SUMMARY:

Loyal, dedicated, and results - driven IT professional with notable success directing a broad range of corporate IT security initiatives, while participating in planning, analyzing, and implementing solutions in support of business objectives. Hands-on experience leading all stages of system development efforts, including requirements definition, design, architectures, testing, and support. Outstanding project and program leader; able to coordinate and direct all phases of project-based efforts, while managing, motivating, and guiding teams.

AREAS OF EXPERTISE:

Network and Systems Security Technical Specifications Development

Policy Planning / Implementation Risk Assessment / Impact Analysis

Team and Project Leadership Contingency Planning

Identity and Access Management Incident Handling and Response

Multi-Factor Authentication Single Sign-On

ISO 27001 and NIST Frameworks Threat and Vulnerability Management

TECHNICAL PROFICIENCIES:

Platforms: Windows 9x/NT/2000/XP, Unix (AIX, Solaris, HP-UX), Linux (Red Hat)

Networking: LAN / WAN Administration, VPN, TCP/IP, 100BaseT Ethernet, SecureID

Languages: UNIX Shell Scripting

Tools: McAfee Endpoint Suite (ePO, Web Gateway, DLP), IBM QRadar SIEM (formerly Q1 Labs), CA Identity Manager, CA SiteMinder, Rapid7’s InsightVM (formerly Nexpose), ArcSight, IBM Internet Security Systems (ISS) RealSecure, McAfee Network Security Manager (formerly IntruShield) and Host Intrusion Prevention, Cisco Intrusion Detection (formerly NetRanger), SecureAuth, IBM Firewall for AIX, RACF, HP OpenView, Tripwire, Snort, Lotus Notes, Microsoft Office Suite (Word, Excel, PowerPoint, Outlook), Access, MS Project, Visio

PROFESSIONAL EXPERIENCE:

Confidential, Raleigh, NC

Manager, Information Security

Responsibilities:

• Providing overall security ownership of a range of information security programs, such as privilege management, configuration management, vulnerability management, and attack-surface minimization.
• Representing information security’s interests in a broad range of business and IT projects and initiatives and working to ensure efficient collaboration and cooperation with other stakeholders.
• Defining and addressing information security requirements based on industry standards (e.g., PCI, NIST CSF); and keeping current with, and anticipating, regulatory changes and changes to information security best practices and technologies.
• Identifying, evaluating, and analyzing IT security requirements. Scheduling, conducting, and leading technical analysis sessions to ensure that all applicable requirements are met.
• Researching and implementing necessary recommendations for the protection of all information processed, stored, or transmitted by systems.

Confidential, High Point, NC

Team Lead, Security Engineering

Responsibilities:

• Provided architectural oversight and direction for enterprise-wide security technology.
• Ensured high-level integration of application development with IT security policies and strategies.
• Designed and completed complex projects requiring highly specialized technical knowledge.
• Made well-thought-out decisions on complex or ambiguous security issues.
• Viewed as an expert in various aspects of IT security. In addition to work assignments, responsibilities included providing career development and performance management direction, training, and guidance for Security Engineers and Security Analysts.
• Identified, evaluated, and analyzed IT security requirements. Scheduled, conducted, and led technical analysis sessions to ensure that all applicable requirements are met.
• Researched and implemented necessary recommendations for the protection of all information processed, stored, or transmitted by systems.
• Conducted Proof of Concept (POC) initiatives for various IT security technologies (such as Tenable Nessus for TVM, Splunk for SIEM, and CrowdStrike for Endpoint Security) and provided input and recommendations to Management.
• Developed, tested, and implemented technical improvements to system configurations and operations.
• Investigated, installed, configured, and tested new technologies for use and deployment in the production environment.
• Conducted investigations and analyzed data to support security, audit, and system operation needs.
• Exercised discretion and maintained confidentiality related to privileged information (e.g., security, personnel, legal, or financial).
• Designed, implemented, and executed appropriate standardized procedures to ensure the health and security of all systems and data.
• Participated in educating users regarding IT security.
• Performed IT security assessments and reviewed networking initiatives for security compliance.
• Provided management with risk assessments and IT security briefings to advise them of critical issues that may affect customer or corporate security objectives.

Confidential, Charlotte, North Carolina

Senior Security Engineer

Responsibilities:

• Supported and managed Confidential ’s IT Security environment by utilizing Network based anomaly detection to identify threats in a proactive capacity.
• Installed, maintained, and upgraded Network IDS/IPS appliances.
• Troubleshot deployed devices and analyzed correlation of events with data collected from intrusion detection and prevention initiatives to substantiate network stability against threats.

Confidential, Durham, North Carolina

Intrusion Detection Systems Engineer, Network Security

Responsibilities:

• Protected the Social Security Administration’s critical assets by anticipating and leading the response to potential computer-related threats and vulnerabilities.
• Utilized Network based intrusion detection to identify threats in a proactive capacity.
• Analyzed correlation of events with data collected from intrusion detection and prevention initiatives to substantiate network stability against threats.