- 11+ years of experience designing and implementing cyber security solutions, determining overall risk posture, influencing technical and non - technical subject matter experts and identifying security gaps and risks. Completed 23 projects using NIST 800-53 framework for FAA, DHS, CSC and Confidential resulting in 6 years NIST of experience. Worked 4 years as a principal consultant for Amazon Web Services (AWS) projects, including solution design, implementation and cloud migrations.
AREAS OF EXPERTISE
- AWS Cloud
- NIST 800-53
- Network Hardening
- Risk Management
- Cloud Security
- Defense in Depth
- Securing Software as a Service (SaaS) applications
- Systems Security Engineering
- Firewalls, Routers & Switches
- Intrusion Detection/Intrusion Prevention (IDS/IPS)
- IP Networking IPsec, SSL, TLS, DNS & Proxy Services
- Strong Written & Oral Communication Skills
- Two Factor Authentication
- Strong Diagnostic & Problem Solving Skills
Senior Information Security Manager
- Lead AWS cloud migration for on-perm applications into a hybrid and fully cloud VPC offering while eliminating security gaps and risks in the solution design and implementation with ambiguous requirements.
- Advise technical team on SaaS Security for use on AWS’s PaaS offerings (Lambda).
- Lead a team that influences technical SME’s and advises on cloud security solution design and implementation reviews, policy, and engineering to address business needs and meet regulatory and compliance requirements.
- Work collaboratively and maintain client facing relationships with diverse field of stakeholders as well as technical, non-technical staff and senior level leadership.
- Helped design AWS security controls for role-based access controls using Identity and Access Management (IAM).
- Conduct reviews and advise on requirements from Privacy Impact Assessments (PIA).
- Perform security tools assessments for clients to gauge their maturity and ability to respond to security incidents and events.
Principal Security Consultant
- Worked in professional services at Confidential under the vCISO program providing strategic services working as a Virtual CISO.
- Provided guidance in remediating security vulnerabilities to client’s security team and upper management.
- Conducted Purple Team exercise to test incident response plans and managed security services providers through targeted penetration testing and assessment of blue team response.
- Perform Incident Response Readiness Assessments to assess the maturity of a client’s documentation and configurations.
Principal Consulting Security Engineer
- Worked on team providing security engineering to Synchrony Financial business applications migration to the AWS cloud.
- Worked on security architecture team building out the requirements for the VPCs, S3 data storage, EC2 AMI buildouts and requisite IAM and security group and NACL baselining & CloudFront.
- Worked with network operations to remodel network topology to increase security to include; hardening of firewalls, Proxies, IDS deployment, network protocols.
- Engineered, deployed and maintained Synchrony Financial PKI systems related to Identity and Access Management for Cisco ISE, Airwatch, Mac and user authentication.
- Created and managed the Certificate Templates used for: Certificate Auto-enrollment, Mac SCEP Certificate Template, AirWatch Cloud SCEP Template and all code signing, digital and user certificate templates.
- Migrated AirWatch Mobile Device Management from an integration with Symantec MPKI to a SCEP based secure Cloud Solution with HydrantID.
Principal Consulting Security Engineer
- Utilized NIST Special Publication 800-53 and acted as the SME and principal consulting security engineer for all Confidential IT Security projects to meet federal government guidelines.
- Worked on team engineering and deploying new IDS/IPS, Endpoint protection, network firewall configuration and SIEM.
- Worked on the AWS cloud migration for security engineering, such as S3 File & Volume Gateway.
- Conducted security scans and review of the DMZ to assess vulnerabilities and remediate threats as part of a complete DMZ redesign.
- Provide security engineering for the Confidential CyberArk upgrade and redesign project, to include requirements gathering, security architecture review and design upgrading CyberArk from version 8.1 to 9.6. This includes integration with DUO two factor authentication to provide increased security controls for privileged accounts.
- Provide security engineering for the Confidential Cisco Identity Services Engine (ISE) design project, to include requirements gathering, security architecture design and review, as well as final state security assessment.
- Provide Security engineering and testing of a newly deployed secure Guest Wireless Portal to replace the current insecure Guest Wireless Portal.