SUMMARY:

Visionary Information Security Leader with track record in saving companies $1M+ against P&L. Broad security expertise collaborating with cross - functional Internal and External Leadership to drive innovative security solutions for maximum operational profitability and efficiency in diverse arenas. Team leader with proven success managing all aspects of information security with exceptional problem-solving and communication skills.

CORE COMPETENCIES:

• Security Program Development
• Risk Management
• Forecasting and Budgeting Strategic
• Security Planning Vendor Management
• Personnel Management & Development
• Regulatory Compliance
• Product Security Cloud Data Risk & Resolution
• Mergers & Acquisitions Mentoring
• Project Management
• Agile
• PCI SOX HIPAA SSAE16 EU GDPR NMAP
• Nessus Cisco IPS QRadar
• McAfee Qualys Bluecoat Bit9 Parity

PROFESSIONAL EXPERIENCE:

DIRECTOR, SR. INFORMATION SECURITY OFFICER

Confidential

Responsibilities:

• Overall responsibility for Cyber Security and Privacy Program for Global Delivery Operations Business Unit (BU) consisting of over 6100 employees.
• Cyber Security leader of Business Unit Executive Leadership Team providing quantitative risk analysis for more informed business decision-making.
• Gained 100% approval of security strategy through quarterly meetings with VP of Information Technology.
• Drove Application Security Training up 18% to 100% compliance in a 3-month period.
• Managed 1 direct report and 24 matrixed indirect report across geographically dispersed countries.
• Established Application Security Monitoring Program that resulted in 100% Mission Critical application had a clean security report.
• Collaborated with IT and spearheaded a project to reduce vulnerabilities per asset by 75% protecting approximately $11.05M in data breach costs.
• Integrated security within the DevOps process that saw application vulnerability close times reduce by 69% close known risk window from 45 days to 14 days.
• Halted steady increase in risk acceptance by business and increased remediation plans by 50%.
• Initiated Service Account Identification project to bring to reduce exposure of APIs and Backend removing downtime threat by an additional 27%.
• Developed a Security Service Delivery Model to further engagement between business and security and decreasing response time by 50%
• Charged with evaluating emerging security threats, vulnerabilities and control techniques, and communicate this information to BU leadership in terms of exposure factor and direct business operations risk.
• Pushed PC Encryption Compliance above internal compliance threshold to 96% up from 84% and non-compliance
• Conducted 3rd Party SaaS services Flash Risk Analysis lowering data breach cost by $14 per record (50K record assumption).
• Instituted a Secure SDLC and reported decreasing vulnerability trends to Security Executives and Global Delivery IT leadership.
• Cyber Security Lead in successful $2.7B acquisition/merger of Aruba Networks into HPE with corporate level risk posture evaluation and consumption.
• Built Security Spotlight Forum to address SDLC deficiencies in applications with 38% vulnerability reduction due to XSS and Injection attacks.
• Led project to meet security requirement of third-party customer that retained over $50M in revenue.

DIRECTOR, SECURITY ENGINEERING AND OPERATIONS

Confidential

Responsibilities:

• Assist Chief Security Officer (CSO) with developing Board Level IS Strategy presentation for approval and security budget allocation.
• Chair of Business Continuity Plan process that saved company saving the company $750K a day in business downtime due to operations and fines.
• Operated within $350K+ budget procuring security investments to support business goals.
• Constructed 1-year security project roadmap and implementation path effectively decreasing technological attack surface.
• Assist CSO with development and revision of security policies, standards, and procedures which allowed consisted communication across enterprise.
• Developed Executive Security Metrics dashboard for presentation to Board of Directors expressing risk in dollars clearly pointed to P&L.
• Registered 421 devices with McAfee ePO policy enforcement of point products Site Advisor, HIPS, and Virus Scan Engine producing 100% compliance up from 72%.
• Developed Technical Security Metrics Dashboard for bi-weekly Team Meeting with Engineers/Analyst display areas of success and areas of challenges.
• Led Installs of acquired security products that allowed company assets to have increased protection.
• Manage a group of 2 Security Engineers and 1 Security Analyst increasing HR coverage to meet 72-hour breach response requirement.
• Audited existing systems and closed severe security holes saving the company $1Ms in breach fines and reputation loss.
• Set requirement for CISCO VPN connections to minimize time to discover anomalies lowering threat vector detection by 100%
• Responded to Cisco IPS alerting taking proper countermeasures to stall attacks.
• Managed Bit9 File Integrity solution providing 100% coverage of critical server systems and web application file system.
• Instituted continuous vulnerability monitoring through Qualys and Nessus closing vulnerability detection form 14 days to 2 days.
• Audit and assess datacenters within company for compliance with various standards including internal decreasing unauthorized access by 25%.
• Assess current CSIRT program, offer recommendations, and implement recommendations as approved.
• Spearhead education programs focused on user awareness and security compliance raising effectively reducing risky behavior by 95%.
• Managed web content filtering ensuring that proper browsing habits were enforced at the network level decreasing unauthorized application by 25%.
• Work proactively with IT and business unit management with respect to information security and business resumption management attaining 4-hour recovery time for natural disaster.
• Engineered a sustainable and compliant end user environment to meet regulatory mandates, i.e. FFIEC, GLBA, SOX, PCI, etc.
• Researched, POCd, and recommended IBM QRadar SIEM product that turned an immediate 72% ROI capturing network threats in real-time.
• Built 24X7 Security Operations Center (SOC) through collaboration with VP of IT and CSO giving 100% visibility into enterprise network.
• Developed Business Continuity Plan process that saved company saving the company $750K a day in business downtime due to operations and fines.

SR. CONSULTANT

Confidential

Responsibilities:

• Managed access control in Active Directory through the use of security groups and memberships.
• Performed patch verification procedures to ensure all approved patches were applied to vulnerable systems.
• Worked with Network Team on the segmentation of Contracting systems using VLANs decreasing threat capabilities by 50%.
• Managed the secure operations of systems department to include Role-based access control through AD and strong change management process.
• Supervised team of three support analysts across four information systems, documenting all resolutions to develop knowledge base for other team members.
• Monitor trends in information technology and security that could have an impact on the security of the organization's products, processes, infrastructure, or customers.

APPLICATIONS SUPPORT ANALYST, TIER II

Confidential

Responsibilities:

• Handled daily troubleshooting of web applications database servers in SQL Servers 2000/2005.
• Assisted end-users with VPN login issues as well as setup of VPN client on machines.
• Provided onsite and remote installations for new clients' customized web applications in training, testing and production environments.
• Enforced role-based security access control through active directory.
• Restricted and granted access to files and folders based on security groups.