SUMMARY

• I have diverse experience successfully building information security architectures and programs.
• My passion for dis craft inspired me to earn an Executive Juris Doctor degree in Law and Technology—a unique legal education which enables me to thoroughly analyze an organization and translate applicable laws, regulations, and industry standards into effective, cost efficient business and technical controls for compliance.
• Industry expertise includes Big Four consulting, retail, construction, transportation, chemicals, service providers, and healthcare in both teh public and private sectors.
• Led program to architect solutions and maintain PCI compliance for $8 million dollar online bill payment program for a Fortune 5 global healthcare company.
• Assessed all enterprise risks for e - commerce platforms, social media integrations, mobile computing products, and cloud computing services for teh largest US department store.
• Built an information security program to maintain GLBA, SOX, and PCI compliance for a multi-billion-dollar global credit card processor.
• Built an information security program for PCI compliance for six globally distributed data centers of a multi-billion-dollar global aviation technology company.

PROFESSIONAL EXPERIENCE

Senior Systems Engineer

Confidential

Responsibilities:

• Architect, test, install, and maintain security infrastructure products from multiple vendors for interoperability.
• Recommend security infrastructure strategies and manage security infrastructure projects.
• Created pen test program to test applications and systems for vulnerabilities during teh development life cycle.
• Developed a vulnerability remediation program and actively provide assistance wif remediation efforts to both technical and non-technical staff.
• Analyzed IT projects to mitigate security risks and consulted on internal security standards, policies, and practices for PCI and HIPAA and security compliance.
• Coordinate between various operational groups and business units to improve security processes and procedures to build an effective information security program.
• Review security log files and investigate suspicious activities.

Senior Security Architect

Confidential

Responsibilities:

• Architected and engineered security and infrastructure products including proxy servers, firewalls, IDS/IPS systems, VPNs, routers, and switches for various clients.
• Managed internal network and security infrastructure to maintain connectivity between teh Las Vegas headquarters and teh Denver office.
• Architected and engineered an internal penetration testing lab.
• Directly responsible for building out teh Legal vertical consulting practice.

Senior Solutions Architect (Team Lead)

Confidential

Responsibilities:

• Created, edited, reviewed, and updated information security policies, standards, guidelines, and incident response plan for PCI and HIPAA for a healthcare company.
• Conducted skills assessment of teh client’s information security team to identify deficiencies and recommend staffing, training, certifications, and outsourcing.
• Performed internal and external vulnerability scanning for clients.

IT Risk Manager

Confidential

Responsibilities:

• Led company programs and projects to evaluate compliance wif company policies, regulations, and contractual requirements and architect solutions to security and compliance challenges.
• Maintained an understanding of teh business unit’s IT architecture and applied security controls to maintain network documentation.
• Managed $87 thousand dollars in vendor contracts for teh PCI compliance program to ensure annual recertification of an $8 million dollar online bill presentment application.
• Led firewall rule reviews which eliminated 50 percent of unused rules from externally facing firewalls.
• Led rogue wireless AP detection project to automate security processes throughout corporate offices and data centers.
• Work closely wif teh management team to understand their strategic priorities and concerns.
• Influence teh product development teams in building security into their product lifecycle.

Senior Analyst

Confidential

Responsibilities:

• Assessed technical and business risks of all projects including those which effected teh wireless networks, e-commerce platforms, social media integrations, mobile computing products, and cloud computing services to ensure overall enterprise risk remained at an acceptable level.
• Consulted wif stakeholders on technical, business, and legal issues recommending solutions to increase security and privacy and reduce risk.
• Created a new enterprise data classification and handling standard to increase user understanding and compliance wif information security.
• Directed teh selection of a new enterprise e-discovery solution to increase teh legal department’s ease and ability to meet legal requirements.
• Directed teh elimination of insecure wireless technologies from teh enterprise to eliminate a serious wireless infrastructure vulnerability.
• Performed SEIM architectural review and tuning to increase teh effectiveness and relevance of security monitoring and alerts.
• Led various ad-hoc teams of 3-5 people consisting of business unit, technical teams, and external service providers for penetration testing and security assessments.
• Conducted Proof-of-Concept testing on various security technologies including logging and monitoring, SEIM, DLP, and anti-malware.

Network Security Engineer

Confidential

Responsibilities:

• Configured, installed, and maintained Cisco ASA and Palo Alto firewalls, Cisco ASA remote access and site-to-site VPNs, and Cisco ScanSafe web content filtering.
• Provided secondary support for teh enterprise network infrastructure routing and switching.

Senior Data Security Analyst and Team Lead

Confidential

Responsibilities:

• Directed my information security team in creating and publishing weekly, quarterly, and annual security reports as well as security bulletins, advisories, and alerts that were timely, relevant, and actionable.
• Coordinated between various information security teams to create security notifications processes and new information security reports.
• Created teh Monthly Executive Report and redesigned teh quarterly Cyber Activity Report to better highlight teh performance and successes of teh Computer Security Incident Response Center and created more effective executive reporting tools.
• Wrote teh Weekly Cyber Briefing standard operating procedure to ensure consistency in teh delivered security awareness product.
• Created various documents to improve teh management and reporting of information security personnel.
• Organized, coordinated, and ran teh Technical Exchange events.
• Managed a team of 33 people in teh absence of teh Senior Program Manager.

Information Security Analyst

Confidential

Responsibilities:

• Coordinated between various operational groups and business units to create or improve security processes and procedures to build an effective information security program and maintain GLBA, SOX, and PCI compliance for a Level 1 Service Provider.
• Created an information security metrics program.
• Led teh Policy Steering Committee to create, edit, review, and update information security policies, standards, and guidelines.
• Managed teh vendor relationship for a multi-year, multi-million-dollar-a-year managed security service provider.
• Created and published information security awareness training including monthly security awareness emails.
• Consulted wif both teh business units and application development teams on information security and privacy matters.
• Managed various information security projects.
• Monitored federal and state laws related to information security and privacy.
• Reviewed contracts, third party security assessments, and requests for proposals to maintain legal compliance.
• Led teh Incident Response Committee which created, edited, reviewed, updated, and tested teh incident response plan.

Senior Associate

Confidential

Responsibilities:

• Advised clients on information security and regulatory compliance and made recommendations for improvements to information security programs.
• Built a PCI compliant information security program for a $400 million dollar e-commerce retailer.
• Created materials relating legal issues to information governance, risk management, and information security management system methodologies.

Senior Security Operations Analyst

Confidential

Responsibilities:

• Coordinated between various operational groups and business units to improve security processes and procedures to build an effective information security program and obtain initial PCI compliance and maintain compliance for a VisaNet Level 1 Service Provider.
• Developed a vulnerability scanning program, conducted scanning activities using Nessus and WebInspect, and provided assistance wif remediation efforts to both technical and non-technical staff.
• Created, edited, reviewed, and updated information security policies, procedures, standards, guidelines, incident response plan, hardware and systems hardening benchmarks, and security awareness training materials.
• Served as teh incident response team security point of contact.
• Reviewed projects for security risks at conception, design, and operational acceptance testing phases as part of risk management program.
• Consulted wif teh Legal Department to review legal aspects of information security policies and contracts.