PROFESSIONAL EXPERIENCE

Confidential

President/Chief Information Security Officer

Responsibilities:

• Provide Lead applications testing, and remediation advice.
• Utilized various tools including Qualys, Nessus, OpenVAS, Burp and others.
• Synack Red Team Testing.
• Risk Governance and Compliance (GRC), development, review and testing
• Improve the overall testing format for existing applications.
• Successfully completed the SBA HUB Zone Certification.
• Developed training materials for Security Analysts, Developers, and Program Managers relating to Security Issues.
• Created a new Communications/Reporting pathway for Security Teams to communicate more effectively with the Developers.

Confidential - Washington DC

Security Consultant

Responsibilities:

• Educated Gov’t Agencies on the issues of Hacking attacks on the Software application in the projects supporting their organizations, without interruption to normal business operations.
• Updated training materials for providing better education & training programs
• Assessed vulnerabilities and provided remediation paths for customers.
• Identified issues with the SDLC program aiding in the reduction of CAT I/II findings and reduced costs for mitigation (fixing vulnerabilities).
• Provided Pen Testing services for multiple customers in various industries
• Published White Paper on Malicious Code Detection to improve internal software development efforts for our Banking Clients.
• Published article for publication in the Pen Test Magazine, Homeland Security - Reducing the threat from attacks.
• Performed both Application and Network based penetration tests.
• Developed program understanding in the BSIMM and vBSIMM methodolies for clients.

Confidential

CEHv8 Technical Editor

Responsibilities:

• Redirected and organized the IA Team for working with the VBMS project.
• Managed a team of 12 Information Security Team members of varying capabilities.
• Organized the team to implement the NIST controls with the Multi-Million dollar project
• Utilized the Agile methodology to implement the NIST objectives.
• Responsible for the re-award for the project to L3 from the Dept of Veteran Affairs.
• Managed the IA team for integration into 12 Software Development Scrum Teams.
• Implemented Controls and Remediation paths for FISMA objectives in the development of better software security.
• Improved the overall security stance of the organization, while educating the teams about security awareness (everyone is a member of the security team).

Confidential

Senior Security & Technology Director

Responsibilities:

• Project planning, resource planning, project schedule development and maintenance.
• Create and monitor project estimates and budget as required.
• Provide leadership to diagnose and overcome barriers to team/project progress.
• Execute implementation plan and monitor progress, perform project review and create summary document to include standard operating procedures.
• Design networks, enterprise monitoring solutions, and architected more secure network solutions.
• Implement OWASP considerations for improving Web and application security.
• Create customized OWASP rule sets for multiple virtual hosts in the web hosting environment for both ABS and other customers.
• Lead researchers and development teams to implement projects.
• Analyze and protect OWASP vulnerabilities on hosting and per website basis.
• Architect complex network strategies to both protect the internal and external resources of the customer (internal and external).
• Deploy IDS/IPS solutions on Networks and Servers to augment the Hardened environment.
• Colaborate with associates to determine business needs in implementing selections for OS implementation, Security Tools, pen Testing assignments, security evaluations, and risk assessments.
• Implement OWASP standards for web application security.
• Improve security of webservers using SSL and web security tools.
• Assist developers in remediating issues with Security Assessments which exceed OWASP standards.
• Performed application security auditing using CEH training to determine the vulnerability of applications.
• Develop and maintain solutions in enterprise environments for HIPAA, SOX, and PCI regulatory compliance.
• Create a customized Information System Security Assement Framework (ISSAF) for evaluating networks, and application security.
• Scan Networks, Servers and other resources for customers to validate compliance and security issues using numerous tools (see skills section).
• Develop secure network architecture for new and existing environments.
• Customize COTS, Open Source, and Custom software for customers.
• Manage projects using the Agile PM methodology.
• Provide analysis information of network and malware attacks to open source communities.
• Present multiple attack methodologies to groups and businesses in developing a better security design for their networks.
• Develop client server based applications and customized interfaces to databases.
• Customize security solutions for Unix/Linux environments with server hardening tools like Bastille, ModSecurity, and PSAD.
• Create enterprise monitoring and management resources for NOCs, and security operational centers.
• Create “Reliable, Redundant, and Cost Effective” IT platform to support customer operations as acting CTO.
• Worked with SMB and Fortune 1000 companies, including AT&T PrePaid, Alcoa, Stadtler Drug, to name a few.

Confidential

Vice President of Technical Security, Partner

Responsibilities:

• Manage projects using the Agile PM methodology.
• Scan Networks, Servers and other resources for customers to validate compliance and security issues using numerous tools (see skills section).
• Implement scanning using COTS and manual methodologies.
• Develop secure network architecture for new and existing environments.
• Assist developers in remediating issues with Security Assessments which exceed OSWASP standards.
• Performed application security auditing using CEH training to determine the vulnerability of applications.
• Create a customized Information System Security Assement Framework (ISSAF) for evaluating networks, and application security.

Confidential

Senior Systems Consultant

Responsibilities:

• Evaluate several backup packages for use on HP-UX and IBM AIX platforms, for the Backup QAT.
• Supported the Unix Security & QAT teams to recommend and evaluate several Unix & Network based security tools.
• Provide training in DNS & TCP/IP communications.
• Worked closely with customers in resolving day to day problems in Unix/Networking Environments.
• Responsible for the installation, support, and maintenance of HP OpenView Application Software as well as the Operating Systems which support them.
• Performed daily Unix Systems Administration and provided support and problem resolution for the Unix Support Hotline.