SUMMARY

• Highly technical, dynamic leader creating industry leading IT security programs
• Speaker on security challenges and state of the industry
• Enables non - technical teams to understand their impact and context on IT and security programs
• Responsible for developing and leading the implementation of major security and strategic policies
• Team builder with a passion for developing and supporting employees
• Excellent interpersonal and communication skills
• Continually learning, testing, and pushing limits

AREAS OF EXPERTISE

• Information security
• Application security and development
• Cloud security
• Network security and architecture
• Secure development in multiple programing languages
• Executive and technical presentations
• Data protection with DLP, PKI, hashing, encryption
• SOX and PCI compliance
• Vulnerability management
• Penetration testing and security assessment

PROFESSIONAL EXPERIENCE

Chief Information Security Officer (CISO)

Confidential

Responsibilities:

• Managing the security design, product selection, and tool deployment for the company wide 100% migration from data centers to cloud hosting providers.
• Negotiated and managed company wide move to new antivirus and endpoint protection product.
• Redesigned and staffed new application security program as well as tool deployment
• Realigned existing tools and processes to reduce labor costs and increase effectiveness while managing a multi-million dollar security department budget.
• Hired and developed the vulnerability management team from existing talent within the company. Provided training and guidance to repurpose staff into the new security function.
• Negotiated with C level executives to onboard a managed services Security Operations Center as well as expand security staffing. Consult regularly with general counsel and executive leadership on policy, risks, and compliance.
• Reduced company wide overlap of security efforts and refocused on initiatives based on specific risks to the company by codifying new company wide security processes, procedures, and policies
• Reduced labor costs for the security team as well provided earlier detection of security defects in the development cycle by creating continuous vulnerability testing process for the application security program. This also enabled product teams to move from a waterfall to an agile development processes.
• Reduced the response time on incidents as well as the labor needed to support the data loss and prevention (DLP) and other programs by created new processes to increase effectiveness and lessen the negative impacts of security programs for protecting customer and employee data.
• Validated and verified the effectiveness of existing security control and overall security program by ordering and supervising multiple company wide security assessments, audits, and penetration tests.
• Significantly decreased data leakage across enterprise with implementation of a Data Loss and Prevention program.
• Reduced the risk of exposure of administrator passwords and enable the automated rotation and emergency password changes with the rollout of a CyberArk password management solution
• Present monthly to the executive board on security and strategic initiatives

Director of Technical Operations, Networking, and Security

Confidential

Responsibilities:

• Provided regular executive briefings around budget negotiation and strategic analysis of new projects and initiatives
• Increased effectiveness and reduce labor costs with the creation and implementation of new software tools designed to automate, maintain, and update vulnerability scanners with active device lists prior to scanning as well implemented additional scanners in AWS Reduced spending and enabled tuning of dynamic deployment of servers based on cost with the design and creation of software tools to collect, database, and maintain an active real time inventory of assets in Amazon AWS, RackSpace, and Softlayer data centers
• Reduced the overall cost of operations by enabled the removal of existing data circuits with the design and implementation of a Cisco ASA based VPN for remote locations and data centers.
• No downtime migration of over 120 VPN tunnels and BGP peering sessions
• Managed the network and application vulnerability scanning and penetration testing, reporting, and remediation for over 300,000+ IP addresses across 16 different teams and 36 adjacent business units owned by eBay every month.
• Successfully coached and enabled a junior level employee from being on a performance improvement plan (PIP) into being a key team member who was promoted within a year of their PIP.
• Successfully managed the deployment of eBay’s database monitoring tools. This enabled monitoring for unauthorized access to customer data such as PII and PCI and real time alerting to the Ebay Security Operations Center.
• Successfully negotiated multiple cross team initiatives and projects with executives from eBay subsidiaries to remove or mitigate known vulnerabilities and present security findings and remediation/project plans.
• Successfully developed and presented multiple project plans and purchase proposals to the CIO, CISO, and other VPs for executive buy in and approval.
• Successfully re-designed the vulnerability management process and program resulting in a steady reduction of vulnerabilities month over month. This re-design produced the first steady month over month reduction of vulnerabilities in five years for eBay.
• Assumed responsibility for, re-negotiated, and re-designed an ongoing multi-million dollar project to deploy Core Insight, resulting in a cost savings of over 50%.
• Negotiated multiple contracts with vendors to augment and support the operations of the team as well as reduce overall costs to eBay.

Application Security Manager

Confidential

Responsibilities:

• Managed the re-design of the application penetration testing process for internally developed and updated applications such as QualysGuard and Confidential Web Application Scanner (WAS).
• Managed and ran multiple application penetration tests to identify vulnerabilities within Confidential products.
• Worked with Quality Assurance (QA) and developers to mitigate or remove the identified vulnerabilities.
• Worked with the VP of engineering to develop secure coding practices training and built a learning management system to host training for Confidential developers.
• Successfully re-designed the security application testing and evaluation methodology, reporting, and tool sets for the organization to increase effectiveness of testing, insure consistency, and tracking of issues across multiple evaluations
• Successfully re-engineered the internal and payment card industry (PCI) vulnerability identification process using Rapid7 scanners to support an ever changing network and server environment.
• Managed the rollout and implementation of the Qradar security information and event management (SIEM), RedSeal, TripWire, and Fortify systems.

Senior Analyst and Information Security Engineer

Confidential

Responsibilities:

• Intra-departmental consulting focusing on IT infrastructure security
• Developed and provide training and mentoring to new analysts on application penetration testing
• Audit sensor network placement and policy/interface configurations of all of IBM Internet Security Systems’ (ISS) sensors to optimize visibility and alerting policies
• Performed multiple network and application penetration tests for celebrity and fortune 500 clients
• Developed internal security policies and designed and implemented new more secure network.
• Provided remediation and disaster recovery consulting during and after security incidents (both information and physical).
• Performed risk and cost benefit analyses to determine needed levels of security controls.

Security Operations Center Supervisor

Confidential

Responsibilities:

• Supervised the re-writing of all policies and standard operating procedures (SOPs).
• Assisted in reverse engineering of malware and penetration testing for client sites
• Supervised incident handling and remediation of incidents
• Managed the interviewing and hiring of all intrusion analysts
• Orchestrated the installation, design, and security of multi-node multi-campus IP/ISDN video/data communications network for distance education applications
• Supervised the design, implementation and maintenance of multiple Linux servers and custom scripts for the management and problem notification of 30,000+ node Cisco IP network