SUMMARY:

• Twenty years’ experience in various PC, LAN, MAN and WAN architectures, troubleshooting and repair skills. In depth knowledge of variety of networking wiring methodologies: bridges, hubs, routers, Firewalls and remote access technologies.
• IT Security expert, ensures secure network and application environment consisting of highly sensitive client data.
• Tivoli, Lotus and Kerberos based SSO. Wireless 802.11ac installation, security and penetration testing.
• Designed, implemented, secured and maintaining corporate and client websites.
• (Emptechsolutions.com, NetJetsBenefits.com) according to customer’s look and feel.
• Audit: completed internal telecommunications audit revealing a $250K annual fraud event.
• Established both business and technical client relationships in US, Europe, Australia and Asia.
• Systematically created initial and ongoing compliance programs for HIPAA, HITECH, HITRUST and PCI - DSS and related controls, achieving near 100 percent compliance in less than one year.

TECHNICAL SKILLS:

Hardware: Wireless Networking, 3Com TippingPointIPS, TriGeo (SolarWinds) SIEM log management; Bluecoat PacketShaper; Cisco PIX, ASA, CheckPoint (N75), Cisco Managed Switches VLAN, ExtraHop (Enterprise wire - line analysis), LightCyber Magna And Dambala (Enterprise Network Based Anomaly Detection);

Software: CORE Impact, ISS Scanner, Wireshark, Nessus, NMap, Metasploit, OpenBSD, Ubuntu (SourceFire Snort IDS/IPS), Red Hat Workstation; Qualys vulnerability scanning, Linux, Lotus Notes 8.5.2, Oracle 10i, Microsoft Windows Server 2008, XP, 7, SQL 2000/2005; Exchange/Outlook, Scripting PowerShell, Python, NMap NSE, VMware 8 Workstation And Server, RSA Server Soft and Hard Fobs, Multiple SSL installations to include EV - SSL With load balancing, Site to Site VPN.

Other Relevant Tech: Encryption Bit Locker, True Crypt, Self-Encrypted Drive (SED) PGP Full Disk, Frameworks (GRC) HIPAA, HITECH, PCI - DSS, COBIT v4, FRCA, GLBA and ITIL, Risk Management Quantitative and Qualitative programs in place and maintained, Privacy And Privacy Law

PROFESSIONAL EXPERIENCE:

Confidential, Deerfield, Illinois

Security Architect

• An integral technical lead to a small, highly collaborative project team that is implementing new technologies to strengthening the security profile installing, testing and monitoring over 50 firewalls, NAC IPS/IDS, MobileIron and SNORT implementations.
• Designed, built and implemented a new multi-layered, multi-location based Incident Handling program to include complete and accepted policy, procedures, guidance and standards based on a combination of ISO and NIST standards in line with eventual desire to become ISO 27000 series compliant. An additional benefit is Confidential also has a completed and working malware and forensic analysis and capability within (Enterprise) Network Security.

Confidential, Mundelein, Illinois

Security Architect

• Currently creating policy, procedure, guidance for a privately owned 7 billion dollar per Year Company.
• Designed and implementing the replacement of a legacy anti-virus system with a complete enterprise endpoint protection solution suite, adding Trend Micro Deep Security for VM Ware ESX Trend mobile security: Mobile Device Management (MDM); Mobile Application Management, Reputation Services, Anti-virus and Symantec Data Loss Protection (DLP).
• Implementing a new risk management solution designed to integrate security into the overall corporate project management scheme.

Confidential, Ann Arbor, Michigan

Risk Assessor, Risk Management

• Assesses risk per Confidential standards utilizing NIST 800-53R4 and ISO 27000 frameworks.
• Ensures compliance is meet with any of 19 US and International Compliance requirements (HIPAA, PCI-DSS, 17 others)
• Updated the Confidential risk management framework from Revision 3 to 4
• Manages results of risk findings, develop remediation plans carrying said plan through the remediation process.
• Managing 3-7 projects as part of a larger project portfolio of 436 projects over a four year timeframe.
• Using open source and commercial vulnerability assessment software to discover and remediate flaws.
• Presents findings to senior management (Chief Information and Security Officers, Deans of Schools).

Confidential, Naperville, IL

Security Administrator

• Charged with defending network as well as physical infrastructure of enterprise architecture consisting of private cloud and traditional network segments.
• Monitored all forms of electronic logs: 1038 endpoints as well as 26 cameras on 7/24/365 basis CCure 300 system.
• Established and maintained new patching and compliance system utilizing ForeScout NAC reducing number of vulnerabilities from an average of 6.3 to .5 in less than 1 month.
• Established and maintained both internal audit procedures as well as external client audits on an ongoing basis.
• Monitored and responded to various SIEM, IPS/IDS, Anti-virus and NAC logs, controls and consoles through analysis, counter action, network and desktop forensics and incident handling.
• Conducts internal compliance audits for PCI-DSS, HIPAA and other compliances on an ongoing basis. Coordinate external audits with top tier banks on an annual or bi-annual basis.

Confidential, Chicago, IL

Security Engineer

• Internal and External Risk Management: Working with internal business and external vendors provided assessment of risk, control and security to conform to Mars policy & risk appetite. Controls found weak or out of compliance were remediated to conform to business objectives and need within internal, external and hybrid cloud based systems.
• Assessed new and existing corporate initiatives through comprehensive risk analysis. Supported three to nine simultaneous projects any given time. PCI-DSS project management plan rewritten to include new PCI 2.1 standards. Transferred over 200 local and remote firewalls (ASA, CheckPoint 1, and MPLS) to British Telecom as a project. Internal Audits of PCI-DSS controls, internal security controls to include but not limited to Symantec Enterprise agent controls, review of internal security procedures and risk assessment guidelines.

Confidential, Chicago, IL

Network Manager/Security Architect

• Managed all security-related work: Intrusion detection; SIEM monitoring; Malware analysis; Data loss prevention; Full disk encryption; Policy, procedure, standards and guidelines.
• Designed and maintained advanced Trend Micro DLP solution (formerly Leak-proof) to ensure federally mandated compliances, business policy and procedure.
• IBM Domino 8.5.2 Server and clients formulated related IT policies and procedures for network security, HIPAA, HITECH, PCI/DSS and EU Safe Harbor compliances.
• Upgraded Cisco PIX 515e/VPN 3005 to ASA 5510.
• Vigilantly monitored network traffic for intrusion by way of SIEM logging and email notification during off hours. Secure remote access allows response, anywhere, anytime.
• Ensured end user awareness of access, usage and possible HIPAA and HITECH conflicts.
• 3Com Tipping Point IPS/IDS kept up-to-date with scheduled patch and maintenance.
• Completed upgrade Microsoft SQL 2000 to SQL Server 2005.
• Established written policy & procedure for Risk Management and Internal Audit as part of an overall Project Management Program to include both Qualitative and Quantitative risk assessment.
• Managed both internal and external audits (externally audited once a year) as part of continuous security improvement program centered on PCI-DSS, EU Safe Harbor and HIPAA/HITECH compliances.
• Integrated into DLP and internal firewall solutions is three-factor AAA system verified by RADIUS server combining fingerprint, PIN followed by two distinct password entries.
• All log information was fed directly to TriGeo log management solution for analysis and compliance reasons.
• Weekly vulnerability testing included NMap, Nessus and Metasploit Framework.
• Scanned for network and web application vulnerabilities, monthly or as client facing applications changed.
• Audit was compiled on annual basis or client needs. Compliances: HIPAA, HITECH, EU SafeHarbor, PCI/DSS.
• Continuously monitored security posture for possible intrusion. Security metrics were measured against industry baselines and audited according to best practices. BCP/DRM was likewise tested at least annually.
• Successfully initiated new company standardized security awareness and formalized risk programs.
• Defined, coordinated and managed all network and security-related initiatives as projects based on scope, time, money as well as proper risk assessment.
• ETSI (a Human Resources Information System) was separate startup from Near North. ETSI grew over 10% per year for first three years. Specialized in custom Healthcare and HR-related software ranging from employee benefits enrollment portals to talent management for mid to large corporations.
• Governance, Risk and Compliance (GRC). Established ongoing corporate governance, risk management and compliance as new regulations were adopted and ongoing as continuous improvement cycle. Programs as part of an overall Project Management portfolio included: HIPAA, HITECH, PCI-DSS, SAS 70 (Internal and External Audit)/SSAE 16 and operational controls for both US and Internationally based employees and clients.
• Supervised three developers and shared responsibility for two call center employees.
• Planned and budgeted for company of four additional production staff members to allow for growth: Office space, computers and security: both physical and logical.
• Designed, built and maintained server farm of twenty plus workstations, PIX 515E firewall, Cisco 1821 router, Cisco 2900 Switches tape and off-site backups, TrendMicro Enterprise Suite provided seven layers of protection to network.
• Network and Workstation Operating System: Windows 2008/XP/7, Ubuntu Linux/SANS “SIFT” for Forensics analysis for unknown malware and other incidents such as intrusion or compromise.
• All service packs and patches were updated within 16 hours of release under client SLA.
• Maintained 99.99 up time guarantee for past 5 years through use of internal redundancy and hot siting methodologies.
• New LAN and Windows 2003/2008R2 domains. All new equipment: purchased, built, configured and maintained NIST standards. Network was audited five days per week.
• Engineered two remote access solutions for all in-house and virtual office employees. Access was based on MAC standards as employees were limited to access to need to know.

Confidential, Chicago, IL

Independent Consultant/Manager of Networking and Security

• Managed all IT-based services to wide range of diverse internal clients to include both brokerages with 30 smaller technology companies or divisions under NNNG umbrella of companies.
• Actively supervised three Managers: Telecommunications, Network, Software development plus one direct report IT Project Manager including 19 subordinate positions.
• Notable projects included: Established long-term IT business planning; Year 2000 updates and certification; Business Continuity Planning/Disaster Recovery Planning; Telecommunications (PBX, ACD, Audit, Voice Mail) replacement; Ethernet backbone replacement; Firewall (PIX)/Checkpoint1 (dual screened subnet); IDS; NIDS; and audit projects.
• Security awareness established by way of internal media (posters), written policy and procedure as well as group meetings programs for both new and existing employees.