SUMMARY:

I am seeking an opportunity as a Cyber Security Architect, Director IT of Security or Chief Information Security Officer with the potential for future growth.

EXPERIENCE:

Confidential, Northridge, CA

Senior Cyber Security Architect

Responsibilities:

• Responsible for designing, managing, assessing, re - designing, configuring, or deploying the following information security systems:
• Palo Alto NG Firewalls and Panorama
• McAfee and Cisco IPS/IDS
• RSA Security Analytics
• BlueCat IPAM, DHCP and DNS
• FireEye MPS, HX, EX, NX and ETP
• Intel McAfee ePO, VSE 8.8 and ENS 10.5
• HP ArcSight SIEM
• Exabeam UBA
• Rapid 7 Nexpose and Metasploit
• Forcepoint Websense Triton
• Microsoft Azure and Office365
• PhishMe Simulator and Reporter
• Imperva SecureSphere
• Imperva Incapsula
• Akamai
• Cylance
• Gigamon GigaVue
• Provide front line support for all information security related issues, such as:
• Guiding secure infrastructure deployments (firewalls, networks, services, etc.).
• Consulting on secure application development (including code reviews).
• Performing proprietary and third party application reviews.
• Implementing and managing Splunk Indexers, Search Heads, Data Engines and Forwarders.
• Managing SSL certificates and encryption keys.
• Monitoring and responding to emerging threats.
• Leading data handling and data confidentiality issues.
• Implementing and managing CyberArk Enterprise Password Vault, Privileged Session Manager and Privileged Threat Analytics.
• Coordinates security compliance efforts, such as:
• Performs regular application and infrastructure vulnerability assessments.
• Evaluates and recommends OS and application patches.
• Reviews and recommends new security products as necessary.
• Conducts regular audits of systems to ensure security standards and process are being followed.
• Manages internal and external security audit interaction.
• Promotes security principles and enforces security policy for the company.
• Designs, implements and supports security-focused tools and services.
• Develops training materials for general security awareness.
• Leads small training groups focused on specific security technologies.
• Provides consultancy to internal customers on risk assessment, threat modeling and fixing vulnerabilities.
• Contributes to the development of security policies and processes.
• Collaborates with peers and user communities to define projects and prioritize resources. Identify and document the impact of changing applications and technology (areas affected, nature, results, etc.).
• Assists IT personnel in coordination and monitoring of internal controls.
• Developed organization’s Security Awareness training program.

Confidential, Alpharetta, GA

Senior Network Security Architect

Responsibilities:

• Possess expert knowledge of information security standards, principles, and practices
• Demonstrated relevant security expertise in designing secure architectures for a mix of the following areas: Web Applications and Services / Server Operating Systems (Windows / Linux) Workstation Operating Systems (Windows / MacOS)/Mobile Device technology / Network Devices / Storage Devices / Virtualization / IDS Technologies / SIEM Technologies (ArcSight) Secure Application Development / Encryption / PKI / Identity Management/Application Security / Database Security (Oracle/MySQL) Compliance - SOX, PCI, ISO 27001 Cloud / Colocation / SaaS technologies / Forensics / Cyber Intelligence/ National and International Privacy laws and regulations
• Proficient with the techniques that go into the formulation of architectures, including requirements discovery and analysis, application of abstraction, formulation of solution context, solution alternatives identification and assessment, technology selection, and architectural configuration.
• Strong ability to assess risk and translate it to business relevant considerations and facts, learn and apply new concepts quickly
• Proven analytical and problem solving ability
• Superior communication, ability to explain complex concepts in plain language and graphics
• Managed network and security infrastructure using Cisco Prime and Tufin SecureTrack
• Responsible for designing and deploying Splunk infrastructure.
• Excellent organization, and interpersonal skills with the ability to appropriately communicate and translate complex security risks to dollars
• Led enterprise reference architecture functions; including Applications, Integration, Data/Analytics, Continuous Delivery, Infrastructure, End User Enablement, and other technical areas
• Responsible for managing and securing the organizations Aruba LAN and WLAN infrastructure and devices, implemented the Aruba RFProtect Wireless Intrusion System to help detect the company’s wireless devices and systems from DDoS and over the air security threats, and implemented the VPN Services function included in the Aruba OS, primarily to authorize, access and audit intranet and vendor access.
• Migrated Cisco IOS to Aruba OS
• Managed and audited firewall and IPS perimeter security platform using Skybox vulnerability, firewall and network assurance systems.
• Develop and implement PCN/SCADA/ICS industrial command and control strategies for various energy clients
• Developed network Security architectural vision, strategy, and execution in alignment with Domain roadmap demand plans for reference architecture function
• Worked closely with Sr. Leadership Team, Domain/Business Architects, and Platform Engineering to ensure strategy and execution alignment
• Ensured Technology keeps up with latest technology industry trends, products, and solutions
• Network perimeter firewall management and deployment (Cisco, Checkpoint and Palo Alto)
• Responsible for ensuring the organizations network infrastructure was compliant with PCI-DSS, SOX, HIPAA and ISO 27001 compliancy regulations.
• Indirectly led team of Reference Architects
• Worked with Business IT teams to continually improve the security posture of their application portfolios
• Aided in the development of a multi-year IT Security Strategy
• Aided in the development of an annual Security roadmap outlining key initiatives in support of the Information Security Strategy
• Provided detailed input into the creation of the annual IT Security budget
• Creation of a sustainable security framework to allow secure technology standardization
• Developed business cases for the adoption of new technology, standards, and processes
• Worked with peers throughout to collect input on needed security capabilities
• Provided guidance to engineering and support teams on security risks
• Support management in understanding architectural information risk within/against
• Analyze market trends and adjust the strategic security roadmap accordingly.
• Staying current on security technologies, trends, standards, and best practices
• Continually update relevant security skills

Confidential, Glendale, CA

Data Center Network Security Architect

Responsibilities:

• Develops network securitydesign plans, reference architectures and standards for securenetworking across the enterprise.
• Responsible for interpreting global business and technical security requirements in order to apply advanced next generation firewalling, encryption, access control and intrusion prevention technologies for global consumption.
• Managed the organizations ArcSight SIEM infrastructure, and Splunk security logging and monitoring platform.
• Responsible for the discovery, documentation, validation / refinement of forward-looking solutions (ex. Global Network Access Control and next-gen integrated Firewall and IPS strategy) while considering opportunities for re-use of standard solutions and technologies.
• Responsible for conducting enterprise wide security penetration and vulnerability testing using tools suck MetaSploit, Nessus, QRadar SIEM, and Wireshark
• Developed designed and maintained organization PKI infrastructure.
• Extensive knowledge and understanding of networking and security technologies and architectures including: TCP/IP protocol suite, IPSEC, TLS, SSL, RADIUS, TACACS+ and X509 certificate authentication.
• Experience with encrypted network transport solutions (site-to-site and client based VPN) and public key infrastructure (PKI).
• Proficient in Firewall technologies (Juniper SRX, Palo Alto, Cisco ASA, Checkpoint), Intrusion prevention technologies (McAfee and Cisco IPS, Fortinet, Juniper IDP, Sourcefire, etc.).
• Designed, implemented and manage Informatica Master Data Management (MDM) infrastructure.
• Implemented Tufin SecureTrack network management solution, and Skybox assurance platform.
• Implemented a Security Awareness training program using utilizing tools such as PhishMe Simulator and Reporter.
• Implemented and managed CyberArk privileged account management platform.
• Demonstrated experience with wired/wireless access control systems such as Aruba Clear Pass and Cisco ISE.
• Perform migration from Cisco WLAN to Aruba WLAN infrastructure.
• Strong organizational skills used to lead and track remediation efforts upon occurrence of proactive security incident notifications from vendors’ PSIRT teams.
• Responsible re-designing and securing the organization Aruba WLAN indoor/outdoor MESH wireless infrastructure, developing the Aruba Network Access Control (NAC) solution to better identify and prevent unwarranted/unapproved devices from accessing organizations LAN/WLAN infrastructures, implementing the Aruba Network Policy Firewall to enhance the organizations ability to better block, prioritize and place rate-limits on WiFi traffic, and to better assess and control internal and external application access to core infrastructure systems.
• Experience in network Denial of Service defense/avoidance/protection. Includes experience with tools such as Arbor Peak Flow.
• Experience with malware threat load generation testing methodologies and use of tools such as Ixia/Breaking Point and Avalanche.
• Experience in developing securenetworks for virtualized environments across Data Center components (compute, storage, and network) including experience with protecting both physical server and hypervisor driven virtual server implementations.
• Experience with PCI DSS, SOX, HIPAA compliancy regulation and standards, securityaudit processes, evidence gathering, forensics, observed fieldwork and development/management of remediation plans used in resolution of findings.
• Experience with vulnerability and securitycontrol/exception management.
• Experience with IT InfoSec incident response processes.
• Experience with Internet architectures from a securitystandpoint and familiarity with Denial of Service prevention mechanisms.
• Experience with implementation of access control and authentication mechanisms such as 802.1x and EAP-TLS/TTLS.
• Strong technical knowledge of UNIX, VMWARE, application analysis (detailed packet capture analysis), network design, network management systems and troubleshooting techniques.
• Strong interpersonal and communication skills, and works effectively with a wide range of stakeholders in a diverse set of business units.

Confidential, Los Angeles, CA

Director of IT Infrastructure and Network Security

Responsibilities:

• Managed the organization’s entire global IT network engineering and system application infrastructure.
• Responsible for the day-to-day management 28 full-time employees (FTE’s) and 62 contractors located Confidential 29 corporate sites globally.
• Managed a 28.6 million dollar IT operations and capital expenditures budget.
• Designed and deployed PKI, Radius, NPS and 2 Factor authentication infrastructure in support of the organization secure identity management and personal identification validation (PIV) Oracle IAM database system.
• Implemented and managed organization’s CyberArk security intelligence platform.
• Developed a strategy and implemented the relocation of the organizations DR and COLO data centers and NOC.
• Developed SCADA firewall deployment strategy, test plans and multi-vendor platform designs for the US Department of Energy.
• Responsible for performing security audits, vulnerability testing, LAN and WLAN penetration testing, and the organizations Security Awareness Program.
• Responsible for performing security audits to ensure compliance with PCI DSS, HIPAA, SOX and ISO 27001 security standards and regulations.
• Managed vendors, software/hardware technical support licensing and warranty agreements, and developed/managed all IT related request for proposals (RFP’s).
• Developed and maintained the organization’s IT Continuity of Operation Plan (COOP), Standard Operating Procedures (SOP), Change Management Procedures, Performance Matrix's, Green IT Standards and Policies.
• Developed and implemented an organizational wide disaster recovery and data retention strategy.
• Implemented and managed organization’s migration from SharePoint to Confluence.
• Managed organizations QRadar SIEM and Splunk monitoring and logging infrastructures.
• Responsible for the development and enforcement the organizations IT security standards and policies based off of industry wide best practices.
• Designed and managed the implementation of the organization’s enterprise wide secure Wireless Local Area Network (WLAN) and Distributed Antenna System (DAS) infrastructures, utilizing Cisco, Ruckus, and Bridgewave wireless and point-to-point (PTP) radio and management technologies.
• Designed, implemented and managed Aruba WLAN and BYOD infrastructure which was comprised of Aruba Policy Managers, 7210 Mobility Controllers, 300 Series Wireless Access Points, and centralized management using Aruba Central.
• Juniper, Palo Alto Checkpoint firewall deployments.
• Served as senior technical liaison and IT strategist to the organization’s Board of Directors for all IT engineering related initiatives, alongside of the company’s CIO.
• Developed VMWare VSphere 4.1 to 5 enterprise infrastructure migration and consolidation strategy, performed P2V and V2V server migration and cloning, reduced enterprise physical server count from 937 physical servers to 237 physical servers and 257 virtual server instances. Configured VMWare ESX and ESXi infrastructure for HA, DRS and SRM. And configured Cisco UCS Fabric Interconnects and Nexus 1k/2k virtual switches to support the VMWare environment.
• Designed and Performed VMWare VSphere 5 ESX/ESXi and VMWare Horizon/View VDI rollout for client environment to support over 300 end users.
• Implemented enterprise level consolidated virtual server infrastructure using VMWare ESX Server systems and NetApp storage appliances, which decreased the organizations data centers carbon footprint plan and yearly energy and hardware maintenance and repair costs by 60%, thus saving the business over 2.8 million on IT operational costs.
• Architected, designed, developed processes and implemented the organizations Mobile Device Management (MDM) infrastructure, Two Factor Authentication infrastructure, and Bring Your Own Device (BYOD) initiatives utilizing the Mobile Iron device management platform and RSA digital tokens and user portals.
• Managed 5 large data center NOC and SOC, virtual/physical server and UCS infrastructures, storage, wireless, VOIP and unified collaboration environments.

Confidential, Atlanta, GA

Manager of Network Engineering and Security

Responsibilities:

• Provides overall direction, guidance and definition of the firm’s technology architecture to link business goals, user needs, and the IT strategy for a large multinational law firm with over 3000 users (2,500 attorneys), 4 international data centers (Atlanta, London, Singapore and Suwannee).
• Responsible for researching, analyzing, designing, proposing, and delivering enterprise architectural solutions that are appropriate for the business and technology strategies.
• Strong information technology landscape architectural design and integration experience including security, infrastructure, network, client, server, storage, emerging technology standards and trends.
• Architected, designed, developed processes and implemented the firm's Mobile Device Management (MDM) infrastructure, Two Factor Authentication infrastructure and Bring Your Own Device (BYOD) initiatives utilizing the Airwatch mobile device management and RSA digital tokens and user portals.
• Managed organization’s Splunk infrastructure.
• Deployed PKI, NPS, DLP and secure PIN architecture to support the company’s user credentialing, encryption and Smart Card authentication protocols.
• Upgraded and migrated the organizations VMWare ESX/ESXi 3.5 virtual server infrastructure to VCenter 4.1 and then to VCenter 5. Designed and deployed the organization VMWare Site Recovery Manager (SRM) disaster recovery strategy and infrastructure.
• Checkpoint and Cisco firewall administration.
• Conducted network and security vulnerability assessments and audits to ensure compliancy with PCI DSS, SOX and HIPAA regulatory standards.
• Performed a data center migration of the organizations primary data center, designed and built out the organizations disaster recovery and continuity of operation DR site.
• Architected, designed and implemented the deployment of the firm’s VMWare View VDI desktop environment that was designed to support 50 legal support analysts.
• Strong systems design, planning and implementation experience with the Cisco UCS server blade/chassis and rack server platforms, NetApp storage infrastructure, Disaster Recovery, Exchange 2003/2007, Single Mailbox Recovery (SMBR), Microsoft Active Directory/MS Server 2008, VMWare and Citrix XenApp virtual infrastructures, Cloud infrastructures (Private, Public and Hybrid), and Software as a Service (SaaS).
• High level of experience and strong familiarity with network and security infrastructure systems such as Cisco series 6500/3750x switches, Cisco 2900 series routers, Cisco 1k/5k/7k appliances, F5 Firepass and APM (VPN and Load Balancers), Two Factor Authentication, Active Sync, Mobile Device Management (MDM - Airwatch), Data Loss Protection (DLP), BlueCoat AV and Content filtering, McAfee Endpoint Encryption.
• Strong experience with integrating SQL 2005 and 2008 database warehouse infrastructures to support document management systems (DMS - iManage), and various other law industry support applications.
• Strong Network Operations (NOC), Data Center, Disaster Recovery and Continuity of Operations (COOP) planning and support experience.
• A subject matter expert in the definition of security architectures, regulatory compliance, data privacy, and selection of relevant technologies.
• Acts as single point of contact for management and monitoring of outsourced security functions to include but not be limited to attainment of associated Service Levels.
• Applies expertise in defining information security and protection systems to eliminate or reduce unauthorized disclosure or destruction of data in the care of Confidential & Confidential .
• Oversees the investigation of technology security breaches.
• Develops security goals and objectives in support of the corporate strategic plan.
• Is responsible for ensuring that agreed Internal (K&S Customer) and External (Service Provider) security service levels are met.
• Strong interpersonal skills as well as solid strategic thinking are key. Ability to communicate technical solutions to non-technical personnel is required.
• Align IT risk management and disaster recovery with organizational needs and priorities.

Confidential, Atlanta, GA

Director of Networking and Security

Responsibilities:

• Cisco Secure wireless 802.11 network design, implementation and administration utilizing certificate-based authentication with Cisco Aironet Access Points.
• Developed design, deployment, and implementation strategy for Wireless LAN infrastructure for 12 national site offices.
• Network Policy Server (NPS) RADIUS server configuration and implementation for wireless and VPN networks.
• Cisco ASA, Checkpoint and Fortinet firewall configuration, deployment and management.
• Certificate Authority Server (CAS), PKI, digital signature, secure PIN and biometric fingerprint configuration and implementation for the organizations secure domain, Ethernet, wireless and VPN network access.
• Performed current state assessment and future state design and deployment strategy for the relocation of the data center.
• Developed Disaster Recovery plan and Operational support documentations.
• Designed a secure token-based 2-factor authentication strategy for mobile and remote workers.
• Managed Splunk security logging infrastructure.
• Re-designed corporate backup strategy and data retention plans.
• Developed and implemented VMWare ESX 3.5 and VSphere 4 Server enterprise level hardware consolidation and deployment plan and strategy Managed over 450 Windows 2003 and 2008 domain and member level servers.

Confidential, Washington, DC

Technical Infrastructure Manager

Responsibilities:

• Migrated all servers from Windows 2003 to Windows 2008, and also migrated Exchange front end and back end servers to Exchange 2007.
• Relocated the organization headquarters data center to a new geographically dispersed offsite location.
• Served as senior technical liaison and strategist to the government executive management team for all IT related projects.
• Performed current state assessment and future state design and deployment strategy for the relocation of the FAS/ Confidential entire data center to ISO 7816/14443, FIPS and DHS standards.
• Designed, implemented and managed 65 NETAPP FAS 3100 and 6000 series appliances for Microsoft Exchange 2007 database storage, SQL 2005 Data Warehousing environment, and VMWare ESX hosting purposes. I also utilized the NETAPPS data snapping capabilities for disaster recovery and data backup purposes.
• Developed FAS/ Confidential COOP (Continuity of Operation) and Disaster Recovery sites infrastructure and strategic IT solutions plan
• Deployed a Digital Video Conferencing (DVC), which provides all 1700 FAS/ Confidential employees (CONUS/OCNOUS) the ability to conduct video teleconferences with each other worldwide.
• Deployed and managed Citrix XenApp5 environment.
• Designed a secure token-based 2-factor authentication, PKI, SPII, PIV, Secure PIN, Smart Card and digital authentication computer sign-on strategy for mobile and remote workers.
• Cisco ASA and Checkpoint firewall management and administration.
• Migrated all Sybase databases over to SQL 2005 and Oracle.
• Deployed ForeFront Encrypted Identity Management and secure PIN and Smart Authentication devices and protocols.
• Developed and executed an Altiris deployment strategy for managing and monitoring server and desktop systems throughout the environment. Installed, configured, and administered Altiris management suite which included the inventory, asset management, patch management, server and desktop monitoring, software deployment, and active directory management components.
• Managed internet and intranet web servers including SharePoint MOSS 2007 servers.
• Deployed and configured the FDCC security setting for all government desktop and laptop systems.
• Developed a VMWare ESX Server enterprise level hardware consolidation and deployment plan and strategy which decreased the client's yearly energy costs by 60%.
• Built, deployed, and managed over 752 Windows 2003 and 2008 domain and member level servers.
• Created technical server-build documentation, and server images for the quick deployment of future server systems.
• Managed the day-to-day tasking and reporting of the entire IT engineering support team.
• Developed and maintained COOP, SOP, Change Management Procedures, Performance Matrix's, Green IT Standards and Policies.

Confidential, Raleigh, NC

Senior Network and System Engineering Architect

Responsibilities:

• Windows 2003 and Exchange 2003 architecture design engineering.
• VM Ware ESX Server deployment and administration
• Deployed and implemented NETAPPS FAS 2000 and 3100 storage appliances to be utilized for Microsoft Exchange 2003 and file server clustering environments.
• Built and deployed over 256 Windows 2003 domain and member level servers.
• Managed PKI, NPS, Radius, Secure PIN and Oracle personnel facility and network access management databases.
• Created technical server-build documentation, and server images for the quick deployment of future server systems.
• Performed network monitoring using Nagios.

Confidential, Washington, DC

NOC Engineering and Operations Manager

Responsibilities:

• Responsible for the administration and support of a total of 27,000 users via Active Directory.
• Managed PKI and Radius encrypted and secure system access infrastructure.
• Built and deployed 216 brand new Window 2003 servers, and created a Windows 2000 to Windows 2003 server migration strategy for all of the existing Windows 2000 servers to ISO 7816/14443 FIPS standards.
• Performed Security Audits and scans utilizing Nessus to ensure PCI, SOX and HIPAA, Microsoft security bassline compliancy.
• Managed and monitored the day to day network systems and security infrastructure through the use of enterprise management products such as MOM 2005, SMS 2003, Web Cool, Patch link, Nessus, MBSA, SAV 10 server, and the Symantec SESA Appliance.
• Identified and resolved Managed enterprise network server and desktop issues, security threats, network outages, and network service disruption in a real time format.

Confidential, Reston, VA

Senior Systems Engineer

Responsibilities:

• Designed and implemented the Windows 2003 Server network forest architecture for the Department of Homeland Security.
• Designed and implemented the Windows Server, Windows XP desktop migration and roll out plan for all of the Department of Homeland Security and Transportation Security Authority user desktop machines, PKI, IAM, PIV encrypted authentication infrastructure systems to DHS and FIPS standards.
• Built over 403 Windows 2003 servers, and migrated over 187 existing Windows 2000 servers to Windows 2003 servers.
• Performed security audits to ensure compliancy with PCI, FISMA, ISO 27000, SOX, FIPS and HIPAA regulatory standards.
• Developed and executed an Altiris deployment strategy for managing and monitoring server and desktop systems throughout the environment.
• Lead Senior System Engineer for the day-to-day Domain Administration and management of 24/7x365 NOC Windows 2000/2003 Server and Exchange 2000/2003 Server environment, Blackberry Enterprise Servers and Virtual Servers, and Windows XP network and administration infrastructure for the Department of Homeland Security.
• Possess extensive Exchange 2000/2003 Server back end and front end server configuration, design, administration, and maintenance experience.
• Lead Senior System Engineer for the infrastructure design of the Exchange
• 2000/2003 for DHS and TSA.
• Extensive knowledge of Exchange storage group and messaging logs configuration.
• Responsible to the management of 37,000 user's mailbox accounts via Exchange 2000/2003 and Active Directory.
• Designed a Citrix Access Infrastructure that create a central information deployment hub for the various components DHS to share and transfer classified data in a secure PIN and Smart Card format.
• Deployed and administered SMS 2003 network management system for the both DHS and TSA.
• Deployed and Administered Cisco PIX and Checkpoint firewalls.
• Designed and Configured DMZ Zones on both the Cisco PIX and Checkpoint firewalls.
• Deployed and configured routing tables on various Cisco 2000 and 4000 routers.
• Responsible for assisting in the design and deployment of the Windows 2000/2003 and Exchange 2000/2003 network enterprise architecture for the Transportation Security Authority (TSA).
• Deployed, configured, and maintained Enterasys HIDS and NIDS. VOIP network design and deployment, VOIP Unity system configuration and administration.
• Windows 2000/2003 Bridgehead load balancing procedures, and designing Windows 2000/2003 Active Directory Group Policy procedures.
• Designed enterprise virus detection solution using Symantec Anti-virus.
• Configured and administered MOM, Web Cool, and NET IQ network monitoring systems for both DHS and TSA.

Confidential, Fairfax, VA

Senior IT Security Analyst

Responsibilities:

• Performed and wrote network scans and system hardening procedures.
• Created IATO, RTM, SSAA and various other procedural documentations.