SUMMARY

• Seasoned information security professional with expertise in design, implementation, and support of all security related aspects within complex multi - platform enterprise environments.

TECHNICAL SKILLS

Experience with: Checkpoint Firewalls, Cisco PIX Firewalls, Netscreen Firewalls, IDS/IPS systems, Discovery/Vulnerability scanning, Websense, Kiwi syslog, Bindview, McAfee ePO, Forensic tools/procedures/practices, IT Audit, Data Mining, TCP/IP, VPN, RRAS, IPSec, Radius, LDAP, SSH, DNS WINS, DHCP, SMS, SNMP, MRTG, ISO27001, ISO17799, PCI, SOX, HIPAA, GLBA, Microsoft Office ProductsA complete list is available upon request.

PROFESSIONAL EXPERIENCE

IT Security Analyst

Confidential

Responsibilities:

• Assist with all IT Security needs involving information systems & data with a primary focus on the specific requirements dat challenge the financial services industry. dis was accomplished by providing overall guidance on industry best practices to ensure compliance with all internal policies, local, state, and federal regulatory requirements dat include SOX, GLBA, PCI, and ISO 27001, etc.
• Analyze & prepare recommendations for remediation’s to all non-compliance/security related findings resulting from the Security Review preformed for all new, existing, and third-party applications/processes in the IT environment with the primary focus on the highest priority items as directed by senior management.
• Assist in the system development throughout the project management process for our infrastructure units, identifying IS risks and the appropriate controls needed to ensure the confidentiality, integrity, and availability dat best supports the needs of day-to-day operational functions.
• Participate or lead in the strategic design process for medium to large complex security projects/systems across the enterprise.
• Evaluate and ensure TEMPeffective implementation, monitoring of adherence to established standards, guidelines and procedures and ensures dat security requirements and regulations are met on network devices, operating systems and application controls.

Senior Information Security Analyst

Confidential

Responsibilities:

• Perform technical lead functions for security projects, including continual development of North American security service offerings, audit preparation & response, security awareness & education, and customer bid support
• Work with all IT disciplines during development and deployment of enterprise-wide security programs to support the wide range of regulatory compliance challenges required for all current/new clients across various industries across the globe. Regulatory requirements include but are not limited to SOX, GLBA, PCI, HIPAA, FDA CFR Part 11, ISO 27001, ISO 17799, etc
• Inform management regarding TEMPeffectiveness of data security and make recommendations for adoption of new technologies, policies and procedures
• Act as the intermediate escalation point for security incidents involving company computing resources. Duties include but not limited to preparing detailed incident and root cause analysis reports for management, coordinating response activities for business information security teams, technical IR internal investigations, reverse engineering and malware/tool analysis, and research of emerging Information Security threats
• Provide wide range of support including web proxy /content filtering, firewall Architecture review and support, daily network traffic monitoring/packet analyzing, monitor/review access controls, DNS, email and encryption, autantication, intrusion detection/prevention, vulnerability & patch management, and security reporting
• Instituted quality measurements for HIPAA certification requirements
• Prepared documentation such as our SOP’s/guidelines for submittal to the FDA in order to support two new pharmaceutical companies we brought on.
• Authored the Wireless Information Security Policy to append to the Company’s Information Security Policy after reviewing the current policy gap analysis.
• Headed the project to certify, implement, and document the roll out of McAfee’s EPO anti-virus product as part of Atos’s Information Security Products/Management Offerings.

Technical Information Security Officer (Consultant)

Confidential

Responsibilities:

• Ensure the security of the application portfolio.
• Monitor adherence to established standards, guidelines, and procedures to verify dat security requirements and regulations are met on network devices, operating systems and applications.
• Conduct lightweight application vulnerability testing.
• Facilitate ethical hacks of inter/intranet applications.
• Interpret and translate the information security requirements ofthe business IS programs into technical requirements.
• Monitors changes in the risk profile of the highly critical systems
• Provides ad-hoc security advice to O&T staff.
• Support risk assessments whenever technical expertise is required.
• Manage the technical function's security administration.
• Follow Confidential ’s project methodology through the project life cycle for each project.
• Assist in the system development process and infrastructure units, identifying IS risks and the appropriate controls for development for day-to-dayperations.
• Recommend remediation of any non-compliance security issues.

Network Security Engineer

Confidential

Responsibilities:

• Design large-scale security solutions for data center LANs for EDS customers.
• Provide application traffic flow analysis. Analysis and application of EDS and Client security policies and standards.
• Application security review. Log analysis for performance, historical trends and security evaluation. Preparation and review of risk assessment and recommendations.
• Monitor network health, performing network troubleshooting, gathering data for network planning, in order to communicate all network issues clearly with non-technical people.
• Troubleshooting network/traffic flow issues for Client environments.
• Provide design and installation of Nokia, Cisco, and Crossbeam equipment environments; PIX and Checkpoint software.
• Follow EDS Project Management methodology with every project.
• Fill in for various other duties depending on job requirements, client requirements, and expertise. (Information is available upon request)

Network Security Operations

Accenture, Arlington, Texas

Responsibilities:

• Performed daily firewall operations for a fortune 500 company. Administered 300+ Firewalls including Checkpoint, Cisco PIX, and Netscreen firewalls.
• Analyze IP traffic daily for any anomalies or unexpected events within the environment.
• Maintained firewall and security architecture including VPNs, maintenance FW rules, policies, troubleshooting FW& Routing issues etc…
• Verify and resolving virus and other malicious attacks.
• Perform covert investigations upon request utilizing sound forensic methods.
• Writing test scripts when necessary.

Network Security Analyst

Confidential, Texas

Responsibilities:

• Lead Firewall Administrator for all Checkpoint FW-1/NG and Cisco PIX firewalls.
• Implement Project Management methodology with various projects throughout the Enterprise. Project Management duties performed includes testing, implementation, integration and technical evaluation. Other responsibilities include risk evaluations, product evaluations and design recommendations. Extensively involved in providing Security related perspectives regarding audit controls, access controls, infrastructure, etc.
• Assess current vulnerabilities and threats and develop needed countermeasures.
• Assist in forensic analysis when needed to ensure accurate and reliable data.
• Manage/Monitor the company’s IDS (ISS) implementation.
• Maintain IT systems security compliance and monitoring at the enterprise level including monitoring MRTG graphs, and WebSense for unusual activity.
• Institute security awareness for IT functions (and other business units) so dat they may develop and maintain their own security policies/procedures.
• Administration of Internet content filtering (Websense) including latest updates and regular changes to user access etc.
• Assist in development/implementation of technical recommendations for security architecture and design (encompassing networks, the Internet, application-level security, security management systems and tools).
• Provide technical guidance and direction to implement appropriate access protection, system integrity, system reliability, audit control, and procedures for all AmeriCredit systems.
• Execute platform-specific autantication and authorization services on Microsoft Active Directory and Internet Information Services, AIX, Solaris, and AS/400.
• Implement controls and procedures to ensure integrity of logical security for computer-based systems across various technical platforms (including applications, networks, LANs, workstations, mid ranges, mainframes).
• Monitor and document security system modifications (including security compromises). Coordinate security system modifications through installation and acceptance testing.
• Equip IT project teams to establish security requirements for applications and design/acquisition of security components.

Senior Security Administrator

Confidential, Texas

Responsibilities:

• Perform administrative functions, including user creation, modification, and deletion, access control management, audit compliance, periodic maintenance of the information security and control systems in the AmeriCredit information infrastructure.
• Established expertise in all aspects of Security Administration across all computing platforms managed by Security Administration.
• Participate in activities between Security Operations team and Information Technology Services (ITS).
• Assist in the development and implementation of technical recommendations in security architecture and design, encompassing networks, the Internet, application-level security, and security management systems and tools.
• Assist in the development and handling of routine and ad hoc report requests, periodic and ad hoc administrative reports, and required maintenance of the systems dat may derive from the generated reports. Develop new reports to further enhance the ability of Security Administration to perform its role more TEMPeffectively.
• Identify and mitigate security weaknesses in the Security Administration functions.
• Support and enforce the AmeriCredit security philosophies, policies, and procedures.

NT IP/RAS Proxy Engineer

Confidential, Garland, Texas

Responsibilities:

• Provided Level 2 network support for Microsoft Windows NT 3.51 / 4.0, Windows 95/98 clients, mixed OS environments, WINS, DNS, DHCP, RAS, RRAS, PPTP/VPNs, Proxy Server, Terminal Server and Network Monitor Tools.
• Configured and troubleshot the following items:
• Networking protocols including TCP/IP, NetBEUI and IPX/SPX; TCP/IP routing and TCP/IP filtering security.
• Network devices including all cable types, NICs, modems, hubs, switches (Layer 2 & Layer 3), bridges, repeaters, routers & all WAN links (from 56K ISDN links to fractional T1 lines).
• WINS, LMHOSTS files and NETBIOS connectivity; Performed client registration with WINS; Replicated WINS databases with other WINS servers; Generated static WINS mappings for non-NETBIOS aware operating systems and rebuilding WINS databases.
• DNS, HOSTS files and HOSTNAME connectivity; Create DNS forward and reverse lookup zones, Subnetted Reverse Lookup zones, DNS delegation, and zone transfers (troubleshot using NSLOOKUP).
• Administered routing schemes and commands for corresponding subnets, subnet masks and default gateways (TCP/IP filtering described in RFC 1700 for TCP and UPD port traffic over NT platforms and Routers).
• Conducted support for the following items:
• Remote Access Service and PPTO/VPNs including remote dial-in rights, browsing over RAS, browsing over PPTP, IP schemes with RAS and autantication over RAS.
• Routing and Remote Access Service involving Dial-on Demand Interfaces, LAN-to-LAN routing and configuring RRAS filtering over connections.
• DHCP and DHCP relay agents, as well as BootP routers; Configured Global DHCP Scopes and Superscopes and all DHCP Scope options.
• Implemented Microsoft Proxy Server, Server Proxy, and Reverse Proxy features with IIS, including Access Controls for the Web Proxy and Winsock and configuration of Exchange, Web Servers, SQL and Applications behind Microsoft Proxy Server.