Proven information security leader with success in guiding implementation of leading - edge technology solutions while balancing security initiatives to risks, business operations and innovations. Specialties include server engineering, systems architecture, configuration management, and systems administration with extensive experience healthcare, financial, cloud computing, and software development industries.
Assessment and Risk Management: Penetration Testing, Vulnerability Assessment, Risk / Compliance Assessment, Change Control Board Director, Cyber Security Analyst
Security Frameworks: ISO 27001 COBIT ITIL, NIST DFARS
Compliance Experience: PCI - DSS HIPAA HITECH SOX
Operating Platforms: Windows Linux Unix OSX
Industry Verticals: Healthcare Financial Services Technology Consulting and Support Professional Services Government Software as a Service (SaaS) Datacenter/Hosting Provider/Cloud/On-Prem
Confidential, Princeton, NJ
Sr. Security Engineer (Acting Information Security Officer)
- Developed Information Security Management System (ISMS) based on ISO270012 framework for cloud - based Active Directory and EHR solution.
- Developed and Implemented Information Security Policies and Procedures
- Developed and Implemented Information Security Business Impact Plan
- Implemented Change Management system with change verification
- Coordinated and validate periodic 3rd party vulnerability and penetration testing- Leidos and RSA
- Reduced non-staff IT costs by 25% while maintaining key metrics through VMware virtualization, application rationalization, legacy system retirement, and SAN storage consolidation.
- Implemented periodic review of access controls NIST and DFARS compliance regulations
- Work with sales team on pre-sales and post-sales customer security evaluations
- Facilitated Cybersecurity security audit and systems architecture using NIST and DFARS regulations.
- Perform control mapping from COBIT, ISO27000
- Perform company-wide risk assessment with Leidos and RSA
- Developed Security Auditing and Policy controls for Clients with, 000 users
- Lead engineer for company-wide risk and exposure assessment and audit.
- Developed Server, Workstation, Appliance, Network Syslog control system SQL/HTML/ASPX
- Implemented a secure operating system deployment scheme for all new windows workstations using PXE boot and Slipstream which reduced time to deploy workstations by 20%
- Security tools experience (Centrify MFA, MS ADFS, SCCM, SolarWinds Orion, RSA Netwiness, McAfee EPO, AirWatch
Confidential, Baltimore, MD
Security and VMWare Engineer
- Developed VMware VSphere High - Availability system for multi datacenter, redundant environments for systems supporting EZPass and toll management.
- Developed and Implemented VMWare hosting environment with security and access control policy
- Architected, support and implement web application for Transportation Security Authority .Net and Java with Oracle and SQL database.
- Successfully re-architected key components of the Network Architecture including DNS increasing both reliability and security for systems monitoring application.
Confidential, Pennington, NJ
Systems and Security Analyst
- Analyze infrastructure and system performance and failures for Client and server trading platform in use by Confidential Brokers (SWAT Team Senior Specialist Consultant)
- Diagnose and resolve production Wealth Management systems performance and issues
- Perform forensic investigation and analysis using Custom trace tools NetIQ, Wireshark and Team Quest
- Architected and maintained Microsoft server systems. IIS, Exchange, SQL, VMWare
Confidential, Pasadena, CA/ Silver Spring, MD
Production IT Manager
- Manager/ Lead for team of 18 systems admins providing response and investigations into systems failures, security events and incidents in large healthcare organization
- Manager/Supervisor for thirty FTE s and Contractors
- SME in Server Systems and Information Security.
- Manage, document, and report escalation incidents to Executives and Business Partners
- Troubleshoot and report Citrix/Wintel issues with Citrix and Microsoft providers
- IT Project manager and implementation support SME
- VMware installation performance and Risk Assessments
- Delivered reporting of IR s and PR s to the problem management meetings (CAB)
- Project reporting support advisor for production releases - Citrix related