TECHNICAL SKILLS

Platforms: Windows 10, Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 20, SQL, Linux, Mac OS, and Mac OS X

Software: Cisco VPN Client, Sonicwall™, Scandisk Secure Access, VMware, Citrix XenDesktop, Cisco AnyConnect Secure Mobility Client, RSA Secure ID, McAfee Endpoint Encryption, Lotus Notes Virtual Help Desk (VHD), Service Now IT Service Management

Networking: VPN and Configuration of Routers/ Switches/ Access Points/ Hubs/ Firewalls, AWS, Azure.

PROFESSIONAL EXPERIENCE

Cloud Security Architect Manager

Confidential, McClean, VA

Responsibilities:

• Manage a team of 13 ISA’s segemented in accordance with the OWASP Champion Working Model
• The team is split into four verticle domains which serves the four BTOs within Confidential
• Provided guidance for the Lead ESA who manage the Network infrastructure, Endpoint, Cloud, Security Operations, and DevOps horizontal domains
• Lead the discussion to change the ISA ticketing system from PDP to Jira which has integrated very well into the current working model
• Lead the initiative to onboard and tune IBM Qradar SIEM for the SOC
• Lead ISA for SwimLane SOAR solution

Enterprise Cloud Security Architect/Senior Security Manager

Confidential, Mooresville, NC

Responsibilities:

• Managed four verticle domains within the on - prem sector of Confidential 's Companie
• Developed project PODs to embed Security Architect within the various business units
• Rebuilt the ARB process
• Lead ESA responsible for the creation of TRB and CCB process
• Leading Security member of ARB regarding On-prem solutions
• Lead ESA for micro-segmentation (two solutions which will integrate, then drop to 1)
• Lead Cloud and Infrastructure Enterprise Security Architects on crossfunctional projects
• Began AGILE adoption

Security Architect

Confidential, Reston, VA

Responsibilities:

• Built the phase 1-4 tool kits in compliance with CDM DEFEND E
• Developed ARB process consistent with CDM requirements
• Extensively trained to become the Subject Matter Expert in ServiceNow, ITIL V4, Tenable Nessus, SCCM, and many other tools
• Engaged in ongoing architecture development with all 9 Government Agencies Architects
• Performed in-depth review of potential solution which meets the CDM requirements
• Designed Incident Response Framework consistent with NIST in compliance with DEFEND F (Next phase of CDM)
• Proposed new architecture designs for Cloud, Hybrid Cloud migration to AWS, Azure and Google Cloud
• Designed a full Data Lifecycle Management solution
• Agile data migration architecture between high-performance servers which support high value and active data, Medium performance servers for normalized data usage and importance and finally low-performance servers for archiving and eventually purging of data
• Designed Micro-segmentation solution for all 9 DEFEND E Federal agencies
• Designed Digital Right Management (DRM) solution and integration with Agency and Federal Dashboards

Enterprise Security Operations Architect

Confidential, Chicago, IL

Responsibilities:

• Architected Incident Response framework
• Architected the integration of Confidential and Wabtec Incident Response merger
• Designed the merged Wabtec Corporation Incident Response Plan
• Designed the framework for the Cloud migration
• Build the on-prem to cloud transition strategies
• Created the transition from the on-prem EDR and SIEM solution hosted by multiple MSSPs
• Architected the Playbooks
• Architected separation environment in AWS and physical data centers
• Architected Security Operations Center Incident Response workflow
• Architected Vulnerability Management program
• Designed the secure code scanning program for internally created applications
• Write 20+ Security Policies
• Designed and built the Vulnerability Management framework
• Identifies security gaps and presented strategies to close
• Developed the Security Incident Event Management and Data Loss Prevention infrastructure.

File Integrity Engineer/Architect

Confidential, Davidson, NC

Responsibilities:

• Architected Incident Response framework
• Architected the Playbooks for 50+ use cases for the detached SOC
• Designed and built the Vulnerability Management framework for the PCI admin zone
• Identifies security gaps and presented strategies to close
• Established the comprehensive information security program (CISP) to mitigate risks in a manner that is tightly aligned to business objectives while bringing the company in compliance with PCI DSS requirements.
• Developed the Security Incident Event Management and Data Loss Prevention infrastructure.
• Created enterprise vulnerability assessments, including scanning and remediation planning.
• Authored and implemented information security policies, procedures, standards, and guidelines across all the PCI admin zone.
• Instituted software version controlling using Bit9
• Architected the DLP and Data Classification solution hosted from AWS

Data Protection Architect

Confidential, Washington, DC

Responsibilities:

• Designed and built the ForeScout Network Access Control (NAC) countermeasure solution
• Architected quarantine and remediation VLANs
• Architected Incident Response framework and created playbooks 500+ use cases for the SOC
• Designed and built the Vulnerability Management framework
• Identified security gaps and presented strategies to close
• Established the Comprehensive Information Security Program (CISP) to mitigate risks in a manner that is tightly aligned to business objectives while bringing the company in compliance with HIPPA requirements.
• Conducted security and compliance risk assessments and aligns necessary controls, policies, procedures to cost-effectively protect information assets from intentional and unintentional modification, disclosure, or destruction.
• Established an IT Governance, Risk & Compliance (GRC) system on a single, unified platform for compliance management activities, including risk management and security, IT governance and audit operations allowing the company to gain visibility into the risk management and compliance efforts across the organization providing a risk-based strategy.
• Established Business Continuity Program (BCP), ensuring participation from all departments in completing Business Impact Assessments and Department Recovery Plans and coordinating BCP testing schedules and company-wide communication plans.
• Lead the Information Security Awareness program providing training that changes behaviors and reduces risk while ensuring compliance by using a framework based on the Critical Security Controls.
• Perform internal information security risk assessments and serves as the incident response manager and liaison to the internal auditor for information security processes.
• Created enterprise vulnerability assessments, including scanning and remediation planning.
• Architected the SIEM and DLP infrastructure.
• Authored ten information security policies
• Provided safeguards to internal information systems by identifying potential security threats and determining causes of security violations and recommended corrective actions
• Designed and implemented a Secure FTP solution for corporate file transfer.
• Created encryption policy and technical solutions to protect company mobile computing devices
• Lead a team of Security Architects
• Lead migration from internally hosted infrastructure to an off-site data center
• Enhanced the existing change management program
• Instituted software version controlling using Bit9

Confidential, Washington, DC

Responsibilities:

• Developed patch management program
• Lead migration from internally hosted infrastructure to an off-site data center
• Created change management program.
• Instituted software version controlling using Bit9
• Developed Cybersecurity Awareness program
• Collaborated with internal teams to protect employee and client information by the delivery of security analysis, recommendations, projects, and compliance methods and practice.
• Aligned existing policies to NIST and FISMA security standards for implementation
• Design, build, test, and deliver computers images for traveling users
• Developed and deployed test environment which doubled as Honeynet
• Created the security approval process framework for each phase of projects in the development lifecycle, including threat and vulnerability management strategies.
• Responsible for contributing to IT Security Governance company security Policies and Standards
• Administered threat assessments, network intrusion detection, computer network defense, and secure network architecture with support from Senior Management
• Defined the baseline security architecture framework
• Introduced the Security Lifecycle Management Process for project management
• Created project budgets and timelines for security initiatives
• Provided updates and presentations to executive-level personnel on security position and project Statuses
• Engineered, designed, and implemented information security controls to ensure the confidentiality, integrity, and availability of corporate data

Senior Information Security Engineer/Architect

Confidential, Bethesda, Maryland

Responsibilities:

• Architected the Bit9 + Carbon Black deployment solution for both domestic and international office sites (175 offices in 53 countries)
• Wrote custom rules for server patching
• Created new software change control process to center around Bit9
• Lead Security member on the disaster management team
• Lead the mitigation, patching, and restoration process during the 2015 Ransomware attack
• Architected Incident Response Framework for SOC
• Translated Risk Analysis findings to the Information Risk Management database
• Created, tested and implemented network disaster recovery plans
• Lead security enhancements
• Developed training for staff on network and information security procedures
• Wrote Access review policy and procedure
• Developed the process of analyzing and categorizing risks
• Instituted data destruction policy
• Overhauled Certificate of Destruction (CoD) methods
• Managed third-party vendor for disk destruction
• Developed the ARB and operational software request process

Systems Security Administrator

Confidential, Chantilly, Virginia

Responsibilities:

• Created Security training (initial, refresher, and ongoing) awareness training for all employees
• Created and implemented an asset policy procedure
• Instituted the BYOD Policy and Standards
• Modified practice of duties to include Separation of duties
• Isolated vulnerabilities and threats by using the qualitative assessment strategy
• Implemented least privilege policy - separation of duty, Need-to-Know, and Job rotation
• Used web-based firewalls to protect traffic through HTTP/HTTPS (Barracuda)
• Used protocol analyzers to check traffic in and out
• Reconfigured and monitor the ruleset of the primary and secondary firewalls
• Managed multiple VLANs on routing switches
• Created and used the disaster recovery model when the central File/Print server crashed
• Implemented weekly full backup and nightly differential back-up to warm off-site storage
• Invoked problem escalation procedures to coordinate recovery
• Configured and updated Nagios monitoring server
• Update server patches
• Managed Virtual Private Network
• Isolated problem and security trends
• Ensures that daily, weekly, and monthly statistics, and status reports are completed
• Virtualized Microsoft Exchange Server 2003/2008 then moved to off-prem data center

Assistant Security Analyst

Confidential, Waldorf, Maryland

Responsibilities:

• Manage network drive permissions
• Implemented an asset policy procedure
• Managed web filter
• Created new user account for employees and interns
• Created document control policy

Commercial Construction Networking Engineer

Confidential, Lanham, Maryland

Responsibilities:

• Specialized in Fiber Optics
• Pulled 100,000's feet of CAT 5, CAT 5e, Single Mode and Mult-mode fiber optic cabling
• Responsible for terminations of RJ45, SC and ST connectors
• Accountable for testing layer one connectivity between instrumentation
• Troubleshoot connection issues both physically and logically
• Programmed electronics panels from the crash cart