SUMMARY:

• Over thirteen years of experience successfully recognizing IT problems, prioritizing client requirements to meet business objectives, and developing solutions that improve the efficiency of IT operations.
• Proven record of successfully reducing downtime, improving security, saving costs, and improving customer satisfaction. Background includes business - to-business, and business-to-consumer.
• The ability to learn technology quickly by speed-reading and researching through various documents or sources.

TECHNICAL SKILLS:

• Windows 7/Vista/XP/2000/NT/98/95
• Windows Server 2000/SBS 2003/2003/2008/2008 R2
• Rat Hat Enterprise Linux v4
• Macintosh 9.0
• SMS 2003
• Mac OSX
• Exchange Server 2003/5.5
• Zimbra Mail Server v5
• Novell Netware 3.12/4.0/5.0
• Network Printers
• PDA's
• HTML
• AD Services
• EMC Retrospect 7.5
• SharePoint 2003
• VMware Vsphere Server v4
• Symantec Backup Exec 10D/11D
• Tape backup systems
• EMC Clarion CX300 SANS
• Linksys NAS units
• Cisco ASA 5510
• Cisco Pix 515r firewalls
• Cisco 2621 router
• Websense 6.3
• WebEx
• Microsoft BackOffice
• AD group policies
• Security Policy and acceptable use policy
• Vulnerability Assessment
• Cisco Catalyst 3560 switches
• Adic 24 Scalar system
• Dos 6.22
• Dell Powervault
• Dell Servers
• EMC Celerra NS22
• EMC CX300
• NetApp Fas 3140/3210
• HP Proliant DL145 G2
• 3 Com 3300 Switches
• Canit Spam Trap
• CLS law system
• Wireless systems
• Advanced AD design
• Business continuity solutions: monitoring/alerts/fault tolerant environment
• Performance optimizing solutions: tuning/scaling
• Network Design
• Change Control
• Dell Remote Access Cards
• WINS
• DNS
• DMZ
• PBX system
• OU structure and design
• VMware ESX 3.5i
• Unix
• POS
• Lotus Notes 6.5
• Backup systems
• Blackberry/iPhone/Android Smart Phones
• SQL Server 7
• Project management
• SCOM 2007
• Infrastructure design
• Numara asset management platform
• SonicWall NSA E5500 firewall
• Cisco wireless control system
• Cisco UCS
• Qualys Vulnerability Management
• Rapid 7 Vulnerability Scanner
• Nessus Vulnerability Scanning

PROFESSIONAL EXPERIENCE:

Enterprise Security Architect

Confidential, Minneapolis, MN

Responsibilities:

• Lead major high visibility projects including segregated environment for joint venture isolation, privilege account management expansion, IBM Data center transition, etc… (25 projects)
• Lead the key management design to help win a 900 million dollar annual contract with the U.S. Department of Veterans Affairs
• Lead security architect for the cloud innovation program and “Cloud First” adoption
• Helped lead the endpoint security strategy and development roadmap
• Adopted the TOGAF 9 business architecture framework and used this to determine the business capabilities and business context for high-profile projects
• Owned the security architecture and design for all security projects originating from the project management office
• One of two resources in the organization to develop the security patterns process and certification

Sr. Security Architect

Confidential, Minneapolis, MN

Responsibilities:

• Lead or secondary security architect for several eight-figure capital cost projects, including Advanced Persistent Threats, Auditing & Forensics GRC, Elevated Application Removal, Two Form Authentication, and Remote Segregation Environment.
• Provided guidance on design and how to perform a risk analysis and review through common security methodologies
• Took leadership in distraught project teams and aligned technical goals to the organization's core functions by utilizing focus groups
• Provided executive reports for technical decisions with a greater than 90% approval rate
• Developed an acquired entity governance blueprint for 35 acquired entities (no other architects were doing this)
• Incorporated the Carnegie Mellon SQUARE methodology for a more thorough risk analysis review within a merger and acquisition consolidation
• Developed data retention structure for core enterprise projects
• Created and designed a private cloud model for acquired entity application control (the first to be approved)
• Followed multiple architectural frameworks such as TOGAF and Archimate to address stakeholder requirements and define the to-be desired design
• Developed and/or modified Confidential security policies

Security Architect

Confidential, Minneapolis, MN

Responsibilities:

• Lead security consultant/architect for 50 projects including Mobile POS, HR system integrations, and store network design
• Lead security initiatives for multiple business stakeholders and owned around 37% of the departments/technologies at Target
• Lead the identification and prioritization of information security risks using benchmarks and metrics
• Led the penetration test results and remediation plan for several projects
• Reviewed and quantified the application-coding scan and correlated this to Target acceptable standards. As well, as approve the remediation plan and scheduling
• Created a solution to one of the biggest problems in our group using an Access database for organization, reports, and input forms
• Closed the gap between different departments and security by transforming my PowerPoints to different audiences

Sr. Security Consultant

Confidential, Minnetonka, MN

• Architected their 10,000 node end-point protection for intrusions, detections, and auditing
• Reduced their endpoint application errors from 46% to a mean of 3% within two months by integrating GUPs, reducing heartbeats, and changing sylink communications configurations
• Created Visual Basic scripts to automate restorative procedures instead of tedious manual attempts for hundreds of systems (reducing repair time from months to days)
• Architecting their Mandiant Intelligent Response platform to help their data loss prevention program find if data was lost, where it was going, and if proper controls were in place (part of the forensics program)
• Streamlining and advancing their incident management program by creating a forensic program to identity critical data loss for PCI compliance
• Revised the “Clean Desk Policy” to be more succinct and direct
• Creating the advanced forensic malware guide and procedures for Carlson Corporate Security
• Advising and educating senior level security staff
• Created a work breakdown structure of my project progress as well as a knowledge management document to be shared with heterogeneous departments

IT Security Engineer/Manager

Confidential, Minneapolis, MN

Responsibilities:

• Considered the IT compliance officer for Sarbanes-Oxley/PCI
• Created a change in culture for improved communication and focus with security alerts and monthly corporate/restaurant newsletters
• Reduced the Sarbanes-Oxley Review of Rights completion time from 3.5 months to 4 weeks using a newly created electronic and communication procedure, which reduced the amount of errors from 65% to around 10% (in a little over 1 year)
• Oversight of the IT infrastructure team’s projects to reduce misconfigurations and architectural errors (Ex. $8,000,000 Network Refresh)
• Created the vulnerability assessment program by quantifying and prioritizing OS and application vulnerabilities (PCI)
• Recommended new procedures for security related topics: inactivity lockout, disabled users, system access request procedures, password resets
• Used cost-benefit analysis and aligned security objectives for the security budget: PCI log aggregation, SIEM, Phishing training, web filtering, Identity and Access Management,
• Lead architect for Identity and Access Management, mobile device management, file integrity monitoring, anti-virus, web filtering, physical security review, and franchise security
• Performed a thorough review of our IT control, processes, and documentation, and updated PCI/SOX/Security provisions from industry best practices via self-learning (books)
• Facilitated, evaluated, and altered all corporate and restaurant security related areas including physical, application, disaster recover, access, web, and business continuity
• Managing and reviving the change/configuration management plan for Sarbanes-Oxley 404 controls
• Created and wrote the security awareness IT newsletters for security related news
• Re-writing the security policy to address current issues and trends to reduce legal ramifications
• Was voted to be on the Enterprise Data Governance team with department heads from Risk, Internal Audit, Legal, and IT, and my mission statement suggestion was approved by the Directors
• The only member in the IT department to do their own project management for security projects (from planning to closing)
• Created and fixed our incident management plan that involves a risk scoring guide and remediation plan
• Reduced costs for compliance and governance tasks by $70,000 annually, not including the reduction in PCI on-site audit period from 2 ½ weeks to 3 days
• Architected and fixed our enterprise anti-virus solution with new administrative groups, new policies, new PCI/SOX reports, and load balancing
• Upgraded our PCI version from 1.1 to 2.0 without direction or resources, and our QSA said the vulnerability management program was the best they’ve seen (McGladrey)
• Represent IT on the Social Media team

Security Network Engineer

Confidential, St. Paul, MN

Responsibilities:

• Implemented a smartphone enterprise plan for executive management and trained each individually or in teams
• Assessed and planned a rip and replace of the museum's core, access, distribution network and wireless infrastructure
• Assisted with the hiring of support analysts/database administrator using weighted scoring models
• Hardened operating systems by scheduling frequent updates, limiting access, and controlling ingress and egress data streams to reduce the amount of risk impact
• Hardened physical security by recommending an electronic badge access scanner on our department door and limited access to our main data center server room by 70% (12 from 40)
• Lead engineer for security information and event management system to provide investigations and root cause analysis
• Assisted with the development of the acceptable use policy with the Director of IT
• Lead engineer for super user privileged management system for PCI compliance and regulatory audits
• Implemented Systems Center Operations Manager to minimize the downtime of our main CRM servers by improving our alerting system from five minutes to seconds (93.3% improvement)
• Analyzed our servers whether to upgrade or install to Windows 2008 R2 based on risk management, legacy applications, and architect principles (60 servers)
• Proposed new guidelines for incidents to maximize the efficiency of the program
• Restructured the layout of our active directory architecture based on location, division, department and sub-department to provide a logical flow and best practice design (7,000 objects)
• Created an 18 page router and firewall configuration standard for the museum and remote locations (PCI Compliance)
• Took over and fixed the wireless phone procedures to maximize the total cost of ownership and standardize the devices throughout the museum
• Work with NetAapp 3140s and 3210s for basic storage functions such as volumes creations, backups, restorations, and auditing system performance.
• Created BIA (Business Impact Analysis) for the business continuity lifecycle of the museums core services, functions, and mission critical activities to meet the goals and objectives of the museums disaster recovery plan
• Use VMware Vsphere 4.1 to provide greater flexibility and more options for server administration as well as used performance monitor to check with resource miscalculations and upgraded to 5.0 using VUM
• Assisted with configuring and implementing Cisco UCS to replace our HP Proliant servers
• Assisting with VMware View implementation for basic image deployments and to slow our hardware turnaround time from 3 to 5 years (40% cost saving per year)
• Setup disaster recovery center of our hot site in South Dakota

Project Manager

Confidential, Maple Grove, MN

Responsibilities:

• Managed a project for an electronic vision board that involved a QA and senior web developer
• Trained the owner of the functionality and design of the web creation
• Created a project proposal, scope, scheduling, partial budgeting, and risk analysis using analytical thinking and Project 2007
• 4 month contract

Network Administrator

Confidential, St. Louis Park, MN

Responsibilities:

• Set up, configured, and supported internal and external networks
• Developed and maintained all systems, applications, security, and network configurations
• Created a company acceptable use policy and explained this to each new employee
• Sustained regular maintenance of the network, overseeing enhancements, and upgrades to the local area network
• Monitored the daily activity on the network and LAN ensuring that the resources of the company are utilized in ways that are within the standards set for employee usage
• Tracked the status of software and equipment agreements to ensure that licenses are renewed to retain SLA
• Upgrades that included the installation of new versions of existing software, or managing the installation of any fixes that the manufacturer of the software may release periodically
• Created and maintained a disaster recovery plan using Symantec Backup Exec 10d, offsite storage, and a GFS model for proactive preventative measures
• Trained internal and external staff network security design and updated them on the architecture
• Recommended upgrades, patches, applications, and equipment
• Provided technical support and guidance to diverse groups and users
• Performed a variety of tasks ranging from the configuration of Exchange 2003, SMS 2003, and SharePoint software to hardware implementations
• Worked under limited supervision and supervised one IS Analyst
• Reported to CIO as well as gave direction towards new technology development
• Have been involved in the four biggest infrastructure moves in the company's history including collocation, Debt Next implementation, upgrading our Cisco networking gear, and binding a SAN to our network
• Consulted and administered multiple networks for businesses across the U.S.
• Implemented a VMware ESX3.5i test environment for the transition to production
• Maintained network hardware and software, analyzed problems, and monitored the network to ensure high availability to system users
• Confidential is a top five-debt management company in the U.S.

Midwest Hardware Technician

Confidential, St. Paul, MN

Responsibilities:

• Configured, supported and managed local area networks for our clients and local office
• Responsible for the set-up, upgrade, and installation of Dell PowerEdge servers and proprietary software for clients throughout the Midwest
• Created and deployed a hardware maintenance proposal for 50 clients located in the Midwest with 6 immediate contracts (12% client to proposal ratio)
• Maintained a hardware depot of our internal office equipment and clients throughout the Midwest (inventory and management administration)
• Troubleshoot and resolved QS1 proprietary software issues for clients via face to face, phone, or email
• Wrote documentation to describe and develop installation and operating procedures of proprietary applications
• Trained client staff our system best practices and recommendations
• Setup a training lab with our proprietary software on a Wi-Fi network
• Reported to the Regional Manager