We provide IT Staff Augmentation Services!

Cyber Security Architect/auditor Resume

5.00/5 (Submit Your Rating)

SUMMARY:

  • Information Security is a "Skilled Trade" which requires years apprenticing. The knowledge that I have gained during my 15+ year career allows me to always look a problem with an outside the box viewpoint and to tailor proven solutions to a new problem while dramatically increasing the efficiency of the process or procedure. If you are not able to grow at least 25% a year than you are at best standing still, but more likely than not you are falling behind your peers.
  • Senior Subject Matter Expert (SME) managing and architecting many industries through implementation of the Risk Management Framework; including IT Business Systems for Financial, Government Services, Department of Defense and the Information Technology Industry, with experience building security frameworks for enterprise systems to meet current and future needs specializing, but not exclusively, with Tenable Security Center, and Secret Server by Thycotic Software.
  • Additionally, I have a proven record of successfully utilizing Confidential principles or Information security risk management knowledge to assist businesses with the assessment and improvement of their risk management processes and program for the Confidential, Antitrust Division, Confidential and Records Administration, South Carolina Confidential, & HiPAA/HiTECH. I am also well versed with the Confidential 800 Series, Cyber Risk Management Framework, IRS Pub 1075, and Privacy/Disclosure Policies

SKILL SUMMARY:

Security Processes: Architecting Risk Based Security Solutions, Business Case and Proposal Writing, Risk Assessment, Vulnerability Assessment, Vulnerability Mitigation Process Design/Improvement, Security & Compliance Auditing, SIEM Integration

Regulatory Compliance: Confidential 800 - x (specializing in 800-53, 800-30, 800-37, & 800-39), FIPS, HIPAA/HITECH, PCI,, GLBA, SOX, EPA, EHR, EMR, Privacy & Disclosure Policies, SIG, Document Management

Applications / Application: Tenable Security Center (SC), Splunk, Snort, CSAM, XACTA, KeyLight, Wintel Systems, Confidential Sidewinder v8, LogLogic, pfSense Firewalls, Windows (2008 R2), Exchange (2007, & 2010), XenServer (5.5, & 5.6 SP2), Linux CentOS (5.x, 6.x) and Red Hat (5.x, 6.x), vCenter w/ Configuration Manager

EMPLOYMENT HISTORY:

Confidential

Cyber Security Architect/Auditor

Responsibilities:

  • Designing Security Program Posture in accordance to the Confidential Cyber Security Risk Management Framework
  • Reviewed Control Assessment Questions for IRS Pub 1075, GLBA, SOX, Basel 2.0
  • Performed Audits and Assessments for clients
  • Provided Analysis and assistance to the software development team

Confidential

Security Engineering & Security Analyst

Responsibilities:

  • Provided a Confidential solution to the South Carolina Confidential
  • Worked Directly with the PMO to discovery and make recommendations for improvements
  • Provide strategy for tactical decision on regulatory compliance
  • Confidential 800-53
  • DISA STIG
  • IRS compliance requirements
  • Implementing a proactive approach to information security risk management, focusing on the guidelines with the Confidential .
  • Operationalizing Risk Management thru the
  • Identifying risks through a comprehensive evaluation process
  • Established an enterprise-wide view of information security and business continuity gaps.
  • Reviewing and establishing consistent information security policies and standards across the enterprise to enforce ownership and accountability
  • Assessing and recommend Risk Management or Compliance strategies, policies and governance
  • Project Management of project risks and controls
  • Facilitated the design phase of a MetricStream Confidential solution for Confidential
  • Reviewed and analyzed Gulfstream’s Tenable’ s security center upgrade
  • Reviewed the current implementation and provided a recommendation on how to leverage the tool for other departments.

Confidential

Senior Information System Security Officer

Responsibilities:

  • Provided status updates to the PMO 3 times a week showing the project was on schedule
  • Discovery and Documenting of Current Architecture.
  • Followed Risk Management Framework Best Practices
  • Manage overall Security Authorization processes and schedule.
  • Provide d expert security consultation/advice on highly complex systems.
  • Validate privacy and security controls ( Confidential 800-53) are in place and maintain security posture of assigned Software Applications.
  • Develop Department of Homeland Security ( Confidential ) mandated security documentation and enter into XACTA tool.
  • Review and interpret vulnerability scans. Identify errors and false positives.
  • Provide and implement recommendations to improve security and remediate Plan of Action & Milestones (POAMs ).
  • Verify actions have been completed and obtain artifacts/evidence to close POAMs.
  • Implement and write system-specific security procedures to ensure compliance.
  • Research and evaluate emerging security trends and issues to advise or present to customer or applications support team.
  • Writing Security Plans, Contingency Plans (CPs), analyzing scan results; experience creating and reviewing reports in ArcSight and Splunk.
  • Conduct annual (CP) Test and write/update CP following guidelines found in Confidential 800-37.
  • Participate in investigations of security incidents and breaches and recommend solutions; provides analysis summary to management and recommend alternative courses of action. Review Audit Logs for assigned Applications. Develop dashboards/reports in ArcSight for external customers for audit monitoring. Analyze ArcSight and Splunk data to interpret reports.
  • Respond to Office of Inspector General (OIG ) or Confidential Audits .
  • Managing information security practices, architecture networks, software and hardware .

Confidential

IS Senior Security Architect/Engineer

Responsibilities:

  • Confidential liaison to DOJ ATR Information Systems Security Officer
  • Regularly provided updates to the PMO thru the project coordinator.
  • Risk Management
  • Utilized Confidential 800-37 to accomplish goals
  • Management of all open Plan of Actions and Milestones (POAM’s)
  • Architected policies, procedures, & documentation for the Authorized Security Risk Assessment Framework Conduct risk assessments, penetration tests and diagnose security vulnerabilities in the operational environment as well as systems under design.
  • Write Business cases and proposals for all security architecture recommendations
  • Confidential 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations”
  • Confidential 800-37 “Risk Management Framework” ( Confidential )
  • Design security services which include the development, design/implementation and evaluation, to fulfill the security service catalogue.
  • Confidential Cybersecurity Framework
  • Actively scan the Enterprise Network for Baseline Compliance with a Nessus Professional Feed Scanner.
  • Research emerging technologies in support of security enhancement and development efforts
  • Advise Engineers on Security Best Practices and how to integrate those best practices into existing and new solutions.
  • Designed the Risk Based Security Architecture for a complete retrofit of Security Services within the Engineering and Operational environment.
  • Manage all Security Projects
  • Compliance Management
  • Develop and interpret security policies and procedures, determine applicability to the Division IT infrastructure, communicate findings to Information Security Officer, Information Systems Security Officer, and Engineers.
  • Continuous Monitoring
  • Architect, Deploy, and Manage Tenable Nessus Scanner & Passive Vulnerability Scanner, Confidential, CIS, FISMA, & FIPS compliance.
  • Vulnerability Management
  • Architect, Deploy, and Manage Tenable Nessus Professional Feed Scanner.
  • Recommend and coordinate the application of fixes, patches, and disaster recovery procedures in event of security breach.
  • Assist in responses to external audits, penetration tests and vulnerability assessments.

Confidential

Security Analyst | Manager

Responsibilities:

  • Manage, Architect, & Designer for a modern continuous monitoring and remediation solution
  • Communicated the ISSO’s desires to the IBM PMO to reduce contractual scope creep and deliver the agreed upon contract modifications.
  • Implement Security Framework for Electronic Records Archive ( Confidential ) Project.
  • Confidential 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations”
  • Confidential 800-37 “Risk Management Framework” ( Confidential )
  • Author of all Security Related Business Cases and proposals for the Confidential Project.
  • IBM liaison to Confidential ISSO.
  • Educating the client on inherent security risks, and providing meaningful hardening and mitigation strategies
  • Developed all Security methodologies needed to maintain contractual compliance between Confidential & IBM
  • Project Management duties included designed, developed, and managed projects to track and major security undertakings.
  • Compliance Management
  • Managed audit results to maintain compliance with GAO and other auditor findings. Development of interconnected systems to create strategic solutions to structural deficiencies such as ‘Separations of Duties’ and Password Management
  • Architect and Implementer of Centralized Password Management Solution. The solution used the application Secret Server, by Thycotic Software.
  • Maintained Site Security Documents.
  • Author of IBM Security Standard Operating Process/Procedures (SOP) for Confidential Project.
  • Continuous Monitoring
  • Lead Configuration Analyst for the Tripwire v8.2 Deployment to fulfill: Change Control, Confidential, CIS, FISMA, & FIPS compliance.
  • Log Management
  • Rebuilt All LogLogic Devices to effectively collect and aggregate data.
  • Vulnerability Management
  • Architect and Implementer of Tenable Security Center Solution, which includes Nessus Scanners, to provide greater visibility of Compliance & Vulnerability issues. This solution is being modified to be used for the whole of the Agency, The Confidential & Records Administration.
  • Performed Network compliance & vulnerability scans followed by delivering proposed remediation.
  • Architect and Project Manager for the initiative to upgrade the Confidential Perimeter Firewalls from v7 to v8 without degradation of services. The only outage was the approved maintenance window. The transition took half the time allotted in the maintenance window.
  • Performed Certificate and Accreditation Reviews

Confidential

IT Solutions Consultant - Cloud Services Provider

Responsibilities:

  • Analyzed IT needs for businesses building custom systems to meet business needs within budget following the Confidential 800-53 guidline
  • Cloud Solutions Small business IT solutions and Cloud based services brokerage enabling turnkey virtual offices for micro to medium sized businesses.
  • Compliance Management
  • Compliance Assessments for Confidential, CIS, FISMA, & FIPS
  • Security Assessments & Gap Analysis for Small Businesses.

Confidential

Senior Systems & Security Manager / Operations Manager

Responsibilities:

  • Architect for all Security and Operational systems.
  • Proposals Draft the business case and once approved the solutions proposal for all Information Technology Initiatives.
  • Supported IT Systems Security needs including monitoring, risk analysis, system updates, documentation and regulatory compliance to ensure HIPAA security requirements and standards were met.
  • Compliance Management
  • Developed, implemented and updated corporate IT Security policies and procedures.
  • Created and defined companywide IT Security policies and best practices to preemptively align security standards with HIPAA/HITECH requirements in pursuit of obtaining the future “Safe Harbor” status.
  • Disaster Recovery
  • Created and maintained Backup Plan, Disaster Recovery Plan, and Data Retention Plan.
  • Rebuilt the previously existing Linux Servers on the Enterprise Grade OS CentOS simplified backup and disaster recovery purposes.
  • Risk Management
  • Performed Risk Assessments to locate and resolve potential issues before they arise.
  • Analyzed and reviewed new technologies and system maintenance needs to ensure security precautions are up to date and are aligned with HIPAA standards.

Confidential

Senior Deployment Specialist

Responsibilities:

  • Compliance Management
  • Managed Teams the deploying the new Workstations, Desktops and Laptops for the State of Virginia
  • Those Teams consisted of 2-5 members to complete the migration of hardware and data from the legacy systems for various state agencies. Provided support to clients on hardware and software issues
  • Migration consisted of over 300 PC, Laptops, and Tablets, spaced over a large campus which presented another issue in relation to the normal process.
  • Risk Management
  • Installed, configured, and provided support for Dell and HP Workstations and Laptops for all Confidential .
  • Administered all PC and Printers currently running Windows 2000, XP Pro, Office 2000 and Office 2003.
  • Provided daily status reports, in writing and verbally, to VITA’s Project Management Office

Confidential

Emergency Operations Systems Specialist

Responsibilities:

  • Project Management
  • Coordinated the Enterprise Desktop Deployment of Common Access Card ( Confidential ) with Network Operations, Security Services/Operations, & Desktop services
  • Compliance Management
  • Established Best Practices to implement new technologies.
  • Coordinated and deployed new computers to every department within the organization.

Confidential

Network Administrator

Responsibilities:

  • Compliance Management/Network Security
  • Managed the upgrade of the Flight Information Display Systems ( Confidential ) to meet current Confidential standards for network security and bandwidth efficiency prior to the Super Bowl.
  • Ensure the rigorous application of information security policies, principles, and practices on the network.
  • Part of the response team for network security issues, using mostly Confidential products.
  • Examine, identify and make recommendations on security products.
  • Integrate antivirus, desktop firewall, intrusion prevention, and network access control to defend against malware on the Confidential network.
  • Risk Management
  • Coordinated the Network Infrastructure for Confidential at Confidential .
  • Creation of temporary terminal

We'd love your feedback!