SUMMARY:

• I am a well - seasoned IT corporate executive, with a proven track record of innovative out-of-the-box strategies for getting mission critical objectives accomplished ahead of schedule and within budget.
• I have significant experience, from the IT Management, Identity Access Management, Identity Security Orchestration, Applications Access Management, Business Systems/Re-Engineering, and Senior Systems Management & Security Management arena; including expert knowledge of the Confidential framework methodology, SCADA & ICS (Industrial Control Systems), Zachman, Enterprise Information Security Architecture Disciplines.
• I am a true self-starter, having successfully started my own company, and guiding its growth over 10 years to 300 employees serving 5000+ clients, prior to selling it in 2008.
• I am well versed in agile methodologies, Business Centric IT strategies, and risk adverse stewardship.
• Experienced in providing guidance and mentorship to my reports, while leading by example.
• I am an expert at formulating a strategic enterprise and security architecture approach, while simultaneously directing alignment of IT security policy and governance strategies.
• I am an expert at complementing and enhancing the enterprises’ business processes and strategies by leveraging current technology to support, sustain and improve the desired corporate strategy. I give direction to Business Process initiatives, aligning IT Enterprise Management initiatives to securely and efficiently sustain them.
• Always aware of IT Security Compliance requirements. Policies such as ITSM, ITIL framework, FISMA 27001, NIST 800-X family of standards, HiTECH, Fedramp. PCI DSS, OWASP and ISC2 top 10, regulatory compliance, HIPAA, FERPA, SOX, and GLBA compliance, are among my specialties.
• I am experienced in establishing and Managing Governance Committee priorities, Consulting, Developing and Writing Policy from scratch including IR, CM, DD, RM utilizing established frameworks & industry specific best practices.
• Successfully directed major enterprise-wide SaaS, PaaS, AWS cloud strategic initiatives for the Banking, Mortgaging, Health Insurance and IT Security industries; resulting in higher throughput, improved enterprise-wide security, at significant cost savings to the enterprise. While an expert in the NIST SP 800 family guidelines, I am also an expert in the often overlooked NIST SP 500 family frameworks for Cloud, Big Data & emerging technologies, for example NIST SP NIST Cloud Computing Security Reference Architecture.

PROFESSIONAL EXPERIENCE:

Confidential, Herndon, VA

IT Cybersecurity Lead Architect & Cybersecurity & Endpoint & APT SME

Responsibilities:

• I am transforming the current security posture to protect Confidential ’s 1M end points. To that end I am evaluating myriad tools, appliances, strategies including Carbon Black Response, Defense, BigFix, QRADAR, Site Protector, E2EE, multifactor authentication innovations, threat intelligence enhancements, DLP innovative security architecting by coupling my ideas of an adaptive DLP strategy by designing and deploying IBE (Identity Based Encryption) within Confidential ’s Global email system.
• Among many of the security issues I can successfully address the processing of 53M emails daily; and securely process those emails while performing deep e-discovery, AV/Malware analysis, blocking, routing, and alerting functions.
• I am very proud and excited to have designed this system while maintaining strict adherence to the principles of Confidentiality, Integrity, and Availability.
• I am also configuring, evaluating, designing and monitoring the newly deployed and implemented controls, and architecting and designing Confidential ’s Global security posture. I have evaluated Confidential ’s extensive Global Security Governance Policies, and made recommendations, and improvements, and I’ve written new security policies that legally protect our vast IP, patents, employee SPI, PI, PHI, e-PHI, PII, going beyond simply adhering to industry best practices; yet doing so in a cost effective, non-intrusive and; accomplishing these challenges in a non-disruptive manner. To that end I am using Proofpoint’s SaaS and on-premises solutions for inbound email security, outbound data loss prevention (A-DLP), privacy protection, email encryption, electronic discovery and email archiving, I am additionally deploying Confidential ’s Guardium agents to help ensure the security, privacy and integrity of information in our data centers. These data security modules support Confidential ’s vast heterogeneous environments including databases, data warehouses, file shares and Hadoop-based systems for custom and packaged applications on all our operating platforms.
• Working with Multiple Business Units, Technology Units within Confidential, to develop an efficient, robust and practical mechanism for evaluating technologies, tools and applications using an Agile methodology. Managing Identities and all phases of Access Management from On-Boarding, to provisioning, Classification Management and Access Controls.
• Scanning, Threat Intelligence, VDI (Virtual Desktop Infrastructure) technologies, DLP (Data Loss Prevention), Cloud Security Modelling & Design, Log aggregation strategies, Wireless and mobile devices security Implementation Innovations from policy development to implementation and continual review analysis and continual improvements.
• Among many of the Cybersecurity Projects I Lead, my Team of 13 cybersecurity experts have focused on new VDI deployments, Signal Science, behavioral analytics, Big Data security, DLP, Threat Intelligence, water marking of Confidential Crown Jewels, Penetration Innovative detection and remediation and new Incident Response strategies.
• Confidential ’s security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure.
• Confidential offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more.
• Confidential operates one of the world’s broadest security research and development, and delivery organizations.
• Confidential monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.
• And for more than the past year, I have helped, collaborated, studied, and learned from, as well as contributed to this global enterprise.

Confidential, Bethesda, MD

IT Security Director & IT Security Program Manager

Responsibilities:

• As IT Security Director, I advised, developed and implemented a robust IT Security Posture for Carson’s internal infrastructure.
• As a Security and Management Consultation entity, Carson’s own security posture had to be beyond compromise.
• I was hired to ensure our own IT Security complexion was one that demonstrated a solid and robust proactive approach to IA, VA, SAA, IR, VMS.
• I relied upon my innovative style of approaching Threat Intelligence, Vulnerability Analysis, Security Controls and compliance all synergistically enveloped within the Confidentiality, Integrity and Availability Precepts of our organization.
• As the IT Security Program Manager, I traveled offsite in support of Projects managed by Confidential and SAINT for various, private & federal clients.
• My duties included but were not limited to meeting with Confidential staff supporting these clients to determine the status of ongoing projects, address potential future issues, and to get an overall status report on each project.
• Managed budget and scope of projects, to ensure off-site employees are complying with SLAs as written, met regularly with major Stakeholders, data owners, and other principals to ensure client’s needs are being addressed; and to use such meetings as a means of determining if there are other Confidential services that might be of benefit to the client.
• (Part Time Adjunct Professor of Information Assurance & Information Security at Confidential Technical Institute).
• Beginning in June 2016, I have been offered a part-time position with Confidential to help promote and teach the fundamental principles of Confidential to students in the bachelorette program.
• I will be focusing on teaching SSDLC for applications development, Compliance principles to address myriad State, Federal, and industry regulatory compliance, for example; PCI DSS, FedRamp, FISMA, HIPAA, SOX, GLBA, NIST among others.

Confidential, Elkridge, MD

IT Security Principal, Cybersecurity SME

Responsibilities:

• I support the state of Maryland’s Confidential by ensuring all EPII & PII information is secured. The state maintains distributed offices needing to interact and exchange vast amounts of data between state and federal agencies, for example, CSEA, OHEP, OTHS, CARES, IRS. POA&M, SIA, and COOP must be developed, maintained or improved.
• I am expected to act as an advisor, liaison, and technical SME to ensure our reporting, detection and if necessary remediation and recovery processes and procedures are valid and effective; above all offering recommendations with respect to myriad SOPs, Policies & Standards, among them KRI, RMF, NIST SP r3&r4, 137 for CM, FISMA, ITL, ITIL/ITSM v3, 27001 ISO/IEC. Among many of the tools and reports I review and or use daily are Remedy, Nessus, LogRythm, Symantec Endpoint Protection Manager, CA Clarity Project Management Software, Vanguard & Attachmate (Used primarily in support of RACF, CICS, and Legacy environment). I am expected to continually evaluate, and proactively strategize for solutions to current and emerging vulnerabilities.
• I work directly with users, data owners, business unit stakeholders, and technical engineers/administrators.
• Although to a lesser degree, I am also involved with Avamar Deduplication Backup software and System.
• In my role as a Principal Security Technical and Compliance Liaison, I am relied upon to ensure Business, Technical, and Regulatory considerations adhere to the tenets of Confidentiality, Integrity, and Availability of Confidential ’s assets, I have knowledge of with limited experience utilizing SharePoint and CSAM in regard to identity and access management.
• I Report to both the CISO and CIO. I evaluated and recommended changes to the MD State Health and Human Services System.
• I explained to senior management the issues involved and provided POC (Proof-Of-Concepts), for my recommendations and provided Use Cases germane to their business initiatives.
• I also provided reports and gave presentations on current and future potential vectors.
• I recommended, designed and successfully gained buy-in on a custom SOA (Service Oriented Architecture) methodology in addition to other custom Hybrid Cloud Security implementations.

Confidential, Rockville, MD

IT Systems Security Integration Consultant

Responsibilities:

• After completely interviewing the various business, IT, development, and operations units, I developed a complete ‘from the ground up’ approach to addressing the severely overlooked vulnerabilities, threats, risks, and compliance shortfalls. This was done utilizing my experience with the Confidential model to initiate a business driven and IT collaborative strategy, over what was initially chosen by others; a technology only centric solution.
• Responsible for ensuring projects move from development in a standardized, secure manner to Integration, Stage, and Production. Consulted on needed improvements to the SDLC process from a security standpoint, e.g. Requirements/Compliance-Design-code-test-deploy-maintain; for example, ensuring input validation, XSS Assessments methodologies, Asset quantitative and qualitative prioritization, Access control policies & recommended controls to ensure Compliance with FISMA, NIST-53, Data and Information Categorization, Classification and Declassification Policies, Change Management controls, and Change control policies, Configuration Management, and establishment of Baselines.
• Incidence Response Policy, including but not limited to Assignment/Escalation of responsibilities and controls, Response prioritization and determination controls, Breach detection, response, reporting, recovery, remediation and review (including what was learned updates), and including a controlled information dissemination policy or media management policy.
• Responsible for developing documentation and standardized policies of onboarding and off-boarding employees, Deployment procedures, IR, RA, AC policies from scratch, Zabbix, Red Hat JBOSS, Workflow, Data Collection and affiliated Dashboards. Configuration Management, and Change Control Management experience.
• Monitoring and addressing environment issues via Zabbix, Nessus monitoring, Tripwire, Jira, SVN, Mcafee, Rapid7, and Jmanage tools e.g. Web and JMX console for application management.
• Patching, and re-imaging AWS servers in an EC2 environment. Performing Pen Testing, via Authenticated & Unauthenticated scans & Meterpreter scripting, Nmap, Sqlninja, backtrack, Kali-Linux, Proofpoint, and various other tools, including aggregated SIEM ruleset definition, and evaluation of SPLUNK dashboards, Tripwire, Configuration Management DB (CMDB) experience. Familiar with a white hat, gray, and authorized ethical black hat Pen Testing.
• Updating Deployment Plans, using the wiki, Creation of Security SDLC policies and standards, dynamic code analysis using Veracode Security kit for dynamic, static and injection vulnerabilities. Compliance assurance analysis, Privacy, Risk Analysis, Unified Compliance Framework (UCF) knowledge and experience.
• Keeping abreast of latest vulnerabilities and remediation strategies to address them, e.g. poodle, Heartbleed-(openSSL), SQL injection, APT. last installed and evaluated additional SIEMs including Splunk, Rapid7 User-Insight, and others. Research by using SANS, Symantec CVE, McAfee SNS, Mandiant, ars Technica, among other IT Security journals and Vulnerability Notification Resources.

Confidential, Gaithersburg, MD

IT Security Manager/ IT Director

Responsibilities:

• Managed the Development, Testing and integration SIEM procedures and policies and review McAfee ePO Vector Trends, keeping informed of Threats, Vulnerabilities in the wild by subscribing to SANS, Mandiant, OWASP, TruSecure, and others.
• Supervised the performance of security Gap Analysis, White Box Pen Testing, Security Forensics Post Mortem Evaluations. Some limited experience using Hadoop & HDFS, and ‘R’ for analytics and BI.
• Compliance and Audit verification, with respect to varied germane frameworks, including PCI DSS, FISMA, Fedramp, NIST SP-800 family, and NIST SP-500 family.
• Relentless leadership in the Improvement, strategic business process alignment and Implementation of Security Policy Governance compliance, ensuring auditing success, strict regulatory compliance direction while ensuring excellent ROI on enterprise IT investments, and strict adherence to CAI security initiatives.
• Provide technical leadership to maximize efficient use of IT Infrastructure leveraging the use of open source tools, cost effective processing mechanisms including virtual clustering, and BI analytics.
• Oversee all aspects of Marketing both brick and mortar and internet based, while ensuring PCI DSS compliance.
• I make use of my former systems engineering background, and Linux security experience, to ensure junior staff is well trained and equipped to make maximum use of IT tools, IT Security tools & technologies, and network security initiatives including IPsec, SSL, and VPN. Prepared Security Training Syllabus and guidelines pursuant to NIST SP, among other guidelines as required.
• Directed, reviewed, and ensured the Configuration of systems for NIST, 30, 137 family and FISMA 27001, ensuring smooth auditing & Continuous Monitoring, without sacrificing the tenets of Confidentiality, data Integrity, and process Availability.
• Some tools used daily include Metasploit, backtrack, Tenable Network Security, Security Center CV, Logrythym, ArcSight, Tripwire, Snort, Nessus, Nmap, Zen Map, Encase, FTK, Digital Forensic Framework - DFF, P2 commander, Qualys.

Confidential, Columbia, MD

Lead Systems Engineer Support Agent

Responsibilities:

• Directed contract to provide Help Desk technical support to Confidential, Bellsouth Internet DSL customers, while assuming responsibility for entire IT infrastructure security in accordance with NIST, OWASP Best Practices, and compliance standards.
• Mid to large size enterprise specialist, assigned clients of 290 up to 5000 nodes.
• Managed a staff of 33 reports, and an annual budget of more than 27M.
• Excellent communication, organizational, and time management skills, along with a keen sense of project prioritization and business management skills.
• Required a clear understanding of TCP/IP, bonding, VLAN Tagging, IP and Port redirection, among myriad other technologies and management systems.
• Served as SME to clients and C-level management.
• Federal Compliance SME

Confidential, Bethesda, MD

Senior IT Lead

Responsibilities:

• I Worked as a contractor setting up, Troubleshooting, repairing and installing systems for FAA and NIH.
• UNIX and Windows Systems Administrator.
• Assisted in installing software and applying patch upgrades for campus computers, NIH Systems and Network Analyst and Consultant ( Confidential Corp. )

Confidential, Bethesda, MD

UNIX Specialist

Responsibilities:

• Obtained information to diagnose system problems or networking bottlenecks or points of degradation and resolve them.
• Documented client accounts in a computer system with scheduling information and collection activity per company policy.
• Reviewed systems to determine security requirements and potential loopholes, I designed appropriate methods for system resolution.
• Analyzed network activity to determine trends for denial of system services, and I took the initiative to write pro-active system tools to perform automatic administrator alerts.