PROFESSIONAL QUALIFICATIONS

Accomplished leader of global enterprise Information security guidelines for the protection of Distribution and Transmission energy facilities. A result oriented professional with 10 years' experience of Project Management Detailed Engineering in Power Oil and Gas Industry. Extensive experience and proven track record of principal both top-down and bottom-up approaches in the selection and modification of security requirements for Smart Grid/Energy IT/Information Security IS /Infrastructure Security/ Strategy and Architecture. Planning and implementing cyber security design programs and regulatory information technology operational programs in support of Service-oriented architecture with an approach focuses on defining components/domains of the instrument and control systems and the logical interfaces between these components/domains. Specialized experience in cross-reference mapping information risk assurance and security program management, procurement specifications, systems integration, vulnerability gap analysis and methodology analysis involving technical staff and key stakeholders. Proven track recorded of Energy cyber security briefing developing implement policies, strategy, and risk mitigation FANR /NIST /FISMA /NEI standards. Interactive experience for full systems life-cycle deployment management, facilities management, compliance design verification, qualification test requirements, business process re-engineering and strategic planning. Information Security Risk Identification, Mitigation, Remediation plus defining, customizing acceptable level of risk definitions/options for C-Level executives programmes. Consistently seeking and implementing new and road map processes to improve developing energy and enterprise cyber security program architecture. Team player and an innovator who is willing to go the extra mile to achieve company requirements. Self-motivated constantly studying and training to keep abreast of new compliance standards. Extensive experience overseeing stages of the cyber security assessment processes. Currently hold a DOE-Q Clearance for unescorted access.

PROFESSIONAL EXPERIENCE

Confidential

• Assessed risk of applications and environments in compliance with FFIEC, CTFC, and real-time trading environments, including transactional risk to trading, clearing, and settlement to third party service providers.
• Evaluated the adequacy and effectiveness of policies, procedures, processes, systems and internal controls analyzes business and/or system changes to determine impact, identifies and assesses operational risk issues and assigns risk ratings consistent with established policy standards for line of business's.
• Determined residual risk ratings based on established policy, standards and business factors and provide oversight for remediation of risks.
• Perform information security risk assessments for Prime Brokerage and Lending applications, environments and third party service providers.
• Ensured compliance with industry and regulatory requirements for FFIEC, GLBA, COBIT, ISO2700xx, Sarbanes-Oxley, PCI DSS, Basel II, BSA/PATRIOT Act
• Worked closely with line of business application teams, infrastructure teams, compliance and business operational risk teams to minimize risks prior to new product roll-out implementations.
• Worked with complex and interrelated Wholesale and Wells Fargo Securities business units and provides operational risk expertise and consulting for projects and initiatives with high risk. Provided guidance on remediation of risks with a real-time, high-volume trading environment with multiple financial instruments and extensive third party service providers.
• Provided information security consulting on complex issues for Wells Fargo Securities working with cross functional teams to design and develop solutions for technology risk environment.
• Consulted with business to develop corrective action plans and effectively manages change. Identified training opportunities for roll-out implementations'
• Designed the development of training materials delivers or coordinates training delivery.
• Reported findings and develops business cases to influence senior management on the need for controls to mitigate risk.
• Managed and/or coordinates production of periodic operational risk performance reports for senior management, including trend analysis and recommended strategies.

Confidential

• Maintained and revised the current NERC CIP Standards for Bulk Electric Systems for Duke Energy Transmission and Distribution instrumentation networks to include CFATS development and implementation of cyber security policies that addresses international standard concepts and modeling requirements of the NEI 08-09 standards and is distributed to all the relevant global stakeholders with access to the SCADA PLC,DCS, RTU and Nuclear Critical Digital Asset for Message-based security, including digital signature generation and verification, as well as data encryption and decryption from control rooms data dilates .
• Subject matter expert in implementing ISO/IEC 27005 Cyber Security policies and controls and insure process compliance to Federal Authority of Nuclear Regulation FANR Reg8 Article 24 or NRC 5.7, NEI08 and NEI09 which applies to safety, security, safeguard and emergency preparedness systems.
• Conducted primary technical review on instrumentation component specification, purchase order and any other deviation from the manufactured item to ensure compliance with international standards and local nuclear regulatory requirement.
• Reviewed I C workstation design to ensure that the delivery is in line with the contractual agreements to safeguard Duke Energy interest by providing failure modes and effect analysis
• Provided the planning and scheduling disciplines with the necessary updates and information required to update the project performance monitoring indexes.
• Conducted primary technical reviews of workstation and/or Client processes and procedures In order to ensure approvals where relevant and to prepare technical reports on findings developed from review for residual risk
• Evaluated, and advise on instrumentation related design changes non-conformances to ensure fulfillment of requirements and compliances
• Subject-matter expert while embedding the key disciplines of standards development administration, audit and compliance for key stake holders
• Coordinates the development and delivery of professional training events covering the key disciplines to managerial staff to assist in the development of professional work practices and cultures.

Confidential

• Maintained and revised the current north electricity reliability corporation CIP Standard processes for Bulk Electric Systems for Piedmont Natural Gas Transmission and Distribution SCADA Networks to include CFATS development and implementation of cyber security policies that addresses ISO27001 concepts and modeling requirements of the NEI 08-09 standards and is distributed to all the relevant global stakeholders with access to the instrumentation controls and F G Critical Digital Asset for Message-based security, including digital signature generation and verification, as well as data encryption and decryption.
• Regular reports to Project director's on the effectiveness of Cyber Security related policies implementation on the digital systems.
• Provided bottom-up and top-down approaches were used in implementing the risk assessment as technical expertise in the areas of security risk management, security architectures and implementations, and utilizing effective security risk assessment practices while emphasizing CIP-002 through CIP-009 compliances for Advance Metering Infrastructure AMI system, exceeding security requirements that required authentication of the meter to the collector, confidentiality for privacy protection, and integrity for firmware updates.
• Review and provide comments for assigned actions/activities regarding documentation for Instrumentation system design.
• Conducted primary technical reviews on assigned workstation design deliverables related to I C equipment/systems design and relevant technical specifications, and procurement/tendering packages so they comply with workstation requirements, project schedule, and domestic laws regulations.
• Served as the technical lead for Piedmont internal CSIRT of cyber security technical resources with primarily focus on the Application Content Engines and universal interfaces while architectural domains.
• Established cyber-attacks, industrial controls systems operational, procedural and technical access controls to manage, monitor and log physical access at all access points to the Physical Security Perimeter that included a NISTR 7628 functional architect logical metrics review of hardening infrastructure security best practices authenticating and authorizing users to substation intelligent electronic devices IEDs , key management for meters, and intrusion detection for power equipment.
• Worked closely with third party vendors to develop an encryption SSL IPSE, PKI, Kerberos and Binary Token validation security patch management programs separately from existing Configuration Management Process by providing cyber security training and awareness program with a proactive approach to application development.
• Migrations efforts of policies to identify test and install the necessary Certificate, Key and Token access management for all Cyber Assets within the Electronic Security Perimeter function and controls process flows.
• Documented and developed all risk assessments mitigation tools to address the threat of keystore malware on all Cyber Assets within the percentile of Piedmont Natural Gas SCADA networks to perform peak-10 off-site validation testing for access-management
• Developed and researched specifications for extremely complex computer network security/protection technologies for Piedmont Natural Gas information control and network systems/applications in compliance for NISTR 7628
• Developed evidential RFI RFP documentation with Electric Power Research Institute personnel to architect security control solutions for piedmont natural gas SCADA networks and virtual private networks, application systems, key public infrastructures, authentication and directory services to ensure the security of the network and confidential data between endpoint locations
• While identifying emergent vulnerabilities, evaluates associated risks and threats, and designs network vulnerability scans to identify security vulnerabilities and provides remediation alternatives to the NIST SP 800-53.

Confidential

• Subject-matter expert day to day vulnerability assessment performed with International Atomic Energy Agency IAEA research that provided China SNPTC and SNPEC Nuclear Plant managers and owners with intelligence for cyber security access controls the integration of control policy and procedurals
• Participated in the development and integration of a security development life cycle SDL to include secure development of INPRO methodology testing, and configuration of plant digital applications and technologies evaluated digital assets against the NEI 08-09 and NISTR 7628 logic controls.
• Participated in all major actions, monitor and report the status of all the major activities related to the SCADA system during engineering, design, construction, commissioning, and start up phases to Section Head I C kick-off meetings.
• Provide cyber and information security consultation. to internal business stakeholders and support organizations through establishment and maintenance of the nuclear cyber security programs for distribution smartgrid meter management controls
• Formed a center of excellence for information security management by offering internal management consultancy advice and practical assistance on Cyber security risk and control matters.
• Responsible for documenting newly established directives policies and procedures of operational processes, as well as architect and implementation of new security procedures to meet overall compliance and risk-reduction goals for individual NEI08-09 functional groups
• Develop and managed the cyber security program including tracking and reporting of the Capital and O M budgets documents and procedures for Distribution Remote Terminal Unit/Intelligent Electronic Devices
• Help subject matter experts professionals get ahead by delivering rapid static high availability functions mapping between Interface between control systems and equipment with high availability, and with compute and/or bandwidth constraints to framework master station supporting NIST SP 800-73,800-53 directives, actionable data and comparative security policy analysis provided by subject matter experts in key sectors to include externally-facing transmission and distribution I C cyber security offerings. Security event management, identification and authentication, firewalls, intrusion detection prevention, perimeter appliances, domain segmentation, filtering virus, spam, etc. , network segmentation, authentication, enterprise portals, portal based access managers, database encryption, DLP, cloud computing, data encryption, host intrusion detection, enterprise directories, and meta-directories
• Maintained security of processes for Transmission SCADA networks that includes equipment analysis security documentation for information briefs for the SNPEC of the People of Republic China Nuclear plant owners and remote consortium offices.
• Monitored and maintained gap analysis for physical and logical SOA by Siemens, RSA to include but not limited to access to CONUS services by analyzing security events to quickly determine and isolate trigger sources and implement effective migration objectives. Management of OCONUS partners to develop Disaster recovery plans and Business Continuity implementations for Firewall, IPS and IDS systems for NERC CIP compliance and communication protection
• Performed security requirements analysis, engineering design reviews, security testing oversight, and risk remediation planning.
• Provided procurement materials and quality surveillance departments, to ensure that the assigned I C equipment installation activities are performed in accordance with the engineering design requirements, project contract agreements, schedule, as well as safety and quality standards.
• Presented procurement options to management for the enhancement of critical digital assets to include defense-in-depth protection strategies. Configuration hands-on DNS, firewall, modernization of firewalls, and inbound e-mail security and cyber security controls for Programmatic Logical Controls and Remote Terminal Units. Assisted with the upkeep of network infrastructure categorization of plants systems including multiple vendors, router, switches, load balancers and IDS/IPS systems for enhance security visibility for monitoring. Assisted in migration of PLC's and RTU's to new project locations to include the Shanghai's Southwest region of China.
• Assisted in migration to meet risk based performance standards RBPS to new project locations to include the Southwest region of China from tier 1 to tier 2 basis 6CFR2 Achievements include completing NRC and National Nuclear Safety Administration NNSA enterprise certification.
• Development of incident handling procedures of IAEA.

Confidential

• Effectively working as the Chief Information Security Officer reporting directly to CTO , responsible for the creating and managing the information security program from the ground up. Areas of focus included product development across the SDLC, product integrity security, legal compliance requirements and formal enterprise information security program.
• Consulted vertical managers CIO and CSO not only to identify suitable vulnerabilities and actionable risk analysis of data, also to contribute ideas, perspective and strategy. Using multi-faceted frameworks, to quickly capture and evaluate vital information to make well-informed, profitable decisions while providing information security expertise and consulting while detailing migration incident handling.
• Delivered rapid and direct access to strategic, actionable data and comparative market analysis provided by subject matter experts in four key industry sectors: Technology- Telecommunications market research, networking expertise, semiconductors, mobile computing and more Energy Industrials - Solar, alternative energy investments, natural resources, bio-fuels, green technology investments and more Healthcare Pharmaceutical market research, medical devices, biopharmaceutical industry, managed care and Annuity Products, Mutual Funds, Brokerage.

Confidential

• Responsible for technical vision, strategy and road-map of Identity Management Product line solutions and Information Security initiatives including identification development of products / features, solution frameworks, architecture, design and implementation. Responsibilities included technical leadership of global engineering teams on architecture, design and implementations of product feature sets.
• Trained and supervised 4 multi-services U.S. technicians to maintain Local Area Networks Biometrics', deployed with 25 setup secure satellite links back to base.
• Participate in all major actions, monitor and report the status of all the major activities related to the multiple tier system during engineering, design, construction, commissioning, and start up phases.
• Built and administered MS Windows domain controllers and mail servers on secure and non-secure deployed WANs
• Assisted in certification and accreditation of USAFnet LAN and conducted security audits and
• implemented countermeasures.

Confidential

• Retained previous role responsibilities of Enterprise Architect. Responsible for Cryptography Security Design on VerizonSupport. Business Ownership , Software Development and Governance of resources, managing the worldwide deployment operations and the technical roadmap planning for VerizonSupport.
• Combined extraordinary Department of Defense COBiT v4.1 cognizance with a practiced contractual sense managing, developing and providing highly effective security and network infrastructure design, development and administration information security policies from NIST, DoD standards within fast-paced environment.
• Responsible for LAN/WAN network design through administration and troubleshooting, security development and implementation and e-commerce support and monitoring.
• Extremely proficient in key global technology rules/regulations and IT risk management practices e.g. Information Security, Business Continuity, FFIEC, CoBIT, ITIL, NIST 800 series and identified implement solutions to wide range of issues from root level and up with extensive ROI platform.
• Provided high level of expertise for all aspects of systems security, including design and installation of firewalls, vulnerability assessment and remediation, incident response, forensics and policy development and enforcement for Defense Information Systems Agency- DIACAP, NIACAP, IASE and USAISEC HBSS
• Responsible for architecting Next Generation Verizon SOA, a large production solution that would enable us to securely collaborate in real time with partners, customers and vendors.
• Technologies used - J2SE, J2EE, Directory services, encryption using multiple cryptographies, PKI, high availability systems designs clustering , identity management, single-sign-on and content management.
• Developed new access controls and logic monitoring solutions on CA spectrum firewall system for Internet/Extranet security.
• Authenticated and attenuated log monitoring and parsing, and assisted client security administrators with analyzing DoD STIGS, and NSA implantation network traffic at packet-level.
• Routine duties include design, implementation and optimization of Cisco routers, routing protocols, switches, VPN, Wireless devices and high-speed
• Telco connectivity ATM, DS3, Frame Relay to guarantee uninterrupted production abilities.
• VOIP, Routers, Switches, and Wireless devices with server hardening Microsoft Windows and Linux based applications utilizing DISA IA security evaluation tools like scanners, retina, and ethical hacker.
• Noteworthy accomplishments include rebuilding clients enterprises live in infrastructure production environments, live router and switch troubleshooting and solution development, managed real-time intrusion while maintaining production throughput, and provide proactive response to significant, pernicious viruses Nimda and Code-Red with no detrimental effects. During tenure, network grew by 200 and network traffic grew by 400 .
• Special Projects with Verizon:
• Development, Integration external / internal and deployment of Smart Cards External Customers included Verizon Department of Defense.
• Design and Implementation of world-wide Secure Connectivity Centers Network DMZ's
• Roll-out of Oil Gas Market Place Army.mil Integration of Security envelope for sensitive high dollar transactions.
• Development of Secure Real-Time Collaboration Services for Semiconductor Energy Companies.