SUMMARY

• Cybersecurity leader, strategist and practitioner with a focus on people, cybersecurity operations, solutions engineering, offensive security and threat intelligence.
• Broad experience working in roles across verticals including technology, healthcare, banking, government, military, and more.

PROFESSIONAL EXPERIENCE

Confidential, Sacramento, CA

Information Security Project/Implementation Management

Responsibilities:

• Responsible for managing the implementation of several information security solutions solving for: Encrypted email using Tumbleweed, Encrypted laptops and desktops using Credant encryption software, Security auditing/monitoring using RSA’s Network Intelligence.
• Responsible for ensuring interoperability of Novell eDirectory services or other LDAP interfaces, such Microsoft ADS.
• Responsible for developing Credant technical security policies.
• Responsible for developing logging reports from Network Intelligence which were sent to administrators for review and mitigation as well as assisting in forensics investigations.
• Responsible for developing and managing processes around Encrypted email, Encrypted laptops, Security auditing/monitoring
• Developed information security requirements for .Net application developers to adhere to.
• Developed information security requirements for commercial off the shelf applications to adhere to.
• Managed the procurement and planning of the secure, virtual architecture (VMWare) ensuring servers and applications are built with embedded security requirements.
• Worked with client to develop patch management process using MS windows update server for servers.
• Worked with client to develop patch management process using Altiris and workstations including staggered maintenance windows.

Environment: VMWare, Windows, LDAP, Active Directory, Mac, Cisco PIX, Cisco, Linux, VMWare Workstation, VMWare ESX, IIS, Tumbleweed, Guardian Edge, Credant, RSA Network Intelligence

Confidential, Sacramento, CA

Application Security Assessment

Responsibilities:

• Conducted Project management tasks for an application security assessment of a core DSS enterprise level application hosted by Confidential .
• Conducted technical .Net, Java and tomcat application security assessment/audit for a core DSS enterprise level application hosted by Confidential .
• Performed analysis of vulnerability scans using Qualys vulnerability scanner for a core DSS enterprise level application hosted by Confidential .
• Produced finding, analysis and recommendations report outlining recommended changes to the application and the application environment.
• Presented formal findings to a review team

Environment: Windows, Linux, Cisco PIX, Cisco routers and switches, IIS

Confidential, Sacramento, CA

Senior Security Analyst

Responsibilities:

• Conduct information security risk analysis and technical security assessments on the infrastructure, applications, and systems to ensure compliance with best practices, policies and standards.
• Developed information security controls and standards with both Java and .Net application developers to ensure applications are developed securely.
• Responsible for reviewing Feasibility Study Reports, architecture and applications for appropriate controls which meet enterprise and industry security standards including CDHS policies and standards.
• Responsible for the development of information security policies, standards and guidelines.
• Provide expert knowledge to the information security architectural planning efforts to include budgetary and strategic direction.
• Developed an application risk management and mitigation program. This includes developing a repeatable process for assessing applications and supporting infrastructure.
• Responsible for assessing emerging vulnerabilities and testing proof of concept code for the accurate assessment of risk.
• Advise executive management on security process, procedure, policy and guidelines pertaining to the risk assessment of applications and vulnerabilities.

Environment: Solaris, Windows, LDAP, Active Directory, Cisco PIX, OS390, Cisco, Linux, VMWare Workstation, VMWare ESX, IIS, .Net, Java

Confidential, Sacramento, CA

Senior Security Analyst

Responsibilities:

• Performed technical risk analysis of data center infrastructure (AIX, Solaris, Windows, Cisco and workstation devices) using Nessus vulnerability scanner
• Scanned over 10,000 nodes of which each were assessed, categorized to make tangible recommendations to support staff.
• Performed successful ethical intrusion/penetration of Teale Data Centers networked infrastructure (Unix, Windows and network devices)

Environment: Solaris, Windows, LDAP, NIS, NFS, Active Directory, Cisco PIX, AIX, OS390, Cisco, Linux, VMWare Workstation, WebSphere, IIS, Websphere

Confidential, Folsom, CA

Senior Security Analyst

Responsibilities:

• Deployed Tripwire enterprise wide on over 200 Windows and Unix systems
• Performed both preliminary and detailed application security risk analysis for business units.
• ISS Manager on security process, procedure, policy and guidelines
• Mentored Junior engineers on both technical analysis and technical risk analysis
• Provided security product review and testing of Cisco IDS, Symantec ESM, Tripwire, Nessus
• Performed vulnerability and exploit analysis (e.g. penetration testing) for applications, operating systems and hardware devices
• Performed risk analysis and mitigation for virus, Trojans and worms.
• Performed system, hardware, operating system and application security hardening for both Windows and Unix (Solaris, AIX, HPUX, IBM WebSphere) systems
• Performed ESM installation though automated SSH scripting on UNIX systems.
• Performed operations maintenance of information security software installed on UNIX systems.

Environment: HPUX, AIX, Solaris, Linux, VMWare Workstation, Windows, Active Directory, WebSphere, IIS

Confidential, Sacramento, CA

Network Systems & Security Consultant

Responsibilities:

• Security consultant for Confidential focused on technical, organizational and process oriented assessments in clients’ security practice.
• Performed penetration testing and Ethical hacking on Unix and Windows systems for Lucent clients as part of security assessments
• Performed and advised on handling of security incidents including forensics
• Responsible for providing documentation to include findings and recommendations on all security assessments and recommended solutions
• Contributed to internal mentoring and business development to enhance internal skill sets
• Provided Research for various security infrastructures i.e. IDS, Security Scanners and Computer Emergency Response Teams (CERTs)
• Planned, Advised and implementation of CERT for clients to include incident response process
• Planned, Advised and implementation of guidelines for post incident forensics
• Provided build - to process and procedures for implementing secure Unix and Windows systems.

Environment: Solaris, Windows, LDAP, NIS, NFS, Active Directory, Cisco PIX, AIX, OS390, Cisco, Linux, VMWare Workstation