EXECUTIVE CAREER SUMMARY:

Provide leadership, vision and oversight in the strategic planning, execution, and assessment of information security strategies, policies, procedures and guiding practices for information systems.

TECHNICAL SKILLS:

Technology: CompTIA Security+, CompTIA Advanced Security Practitioner, (ISC)2 Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), GIAC Security Essentials (GSEC), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA),Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator Certification (CHFI), Certified Cyber Forensics Professional Certification (CCFP), Certified Cloud Security Professional (CCSP), Cisco CCNP Security Firewall 642 - 617, Cisco CCNP Security IPS 642-627, Cisco CCNP Security Secure 642-637, Cisco CCNP Security VPN 642-647, Cisco CCNA Security 640-554, Cisco CCENT/CCNA ICND1 640-822, Cisco CCNA ICND2 640-816

Protocols: DNS, DHCP, WINS, SMTP, LDAP, Microsoft Active Directory, TCP/IP, UDP, OSFP, EIGRP,BGP, RIP, IPSEC, SSL/TLS, SSH, SFTP, IPSEC VPN, QoS, ARP/RARP, NAT, FTP, SFTP, TFTP, SNMP, HTTP, HTTPS, Telnet, SCP

Hardware: Cisco Routers (1700/2500/2600/3600/3700/4000/7200/ uBR10K Series), Cisco Catalyst Switches (2950/2960/3550/3650/3750 PoE/ 4500/5000/5500/6500 Series), Cisco Application Security Appliance (ASA 5585/5550), Cisco PIX Firewall (535E/515E/506E Series), Cisco IPS 4260, 4255, Cisco VPN Concentrator (3000/ Series), Cisco Aironet Series Wireless Bridge (1400/1200 Series), Cisco Voice Over Internet Protocol (VOIP) Phone (7940/7936/7912 ), Cisco Redundant Power Supply 675

Software: McAfee Change Control and McAfee Application Control 7.0, McAfee Enterprise Service Manager, Beyond Trust BeyondInsight 6.2, Beyond Trust Retina Network Vulnerability Scanner 6.0, Service Now (IaaS System), Guidance Software EnCase Computer Forensics 7, Guidance Software EnCase Computer Forensics for Law Enforcement and Military 6, Veracode Application Security Testing, Veracode Web Application Perimeter Monitoring, Trustwave Application Penetration Testing, SecureAuth Idp, Proofpoint Email Security Gateway, Rapid7 Nexpose Enterprise, Wireshark, Netstumbler, Nmap, Qualys SSL Labs

Vendors: Microsoft, Cisco, Dell, Hewlett Packard Enterprise, Intel, McAfee, RSA Security, Veracode, Trustwave, Beyond Trust, Websense, Proofpoint, Rapid7, Amazon Web Services

PROFESSIONAL EXPERIENCE:

Chief Information Security Officer

Confidential, New York City

Responsibilities:

• Subject Matter Expert and advisor in the functional areas of cyber security and information assurance based on the principals and guidance of NIST’s cyber security and risk management framework.
• Responsible for identifying, evaluating, protecting against and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise information risk management program
• Develop, maintain and assure information security and risk management program governance, and compliance with policies, standards, protocols and best practices and create and facilitate cyber security risk assessment processes, including oversight and reporting on remediation efforts
• Implements, and enforces Incident Reporting and Response Program to address security incidents, responds to policy violations or complaints from external parties. Investigates and recommends appropriate counter measures for IT security incidents. Manages security incidents and events to protect corporate IT assets, including intellectual property, assets and the company reputation.
• Conduct periodic assessment and analysis of the enterprise’s Information Security risks to identify, measure, control, and minimize loss from Information Security risks by reporting and adjustments to the Information Security program and safeguards
• Manage detection activities and provide advisement on cyber security threats and vulnerabilities; direct the development and implementation of appropriate safeguards to ensure system resiliency, protect critical infrastructure services, and detect, contain and respond to cyber security incidents
• Collaborate with the executive management to determine acceptable levels of risk for the organization to sustain a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
• Collaborate with the appropriate stakeholders to define which types of confidential information are required to be or should be protected with cryptography and establish and maintain policy and verify implementation of suitable encryption controls to protect such information
• Maintain collaborative internal and external information sharing partnerships to assure timely and actionable cyber intelligence regarding threats, incidents, response strategies and solutions
• Establishing requirements for, and overseeing operation of, an enterprise information security architecture and infrastructure that includes Security Information and Event Management, Network and Host Intrusion Detection/Prevention Systems, Vulnerability Scanning and Penetration Testing
• Knowledge and understanding of relevant legal/regulatory requirements and common information security management frameworks such as Sarbanes - Oxley Act of 2002 ("SOX"), Gramm-Leach-Bliley Act of 1999(GLB), The Health Insurance Portability and Accountability Act of 1996 (HIPAA), ISO/IEC 27001:2013/27002:2013, ITSM/ITIL framework, PCI DSS 3.2, OWASP Top 10, SANS Top 20 Critical Security Controls, Federal Financial Institutions Examination Council (FFIEC), CIS Critical Security Controls for Effective Cyber Defense Version 6.1, ISACA Control Objectives for Information and Related Technologies IT governance framework (COBIT 5)
• Knowledge and understanding of Army Regulation 25 - 1, AR 25 - 2, AR 380 - 5, AR 380 - 53, DA Pam 25-1-1, DA Pam 25-1-2, NIST Special Publication subseries (SP) SP 800's (Computer Security) and SP 1800's (NIST Cybersecurity Practice Guides), Federal Information Processing Standards (FIPS) 199 and 200, Federal Information Security Management Act (FISMA), NISPOM or DoD 5220.22-M, DHS 4300A Sensitive Systems Handbook, DISA Security Technical Implementation Guide (STIGs)

Director IT Network Operations and Engineering

Confidential, New York City

Responsibilities:

• Administer leadership, management, high level technical expertise, advice and consultancy to network engineering and operations employees for a complex and large 24x7x365, 99.999% uptime wired and wireless hybrid fiber coaxial (HFC) enterprise network
• Provide leadership and support to the operations and engineering network teams responsible for analysis, design, implementation, support and troubleshooting of the core and carrier network infrastructure to include capacity planning and management
• Monitor and manage processes, policies and procedures for continuous improvement in operational readiness of mission critical network and network security assets to develop Key Performance Indicators (KPIs) and other network performance measurement benchmarks
• Execute best practice business strategies to deliver process improvement in operational integrity, optimized network performance, reliability, security compliance, business continuity, disaster recovery and risk management to lower cost and prevent future network degradation and outages
• Implement the approved actions and workarounds required to mitigate project risk events in order to minimize the impact of the risks on the project to meet the availability of the Operating Level Agreement (OLA) and Service Level Agreement (SLA)
• Monitor and control project work measuring performance using appropriate tools and techniques in order to monitor the progress of the project, identify and quantify any variances, perform any required corrective actions, and communicate to all stakeholders

Director Information Technology and Communications

Confidential

Responsibilities:

• Served as the Information Assurance Security Officer on behalf of the Defense Contract Management Agency Administrative Contracting Officer for the Iraq Southern Region
• Served as the Logistics Management Information Systems Officer for STAMIS networks for the United States Army CFLCC, 377th TSC at Camp Arifjan, Kuwait
• Administered the recruitment, development, motivation and retention of 4 management, 49 non-exempt assigned IT staff and 5 subcontract labor contractors in a 24x7x365, 99.999% uptime of Information Technology services and support in a DoD theater of military wartime operations
• Managed seven million dollars of operating and capital budget in accordance with established Logistics Civil Augmentation Program (LOGCAP) business strategy and financial guidelines
• Used Lean Six Sigma methodologies for continuous process improvements by defining problems, measuring key aspects of current processes, analyzing data to investigate and verify cause and effect relationships, improve/optimize current process and control future processes to ensure any deviations are corrected before they result in fraud, waste or abuse of Government resources.
• Enforced compliance of IT regulatory standards including COBIT, FISMA, ISO 27001, NIST and SOX to ensure the protection of IT assets and the confidentiality, integrity and availability of intellectual property
• Executed continuous process improvement of IT Service Management (ITSM) base on ITIL best practices for ITIL Service Support areas in Incident, Problem, Change, Release, Configuration Management, Service Desk and ITIL Service Delivery areas in Service Level, Availability, Capacity, Financial, and IT Service Continuity Management
• Processed Department of Defense and Department of Justice forensic computer backups and investigations using Guidance Software Encase Forensic 6, On-track Easy Recovery Professional and Norton Ghost Corporate