Summary

A solid goal and task oriented professional. Hybrid acumen with the ability to understand, communicates, and manage business requirements and IT Policy Governance. Functional Risk Management, identification of threats, exposures, with the know-how to address them through real solutions. Can operate in any selected domain of Management interest and I am highly capable of strategic planning with respect to closing escalating open issues with success and realized process improvements. Effective mapping of the social scope of Management, the identities, and objectives of stakeholders, while designing the basis upon which solutions may be evaluated and action plans developed. Recognized experience in all facet of Risk Assessment, specializing in high visibility time sensitive projects and vendor security evaluations and compliance.

Defining a framework for the activity and agenda for identification and performing an analysis of situational incidents and problems involved in processes. Mitigation of issues using available technological, human, and organizational resources, thus ensuring business goals and objectives are met and/or exceeded. Keen understanding of IT Assurance: ITIL-F, Good Practice IT Service Management -Strategy, Design, Transition, Operation, and Continual Service Improvement with a strong focus on Strategy and Design. As Security Lead, routinely supervised and managed the activities of junior team members. My Management style is persuasion coupled with a focused strategy which compliments both organizational goals and the individual employee or peer.

Specialties

Conducting Risk Assessments and Managing IT Security related Governance Tasks in accordance with industry accepted information systems audit standards coupled with the ability solve complex problems. Successfully align Business Strategies with IT Strategies, while handling Cascading Events, and communicating strategies and goals into the Enterprise environments. Optimize organizational structures that facilitate strategy and goals of Service Delivery Life Cycle requirements.

Experience

Confidential

Providing Risk Assessments, Assurance, Policy Review, and Compliance Control Validation, with detailed review of practical options for your organization ensuing due-care and diligence is provided by your business in order to protect your business. Company-wide risk assessments and/or targeted technical analysis based upon functional business and technology risk management objectives and defined scope. Great for audit preparation, self-analysis, compliance control, remediation validation, governance support and more... After an initial meeting with stakeholders, many tasks may be professionally conducted remotely using the latest secure technologies and processes. What this means to you is that you get the benefit of professional high quality service at a substantial cost savings over traditional services. Near the conclusion of our service, we will provide a custom comprehensive report not pre-canned outlining observations and findings coupled with real-world solutions and/or agreeable workarounds to improve your security footprint. Proven ability to successfully navigate the needs of the business with realistic technical goals and a keen understanding of the sensitivity issues and potential limitations involved. One vision with a single focus and expertise: GRC - Governance, Risk Management, and Compliance.

Confidential

Responsible for risk management by providing vulnerability analyses, incident response and root cause analysis. Perform risk assessments to either confirm the adequacy of security controls. Ensure compliance with company policies, practices, and regulatory requirements to protect the overall integrity and reliability of company data. Understanding and adherence to DoD NIST Best Practice. Provide n-depth research and dissemination of information regarding risks, threats, and vulnerabilities.

Direct ownership of the Enterprise Vulnerability Management process to include impact determination and vulnerability escalation for action execution. Prepare Security Operations documentation including Patch and Vulnerability Management Practice Policy. Ownership of Administration and Management of Foundstone Enterprise Vulnerability Scanning System and Tripwire Data Integrity and Compliance Systems. IT Security liaison on a number of key projects such as Content Filtering, Web Host Migration, Document Management, Malware, Asset Management, SAP Risk Assessments Perform sensitive forensic investigations with documented chain-of-custody responsibility. Oversee the administration, monitoring, and support of Intrusion Detection Protection Systems IDS/IPS to include custom alerts and signatures.

Manage new partners with respect to vendor process, including contractual Master Contract and Statement-of-Work and Statements of Work. Assist with the architecture and development of new security technical solutions, process-flow improvements. Employee Security Awareness presentations, IT Security training, control documentation, and testing. Expertise working very closely with various internal and external personnel of various levels during the IT Audit process. Routinely author and revise policy, practice, and procedural documentation.

Confidential

Knowledge across multiple platforms, processes, architectures - applies knowledge of IT and associated methods, and tools of the IT design profession to attain project/business unit objectives. Recognize and articulate complex problems related to solutions being developed for global deployment. Local technical supervisory responsibility for two 2 Security Engineers. Research, evaluate, and prepare project plans related to implementing IDS/IPS, Firewall, Content Filtering, Web Applications Database Connectivity, Antivirus, VPN, and Client Firewall, security methodologies.

System hardening, critical Win2003 Servers, Routers, Workstations, Gateways, and Encryption solutions. Responsible for planning and directing the activities of technical project teams engaged in technical and/or business analysis, design and development of new and re-engineered in-house systems or processes. Security event monitoring, process, procedures handling, identification, and analysis of information security vulnerabilities, exploits, and threats, to include being an instrumental part of critical problem escalation.

Liaison between parent organization, client, and third party Management. Guide the information security incident response process, pre-incident planning, identification, containment procedures, post incident evaluations, change management, and in-depth computer systems forensics. Actively participate in evaluations by providing management with feedback for technical employee evaluations. Coordination and production execution of corporate compliance initiatives including Sarbanes-Oxley, FDA Validation, COBIT, HIPAA, and ITIL-based change and service management processes. Utilize knowledge of auditing concepts to manage requirements of internal external system IT Audits and related preparation.

Confidential

Pre-Post Sales Engineering Support. Execute Security Risk Assessments, Vulnerability Analysis, Penetration Testing, IT Audit and Reporting. Conduct Security systems testing, encryption, penetration, and application, in conjunction with Quality Assurance. Deployment of Enterprise level, Anti-virus, Client Firewalls, Content Filtering, Application Gateways, etc. Support the development of controls for applications, database, logical security, access management, system development, system operations, active directory administration, within local/wide/wireless area networks. Implement and troubleshoot solutions involving RIP, IGRP, EIGRP, OSPF, BGP, SNA, and TCP/IP. Coordination and execution of corporate compliance initiatives including Sarbanes-Oxley, Electronic Communications and Transactions Act 2002, ISO/OSI, BS7799 and ISO 1799.

Confidential

Lead network security efforts in incident handling, health-check monitoring, and outage management. Perform advance troubleshooting, mediation, including configurations, upgrades, and critical deployments. Routinely interface with executive level business and technical managers in the technology support group. Configure and troubleshoot solutions involving MPLS, Token Ring, SONET, and DWDM technologies.

Confidential

Direct the management of Technology Engineering Support Group with multiple website connectivity. Administer Corporate Information Security Infrastructure Systems and supporting technologies. Supervise 10 subordinate local/remote technical professionals 6 local and 4 remote personnel . Over-all network responsibility of web site connectivity with production up-time of 99.92 . Full-life Project Management Systems Security Administration, Operations, Support, and Engineering. Implement network security protection measures and antivirus requirement for growing web based environment.

Ensure security requirements for Payment Card Industry Data Security Standards PCI DSS compliant. Report directly to CIO CTO and created IT Department Budget Plans with Cost-Benefit Analysis. Review and approve Cisco device configurations Firewalls, Load Balancers, Routers, and Switches. Successfully planned and managed the physical site move of company Headquarters IT Systems to new location, without extended operational interruption.

Confidential

Administer corporate information security infrastructure systems and related technologies. Implement system hardening, including application servers, database servers, and web servers. Execute the security-based administration of Cisco firewall's, routers, and switches. Support Servers, Workstations, SQL Servers, including user remote network connectivity process. Assist with development of quality assurance standards, define, and track quality assurance metrics. Manage mission critical applications via load balancing Citrix Metaframe Winframe Server farms. Contribute in the development and testing of disaster recovery and business continuity plans.

Confidential

Analyze the technical needs of government contractors, procurement agents, and technical managers. Recommend network computer systems, cabling, supporting devices, and software applications.

Confidential

Performed Microcomputer hardware diagnostics, system configurations, application security/system hardening, device backup and recovery, client support, plus marketing and sales.

Confidential

Directly responsible for commercial and consumer account technical systems support. Provide training for new field personnel, technical security layout design, installations, and upgrades.

Confidential

Security Operations: High-end Jewelry protection in excess of several Million Dollars. Entrusted with the responsibility of opening and closing multi-million dollar facility. Processing for New Jersey State Firearm Carry permit initiated.

Confidential

Supervise technical personnel and the operation of military electronic communications systems. Field Grade Officer training in the proper management and handling of classified material. Lead security custodian at government classified material storage site CMS . Granted DoD Security Clearance. Recommendation's to attend both Warrant and Commissioned Officer Candidate School. HONORABLE DISCHARGE: 1987. RANK: Sergeant/E5