SUMMARY

• I am a results - oriented professional with a strong belief in personal accountability and speed of execution. Over seventeen years in information protection taught me how to excel at distinguishing between perceived and actual risk to the business, regardless of the industry, and then mitigating the actual risk with the best cost-benefit ratio possible. I always take responsibility for the results of my decisions.
• Monitoring of various public and non-public sources for threat intelligence potentially affecting the bank. Recommend and implement controls to thwart possible threats proactively. I believe that a primary job responsibility is to learn from the mistakes of others before they happen to us and to stay aware of the legal obligations of the bank (such as changes to state breach laws and federal regulator notices).
• Technical and procedures lead for the Payment Card Industry (PCI) Data Security Standard v3.2 implementation at this Level 2 Issuer and Level 4 Merchant.
• Chair of the enterprise-wide vulnerability and patch management committee for four years.
• Subject Matter Expert for Operational Risk Management regarding IT risk and security, including Gramm-Leach-Bliley (GLBA), PCI and acceptable use issues.
• I work with our developers and system administrators keeping them abreast of how others were compromised and the consequences they experienced. I offer a number of alternatives for implementing controls they can live with while still reducing the risk. I know my approach is working because they now suggest threats and possible attack vectors I never thought of.
• Developed, purchased, implemented and manage the bank’s Data Loss Prevention (DLP) program on a daily basis, including evaluation and selection of the technology. In two years DLP went from a “nice to have” to a business continuity “first four hours” system.
• Strong troubleshooting and problem-solving skills, including Six Sigma certification in manufacturing and project management training. My motto is “Do it right. Do it once.”
• Strong ability to work in a team environment utilizing past sales experience to gain buy-in.
• Extremely safety-oriented (former municipal firefighter/paramedic) with over fifteen years experience in emergency and incident response.

PROFESSIONAL EXPERIENCE

Confidential, Cleveland, OH

IT Security

Responsibilities:

• All firewall administration, including web application database and perimeter/internal and soon Juniper SRX
• Intrusion Detection and Intrusion Prevention Systems (Snort, Cisco IDS, Check Point IPS, Cisco FirePOWER, TaaSera NetTrust)
• Forcepoint (Websense) TRITON Enterprise v8.2 Email Security Gateways (AP-Email), Web Security Gateways (AP-Web) and Data Loss Prevention (AP-Data) enterprise-wide,
• Incident response
• PCI-DSS 1.1,2.0 and 3.2 compliance,
• Database activity monitoring
• Tripwire Enterprise v8.4 change control compliance
• Log file reviews using Activeworx, Tripwire Log Center and Splunk
• New security team member mentoring and new IT associate orientation
• Third-party control reviews and audits including occasional on-site visits
• Security design review for in-house applications and network segmentation architecture
• Developing standards to help assure secure configuration of internal and external systems
• Daily participation in the FS-ISAC CyberIntel, Strategy and Hunter Working Group listservs
• Writing policies, guidelines and procedures for all associates in conjunction with Human Resources
• All remote access systems: SSL VPN (Juniper/Pulse Secure), IPSEC (Check Point) and iPad ActiveSync
• Participate in multi-functional teams for Internet security and online banking fraud investigation and prevention
• Hands-on oversight, management and upgrades for most of the above systems

Confidential, Fairlawn, OH

Lead Technical Support Analyst

Responsibilities:

• Confidential is a diversified manufacturer with operations
• Our four-person group was responsible for all Internet, Intranet, Local Area and Wide Area Network security and operations for the company worldwide. I remotely supported our sales offices in Shanghai.

Confidential, Columbus, OH

Distribution Center Manager

Responsibilities:

• Confidential was a subsidiary of Confidential Solutions (above). I started working here on a temporary assignment as part of the Six Sigma group on what started out as a process improvement project: Reduction in the number of shipping errors for our commercial roofing products.
• Columbus was a new 50,000 sq. ft. distribution center with almost all new employees and had massive shipping errors. We were loading almost all flatbeds with the wrong roofing products and other items, resulting in major customer dissatisfaction and expedited shipping costs to remediate the problems. The root cause turned out to be a people problem, not a process or technology problem. After coaching efforts failed, I was promoted to the distribution center manager.
• I had fifteen direct reports and inside of a month we turned the distribution center around to where we had less than one shipping error a week (about fifteen flatbeds a day) versus about two good flatbeds per day historically. I hired the permanent replacement and he continued in that position until Roofing was sold.