SUMMARY

• Highly capable information security leader experienced in multiple security domains:
• Security architecture: architecting and engineering secure business, IT and security systems end - to-end in complex environments, and good understanding of architecture frameworks (e.g. SABSA, ISF)
• Security governance, risk and compliance (GRC)
• Security operations, monitoring and incident response, including data forensics and electronic discovery
• Well versed in security risk methodologies (e.g. NIST 800-30), security risk management, and quantitative risk analysis (e.g. FAIR method)
• Capable of performing application risks assessments covering all layers (application, network, OS, physical, virtual, cloud, crypto, access control, and other security controls)
• Experienced in cloud security and cloud infrastructure / migrations (Public, Private, Hybrid, SaaS, IaaS, PaaS, Amazon AWS CSA)
• Experienced in identity and access management (IAM)
• Principal/Lead Security Architect on large, strategic, and highly visible projects
• Development of security policies, standards, processes & procedures, technical baselines and guidelines
• Planning and executing multi-year security strategy to improve maturity of the security program
• Development of security reference architectures and design patterns, capability maps, roadmaps
• Automating and improving security processes (exceptions, risk management, third party risk, compliance, etc.)
• Developing security metrics and dashboards in RSA Archer
• Thorough understanding of the Software Development Lifecycle (SDLC), DevOps and associated security
• Business case development, and executing projects in cross-functional model (cross-organization)
• Experience in security consulting, RFPs, pre-sales and statements of work (SOWs)
• Security and architecture standards (ISO 27001/27002 , NIST CSF, NIST 800-53, ISF, PCI, IAF, SABSA, ITIL)

TECHNICAL SKILLS

• RSA Archer, CyberArk, Websense, Imperva WAF, ArcSight, Qualys, Syslog-NG, McAfee Anti-Virus / HIPS / Full Disk Encryption, Invincea, Bit9
• Juniper SSL VPN, Checkpoint FW, Two Factor Tokens (Safenet, RSA), Nessus, IDS/IPS, Microsoft PKI, Hardware Security Modules (HSMs), SAML, oAuth2, Open ID Connect
• Amazon AWS CSA, Microsoft Azure, VMWare, Docker, OpenStack
• Encase, FTK, iCONECTnxt, iPRO eCapture, Concordance, FYI Reviewer
• MCSE, Windows, Active Directory, Linux, Solaris, IIS, Apache, MS-SQL, MySQL
• DevOps, Python, Perl, C/C++, C#, VB.NET, ASP.NET, Java, JavaScript, R, PHP, HTML/CSS, XML
• Cisco Unified Communications, (V)LAN and WAN security, VPN, IP Telephony, SIP, Jabber
• OWASP, SANS CIS Top 20, NIST 800.53, NIST CSF, ISO 27001/27002 , ISF, PCI, IAF, SABSA, ITIL

PROFESSIONAL EXPERIENCE

Confidential, Iselin, NJ

IT Security Architecture Lead

Responsibilities:

• Leading the IT Security Architecture function managing a team of 9 direct reports and a portfolio of about 100 active projects requiring security architecture input
• Lead security architect on many business, infrastructure, and security projects, including:
• A strategic and highly visible hybrid cloud migration project based on IBM cloud
• A high-visibility project based on cutting edge technologies such as blockchain, Distributed Ledger Technologies (DLT), Docker, Hyperledger, SELinux, elliptic curve crypto, peer-to-peer networking
• A global communications project implementing Cisco Expressways and CUBEs for next-gen SIP telephony solution leveraging Cisco Unified Communications, Webex, Jabber, SIP, H323 and XMPP
• A highly visible vulnerability management program designed to address FRBNY MRIA audit findings
• Managing penetration tests on new applications and services and follow up remediation
• Implemented RSA Archer for the vulnerability management program mentioned above
• Assisted in addressing a FRBNY MRA audit finding regarding the application security risk assessment process
• Improvements to the security architecture function (standards, processes)
• Improvement of other security processes at CLS including vendor management process

Confidential, Murray Hill, NJ

Senior Security Architect / Senior Manager

Responsibilities:

• Lead Security Architect on strategic IT and security projects: Infrastructure as a Service (Hybrid Cloud, HP Helion Public/Private/Virtual Private, HP OpenStack), Privileged & Service Account Management (CyberArk), Bring Your Own Device (BYOD), Mobile Device Management (MDM), Web & Email Filtering (WebSense), Desktop-as-a-Service (NaviSite), Central Logging (Syglog-NG), Full Disk Encryption (McAfee EEPC), Secure Zone & Secure Store
• Involvement with other projects: Vulnerability Management (Qualys), Data Loss Prevention (WebSense), Software Whitelisting (Bit9 Parity), SIEM - Security Information and Event Management (IBM QRadar), SOC (Security Operations Center), Identity and Access Governance, Cloud Identity Service (MS Azure AD / Office 365)
• Member of “Cloud First” core steering team for cloud initiatives
• Development of 3-year overall security strategy and next-generation security architecture
• Produced security requirements for projects researching best practices and industry standards
• Performed security and IT vendor selection (RFP process) and scoring of vendor RFI/RFQ/RFP responses
• Supported annual security compliance activities, data element inventory and asset classification
• Ensured that security was “baked-in” to business processes with appropriate checkpoints (projects, RFC’s, etc.)
• Performed security risk assessments and managed exceptions to security policy (risk management)
• Supervised a team of 2-3 security consultants working on the following activities
• Metrics/dashboard for business and security leaders aggregating different security metrics
• Security reference architecture, including high level architecture, capability map and service catalog
• Automating security processes in Archer (Risk Management, Security Reviews, Third Party Assessment)

Confidential, Eatontown, NJ

Director

Responsibilities:

• Led project to develop ISO 27001 compliant security policies and standards for a major client.
• Developed security policy for client regulatory compliance, including SOX, HIPAA, PCI-DSS, data privacy
• Performed consulting engagements including: Security assessments, security policy development, penetration tests, e-discovery & data forensics. Also responded to RFP’s and developed statements of work.
• Led a software solutions team developing web-based (e-discovery) solutions for clients
• Performed data analysis and report generation on very large (>1TB) data sets for clients
• Assisted with build out of the security practice’s $5M Data Center
• Implemented secure access method for clients and consultants to access data center services and applications

Confidential, Warren, NJ

Senior Security Analyst / Senior Manager

Responsibilities:

• Developed security policies and procedures
• Participated in architecture working groups developing IT solutions and standards for Confidential
• Managed the Computer Security Incident Response Team (CSIRT) tracking computer security incidents to closure
• Developed procedures for incident response, trained security operations staff and network operations staff, and developed an incident response toolkit
• Lead architect for the Security Incident and Event Management (SIEM) solution
• Led development of custom security software to scan 80,000 internal hosts for security vulnerabilities
• Led a project to collect and analyze 40GB of email log data daily
• Deployed a Public Key Infrastructure (PKI) based on Microsoft Windows Certificate Services
• Managed a 4-person team deploying RSA SecurID cards to Confidential employees

Security Analyst

Confidential

Responsibilities:

• Designed, developed and maintained security software used by over 10,000 employees for single sign-on (SSO)
• Performed penetration tests of mission critical systems: Voice Mail, PeopleSoft HR database and Exchange
• Supported security investigations in technical matters
• Presented security topics at Confidential internal conferences