Security Expert Resume
Austin, TX
SUMMARY:
- Hands - on information security expert (CISO/CPO/CRO/CIO) with 25+ years of IT experience, 15+ years in consulting & 10+ years in IT security (at public security leader, global energy conglomerate & start-ups)
- Protected 7 OSI layers + Deep Web /Delivered physical/chemical security solving
- Prevented cyber-attacks (SIEM, DLP, eDiscovery, AppSec sSDLC, firewalls/VPN, Pen Testing, access controls, RASP, encryption) and addressed vulnerabilities (CVEs, APTs, SQL injections, DDoS, botnets)
- Directly Reported to CEOs & Boards + co-reported with CFO & General Counsel to regulators & investors
- Reviewed 5,350+ technologies (Descriptive/link/predictive/prescriptive analytics (real-time id/behavior/threat) Cut costs by 35%, managed multi-disciplinary teams (25 direct/2,300), & re-aligned 12 failing companies
- Co-wrote private book on Portals & Advanced Queries Management / publishing FRAML dictionary, self-help Guide for Cyber Fraud Resolution & mini-book on contextualization of data and evidence through cyber analytics/ LI posts / Monthly education / Published 100+ articles on cyber security & fraud
- Developed & deployed advanced data management (MDM) & security solutions at small to Global 1000 & Fortune 500
- Bilingual self-sponsored EB-1 Green Card (authorized to work in security in US & Canada) & (in-process) US citizenship
SECURITY SKILLS:
Safe (Agile) Deployments: 15 critical applications (100+ Million t/day) at 50% of budget in 4 weeks with threat escalation
Security Assessments: Completed 40 audit-ready reviews in 6 months / remediated over 350,000 findings
Security Information and Event Management (SIEM tools): CA - eTrust Security Command Center, Symantec-SIEM appliance, McAfee Enterprise Security Manager, AlienVault, CheckPoint, Websense, EMC RSA Security Analytics
Prevention tools: BeyondTrust, Palo Alto Networks, Cisco, Websense Content Protection, RSA DLP
Protection tools: Protegrity, FalconStor
Cyber-Tools: CASE, IBM Threatmetrix
ID Management tools: Oracle ID Manager / LDAP, Netgear, Centrify, Bitium, CA Identity
Log Mgmt tools: Qualys, RSA, Cisco
Forensics tools: FTK, Nuix, EnCase, SANS SIFT, Ms COFEE, BlueRISC WindowsSCOPE, Access Data, Cellebrite, Paraben
Vulnerability tools: Qualys Guard, Black Duck, CORE Security, Metasploit, Meterpreter, Shavlik, IBM AppScan
Authentication tools: 2FA, LDAP, ActivID
IAM: Sailpoint, IBM, Oracle ID Governance
Security Practices: Incident Response, Business Assurance & Continuity, Security & Risk Assessments, Disaster Recovery, Governance, Vulnerability / Gap Analysis & Predictive Analytics
Deep Dark Web tools: Tor, C6, Onion.City, Onion.to, Memex, Stumpedia, IceRocket
General Technology Skills:
Cloud & Virtualization tools: VMWare vSphere Hypervisor, Free Virtualization (ESXi), Akamai, Blue Coat, Cloudera Hadoop, Amazon (AWS), IBM AppCore
Social Media: LinkedIn, Facebook, Google Plus, Skype, Social Discovery, YouTube, VIMEO, Twitter, Pinterest, Instagram
Analytics & Intelligence: ACL Analytics Exchange, IBM Watson & Cognos, Hyperion, MicroStrategy, BusinessObjects, SAS, Oracle Hyperion & Forms, OpenText, Splunk
Data Management: Oracle DBMS / AppServer / Cloud, Information Builders, Teradata, Informix
Data Modeling: Embarcadero ER/Studio, CA Erwin, Oracle SQL, Essbase
Visualization: Tableau, Google Charts, DataWrapper, Timeline JS, infoGram, iDashboards, Domo, Sentinel Visualizer
Languages: SQL, Fortran, LDAP (directory queries), COBOL, CQL
MS-Office: Project, Access, Excel, Word, PowerPoint, Visio, Outlook, One Note
Other Skills: Multi-tasker with project management of 360 simultaneous solutions & assessments, investigator, professional demeanor, supervisory & analytical skills
Functional Skills: Problem-solver, brand management, e-Commerce, social & direct marketing, event management, competitive & pricing analysis, sales, risk analysis
Financial Skills: Inventory management, cost & margin analysis, budgeting & forecasting, process Improvement, cash flow analysis, sales reconciliation, Benford Law detection
GRC: Monthly reports to the board, public incident response and continuous GRC with regulatory agencies / 2 audit committees (FRAML, IT Sec & GRC expert)
GRC+ Tools: Archer, Xcellerator by Incisive Software, Jolt, Z-Discovery, Oracle GRC, Integrify, FastTrack, Predict360, EMC2 Documentum Compliance Manager, Symantec Compliance Accelerator
Regulations: SOX, GLBA, PCI-DSS, FATCA, GLBA, EFTA, C-TPAT, FAST, COPPA, ITAR, DFARS, FATCA, ISO, CAN-SPAM, HIPAA, SB-1386, FCRA, FRCP, FISMA, PIPEDA, NERC, HITECH, FERPA, NISP, SafeHarbor
Frameworks: COBIT, COSO, NIST, TOGAF, ITIL, Zachman /standards OWASP, FFIEC, ISO 17799/27000 , Key controls & TSRs
Risk Assessments: 60 risk reviews (enterprises & technical inherent & residual, mitigation, probability, timeframe, impact, costs estimates (estimated monetary value - EMV), categorization, priority, ranking, modeling, simulation, incident response, mitigation, avoidance & compensating controls in opinions to reports) in 6 months
Tools: Appthority, BAE Systems, ActRisk, HyTrust (cloud), Prevalent vendor risk analytics), Archer, IBM SPSS Risk Modeler, RiskNav, Domo, Oracle AppServer Portal
Project Management: PMI at UC Berkeley / MS-Project at Learning Tree used for 15+ years in over 1,000 projects
Privacy: Mozilla Thunderbird, Claws Mail, Ricochet, Master Password, Encryptr (cloud), StrongBox, Reddit
Others: Programs Management, Product Marketing & Management, Optimization
WORK EXPERIENCE:
Confidential, Austin, TX
Security ExpertResponsibilities:
- Delivering corporate/IT/physical security vision/plans/strategies/standards/policies via cooperative intelligent architecture, critical DevSecOps / Agile / SCRUM solutions (integrated security automation & intrusion detection, behavioral analytics & contextual reporting) at 50% of budget in 4+ weeks
- Assessing/authorizing e-commerce systems (100+ Million t/day), completing 40 audit-ready security (1st VE/VI) & 60 risk assessments in 6 months
- Architecting solutions (providing technical leadership/guidance/mentorship) to mitigate security risks, limit attack surface, pass audits & ensure GRC
- Building, expanding & managing teams (15) plus budgets (augmented security & boards/committees / C-cyber-security & FRAML expert)
- Deploying solutions (tools: CASE, IBM integrated security intelligence Threatmetrix) to prevent, detect & resolve malicious cyber & FRAML crimes
- Reducing corporate exposure through secure solutions and preventive defense (Tools: ID Mgmt = Oracle ID Manager/ LDAP, Netgear, & Log Mgmt=Qualys, RSA, Cisco), incident response, business assurance, continuity & disaster recovery plans (Frameworks: COBIT, COSO, NIST, TOGAF, ITIL, Zachman /standards: OWASP, FFIEC, ISO 17799/27000 , sSDLC) and ensuring compliance (GLBA, PCI-DSS, FATCA, ITAR, SOX, DFARS, FATCA, ISO, ITIL, CAN-SPAM, HIPAA, SB-1386, FCRA)
- Remediating in cyber-fraud crime via investigations (Open Source, Deep Web, covert surveillance, background checks, net worth & fraud ratio analysis), processes, policies & practices, plus development of emergency plans, ITSEC awareness, training & standards, lowering costs by 35%
Confidential, Arroyo Grande, California
Advisor
Responsibilities:
- Architected (SOA / EAI / BPI) & deployed global (cloud & cyber) security programs of large scale, complex & distributed multi-platforms systems enabled the transformation of chemical & toxic waste into re-usable by-products
- Restructured conglomerate with high-availability (24*7 load balancing/switching), redundancy, disaster recovery & continuous uptime role-based security dashboards for sales
- Expanded clientele by 400% over unique tech security offerings, co-produced ROI forecasts, and gained $45M in new channel repeated sales.
Confidential, Austin, Texas
Consultant
Responsibilities:
- Spearheaded global corporate security vision, direction and strategy, while leading 5 departments (marketing, investor relations, corporate communications, IT & security) - including cross-functional projects, threat management & crisis management to protect enterprise assets (EISA)
- Reported security posture & practices to customer & investor inquiries (daily), executives(weekly), board (quarterly), and authorities (yearly)
- Helped grow revenues from $20 M to $32.5 Million via corporate presentations, strategy, cloud (SaaS/IaaS/PaaS) / virtualization & 3 M&As
- Developed security programs/plans, implemented roadmaps, designed contingency plans, performed privacy impact assessments, built incident response plans, configuration management plans, configuration checklists & negotiated interconnection security agreements, deployed security (endpoint protection, encryption, anti-virus & patch management) & privacy solutions, enhanced policies, re-aligned processes, completed risk assessments, completed regulatory requirements, offered training programs & ensured GRC (FIPS 140-1/-2, levels 1-3, SP800-131A)
- Completed cost-benefit analysis, cyber risk, BC/DR, audits, incident response, SAN/WAN/LAN, outreach policies & training program deployment