Information Security Architect
Eager to help organizations manage corporate risk through design, implementation, and management of information security and IT governance.
- Hands on experience designing, testing, and implementing security controls balanced with application and business requirements.
- Ability to see the need for security policies, standards, and products, justify need to key stakeholders, procure, and implement.
- Working knowledge of information security best practices, standards, and regulations such as PCI, HIPAA, ISO 27001, Defense Information Systems Agency DISA Security Technical Implementation Guides, and NIST standards and guidelines.
- Hands-on knowledge of networks, servers, applications, and computer forensics that enables effective security analysis and implementation.
Justified the need, procured, and implemented enterprise wide digital forensics capability using EnCase Enterprise for incident response and e-discovery in a 30,000 system and 50,000 user enterprise. Led solutions architects in security projects to accomplish DoD information assurance accreditation DIACAP in order to obtain revenue recognition for large DoD medical imaging IT implementations. Worked with in-house and vendor software developers to include security in applications, then tested and resolved vulnerabilities.
- Guidance Software EnCase Enterprise TCP/IP protocol analysis
- Beyond Trust Retina Sonicwall SonicOS
- Vulnerability analysis and remediation HP Comware
- Computer forensics Project management
- HIPAA Team leadership
- NIST SP 800-53 Public speaking
- DIACAP Mentoring and teaching
- DISA STIGs Information security awareness
- SCAP Information security presentations
- Risk Analysis FDA Medical Device Cybersecurity
- vSphere security PACS
- Windows OS security
Solutions Architect, Networks and Security
- Customer facing security and network architect for healthcare enterprise imaging informatics solutions for large private and Department of Defense DoD medical centers.
- Perform security analysis and implementation for Agfa systems undergoing approval for the US DoD Information Assurance Certification and Accreditation Process DIACAP .
- Perform technical configuration and audit of security controls on servers, storage, network devices, and vSphere.
- Perform break/fix when security controls negatively impact applications. Escalate security issues for R D for resolution.
- Led Agfa DoD security projects and other architects in securing Agfa application platforms including Windows Server 2008 R2, Windows 7, Oracle Enterprise Linux, Oracle Database, Solaris, vSphere, and storage.
- Work with DoD security analysts and Agfa technical personnel to implement technical and administrative controls for Agfa systems deployed on DoD networks.
- Use Agfa FDA compliance Quality Management System processes to asses risk, design security configurations, and validate applications function with DoD compliant system platforms.
- Perform network/application analysis for escalated performance issues at large medical facilities in the US.
- Responsibilities and projects in enterprise environment of 30,000 computers, 10,000 employees, 50,000 users, and systems processing and storing various types of employee, health, and confidential student information:
- Created five-year IT governance plan based on ISO 27001 Information Security Management System.
- Served as internal security consultant to various information owners to ensure their applications and processes complied with security standards and privacy laws.
- Worked alongside key stakeholders to design business processes and information systems to provide efficient yet secure workflow.
- Regularly performed vulnerability analysis and penetration testing on web applications and network and server infrastructure.
- Designed security incident response plan and led incident response.
- Created e-discovery process and performed e-discovery and worked with legal counsel and executive management on cases.
- Worked with in-house and vendor software developers to include security in applications, then tested, and resolved vulnerabilities.
- Worked with legal counsel and executive management to include security requirements in contracts and procurement.
- Delivered security awareness training to users.
- Provide PCI security and privacy consulting for clients.
- Implemented security policies, network design, and security monitoring for clients.