SUMMARY:

• Life Cycle Enterprise Architecture and Framework, Guiding Principles & IT Governance Standards (COBIT, TOGAF & UML) have been published § Security Architecture standards have been implemented using ISC2, ISO 27001, NIST 800 - 30 Risk Management, 800-37 RMF, 800-39 Risk Assessment, 800-53 r4, 800-63 Assurance, MITA3.0, SOX & COBIT IT Controls including FERC & NERC CIP regulations
• Auditable Internal Control Policy, Process and Procedures have been initiated, documented, Agile and PMBOK project managed, implemented and institutionalized to conform to CMS/HIPAA/HHS/CobiT/PCI regulation § Generated functional requirements from business requirements.
• Provided Current State, Future State, GAP Analysis & Roadmaps for Security Architecture
• Provided Security Architecture in Agile and PMBOK SDLC Waterfall Hybrid environment with Scrum process.
• Project Manager for Oil Refinery Process Controllers in the US & Off Shore
• Determined Threat Model, threat matrix, vulnerabilities, risks & alternative remediation controls
• Provided Security Architecture for Healthcare MMIS and HIE CMS Audit Compliance & RFP Initiative § Supported PCI Assessment, Internal & External Audit § Facilitated passing PCI Audit with virtually no open items § Security Operations, Risk Assess and IT Security Bank Audits.
• I Architected SSO, Federated Identity Management WS-Security/SAML
• Cloud Automation scripting: Chef, Knife, Power Shell ISE, bash shell, etc.
• Cloud Security and Automation
• Unix & Linux Bash Shell Scripting, Perl, Ruby, JavaScript
• Chef, Knife, PowerShell ISE Cloud Automation
• AWS & MS Azure Cloud Automation, Node.JS, Python
• Jive SaaS Security Vulnerability Assessment
• Cloud Security, SLA & Contract Compliance, CSA Assess
• Symantec Cloud Proxy Services RFP
• Project Management
• PMO Tools: MS Project, Dashboard, Score Card, Project Charter, TMAP
• PCI Compliance Project Manager: Identity Access Management/Access Control Audit & Integration
• Security Project Manager: Process Control Security Remediation - Oil Refineries US & Off Shore, Blue Works
• Security PM: SSO/Identity Management for Global Portal Design & Implement, Confluence, JIRA
• Project Control: Portfolio Process, Six Sigma TMAP, NSA-IAM, Risk Assessment, Guiding Principles
• Security Documentation Published:
• Security Architecture Document for Credit Card Sys.
• .NET/WebSphere/VB Guidance & Patterns:
• Input Validation, Least Privilege & Secure Default
• System Security Plan for PCI Audit and Compliance
• Assessment: Sarbanes-Oxley Internal Control
• Architect: SSO WebSEAL, TFIM, ISAM, STS
• Procedures: Security Event Log & Monitoring
• Response To RFP, Usecase:Blueworks, Version One
• Security GAP Analysis COBIT, ISO 27002, OMB. OCC
• Vulnerability Assessments: Process Maps, Process Doc, Procedure Doc & RACI auditable documentation
• Weighted Analysis Palo Alto NG, Check Point FW, Cisco ASA, Cisco NIPS, 2FA, Cloud Services, EUCA
• Standards Published: Enterprise Security Standards Doc, PCI Compliant System Security Plan, AWS, Azure
• Standards Published: Enterprise Architecture (TOGAF), IT Governance (COBIT) & Modeling (UML)
• Org Criticality Matrix, Shibboleth IdP, SP,SAML
• Enterprise & System Security Plan - COBIT
• McAfee Vulnerability Assessment Security Operations Process & Procedure document, OAuth, SAML
• Web Inspect Web Server & Services Vulnerability Security Operations Process & Procedure document
• App Detective Application Vulnerability Assessment Security Operations Process & Procedure document
• Tipping Point Network Intrusion Detection Security Operations Process & Procedure document
• Cisco Security Agent Host Intrusion Detection Security Operations Process & Procedure document
• Cyber Crime Scene Investigation Security Services Process & Procedure doc., Cloud Vendor Assessment
• Security Operations PMO Project Management Process and Procedure & Security Operations Charter
• Firewall & VPN Experience: Designed
• AWS & AZURE: VSG, NSG, ACL, Route Tables, Gateway
• Cisco Pix 515E, ASA5520, 7140 VPN, Nokia IPSO
• Palo Alto NG, Check Point FW- NG/AI, NGX, SPLAT
• Linux Check Point Secure Platform, NetScreen
• Cisco 3030 VPN concentrator & Cisco IOS VPN
• ASA5520 Web VPN, Fire Pass Remote VPN
• Intrusion Detection System (IDS):
• Palo Alto NG, Cisco ASA5540 AIP NIPS, Tipping Point
• McAfee IPS/HIDS Cisco IPS Mang. Express IME
• Norton & McAfee Virus Detection, McAfee DLP
• Cisco Security Agent (CSA), Tripwire IDS
• Scanners: Logging, Monitoring & Audit
• ISS, Nessus, Rapid7, Burp Suite & Cyber-Cop Scanner
• Web Inspect Enterprise Assessment, Snare, Kiwi
• McAfee/Qualys, ArcSight SIEM, RSA Envision Syslog
• Enterprise Policy Orchestrator: ePO, AuditCon
• PKI, SSO and Access Control:
• App Detective Appl. Vulnerability Assessment
• SSO: Site-Minder, TFIM, WebSeal, ISAM, STS
• LDAP, Active Directory, WebLogic, Oracle AS
• SecureIT TrustBuilder Keytool, OpenSSL
• Digital Certs Client Side & Server Side
• Teaching: Northern IL Univ, DeVry, Triton College, Harold Washington College
• Math, Security Architecture, Cisco Router, Project Mang.
• Check Point Firewall, Unix, HTML Web Des.

TECHNICAL SKILLS:

Expired: CISA, CCSE, Master CCNE, Enterprise CNE, CCNA

Recent Technology: ISAM Mobile, Trust Builder, Shibboleth, Agile, JIRA, Confluence, Jive Cloud Application, Recent Technology SAML, OAuth, Open ID, JWT, REST, LTPA, O-ISM3 Risk Assessment

Cloud Automation Scripting: Unix & Linux Shell, Perl, Ruby, Chef, Knife, PowerShell ISE, Node.JS, Puppet

CONTRACTUAL EXPERIENCE:

Confidential

Enterprise Security Architect

Responsibilities:

• Provided the original and instantiated TOGAF based Health Enterprise Security Architecture (HESA) and Framework (HESAF) for health care provider Medicaid Management Information System (MMIS) per MITA 3.0 7 conditions & standards, NIST 800-30 Risk Management, 800-37 RMF, 800-39 Risk Assessment, 800-53 r4, 800-63 Assurance, ISO 27002 and OWASP best practices.
• Supported RFP security solutions and CMS assessments for states MMIS & Health Information Exchange (HIE) initiatives.
• Supported Health Enterprise CMS audit of material items CAP security architecture solutions. Supported security architecture for IBM WebSEAL, TIM, TAM. ISAM & Portal to HTML5 platform migration.
• Supported WebSEAL protection of web URLs and URI for conventional and REST web services. Designed Security Architecture Blueprints for critical MMIS security components.
• Provide TOGAF consulting service & HESA-Development Method. Own Health Enterprise Security Architecture. Architected current, transitional & target architecture for EAI step-up MFA authentication and eTAI SSO. Conducted Options & Impact on security token protocols use of SAML, OAuth & JSON Web Token (JWT).
• Designed the MITA 3.0 compliant TOGAF based Platform Health Enterprise Architecture and Framework. Provided TOGAF certified support for CMS, MITA 3.0 Health Enterprise in Agile environment with Scrum processes.
• Assess Health Enterprise cloud security service per SSAE 16 & Cloud Security Alliance CCM best practices. Provide MMIS support in meeting NIST 800-53 r4 and CMS Moderate Plus Safeguards. I provided NIST 800-53r4 Qualitative Security Assessment against SSAE 16, CSD and HIPAA standards in IBM and customer Data Centers.
• I developed Process Maps, Process & Procedure docs & assessed Use Case in IBM Blueworks for CMS Moderate Plus security controls.
• I peer reviewed User Agile Stories in Version One, Use case process in IBM Blueworks and Agile/PMBOK processes in Share Point, JIRA and Confluence.
• Supported on-boarding of new Security Architects and Project Coordinators in the PM Matrix. O-ISM3.

Confidential

Cloud Application Security Architect

Responsibilities:

• I was Project Leader & Security Architect for the Cross Coast Jive Cloud Application Security Assessment.
• Coordinate Data Loss Prevention Expansion from East Coast - West Coast during merger for cloud apps.
• Coordinate User Recertification Cross Coast Integration process, procedures and operational pain points.
• I provided phase 1 of DLP Cross Coast Upgrade: DLP Requirement Gathering and Analysis deliverable.

Confidential

Enterprise Information Security Architect

Responsibilities:

• I developed the Confidential Appl Security Architecture Guiding Principles.
• I proposed a Baseline, Transitional & Target Application Security Architecture Framework in an API Managed/ESB environment.
• I developed Appl Security Risk Assessment Self Service Security Profiling Tool based on OWASP, ISO 27002, NIST 800.

Confidential

Enterprise Information Security Architect

Responsibilities:

• Security Architected SSO Federated Identity Management Cross System Authentication & ID propagation.
• Provided Options & Impact product evaluation for Site Minder and IBM SAM/WebSeal/TFIM/IDI/STS. Security Architected WS-Security Integration on Datapower gateway, Message Broker ESB for WebSphere Applications including, Guidewire Claims Center, Filenet, Thunderhead etc. Provided baseline XSA Project Charter and guidance on TOGAF Architecture Process including Cost, Resource Estimation, Order of Magnitude, and Options and Impact.
• I provided Enterprise Security Architecture services for Custody Assessments to support the RFP process. Provided guidance on Data Classification Security Control Matrix. Provided Security Architecture for Enterprise
• Managed File Transfer system (Sterling & IPswitch), including Options & Impact, RFP, Product Evaluation & SOAP WS-Security transformation & Integration.
• I Provided NIST 800-53 Risk Assess.
• Developed TOGAF based Westfield Enterprise Security Architecture.

Confidential

Cloud Security Architecture Consultant

Responsibilities:

• Architected Off Network Cloud Proxy Security Services for Confidential.
• Provide vendor product evaluation Weighted Analysis for pre-RFP and Score Card for Response to RFP.
• Provided RFP/SOW Functional, Technical and Cost Requirements, including Cloud Proxy ISO27001/SSAE 16 and Cloud Security Alliance Requirements doc to Global Strategic Sourcing.
• Provide SaaS Services evaluation.

Confidential

Vulnerability Assessment Consultant

Responsibilities:

• Nessus Vulnerability Assessment and Configuration Review on Routers, Switches, Servers, Workstations, Wan Accelerators, VPN, FW. WAP and Voice Gateways on site & remotely over SSL VPN Nessus 5.01 VM.
• Installed Nessus 5.01 on Physical Server and VMWare Virtual Machine to achieve SSL VPN remote access.

Confidential

Enterprise Security Engineer

Responsibilities:

• Conducted Confidential & Crew PCI Assessment and provided mitigation/remediation recommendations.
• Developed the Confidential & Crew Enterprise Security Architecture Framework based on TOGAF & ISM3 Risk.
• Provided Strategic, Tactical & Operational Security models including ISO 27001/2 Control Processes.
• Provided Portal Application Java based security solutions for Digital Signature and Electronic Signatures.
• Launched NIPS Evaluation Project for Palo Alto NG Firewall, Tipping Point & Cisco ASA5540 AIP SSM-20.

Confidential

Risk Management IT Security Auditor

Responsibilities:

• Engaged Third Party Law Firms doing business with Confidential into a Security Assessment Risk Management process per Office of the Comptroller of the Currency (OCC) Laws & Regulations and the Federal Reserve.
• Executed ISO 27002 IT Security Audit and Risk Assessment to Law Firm Legal Partners, IT Security Team, HR and Physical Facility Manager.
• Collected IT & HR Security Policies, Data Process Flows and Response to Questionnaires. Used Archer Governance, Risk and Compliance tool to facilitate Assessments.
• Assessed Responses to Questionnaire and supporting evidence, then Interviewed the Law Firm Team to validate the attestation of claiming to meet the ISO 27002 based security requirements and the submitted evidence. Used Archer Compliance Process Manager to manage compliance and audit/assessment process.
• Provided Recommendations for Remediation of Gaps. Published Security Assessment/Audits.
• Follow up with Law firms to assess closure of Gaps to reduce the Confidential risk to Confidential and its customers.

Confidential

Global Enterprise Vulnerability Security Assessment Eng.

Responsibilities:

• McAfee and Qualys Vulnerability Assessment Scanning, Reporting, Remediation Security Operations.
• Composed Auditable documentation: Process Map, Procedure, RACI, Management, & Process documents.
• Provided Audit Remediation for all Audit items and help provide attestation for evidence of audit closure.
• Scan, Reporting and Remediation in North & South America, Europe, Asia, Africa and Middle East.
• Scanned nearly 2 million devices using over 100 McAfee and Qualys scanners deployed Confidential .
• Monitor Scan Performance before and after upgrades and provided performance tuning as required.
• Owned Vulnerability Security Operations for one of several global environments and backup for others.
• Enterprise Manager and Console Appliance admin for FS850, FS1000 appliances and Distributed System.
• Enterprise Manager & SQL Server Manager Studio Express Reporting and Remediation monitoring.
• Developed Graphical Analytics for Tracking and Trending of vulnerability metrics in the Global space.
• Used Wire Shark on proxy and other Infrastructure servers to remediate connectivity across domains.
• Provided Endpoint Security Governance and metrics for Americas, Asia, Africa, Europe & Middle East.
• Enterprise Policy Orchestrator - ePO reporting and metrics management to IT and Corporate Dashboard.
• Report Vulnerability and Endpoint metrics to CISO for global risk and audit attestation.

Confidential

Advanced Meter Infrastructure Security Assessment Engineer

Responsibilities:

• Support Smart Meter, Smart Sync, Meter Data Management System CIS, CRM, DW & OCE SOA projects.
• Provided OS, Web and Application Scan, Security Assessment, Remediation Solution & Risk Assessment.

Confidential

Cyber Security Assessment Engineer

Responsibilities:

• Provided Cyber CSI Forensics Analysis service process and procedures. Project Manage Cyber CSI Services
• Responsible for Staff Utilization & Tracking Workbook Report Design & Security Operations Charter
• Found Stone Vulnerability Assessment for Security Operations, Process, Procedure docs and maintenance
• App Detective Database Vulnerability Assessments for Security Operations, maintenance & support.
• Web Inspect Web Server Vulnerability Assessment Process, Procedure docs, Operations & maintenance
• Used Splunk, RSA Envision, Kiwi and MARS for Security Assessment, Syslog Correlation & Monitoring
• Responsible for Tipping Point Network Intrusion Prevention System (NIPS) monitoring and Assessment
• Cisco Security Agent Host Intrusion Prevention System (HIPS), Process, Procedures doc & Operations
• Cisco Intrusion Detection System Manager Express and Cisco IDS Device Manager Process & Procedure

Confidential

Credit Card PCI Compliance & Identity Management PM

Responsibilities:

• Provided PCI Access Control, Identity Management Tech Project Management & PCI Audit Consulting
• Project Charter, Scope, TCO, PCI Audit Approach, Property Management, Reservation, People-Soft & ADP Integration of ID Access Management for PCI Compliance to meet PCI Access Control Requirements.

Confidential

Security Architect

Responsibilities:

• Implemented PCI Audit Compliance Program & supporting Security Architecture Auditable docs.
• Supported NIDS/IPS, HIDS, CP Firewall & Fire Pass VPN for PCI v1.1 CIP & ROC requirements.
• Enforced SAS70 Compliance & Provided System Architecture Blueprints & System Security Plans.

Confidential

Security Architect Project Manager

Responsibilities:

• Support Pix and Checkpoint Firewall migrations. Implement Monitoring & Auditing of all firewalls
• Designed Cisco ASA5520 adaptive security appliance Web VPN & firewall to support Share Point
• Provided Threat Assessment, including threats, vulnerabilities, risk and likely-hood of occurrence
• Evaluated alternative security remediation and compensatory safeguards and controls for threats
• Project Manager, Process Control Security Remediation - Network Segmentation firewall initiative
• Responsible for Project Charter, Project Plan, Project Risk, Key Stakeholder Matrix, etc.
• Architected security remediation project Cost Models for all Oil Refineries in US and Off Shore
• Project deliverables on time, on cost. The Quality, Security and Fiduciary requirements were measured and met based on Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Reliability, & Compliance

Confidential

Enterprise Security Architect

Responsibilities:

• Responsible for Enterprise Security Architecture Framework, Baseline and IT Governance
• Provided Current & Future State GAP Analysis for System & Enterprise Security Plan based on COBIT, ISO 17779, ISC2, OMB, FERC and NERC regulations, standards & best practice
• Provided preplanning, SDLC phased work-plans including FY05 cost and capacity planning
• Provided Requirements Based Access Control and provided CobiT Audit Compliance Strategy
• Provided Enterprise. Security Blueprints & Security Architecture for Credit Card Systems
• Designed Enterprise Wide Application Security N-Tiered Multi-Layered Threat Model
• I Published JEA Standards: IT Governance (COBIT), Enterprise Architecture (TOGAF),UML
• Architect of the Original JEA Enterprise Architecture Framework and Guiding Principles

Confidential

Lead Security Analyst

Responsibilities:

• Integrated security into the software development life cycle & code review process.
• Published Code Assurance security guidance and patterns for Input Validation, Least Privilege, Secure Default & Role Based Access Control security principles. RBAC process map in Visio.
• Initiated, documented and integrated security validation test procedures for software Test Center.

Confidential

Security Architect

Responsibilities:

• Designed world class scalable and redundant SSL Accelerator and Content Services Switch architecture to terminate thousands of concurrent SSL sessions for load balanced web services portal.
• Provided all security services and documentation: Global Security Architecture, Security Plan, Incident & Response Policy, SiteMinder Access Control Security Assessment, Global Data Center Physical Security.

Confidential

Security Architect

Responsibilities:

• Support Multiple Company security, router, Internet & Web Services projects. Perl Web Site for Comdisco.
• Provide Unix bash Shell test scripts for TCPIP Security and SCSI Command Set