SUMMARY:

Results - driven IT professional with experience in a broad range of IT security initiatives. Capable of planning, analyzing, and implementing solutions in support of business objectives. Outstanding project and program leader; able to coordinate and direct all phases of project-based efforts while managing, motivating, and guiding internal and external resources.

AREAS OF EXPERTISE:

• Network and Systems Security
• Regulatory Compliance - PCI, SOX
• Policy Planning / Implementation
• Team and Project Leadership
• Virtualization & Cloud Technologies
• Data Integrity / Disaster Recovery
• Risk Assessment / Impact Analysis
• Technical Specifications Development

TECHNICAL PROFICIENCIES:

Platforms: Cisco IOS, Windows 7/8/8.1/10, Windows Server 2000-2012 R2, Linux (Red Hat, Ubuntu)

Networking: LAN / WAN Administration, VPN, TCP/IP, Cisco ASA, FirePOWER IDS/IPS, SonicWall UTM and GMS, Routers & Switches, SSIM solutions

Tools: Cisco FireSIGHT, Nexpose, Metasploit, Nessus,Tripwire TE - TLS, Varonis DatAdvantage, Splunk, Symantec Endpoint Protection, Symantec Standards and Policy Managers, Microsoft Office Suite, MS Visio, MS Project

PROFESSIONAL EXPERIENCE:

Confidential, Phoenix, Arizona

Information Security Engineer - Information Security Consultant

Responsibilities:

• Multiple support contracts for network and Information Security consulting, design and support.
• Clients included Salt River Fields (consultant), Confidential through Randstad (firewall support).

Confidential, Phoenix, Arizona

Information Security Engineer

Responsibilities:

• Create and document standards, project plans and operating procedures for information security initiatives
• Document Information Security processes including sensitive data handling procedures, FirePower IPS sensors and FireSight system maintenance and management.
• Create procedures and project plans for remote site network segmentation project in support of PCI compliance efforts.
• Function as liaison between Information Security; third party support teams; Infrastructure teams, and Field Information Technology team for remote site segmentation project.
• Manage and document sensitive data management application and handling processes by utilizing Varonis DatAdvantage to analyze shared data locations and create alerting functionality with Varonis DatAlert.
• Communicate sensitive data remediation procedures to data owners and monitor progress of effort.
• Create technical risk assessment documentation for unstructured data.
• Primary Information Security engineering resource for network segmentation initiative including creating project plans and functioning as liaison to Network Infrastructure team.
• Vendor communication for multiple enterprise applications and functional areas
• Plan and implement proof of concept implementations for Varonis for SharePoint, Kenna risk management product and Symantec DLP,
• Create firewall baseline and standards through reviews of firewall environments including access control lists and management access controls.
• Create remediation documents for Infrastructure Network team to align firewall environment with requirements.
• Lead Infrastructure - Information Security status update meetings on multiple occasions to fill in for Information Security Manager.
• Create and present network segmentation project briefing to Architecture Working Group.
• Offer guidance to Network Infrastructure team for remediation of penetration testing results.
• Create hardening guidelines for ASA firewalls and Cisco routers
• Troubleshoot issues with security applications and appliances as required.

Confidential, Jackson, Tennessee

Chief Information Security Consultant

Responsibilities:

• Assurance that networks meet PCI-DSS, HIPAA and SOX compliance requirements.
• Create, update and validate security policies, DR/COB and incident response plans.
• Design, implement and maintain File and System Integrity Monitoring and Log consolidation using Symantec SSIM, Tripwire Log Center and Tripwire Enterprise and other solutions sets.
• Design, configure and maintain Argent Guardian network monitoring solutions using an array of tool sets.
• Implement and maintain vulnerability management and penetration testing solutions with multiple Gartner Magic Quadrant products including Nexpose, Nessus, and Metasploit.
• Deploy and maintain enterprise network solutions including VPN driven connectivity and firewalls
• Design, implement and documentation of PCI-DSS 3.0/1 compliant network infrastructures including firewall segmentation, tokenization or other hardening measures.
• Design and implement segregation of corporate infrastructures from CDE (card holder data environment) utilizing CISCO, SonicWall, Juniper and other security appliances,
• Implementation and maintenance of Exchange 2003 and 2010 server environment. Multiple sites and servers with both mailbox and routing servers, ActiveSync, Outlook Web Access over SSL/TLS.
• Secure Exchange E-mail Migrations to and from cloud and internal solutions.
• Design and implement corporate web and email filtering solutions with variety of products including Trustwave WFR and ModusGate.

Confidential, Memphis, Tennessee

Information Security Engineer

Responsibilities:

• LAN/WAN Network Design and Management in a multi-site multi-server, 1000 client, Windows 2003 - 2010 Active Directory network including implementation/maintenance of DNS, NTFRS, DHCP, WINS, Shares, Confidential permissions and support for Linux and Unix operating systems.
• Company lead for insuring network meets PCI-DSS, SOX and all regulatory compliance requirements.
• Design, implement and document PCI-DSS 2.0 compliant network infrastructure, with firewall segmentation of wireless environment, corporate infrastructure and CDE (card holder data environment) utilizing CISCO and SonicWall GMS and appliances, security policies and incident response plans for Level 1 compliant merchant.
• Design, implement and maintain Tripwire File and System Integrity Monitor and Log Center for PCI-DSS compliance reporting.
• Design, implement and maintain secure centrally managed wireless networks both corporate and at 700+ remote sites.
• Design, configure and maintain Argent Guardian network monitoring solution for network management notification.
• Implement and maintain Rapid7 Nexpose and Metasploit products for vulnerability and penetration testing.
• Deploy and maintain 700+ SonicWall firewalls and Access points using combination of Global Management System and direct management tools
• CISCO ASA firewall implementation including migration from CISCO PIX 515 to new ASA 5520 platforms in failover configuration, implementation of DMZ with server hardening for AS2 and FTP services. Establish redundant ASA 5540 firewalls for VPN connectivity to 700 stores and all VPN clients.
• Implementation and maintenance of Exchange 2003 server environment. Multiple sites and servers with 1200 mailboxes, ActiveSync, Outlook Web Access over SSL/TLS.
• Migration to Exchange Server 2010 Environment including design and implementation of servers and migration plan.
• Responsible for implementing and managing corporate web filtering solutions with variety of products including Trustwave WFR.
• Responsible for maintenance and design of subnets, VLANs, and configuration of CISCO 4506, 3650, 3500 and 2900 switches, 800, 1700, 2900 and 7200 series routers, 3005 VPN Concentrator and 5000 series ASA and PIX Firewalls including establishment of L to L VPN tunnels, routing for remote location connectivity and security rules and access list assignments.
• Implementation and maintenance of ATT AVTS product including NetGate SG8100 for 700 business locations converting 56k Frame Relay to Broadband IPSec connectivity.
• Group Policy design and implementation for all corporate and remote workstations and servers.
• Configuration and maintenance of all AD OU architecture and replication.
• Migration of client data from legacy systems to newly created storage systems including Clarion EMC VNX SANs and IBM X-series servers, S and H Chassis.
• Senior technical resource offering high-level Windows and Active Directory support to Junior Engineers for issue resolution.
• Make hardware, operating system and application decisions for Corporate infrastructure
• Provide Information Security best practice recommendations and design Policy and Procedure documentation.
• Design and document server tape backup systems, schedules and rotation schemes using combination of Windows Backup and Symantec NetBackup.
• Design and implement Windows Software Update Server environment.
• Server design and build for replacement of legacy and retired server systems
• Vendor communications for telecommunications orders and billing 900 sites encompassing frame relay and telephone lines.
• Maintenance of remote clients over broadband and other connectivity methods using IPSec VPNs.
• Technical lead and project manager for multiple pilot projects including conveon to and from VSAT and DSL connectivity at production retail sites utilizing L2L backhauls over CISCO ASA IPSec VPNs.

Confidential, Memphis, Tennessee

Technical Lead

Responsibilities:

• Lead Engineer for out-sourced projects including Novell GroupWise to Microsoft Exchange 2003 (with Outlook Web Access) migration, implementations and assessment.
• Plan, coordinate and track Active Directory upgrades for multiple client engagements.
• Create, maintain and baseline project plans including resource allocation using tools such as Microsoft Office Project, Project Management Repository (PMRx) status and reporting tools, as well as custom developed project management applications.
• Review and maintain project time entry and resource statistics using PeopleSoft Time and Expense.
• Direct efforts, maintain status reports, and review deliverables for consulting teams.
• Interview and assess skill levels of consultants for projects.
• Project manager coordinating efforts of both internal resources and vendors for telecommunications and network project and implementation efforts.
• Establish and maintain multiple site to site VPN tunnels between various firewall products including CISCO, Checkpoint NG and Microsoft ISA servers.
• Design, document and maintain Managed Technical Services facility Continuity of Business/Disaster Recovery plan.
• Implement and maintain various Antivirus and security solutions for clients including McAfee EPO, Trend SMB, and Symantec products.
• Design and implement backup solutions for MS SQL, Exchange, Windows 2000 and 2003.
• Design and implement physical security systems and access control for secure facilities.
• Audit security procedures, logs and alerts.
• Act as liaison between CIBER and client Information Security organizations.
• Create, document and provide security and Continuity of Business/Disaster Recovery briefings for development staff.
• Design, plan and execute relocation of network infrastructure, telecommunications and physical security systems for CIBER Inc including proximity card access, firewalls, secure mobile computing systems and Internet access.
• Lead for CISCO 501 firewall and CISCO 2600 router implementations for Memphis/Shelby County Health Department.
• Respond to client Requests for Proposals, and Requests for Information.
• Creation of Statements of Work and project plans using CIBER Project Management Methodology (CPMM).

Confidential, Hartford, Connecticut

Technical Lead

Responsibilities:

• Planned designed and implemented companywide anti-virus solutions for 185 server and enterprise desktop environment utilizing McAfee E-Policy Orchestrator and NetShield products.
• General LAN Administration, including assignment of user rights, Confidential security permissions, WINS Server implementation and troubleshooting and maintenance.
• Configured and maintained Enterprise Security Manager and monitored policy adherence.
• Configure, maintain and troubleshoot IIS 4.0 and 5.0 security.
• Server configuration and installation using both scripted and non-scripted installations of Windows NT 4.0 and 2000 Server/Advanced Server and MS IIS 4/5.0.
• Planned and lead team effort to implement and maintain Argent Guardian server monitoring environment for entire multi-site enterprise.
• Configure and maintain secure SNMP management protocols, and alerting software.
• Serve as lead engineer for companywide Continuity of Business testing.
• Design, script and implement Access Control List and Confidential directory security for enterprise wide server environment.
• Lead Engineer for enterprise and domain hardening initiative from planning to implementation using MS Project for time and resource allocation.
• Designed, tested and implemented scripted ACL modification system and share permissions management scripts.
• Designed, managed, implemented Enterprise Wide login scripts to include network drive mappings, software pushes, and information captures.
• Provide Level 3 support to network and help desk staff