Experience Summary:

Technology Usage Summation:

• Information security policy development, writing and maintenance Security policy awareness and security threat awareness Risk assessment for business application including SAS - 70 reviews
• Utilized deployment, project management, team development
• Organized and lead project resources including outside vendors and contractors
• Accountable for budgetary planning and project control team development and leadership
• Vendor Security Management and vendor risk assessment
• ISO Standards COBIT, ITIL, for policy and controls
• FISMA and NIST guidance used for international project concern and development
• Project planning, implementation Security Operations Planning
• Disaster Recovery planning, development and implementation
• Set policy and standards for review by corporate leaders and federal auditors
• OTS FFIEC Guidelines and Audit requirement for Information security policy standards
• Maintained information security records for internal BRC and external FFIEC and OTS audits
• Developing, Implementing and maintaining security programs Auditing Accessing hacking tools and threat assessments
• Network Security and Active Directory Assessments Member of Incident Response Teams
• Providing 24 hours availability to the success of a project or resolution of a incident was required
• Provided training and documentation when developing new or changing standards

Summary Experience:

• Norton Antivirus Implementation Maintenance Unix Linux Cisco OS Firewalls ASP.NET Java Not programming MySQL IDS Implementation and Maintenance TCP/IP NIST-53 FISMA ISO-17799 ISO-27002 Firewall Domain security RAS IBM AS400 Wireless Networking including WPA WEP Hot Point public access C A ISO 1 002 Standards COBIT alignment ITIL organizational compliance FFIEC and OTS guidance
• Novell Netware 411 windows 9x/2000/XP Macintosh OS/2 IBM AIX IBM RS6000 VPN TCP/IP DHCP DNS GPO ACL frame relay Cisco Routers server NT4.0 2000 server 03 Server 2008 Office Server 2007 MOSS active directory server 2000 Active directory

Technologies Supported / Used:

Tripwire for servers Quest In trust, Bind view, Nessus, Net forensics Black Box People Soft Hyperion D B Remedy LANDesk AS400 Software Packaging MSI packages Win-install WRQ Reflections Bridge32 MS Project 98 2000 MSOffice 97 2000 XP 2003 MS Power point MS Fox Pro 6 9 Access 97 2000 XP MS Visio Excel DOS 3.14- 6.2 HP Openview MS Proxy server 1.0 and 2.0 Support Express Symantec NAV client and Server Oracle MVS Davox VERITAS Backup Exec Ghost Future POS SQL Server GroupWise Outlook MS Fox Pro FAS2000 metaframe, virtual server environment, VMware ESX 3.5, VMconverter, VMWare desktopCertifications/Training:

• CompTIA A Certified Professional, 1997
• MCSE Certification Course Study DMACC
• Intro to C

Work Experience:

Confidential

Information Security Analyst

I worked as a security analyst

• Provide Risk registry maintenance and External vendor reviews using SOC1, SSAE16 reports.
• Performed internal process audits and access management.
• Worked with procurement to audit new external vendors, providing risk ratings in preparation of purchase.

Confidential

Self Employed Contractor

• I worked a contract service provider and technology educational services provider. In this role, I performed many consultation services around application and security program implementation. I also provided consultation to clients so they could better become aware of various standards that may apply to the client's line of business. I also provided network configuration support or servers, workstations and databases as needed.
• Another large portion of the services that I performed was classroom instruction for technology classes that we offered I was responsible for planning classroom instructions according the subject and learning material. I would then provide instruction to clients based on the clients need.
• Supported LAN/WAN networks for client networks
• Managed Third level and forth-level support using support express / LANDesk
• Developed security awareness programs reviewed IDS solutions for client use
• Provide client consultation for ISO 17799, ITIL, FISMA, NIST, HIPPA, SOX and GLB where needed
• Provided client consultation for FFIEC and OTS regulations for financial services
• Provide Network Solutions, Servers, workstations, etc. application solutions to meet the business needs.
• Maintained anti-virus programs Security programs for auditing, IDS software solutions Maintained security monitoring programs for client use

Network Engineer / Consultant

Confidential

• Sedona Technologies / Sedona Group Specializes in Employment and Technology Services. Part of my responsibilities is to assist local clients with ALL network support needs from Servers down to workstations. I also lead a project to integrate and sell managed desktop services to all our clients and to John Deere Corporation's over 600 stores nationwide. I was in charge of the installation and pilot testing as well as assisting out managed desktop partner in changing how their product offering worked for the end user and local administrators.
• I also handled direct sales with each client in regards to network server upgrades, connection upgrades, or service changes to the client environments. Where there was a need I made every attempt to accommodate the client and help make the changes easier by performing the legwork needed for each project, from start to finish.
• Migrated from Windows Server for multiple clients most of the time leading the projects.
• Exchange server migration / diagnostic and maintenance.
• Sold network hardware / Software and services based on client's needs.
• Project managed upgrades / migrations for all services sold to clients.
• Performed Network Security Audits for clients implemented security policies.
• Implemented and managed backup systems and virtual server systems as fail overs
• Trained new employees on how to care for each client's network based on help desk support processes
• Implemented help desk processes for new client and converted clients
• Worked on a 24/7 on call basis for each client that was part of the managed desktop systems
• Took care of any client request regarding technology services / hardware or software.

Network Administrator Contract

Confidential

• I have also integrated windows vista and upgraded Microsoft Dynamics 9 to version 10.
• During this short time, I have migrated from windows server 2003 to server 2008. Migrated from SQL server, and installed 9 new virtual servers based housed on the VMware platform.
• Since working with Feed Energy, I have helped organize the network and infrastructure. Installed new rack mount servers. Introduced virtual servers into the environment. I have also created a more manageable active directory structure and secured the server access.
• Feed Energy is a small family owned company that has never had a network administrator assess their networking needs and provide an IT path upon which they can build.
• Migrated from Windows Server, connecting 2 remote sites to the WAN
• Moved from Exchange 2003 to Exchange on a VMware Virtual server running server
• Migrated 1 company exchange store and created two more mail stores for other dot coms
• Migrated servers to VMware ESX 3.5 server and managed them with VMware virtual center
• Upgraded client workstations and applications as the migration proceeded
• Introduced new help desk software. Setup the software and trained user how to use and maintain it
• Move SharePoint services 2.0 to version 3.0 and to a new SharePoint server.
• Migrated SharePoint 3.0 to Office Server 2007 MOSS
• Installed separate SQL 2005 server to support MOSS server
• Migrated Dynamics Great Plains accounting to new server physical server and SQL 2005
• Installed and configured backup Exec for smaller LTO2 tape backup system
• Installed BDR system to off-site storage and disaster recovery rapid recovery virtual servers
• Installed various asset management tools and user monitoring tools
• Created information technology policies for the human resources department
• Installed laboratory electronic scale systems, Gas Chromatograph systems FOSS and Ohaus scales
• Maintained Delta V factory production automated control systems for plant production

Information Security Analyst

Confidential

• Principal Bank is an internet only banking system all security related reviews of vendors, applications and international controls developed with internet application being the primary focus. Most security related positions focus around physical and information security control in equal. As the sole security analyst for Principal Bank, my focus was closer to and 80/20 split on internet versus physical security. This creates a unique view when considering such security concerns as international policy, vendor and application security during SAS-70 reviews. Being able to think outside the normal security role, internet customer security measures are the main concern, rather than physical customer access.
• Review, Maintain Bank and physical security policies, controls and implementation
• Perform quarterly, monthly, and annual security audits on vendor services and DR plans
• Maintain compliance with FFIEC, OTS, Sarbanes Oxley, GLB, security compliance
• BRC planning member of disaster recovery planning, testing and first contact team
• ISO 1 Standards COBIT, ITIL, for policy and controls
• FISMA and NIST guidance used for international project concerns and development
• Project research and planning through to final implementation of projects
• Audit security logs to ensure compliance with, prevailing security policy
• Directed NVA scanning ensuring proper network security measures are addressed
• Created new audit programs and policies to align with ISO 1 002 sections where applicable
• Security application review, pilot testing, implementation some examples are: Anti-virus solutions, Active directory access and data steward reviews application risk assessment and SLA considerations
• Member of disaster recovery and incident response plan testing and implementation team for the bank
• Developed awareness via intranet monthly articles, email bulletins and short classes when needed
• Active directory, SQL access reviews Security monitoring and audit program implementation

Medical Software Support Engineer

Confidential

• While this contract did provide a greater opportunity to provide more security consulting, the main product used by the client was lacking in the ability to properly implements security solutions sided by side with the product. The clients were also very limited where the technology budget is concerned. The cost of the product many times forced clients to negate proper security measures and services that I could provide. Much of my time was used to provide security awareness for IDS prevention solutions security policy disaster recovery, audit and security standards awareness for HIPPA, SOX and ISO-17799.
• Provided Technical support for users and owners of medical EMR software
• Performed security setups maintained compliance with HIPPA and ISO 17799 regulations
• Setup data exchanges with other software packages via the HL7 Standards
• Trained customers on interface usages, setup, and navigation
• Answered questions in regards to network setup
• Showed caring for customers to ensure timely responses and satisfaction
• Used Remote connectivity software to access and control users systems for support

Enterprise Configuration Systems Engineer

Confidential

• This position offered a very large range of experience in software package solutions, configuration and deployment through continuous on going projects. Using experience in desktop and server implementation, security solutions and project management were critical in performing the many responsibilities of the position. Being able to wear many different hats and having the ability to switch between them is key when fulfilling this role. Being able to provide system knowledge, security knowledge in relation to the needs of each project as well as resource vendors, internal systems support, and external regulatory guidance, and bring it all together to ensure success of a project was critical. Attention to the smallest detail and being able to react quickly and provide solid solutions when needed to ensure a projects success was a must have quality.
• Configured and supported LAN/WAN systems and desktop PCs and software Managed deployments of systems and security programs for remote branch offices
• Performed software packaging, scripting and application deployment, documentation
• Performed analysis, tested and debugged programs, security controls standards
• Application project implementation alignment with ISO 17799, ITIL FISMA, NIST
• Security policy review Hacking tools and security awareness programs
• Project organization, resolution, resource gathering Workstation support and deployment
• Security monitoring, anti-virus solutions management SQL and Oracle user management
• Negotiated contracts and pricing with vendors for project purchase. Responsible for complete project life cycle technical planning and SLA with vendor
• Member of incident response team BRC internal audit advisor disaster recovery planning