EXECUTIVE SUMMARY:

• IT Security Manager with 10+ years of experience implementing security programs that contribute to the business s security and compliance posture; specific experience and qualifications include:
• Cloud Provider risk assessment Security audits for AS400/iSeries, mainframe and RACF
• Windows and Linux hardening Certified Ethical Hacker (CEH) in progress
• PCI security assessments Web site security Cisco PIX, Websense (DLP), Qualys Policies and Procedures SME and compliance management
• Security metrics design Tenable Nessus vulnerability scanner
• Incident response management and design Conducted data center security audits in Boston, Syracuse and Houston
• Developed security awareness training programs regarding changes to the threat landscape and the resulting risk to the organization
• Developed an audit plan for testing the disaster recovery for the world s largest soft drink bottler
• Produced a training course for auditing IBM s mainframe system that included RACF and DB2

SECURITY SKILLS INVENTORY

Intrusion Detection Systems: Dragon 6.0, Cisco IDS

Firewall: Cisco IOS, PIX

Port Scanning: Ipswitch, IP - WS Ping ProPack, Nessus

Password Hacking: L0phtcrack

Cryptography: RSA, 3DES, AES

PROFESSIONAL EXPERIENCE:

IT Security Engineer

Confidential, Syracuse, NY

Responsibilities:

• Conducted a risk assessment of a cloud provider’s data center that included web security, biometric controls, energy efficiency, Proper power and network cable labeling, disaster recovery, storage management,
• Intrusion Protection (IPS), secure coding practices, Virtualization (VM) management, firewalls and web services

Security Engineer

Confidential, Lexington, SC

Responsibilities:

• ensured that the following security related tasks were performed:
• Working with project managers to ensure compliance with the Bank s policies and procedures
• Privacy assessments based on GBLA and PCI
• Management of external 3rd party network connectivity; Manage and monitoring critical vendors
• Other responsibilities; Conducted risk assessments that included controls for:
• Ensuring that router configurations are documented and maintained, installation of Qualys
• Ensuring that Network Address Translation (NAT) is performed at the firewall choke point

Co-Founder

Confidential, Atlanta, GA

Responsibilities:

• Investigating government grants
• Establish Key Performance Indicators (KPI)
• ERP management including access controls
• Client privacy based on HIPAA

Senior IT Security Auditor

Confidential, Atlanta, GA

Responsibilities:

• Managed all IT security auditing both domestically and internationally based on a risk ranking Developed and maintained the IT risk assessment
• Hardened Linux, Oracle 10g, and Windows SQL Server hardening and evaluating the performance of Websense Security awareness training
• Responsible for evaluating all SAS 70 Type I and Type II reports
• Other projects included PCI DSS compliance and European Union (EU) privacy laws
• PeopleSoft audit included compliance with HIPAA and end point security

IT SOX/COBIT Audit Consultant

Confidential, Atlanta, GA

Responsibilities:

• Audit focused on the Dragon Intrusion Detection monitoring system, Microsoft Dynamics ERP system and SQL Server

Senior IT Security Auditor

Confidential, Atlanta, GA

Responsibilities:

• Project involved the use of TSO/ISPF accounts and the reviewing of RACF panels to evaluate security controls for z/OS parameter/procedure libraries.
• Audit focused on the evaluation of controls associated with Cisco’s 4255 Intrusion Protection Systems (IPS), controls for event log RSA consolidation servers.
• Focused on the evaluation of SIEM with regards to correlation of logs from Microsoft Security Events, UNIX, the firewall, the IPS and SNMP traps

Consultant

Confidential, Greenville, NC

Responsibilities:

• Conducted an audit of the Company’s change control management for their ERP system.
• Security audits conducted at the Company’s international offices include: audited the logical security controls to evaluate user access to the ERP system based on roles and responsibilities. evaluated the physical security of the Company’s Guatemala City data center.
• The audit included evaluating perimeter fencing, video surveillance and lighting, audited guard schedules, fire detection and suppression, interior and exterior barrier door architecture and key distribution lists.

Security Consultant

Confidential, Dallas, TX

Responsibilities:

• Consultation focused on vulnerability testing.
• Deliverables included the installation of Linux-based Nessus scanning software to conduct vulnerability scanning of the Company’s VPN and firewalls.

IT SOX/Audit Consultant

Confidential, Atlanta, GA

Responsibilities:

• Project involved testing the security of the company s Oracle 11i ERP system.
• Deliverables included an assessment of the organization s security posture and the impact on the Company s financial reporting.
• Evaluating the interfaces for Cisco s PIX firewall
• Assessing the use of SSL, its associated digital certificate, symmetric and Public Key Infrastructure (PKI) encryption
• Evaluating the SDLC process
• An evaluation of the security of the Sun Solaris UNIX operating system including remote connectivity.

Confidential, Norcross, GA

IT Security Manager

Responsibilities:

• Managed and maintained security for Oracle, UNIX and Windows Servers
• Developed the security architecture based on ISO17799 standards
• Installed and hardened Oracle 8.0 Enterprise Database LAN installation, firewalls
• Installation of Network Attached Storage (NAS) and SCSI arrays
• Developed programs for Incident Response, Business Continuity and Disaster Recovery (BC/DR)
• Infrastructure security includes LAN security; routers, switches, firewalls and interfacing with the campus WAN; a Fiber Distributed Data Interface (FDDI
• Maintained the privacy and confidentiality of vehicle registration data for the Confidential