risk Approach.
• Interviewed State Service Area SME and Executive Management to attest Confidential control compliance.
• Risk Theme, Condition, Event, Vulnerability, Asset Threat Scenarios, Maturity, Impact and SWOT analysis.
• Developed the Executive Threat Based Risk Assessment Table in the Confidential SSP Summary Report.
• Determined POAM, COA and remediation tools for Managed Cloud Service, CalCloud, MFS and IAM.

Confidential, Rancho Cordova, CA

Threat Risk Assessment Architect

Responsibilities:

• Migrated Risk Process from ISO 27001 controls to Confidential 800-37 Framework using Confidential 800-30 threat-based assessment process and Confidential 800-53r4 controls to define the Threat Landscape and reduce Attack Surface.
• Architected APT & Kill Chain methods to foster proactive Risk Threat Management, POAM, CAP & COA.
• Supported Confidential 800-53 and Confidential System Security Plan table top for all Lines of Global Business.

Confidential, Teaneck, NJ

Platform Health Enterprise Security Architect

Responsibilities:

• Provided the original and instantiated TOGAF based Health Enterprise Security Architecture ( Confidential ) and Framework ( Confidential ) for health care provider Medicaid Management Information System (MMIS) per MITA 3.0 7 conditions & standards, Confidential 800-30 Risk Management, 800-37 RMF, 800-39 Risk Assessment, 800-53 r4, 800-63 Assurance, ISO 27002 and OWASP best practices. Supported RFP security solutions and CMS assessments for states MMIS & Health Information Exchange (HIE) initiatives.
• Supported Health Enterprise CMS audit of material items CAP security architecture solutions. Supported WebSEAL protection of web URLs and URI for conventional and REST web services.
• Designed Security Architecture Blueprints for critical MMIS security components.
• Provide TOGAF consulting service & Confidential
• Development Method.
• Own Health Enterprise Security Architecture. Architected current, transitional & target architecture for EAI step-up MFA authentication and eTAI SSO. Conducted Options & Impact on security token protocols use of SAML, OAuth & JSON Web Token (JWT).
• Designed the MITA 3.0 compliant TOGAF based Platform Health Enterprise Architecture and Framework.
• Assess Health Enterprise cloud security service per SSAE 16 & Cloud Security Alliance CCM best practices. Provide MMIS support in meeting Confidential 800-53 r4 and CMS Moderate Plus Safeguards.
• I provided Confidential 800-53r4 Qualitative Security Assessment against SSAE 16, CSD and HIPAA standards in IBM and customer Data Centers.
• I developed Process Maps, Process & Procedure docs & assessed Use Case in IBM Blueworks for CMS Moderate Plus security controls.
• I peer reviewed User Agile Stories in Version One, Use case process in IBM Blueworks and Agile/PMBOK processes in Share Point, JIRA and Confluence.

Confidential, New York City, NY

Cloud Application Security Architect

Responsibilities:

• The Confidential and Confidential merger made me responsible for Combined Intranet Security.
• I was Project Leader & Security Architect for the Cross-Coast Jive Cloud Application Security Assessment.
• Coordinate Data Loss Prevention Expansion from East Coast - West Coast during merger for cloud apps.
• Coordinate User Recertification Cross Coast Integration process, procedures and operational pain points.
• I provided phase 1 of Confidential Cross Coast Upgrade: Confidential Requirement Gathering and Analysis deliverable.

Confidential, West Chester, PA

Enterprise Information Security Architect

Responsibilities:

• I developed the Confidential Appl Security Architecture Guiding Principles.
• I proposed a Baseline, Transitional & Target Application Security Architecture Framework in an API Managed/ESB environment.
• I developed Appl Security Risk Assessment Self Service Security Profiling Tool based on OWASP, ISO 27002, Confidential 800.

Confidential, Westfield Center, OH

Enterprise Information Security Architect

Responsibilities:

• Security Architected SSO Federated Identity Management Cross System Authentication & ID propagation.
• Provided Options & Impact product evaluation for Site Minder and IBM SAM/WebSeal/TFIM/IDI/STS.
• Security Architected WS-Security Integration on Datapower gateway, Message Broker ESB for WebSphere Applications including, Guidewire Claims Center, Filenet, Thunderhead etc.
• Provided baseline XSA Project Charter and guidance on TOGAF Architecture Process including Cost, Resource Estimation, Order of Magnitude, and Options and Impact. I provided Enterprise Security Architecture services for Custody Assessments to support the RFP process.
• Provided guidance on Data Classification Security Control Matrix. Provided Security Architecture for Enterprise Managed File Transfer system (Sterling & IPswitch), including Options & Impact, RFP, Product Evaluation & SOAP WS-Security transformation & Integration.
• I Provided Confidential 800-53 Risk Assess.
• Developed TOGAF based Westfield Enterprise Security Architecture.

Confidential, Thousand Oaks, CA

Cloud Security Architecture Consultant

Responsibilities:

• Architected Off Network Cloud Proxy Security Services for Confidential Worldwide Global Space.
• Provide vendor product evaluation Weighted Analysis for pre-RFP and Score Card for Response to RFP.
• Provided RFP/SOW Functional, Technical and Cost Requirements, including Cloud Proxy ISO27001/SSAE 16 and Cloud Security Alliance Requirements doc to Global Strategic Sourcing.
• Provide SaaS Services evaluation.

Confidential

Vulnerability Assessment Consultant

Responsibilities:

• Nessus Vulnerability Assessment and Configuration Review on Routers, Switches, Servers, Workstations, Wan Accelerators, VPN, FW. WAP and Voice Gateways on site & remotely over SSL VPN Nessus 5.01 VM.
• Installed Nessus 5.01 on Physical Server and VMWare Virtual Machine to achieve SSL VPN remote access.

Confidential, Burbank, CA

Enterprise Security Engineer

Responsibilities:

• Conducted Confidential & Crew PCI Assessment and provided mitigation/remediation recommendations.
• Developed the Confidential & Crew Enterprise Security Architecture Framework based on TOGAF & ISM3 Risk.
• Provided Strategic, Tactical & Operational Security models including ISO 27001/2 Control Processes.
• Launched Confidential Evaluation Project for Palo Alto NG Firewall, Tipping Point & Cisco ASA5540 AIP SSM-20.

Confidential, New York, NY

Risk Management IT Security Auditor

Responsibilities:

• Engaged Third Party Law Firms doing business with Confidential into a Security Assessment Risk Management process per Office of the Comptroller of the Currency (OCC) Laws & Regulations and the Federal Reserve.
• Executed ISO 27002 IT Security Audit and Risk Assessment to Law Firm Legal Partners, IT Security Team, HR and Physical Facility Manager. Collected IT & HR Security Policies, Data Process Flows and Response to Questionnaires. Used Archer Governance, Risk and Compliance tool to facilitate Assessments.
• Assessed Responses to Questionnaire and supporting evidence, then Interviewed the Law Firm Team to validate the attestation of claiming to meet the ISO 27002 based security requirements and the submitted evidence. Used Archer Compliance Process Manager to manage compliance and audit/assessment process. Provided Recommendations for Remediation of Gaps. Published Security Assessment/Audits.
• Follow up with Law firms to assess closure of Gaps to reduce the Confidential risk to Confidential and its customers.

Confidential, Charlotte, NC

Global Enterprise Vulnerability Security Assessment Eng.

Responsibilities:

• McAfee and Qualys Vulnerability Assessment Scanning, Reporting, Remediation Security Operations.
• Composed Auditable documentation: Process Map, Procedure, RACI, Management, & Process documents.
• Provided Audit Remediation for all Audit items and help provide attestation for evidence of audit closure.
• Scan, Reporting and Remediation in North & South America, Europe, Asia, Africa and Middle East.
• Scanned nearly 2 million devices using over 100 McAfee and Qualys scanners deployed worldwide.
• Monitor Scan Performance before and after upgrades and provided performance tuning as required.
• Owned Vulnerability Security Operations for one of several global environments and backup for others.
• Enterprise Manager and Console Appliance admin for FS850, FS1000 appliances and Distributed System.
• Developed Graphical Analytics for Tracking and Trending of vulnerability metrics in the Global space.
• Used Wire Shark on proxy and other Infrastructure servers to remediate connectivity across domains.
• Provided Endpoint Security Governance and metrics for Americas, Asia, Africa, Europe & Middle East.
• Enterprise Policy Orchestrator - ePO reporting and metrics management to IT and Corporate Dashboard.
• Report Vulnerability and Endpoint metrics to CISO for global risk and audit attestation.

Confidential, San Diego, CA

Advanced Meter Infrastructure Security Assessment Engineer

Responsibilities:

• Support Smart Meter, Smart Sync, Meter Data Management System CIS, CRM, DW & OCE SOA projects.
• Provided OS, Web and Application Scan, Security Assessment, Remediation Solution & Risk Assessment.

Confidential, Los Angeles, CA

Cyber Security Assessment Engineer

Responsibilities:

• Provided Cyber Confidential Forensics Analysis service process and procedures. Project Manage Cyber Confidential Services
• Responsible for Staff Utilization & Tracking Workbook Report Design & Security Operations Charter
• Found Stone Vulnerability Assessment for Security Operations, Process, Procedure docs and maintenance
• App Detective Database Vulnerability Assessments for Security Operations, maintenance & support.
• Web Inspect Web Server Vulnerability Assessment Process, Procedure docs, Operations & maintenance
• Used Splunk, RSA Envision, Kiwi and MARS for Security Assessment, Syslog Correlation & Monitoring
• Responsible for Tipping Point Network Intrusion Prevention System ( Confidential ) monitoring and Assessment
• Cisco Security Agent Host Intrusion Prevention System (HIPS), Process, Procedures doc & Operations
• Cisco Intrusion Detection System Manager Express and Cisco IDS Device Manager Process & Procedure

Confidential, Chicago, IL

Credit Card PCI Compliance & Identity Management PM

Responsibilities:

• Provided PCI Access Control, Identity Management Tech Project Management & PCI Audit Consulting
• Project Charter, Scope, TCO, PCI Audit Approach, Property Management, Reservation, People-Soft & ADP Integration of ID Access Management for PCI Compliance to meet PCI Access Control Requirements.