SUMMARY

• Solutions - focused, team oriented Security Engineer with broad experience and hands-on skills.
• Successful implementation of highly effective solutions with cost-effective management of innovative technical strategies.
• Proven ability to successfully analyze an organization's critical requirements, identify deficiencies, potential opportunities, and developing innovative solutions for increasing reliability and improving productivity.
• A broad understanding of computer hardware and software, including design, installation, configuration, management, troubleshooting, and support.

TECHNICAL SKILLS

Certifications: CISSP, MCP, MSTC, CompTIA A+

Operating Systems: Win 9X to 10, Server 2003 to 2016, Server Core, Linux MAC OS 9-10.6

Office Productivity: MS Office, Project, Visio, SharePoint, Libre Office O365, E-mailExchange 2003 - 2013, WebIIS 6/8.5, Dreamweaver, Apache

Virtualization: VMWare ESX 3.5-vSphere 4-6, Virtual Box, Hyper-V, KVM, SAN-NASHitachi, EMC

Databases: SQL 2000 - 2014, MySQL

Firewalls: Sonicwall, Palo Alto, Check Point, Cisco PIX and ASA

Backup Software: Backup Exec, Acronis, Bacula

Other Applications: Adobe CS5, Solarwinds, Scriptrock, Change Gear, Event Sentry, Putty X-Ming, Knoppix.

Security: Wireshark, Nexpose, Metasploit, Nessus, NMAP, Log Rhythm, Lynis, Ophcrack, OWASP-Zap, Kali, Backbox, Parrot, O365 Security

Security Standards: ISO 27001, NIST

PROFESSIONAL EXPERIENCE

Confidential

Security Engineer

Responsibilities:

• Implemented security features of O365 E5 platform.
• Worked to secure the confidentiality, integrity and availability of company data.
• Worked with team to run through the yearly D.R. plan.
• Replaced Checkpoint firewall with Palo Alto HA and Panorama.
• Moved to SIGLite and SIGFull to help the sales team and streamline processes.
• Assessed environment for PCI and recommended changes that should take place.
• Maintained SAN and VMWare infrastructure.
• Worked with legal team on contract review.
• Worked on designing and implementing first cloud presence within AWS.
• Assessed the security of websites using BurpSuite, OWASPZap and Nessus.
• Reviewed current security program (ISO 27001 Based) noting opportunities for improvement.
• Assessed business possesses, network, data shares and how data was processed, recommending an improved approach to insuring the C.I.A. of that information.

Confidential

Web Security Administrator

Responsibilities:

• Ensured the confidentiality, integrity and availability of National’s data.
• Defined roles, responsibilities and guidelines for the expansion of the department.
• Identified anomalies and issues by analyzing and monitoring the environment.
• Managed access controls and ensured compliance with PCI, HIPPA, HITECH, and SOX.
• Created and maintained documentation regarding cyber security.
• Corrected PCI deficiencies within the first week in role.
• Identified and corrected remedial vulnerabilities such as secure cookie, HTTPOnly.
• Developed roles and responsibilities transferring security based applications and appliances to the security team.
• Worked to create standards for processes and procedures.
• Worked to develop BCP and DR moving to a hot site designation.
• Assessed the organization against the NIST cybersecurity framework and created plans to attain the goal set.
• Used several tools to assess the organization’s security including Kali, OWASP ZAP, Qualys and SQL Mapper. Created detailed plans to mitigate and correct the vulnerabilities found.
• Replaced Solarwinds LEM with Log Rhythm to take a proactive stance toward protecting the organization.
• Worked with the development team to teach them the best practices for set up of IIS.
• Worked to educate the organization on multiple security topics, such as phishing and OWASP.
• Ensured the network team stayed on task to meet security corrections.
• Worked with C-level executives to educate them and keep them up to date regarding the organization’s security posture and related items.
• Completed the PCI SAQ for the organization and noted deficits to be corrected.
• Corrected internal data disclosures, by gathering/securing the exposure and correcting processes.
• Reviewed audit processes to determine how they met SOX compliance.
• Corrected vulnerabilities on websites by modifying IIS and code bases.
• Managed security projects from design through implementation coordinating departments and resources.

Confidential

Infrastructure and Security Manager

Responsibilities:

• Implemented security architecture design for PCI and ISO 27001/2 compliance.
• Improved disaster recovery by replacing SAN, acquiring new VMWare hosts and replicating source control off-site. This improved RTO and RPO from 11 hours to 11 minutes. This also involved relocating the datacenter to a Dallas location from Cleveland.
• Increased network security by replacing SonicWall firewalls with Palo Alto solution.
• Trained and guided I.T. employees on security and technology.
• Improved security governance and risk management by designing and rolling out standard system builds via Acronis vs. the existing manual process.
• Developed information security governance and risk management with processes, procedures, documentation, standardization and change management.
• Implemented information security governance and risk management and network security with NMAP, OWASP-ZAP, Nexpose and Metasploit to test for vulnerability.
• Improved operations security by standardizing and implementing controls using group policy and using least privileged principals.
• Increased operations security by migrating from three cloud providers to O365 model utilizing monitoring and improving access control by using ACLs.
• Corrected RPO deficit in the backups by properly utilizing Backup Exec. 2012.
• Reviewed SSAE16 reports for all data centers as well as a physically assessment.
• Improved operations security by correcting VPN to use LDAP and groups vs. local accounts on the firewall utilizing access controls.
• Improved network security by deploying IPS on all SonicWall firewalls.
• Increased network security, operations by deploying Kaspersky Enterprise Security 10 this opened up web filtering, remote management, policy based software rules, software package deployment and cryptography for hard drive encryption to name a few.
• Reduced data center costs by reallocating hardware there to other environments.
• Relocated office to new location as well as increasing operational, security governance, and physical security by defining access controls and physical security procedures.
• Prior to first day at Confidential worked with the team to fail over and test D.R. process.
• Maintained two EMC CX4-240 systems and reallocated LUNs to distribute load on system.
• Upgraded and maintained user machines as needed.
• Managed four employees providing oversight, goals and mentoring.
• Increased telecommunications and network security by contracting an external penetration test against systems. Also ran Rapid 7 internally to identify threats and vulnerabilities.
• Set up and corrected issues with Solarwinds Orion deployment.
• Managed vendors, annual reviews and budget for I.T.
• Maintained 200 Windows and 50 Linux hosts throughout the enterprise.
• Expanded presence to an international based offering, with anticipation of increased capacity due to increased demand using cloud resources from Amazon, Rackspace and British Telecom.
• Maintained Office 365 cloud systems for 150 users.
• Increased operations security by retiring shared account across all domains. Implementing individual user accounts and creating service accounts for application base to run under with the least amount of privilege.
• Increased operations security by deploying change management, policies surrounding changes and Scriptrock to monitor unauthorized changes, alert on them and reverse any unauthorized modification to systems,
• Physical environment and operations security was enhanced by moving servers into a locked badge access only server room using two factor authentication. This included setting up an HVAC system to cool the equipment and monitoring with alerts.
• Physical environment security was enhanced by using 2 factor auth. after hours.
• Increased security governance of RFP responses by incorporating cryptography utilizing MD5 hashes to detect changes to them.
• Developed and implemented security polices, standard baselines, procedures, guidelines and documentation. initially used Tenable Nessus then switched to Nexpose to improve information security governance, risk management and network security.

Confidential - Beachwood, OH

Systems Engineer

Responsibilities:

• Improved network security by creating 2008 R2 Remote Desktop Services farms for users to work from which placed them in a restricted VLAN.
• Increased security governance by working on corrective action from ISO audit results.
• Designed and implemented MS Lync server with federation feature set.
• Increased access control security as well as security architecture by Beta testing Centrify for deployment into the windows environment.
• Increased cryptography security by migrating 2003 Root CA Physical to 2008R2 Virtual.
• Improved Business Continuity and Disaster Recovery for Exchange 2003 environment and transitioned to Exchange 2010 (1.5 TB of data) Used Kemp load balancers and DAG this increased disaster recovery security.
• Increased security governance and risk management by setting up processes and procedures for servers greatly expanding documentation.
• Supported help desk in company-wide roll out of Office 2010 and Windows 7 improving security architecture and design by using NIST standards to lock down IE.
• Improved business continuity and disaster recovery by using and maintaining 2008 R2 DFS file servers for use with SAMBA shares.
• Ensured that the windows systems could meet SSAE 16 SOC2 compliance
• Upgraded from BES 4 physical server to BES 5.0.4 MR2 virtual machine creating policies, application push items and migrated 120 users and increased network security by implementing FIPS 120.
• Increased security architecture and design by reviewing WSUS server for patch deployment indicating impact of patch deployments.
• Increased security governance and risk management by developing scripts for help desk staff to deploy via KBOX.
• Increased information security governance and risk management by using Power Shell and power GUI for configuration and admin tasks.
• Rolled out System Center 2012 which increased information security and risk management.
• Increased information security and risk management by deploying group policies to control and lock features down.
• Improved information security governance and risk management and network security by interpreting Nessus scans and resolved vulnerabilities.
• Worked on SAS70 audits with regards to Windows technologies providing needed documentation.

Confidential - Cleveland, OH

Network Engineer

Responsibilities:

• Designed and planned projects, built and maintained four ASP domains across the globe.
• Managed and maintained 10 domains upgrading site in Germany with new equipment.
• Deployed and maintained VMWare ESX//vSphere4 server connecting to 4 subnets later moving storage to SAN via NAS.
• Improved risk management by using VMWare Workstation to test upgrades, fixes and new software roll outs.
• Maintained back ups and improved BCP and DR by redesigning backups for client data using Backup Exec.
• Upgraded ASP with 2 Hitachi NAS units, server clusters were deployed, migrating to SQL 2005.
• Maintained security architecture and design for SAN/NAS datastore adhering to strict security guidelines for access control.
• Maintained and reorganized Active Directory environment into departmental structure apply GPOs for access control.
• Corrected several issues with Exchange server and later maintained system.
• Implemented Blackberry pro server and maintained system.
• Increased security governance and risk management by automating event log review with Event Sentry setting up alerts for critical events.
• Involved with vendor management to review business requirements for solutions.
• Maintained and improved cryptography for website certificates, websites, domain registries and IIS.
• Improved security governance and risk management by automating the deployment of applications via Active Directory and later System Center.
• Worked with several customers regarding service disruptions with success.
• Configured and replaced existing Linksys switches with Cisco switches.
• Restructured internal network for office expansion and upgrade to Cisco adding new switches to infrastructure.
• Improved network security by departmentalizing the IP address scheme creating VLANs.
• Resolved multiple domain root CA problem.
• Implemented patch management, IDS solution, NOC network environment-monitoring solutions.
• Re engineered Electronic Data Discovery for better performance with SQL 2005.
• Maintained Ringtail environment including upgrades and deployment of new feature sets.
• Crossed departments when projects fell behind to meet deadlines which required extra hours to complete.
• Achieved 11% compensation increase upon first review for the execution and effort put forth.

Confidential - Columbus, OH

Network Administrator

Responsibilities:

• Troubleshoot network connectivity for /29 network of kiosks and other network segments.
• Implemented network security for each kiosk with firebox routers/firewalls, using wireless cards.
• Created information security governance and risk management by developing standards, procedures, guidelines and documentation.
• Used preventative controls and discretionary access in the creation of groups for system accounts using NTFS permissions on resources.
• Improved network security by moving from telnet to SSH for remote configuration of kiosks and fix problems if network connectivity was active.
• Imaged kiosks and configured for deployment by updating code and reprogramming robotics.
• Modified user groups and OUs on an as-needed basis.
• Set up 1st Exchange server for company.
• Documented Client’s I.T. systems, procedures, network layouts and disaster recovery processes.
• Helped Network team and Helpdesk team at various tasks when needed.

Confidential - Columbus, OH

Network Administrator

Responsibilities:

• Deployed network access control via SonicWall firewalls at each location deploying VPN technology to accommodate remote access.
• Implemented preventative controls and Kerberos authentication within Active Directory using permissions, using discretionary NTFS permissions and group policies.
• Diagnosed several network problems involving router, ISP, and client issues.
• Implemented changes to network to improve performance and create centralized locations for documentation and application installs.
• Updated and modified 3 year old documentation to include current environment.
• Created knowledge base for the help desk staff in Track-IT, developed reports.
• Used Altiris for image creation and deployment as well as software distribution.
• Maintained Tempworks software database, containing Access front end with SQL backend. Implementing changes in functionality for users and payroll. Created reports using Crystal.
• Supported company-wide roll out of XP.
• Troubleshooting roll out process, application, database and scripting issues.
• Supported MAC clients when issues came up.