SUMMARY:

• Over 25 years helping businesses deliver IT infrastructure, privacy and security solutions through architecture and project management. I have progressively focused on large, cross - functional infrastructure, privacy and security solutions that impact confidentiality, integrity and availability for companies such as Confidential.
• Certified PMP, CISSP and ITIL with 16 years of IT and security consulting experience
• 12 years of security, privacy, information assurance and risk management experience
• 26 years IT experience overall in business continuity, information security, infrastructure, database, compliance/audit and software design (8 years in regulated and government environments)
• Managed technical staff of 37 team members, and recently, 3 project managers and 2 analysts
• Knowledge of security requirements regarding: HIPAA/HITECH, Sarbanes-Oxley, GLBA, PCI-DSS
• Knowledge of security standards related to: NIST SP800 series, U.S. Homeland Security, and FFIEC
• Knowledge of IT and process frameworks related to: PMBOK, NIST Cybersecurity Framework, ITIL, COBIT, Agile/Scrum, Waterfall, Spiral, and Stage-Gate
• Accountable, driven and enjoy being challenged with complex situations and deadlines
• Strong analytical and problem solving skills, and a cross-functional team player
• Enjoys learning new technologies and very adaptable to technical needs

TECHNICAL SKILLS:

Cloud Services: Azure, AWSCoSoSys Endpoint Protector DLPSymantec Endpoint Protection CloudDropbox for Business,Office365RSA Archer GRCSailPoint IdentityNow/IQOkta SSO/MFA Mobility

Server platforms: Active Directory/LDAPLinux Ubuntu, KaliOracle VirtualboxMicrosoft Server (various)VMWare vSphere, vMotionMicrosoft Hyper-VIIS / Apache (LAMP)NetBackup LTO VTL*

Network analysis: NessusWiresharktcpdump, NMAPSNORT, Bro, ELSA, SguilMetasploitSplunkAlienVaultBurpSuite

Networking protocols: SSL/TLS, PKIOpenVPNIPSec, PPTP, L2TPTCP/IP, UDP IPv4/v6, SNMP, 902.11xSSH/Putty, sFTP, SCPRDP, TeamViewerCisco ASA, IPTables

Collaboration tools: MS Project ProProject Server EPMSharePoint 2003-2013MS Office

Development tools: PowerShell, VBScriptPython, Bash, Perl*XML, SAML, HTML, CSSJavaScript, VBASQL (T-SQL/MySQL/PL-SQL)SQL Server, MySQLSSIS, SSRSSQL Clustering & replicationVisual Studio (various)Team Foundation ServerMS Build ServerC#, VB, ASP.NET, PHPNintex / SharePoint

WORK EXPERIENCE:

Confidential

Security & Compliance Consultant

Responsibilities:

• Deployed Core Security’s CoreCompliance platform for annual recertification of user access
• Architected the audit readiness framework for the annual pathology certification audit
• Oversight of HIPAA risk remediation of breaches identified in the 2016 Settlement Agreement with the U.S. Office of Civil Rights.
• Defined PCI-DSS requirements for online billing payment solution
• Contributed to risk assessments, network segmentation plans, and workstation hardening

Managing Consultant, Founder

Responsibilities:

• Responsible for client engagements, privacy and security project planning and proposals
• Oversight of security gap remediation, privacy configuration & network security integrations
• Designed compliance/audit matrix for HIPAA/HITECH, PCI-DSS, SOX, NIST 800-53/171 & GLBA
• Provided compliance consulting for SAAS hosted solution expanding into HIPAA markets

Senior Project Management Consultant / Risk & Change Management

Responsibilities:

• Coordinated compliance, HR, internal audit, master data management and IT teams for privacy and change management and business continuity planning
• Coordinated senior leadership across multiple business units to optimize risk opportunities, data loss prevention (DLP), security posture impact and HIPAA regulatory exposure
• Assess & monitor impact of risk & privacy controls on transition and overall security posture
• Promoted culture of risk and control awareness, clarify risk tolerance and maturity
• Oversee executive-level communication, steering committees, town halls and project teams
• Recovered troubled project during execution phase and reestablished timeline through effective management of risk, schedule, resources and conflict
• Apply best practices from NIST RMF (800-37), Cybersecurity Framework, ITIL and CobiT models

Senior Project Management Consultant / Infrastructure & Security

Responsibilities:

• Led a $10M banking business continuity/DR solution project that used EMC Data Domain, CommVault, Oracle RMAN, et.al. This created a layered defense of data assets for availability and regulatory compliance
• Coordinated compliance assurance reviews (pre-audit) of security configuration management, DR control and restore testing, risk management and SDLC release management on active projects
• Implemented Wireshark traffic analysis solution for service continuity between data centers
• Increased integrity and availability of global job automation, as well as the first access control “Least Privilege” review in 5 years while managing a platform upgrade of Control-M
• Lead the modernization of a legacy extra/intranet platform that improved access control oversight, availability, content confidentiality, non-repudiation and integrity of critical business information.
• Broad architectural involvement with design & review of IT protocols (HTTPS, ADDS, DNS, UDP/TCP, subnets), platforms (Linux, Windows, Oracle, DB2, Sybase, et.al.) and their integration with the client’s PMO, SDLC, risk, InfoSec and banking compliance best practices and controls.
• Recovered & completed multiple struggling projects affected by changing scope and governance during bank leadership re-organization

Senior Program Manager / Platform Modernization

Responsibilities:

• Led team to modernize core .NET systems supporting end-to-end enterprise client services & SCADA systems for integrity, privacy controls and non-repudiation within a regulated environment
• Risk management committee member
• Delivered a quality assurance process of technical designs for shorter development turnaround
• Ensured voice of the customer was reflected in requirements, SDLC practices & reviews
• Managed technical staff and provided program leadership of 37 technical resources
• Managed scope to provide meaningful performance objectives & adaptive roadmaps
• Maintained a strong client relationship to expand contract presence 110%

Senior Project Manager

Responsibilities:

• Coordinated global access controls upgrade & synchronization processes of Forefront Identity Manager (FIM) for improved authentication, availability and integrity (service continuity)
• Delivered worldwide SharePoint MySites implementation that included extensive legal review and audit for confidentiality and non-repudiation
• Defined IRB/REB & privacy compliance model of LIMS clinical library legal portal
• Led data assurance project to migrate SharePoint datacenters across 4 continents
• Managed 20+ SQL Server & SharePoint application projects from customer concept to implementation while coordinating development teams both onshore and offshore. Several involved regulatory privacy compliance requirements & dedicated disaster recovery models

Technical Architect & Project Manager

Responsibilities:

• Led Identity & Access Management configuration including group policy management in Active Directory, SharePoint, remote access and firewall rules management.
• Coordinated identity management modernization, including domain merging & access control infrastructure consolidation across multiple corporate acquisitions
• Implemented subnetted network isolation of development and testing environments from production
• Designed and managed various vulnerability and penetration testing exercises
• Defined release management governance & MSBuild server deployment
• Defined helpdesk patch management processes for production customer service continuity
• Provided strategic planning and project leadership for projects ranging up to $3M
• Led definition of PMO framework (policies, procedures, guidelines and tools) using best practices from PMI, ITIL, Six Sigma/LEAN, Stage-Gate & Agile/SCRUM methodologies
• Managed VPN deployment for static WAN and employee access
• Coordinated PKI/OpenSSL implementation & secure SharePoint portal for vendors & staff
• Assisted planning of mobile device encryption with AirWatch/Good
• Implemented clustering, hardening & disaster recovery for MS SQL Server 2008 farm
• Deployed Team Foundation Services for source code control, testing, and requirements & issue management
• Delivered change control best practices for the software development & QA teams
• Deployed VMWare ESX & Workstation virtualization solution for development, testing & business continuity services

Information Security Architect

Responsibilities:

• Passed comprehensive HIPAA and Sarbanes-Oxley external audit within first year
• Coordinated IT & Risk Roadmap to align with executive performance objectives
• Delivered Access Control governance & self-provisioning automation
• Implemented network and host-based intrusion detection infrastructure & monitoring processes
• Established disaster recovery oversight, policies, procedures with audited backup verification
• Completed enterprise workstation encryption deployment & governance
• Deployed Call Center PBX call recording secure archival & metrics
• Prepared & completed information security reviews and audits for federal regulatory compliance

Systems Architect / Security & Infrastructure

Responsibilities:

• Established programs for service continuity, disaster recovery, and issue management
• Facilitated internal network and database security audits for system compliance
• Coordinated intrusion detection assessments, metrics, & reporting
• Designed and deployed MS SQL Server farm, including FIPS hardening
• Facilitated VMWare ESX 3.5 platform deployment
• Set up Multi-tiered development services environment
• Deployed Team Foundation Services for code & issue management
• Held security clearance to manage systems security & SDLC for regulatory compliance