OBJECTIVE: Information Security Technology Leadership

• Talented and knowledgeable certified information security professional with more than 15 years of experience safeguarding information systems for a variety of organizations. Expertly assesses risks, designs strategies, and implements solutions to meet organizational needs. Reputable for collaborating with law enforcement, legal counsel, and auditors to ensure the highest standards of security and regulatory compliance. Communicates effectively at all organizational levels, providing easy to understand training and ensuring maximum efficiency of technology systems. Areas of expertise include:
• Security Leadership Risk Management Disaster Recovery Planning IS Auditing
• Project Management Change Management Relationship Management Consensus Building
• Computer Forensics Communication Policy and Procedure Development Public Speaking
• Penetration Testing System Administration Operational Development
• Budget Management Infrastructure Design Regulatory Compliance

FISMA NIST ISO 17799 ISO 27002 HIPPA GLBA FERPA PMBOK

PROFESSIONAL EXPERIENCE

Confidential

Information Security Manager

Defined enterprise security requirments based on regulatory and contractual requirements, business needs, and risk tolerance. Partnered with business units to respond to customer demands and enable new business opportunities. Responsible for all enterprise information and physical security decisions and projects. Established solid foundation for FISMA accreditation. Reported directly to Board of Directors the security plan of action, deficiencies, and budgetary requirements.

Operational Highlights:

• Established baseline metrics for the enterprise security posture and a work plan to meet business needs for information security.
• Overhauled the entire information security program to address compliance and security needs.
• Secured 2.2M from Board of Directors for funding of security initiatives.
• Evaluated disaster recovery needs and utimately reduced recovery time by 85 by leading efforts to build a new data center for business continuity and disaster recovery.
• Awarded Praise Award for completing disaster recovery project early and under budget.
• Implemented controls to provide unprecedented visibility into the corporate network.

Confidential

Security Analyst Contractor Centers for Disease Control and Prevention

Mastered FISMA compliance and guided certification and accreditation efforts for complex information systems. Collaborated with software developers to ensure the security of large scale, high-availablity systems. Managed change control efforts for diverse systems supporting the global CDC's public health mission. Assigned to support systems interfacing with Department of Homeland Security. Supported security control enhancements for public health reporting and response systems.

Operational Highlights:

Evaluated security controls for global information systems.

Confidential

• Recommend control enhancements for National Center for Public Health Informatics.
• Advised management on change control approval decisions.
• Analyzed security controls for biowarfare and surveillance systems.
• Collaborated with multiple development teams on security architecture and design.
• Praised by system owners for efficiently managing FISMA certification and accreditation efforts.

Confidential

Information System Auditor

Analyzed technology infrastructure and assessed information security controls by leveraging open source and commercial tools. Maintained knowledge of accepted standards by researching current and future information security trends. Authored technical and public audit reports and communicate vulnerabilities to internal and external audiences. Recommended compliance strategies based upon industry standards and accepted best practices.

Financial / Operational Highlights:

• Planned and managed audit of funding allocation system which directs 8 billion annually.
• Evaluated compliance with federal and state regulations.
• Responsible for assessing security of Georgia state government's payroll and budgeting systems which process approximately 20 billion annually.
• Defined deficiencies and mitigation strategies for state legislative reporting database.
• Overhauled audit report templates to reflect the needs and expectations of divisions audiences.
• Commended by auditees for professionalism and depth of audit efforts.

Confidential

Writer

Wrote clear and effective articles centered around the security of Apple computers and operating systems. Generated reader interest through discussion of complex and controversial information security topics. Responded appropriately to reader email and comments. Planned and wrote articles for print and web publication.

Confidential

Chief Information Security Officer

Directed the evaluation and mitigation of risks for University information systems. Aligned security strategy with overall technology and business strategies. Ensured system safety and security for both University assets and students through penetration tests and vulnerability assessments. Presented risk mitigation strategies to executive level management. Collaborated with law enforcement in investigations of suspected computer crimes. Teamed with University leadership to enhance security by refining business practices.

Financial Enhancements:

• Saved 60K in training costs and improved security awareness through leadership of Certified Information System Security Professional exam prep for 95 of IT staff.
• Reduced costs by 40K annually through delivery of a disk imaging system that reduces repair time.
• Pioneered in-house computer forensics program to eliminate outsourcing costs.
• Operational Highlights:
• Pioneered GCSU information security program, including essential policies and procedures.
• Spearheaded information security audit compliance efforts.
• Defined University disaster recovery strategy.
• Slashed virus infections by 90 through analysis and recommendation of Impulse security appliance, which maximized security for University's residential and wireless networks.
• Chosen by University leadership to speak at the grand opening of GCSU Graduate Center.
• Ensured campus-wide technology efficiency through planning, implementation and maintenance of university's SQL databases and Active Directory infrastructure, supporting 14K accounts and desktop authentication.
• Modernized communication systems for executive staff through development, implementation and oversight of Microsoft Exchange infrastructure.

Confidential

Information Security Consultant

Spearhead independent information security audits, including evaluation of institutional risk and regulatory compliance. Coordinate audit scope with client and schedule onsite and remote activities, including interviews, tours, network scanning, penetration testing, policy evaluation and review of governance structure.

Financial/Operational Highlights:

• Reduced potential risks through uncovering of serious vulnerabilities within client IT infrastructures.
• Detailed software purchases to minimize security risks.

Confidential

Owner and Consultant

Lead marketing of security services to private industry. Directed all stages of operation, including budget development, financial management. Conducted security audits, risk assessments, and evaluated regulatory compliance. Scheduled and manage all onsite and remote audits.

Financial/Operational Highlights:

• Secured client's IT infrastructure from targeted attack by a former employee.
• Directed improvements in server configurations to prevent intrusions.

Confidential

Senior Business Analyst / Network Administrator

Lead team of 8 full-time software testers and 12 contracted programmers for regional office in development of customer service software. Authored design specifications to meet insurance regulations for 15 states. Researched and implemented a software-imaging library to increase operating efficiency of computer support division. Directed regional identity management and computer forensics efforts.

Financial/Operational Highlights:

• Created software package in 1 day that saves company 10K each year.
• Introduced software that reduced training requirements for new employees by 66 and improved operating efficiency of staff.
• Directed implementation of software imaging library that reduced computer deployment time by 2300 , from 2 days to 2 hours.