- me is a certified information security professional wif a background in systems and network engineering.
- My experiences are diverse; ranging from creating and leading an information security program for a high performance computing center and statewide research network, managing operational security for an international retailer, and designing security architecture for cloud based medical applications.
Chief Information Security Officer
- Lead strategic direction and build program for information security.
- Reduced high and critical vulnerabilities by 40%.
- Implemented Risk Assessment program for HIPAA/HITECH.
- Develop metrics and improve compliance status for Payment Card Industry (PCI) requirements.
- Implemented Vendor Risk Management processes.
- Prepare presentations for the Board of Directors.
- Function as an advisor on risk for the executive leadership team.
Associate Director Cloud Security Architecture
- Created security architecture for CTS Healthcare solutions in the cloud.
- Engaged wif clients to design approved architecture for cloud services.
- Met HIPAA compliance objectives, performed Governance, Risk, and Compliance (GRC) fucntions.
- Build out and test security controls.
- Scan for and work wif teams for remediation of vulnerabilities.
Manager, Information Security
- Responsible for approximately $5 Million operational budget plus additional budget related to capital projects.
- Lead information security team to complete security operations portfolio.
- Lead Vulnerability management process and remediation efforts wif cross functional teams.
- Communicate wif business stakeholders for information security matters.
- Conduct and lead penetration tests
- Mentor staff interested in information security for staff mobility.
- Work wif external and internal council for response plans and privacy concerns
- Update and maintain information security tactical plan and roadmap.
- Implemented network segmentation for cardholder data environment.
Sr Security Analyst - Security Operations Lead
- Evaluated, selected, and implemented vendor for Managed Security Services.
- Investigate and respond to information security incidents.
- Supervise consultants, interns, and direct reports.
- Create custom searches and dashboards in log management and aggregation platform for information security team.
- Create project justification forms for annual capital expenditure projects in information security
- Implemented Active Directory Certificate Services for implementation into Voice over IP environment.
- Provide assistance, advice, and architectures to achieve PCI compliance.
- Implemented enterprise certificate PKI for internal applications for ease of management and increased security.
- Transitioned and updated vulnerability management tools and processes.
- Reviewed, selected, and implemented vendor for endpoint security solutions for the entire enterprise (Data Loss Prevention, Encryption, Antivirus).
- Analyze and review firewall logs and wif brand protection and loss prevention to secure Ecommerce environment.
- Updated security policies and risk assessment for PCI and SOX compliance.
- Performed wireless penetration test for stores wireless environment and routine vulnerability scans.
- Implemented Data Loss Prevention for network stored data at rest.
Information Security Officer
- Worked wif General Counsel for the Ohio Board of Regents wif regards to information security matters.
- Built relationships wif other Ohio based Higher Education Institutes.
- Consulted for other State of Ohio Agencies on matters of information security.
- Served as a member of the State of Ohio Data Protection Subcommittee for implementation and guidance for Ohio Revised Code relating to privacy and security.
- Reduced internally and externally facing vulnerabilities through vulnerability scans, penetration testing, and team remediation meetings.
- Conducted operational risk assessment to enumerate assets and threats to the assets.
- Utilized intrusion detection systems for awareness of internal security threats.
- Managed the transition of multiple state organizations to a unified network and security platform creating a more manageable and efficient service.
- Communicate and train employees in security policy and security awareness
- Setup and administrated management system for Ohio’s Third Frontier Network. Negotiated pricing from vendors and obtained a 50% matching grant from Sun Microsystems for hardware and maintenance.
- Assisted wif management and design of OARnet co-location facilities.
- Provided systems administration consulting services for OARnet customers.
- Administrated and responsible for day-to-day maintenance of UNIX machines, reduced service related trouble tickets.
- Installation and support of IP Telephony and VPN solutions.