SUMMARY:

• My skill set in Information/Cyber Security includes creation of Security Policies, Procedures and Plans, auditing, risk assessment, hands - on network routing and switching, troubleshooting, monitoring, management activities and working with a variety of security software tools in Windows and Confidential environments with two factor authentication (PKI - CACs - smartcards).
• My work has involved reviewing, updating and creating Security Policies, Procedures, Standards and Plans.
• Work included active directory security policy and auditing, vulnerability audits/assessments, Pen-Tests, Confidential and network infrastructure.
• Used security tools such as IDS/IPS, SEIM (Symantec Endpoint Protection), AlienVault, Confidential, Tripwire and inter-connections. Played a key role in assisting with the security education and training of process/control owners for their understanding of ISO 27000 series and Confidential security controls by conducting detailed analysis and presenting results to information security management teams. Coordinated SOC and SSAE compliance/reports.
• Designed and conducted user Security Privacy and Awareness Training.
• As a CyberSecurity Manager, I led an incident handling team and worked with incident analysis/remediation/forensics on a daily basis, coordinating with Network Operations, DataCenter and the Helpdesk. Coordinated with Project Managers, Network Operations, Data Center Operations and Information Assurance Teams using ISO 27000 principles, standards for Confidential /SOX/DSS, etc. and guidelines on risk management/analysis (Risk Assessment) for the identification, assessment, and prioritization of risks (ISO 31000) followed by application of resources to minimize, monitor, and deal with the impact of security events.
• Provided oversight for vulnerability scans (Retina and Nessus) and worked with security tools such as Symantec Endpoint Protection, AlienVault, McAfee, InMon, FortiAnalyzer, etc. for security information, event management and IDS/IPS.
• Responsibilities included managing, monitoring, analyzing, improving and troubleshooting security systems.
• Created and worked with Disaster Recovery and Business Continuity Plans.
• Managed virus protection program for prevention, detection and elimination of viruses.
• Participated in Compliance and Risk Assessment programs.
• Acquire a complete understanding of a company’s technology and information systems.
• Plan, research and design robust security architectures for any IT project.
• Perform vulnerability testing, risk analyses and security assessments/audits.
• Research security standards, security systems and authentication protocols.
• Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.
• Work with public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers.
• Test final security structures to ensure they behave as expected.
• Provide technical supervision for (and guidance to) a security team.
• Define, implement and maintain corporate security policies and procedures.
• Oversee security awareness programs and educational/training efforts.
• Respond to security-related incidents and provide post-event analysis.
• Update and upgrade security systems as needed

PROFESSIONAL EXPERIENCE:

Director, IT Security

Confidential

Responsibilities:

• Designed Security Program including creation of over 100 Security Policies for Confidential Compliance.
• Conducted Security, Confidential, Confidential internal risk assessments and audits.
• Created Security Privacy and Awareness Training Policy and slide sets.
• Created SDLC document to include security and mobile application considerations.
• Developed Risk Management Policy including Risk Assessment checklists.
• Assisted research for Confidential Certification.
• Worked with Vendor security checklists and created Vendor Security Policy.

Confidential, San Jose, CA

Contract Security Assessor

Responsibilities:

• Completed Security Assessments at several Confidential Centers.
• Involved extensive physical and electronic inspection/investigation of the Centers including personnel.
• Completed checklists of over 100 Confidential related security controls for Security Compliance.
• Maintained contact with 16 Centers for remediation and Corrective Action Plans.

Confidential, Mountain View, CA

Network Security Analyst

Responsibilities:

• Created and built the Security Architecture including a Corporate Information Security Program including all Policies, Procedures and Plans to include Confidential and HIPPA regulations/standards.
• Conducted Security, Confidential internal risk assessments and audits.
• Developed Confidential Policy and Procedure.
• Created Security Privacy and Awareness Training Policy and slide sets.
• Created SDLC document to include security and mobile application considerations.
• Developed Risk Management Policy including Risk Assessment checklists.
• Assisted research for Confidential Certification.
• Worked with Vendor security checklists and created Vendor Security Policy.
• Created over 90 Policies and Procedures including Remote Access (VPN) Policy.
• Assisted with Vulnerability scans and Pen-Tests.
• Assisted with AlienVault.
• Worked with SOC/SSAE compliance and reports.

Confidential, Pleasanton, CA

Cyber Security Analyst

Responsibilities:

• Reviewed audit findings and worked on testing/remediation. Used Tenable Security Center to run Nessus vulnerability scans against network devices and servers.
• Involved with Confidential, HIPPA & ISO security controls. Conducted a Major Policy Review/Update Project. Conducted Audit Finding Pre-Tests for remediation.
• Engaged in Business Continuity Plan/Disaster Recovery Plan updates and simulations.
• Coordinated with LAN Engineers for network security.

Confidential, Santa Clara

Sr. Information Security Officer

Responsibilities:

• Provided Information Security Program oversight and technical reviews (security technical writing). Processed security vulnerability scans from Confidential and the Confidential .
• Updated and provided information security guidance, reviewed and monitored security plans/bulletins, and communication to CIO on Information Security Project activities.
• Used Zscaler and SEPP.
• Conducted Confidential /ISO 2700x Compliance Assessments/Audits.
• Created City Information Security Plan, CIRP and Auditing Policy.
• Updated Security Policy and Procedure documents.
• Worked with Network Engineers on CISCO ASA, etc.

Confidential, Pleasanton, CA

IT Information/Network Security Consultant

Responsibilities:

• Worked with Druva, WinMagic, Symantec ESM, McAfee, CA PIM and other security tools.
• Created Corporate Security standards and authored Policy/Standards review/updates (security technical writing).
• Assisted with security incidents, information security training and knowledge transfer to employees.

Confidential, Monterey, CA

CyberSecurity Manager

Responsibilities:

• Completed Confidential processes for Confidential .
• Created Security Policy and review/updates.
• Managed four Security Incident Handlers.

Confidential

Information Security Consultant

Responsibilities:

• Work included Confidential.
• Delivered Confidential and Security+ Training.

Confidential, Columbus, OH

IA Security Analyst/Incident Handler

Responsibilities:

• Responsibilities included detecting, opening and closing incidents.
• Utilized 15 secure accounts for Confidential defense in depth such as ArcSight Logger, HP ESM, McAfee (HBSS, ePO, etc.), Websense, IBM WebSphere, Symantec, Juniper, & CheckPoint.

Confidential

Information Security Consultant

Responsibilities:

• Work included Confidential for Government, Military and Corporate clients.
• Delivered Confidential courses including Confidential and Security+ Training.