We provide IT Staff Augmentation Services!

Security Expert Resume

4.00/5 (Submit Your Rating)

Austin, TX

SUMMARY:

  • Hands - on information security expert (CISO/CPO/CRO/CIO) with 25+ years of IT experience, 15+ years in consulting & 10+ years in IT security (at public security leader, global energy conglomerate & start-ups)
  • Protected 7 OSI layers + Deep Web /Delivered physical/chemical security solving
  • Prevented cyber-attacks (SIEM, DLP, eDiscovery, AppSec sSDLC, firewalls/VPN, Pen Testing, access controls, RASP, encryption) and addressed vulnerabilities (CVEs, APTs, SQL injections, DDoS, botnets)
  • Directly Reported to CEOs & Boards + co-reported with CFO & General Counsel to regulators & investors
  • Reviewed 5,350+ technologies (Descriptive/link/predictive/prescriptive analytics (real-time id/behavior/threat) Cut costs by 35%, managed multi-disciplinary teams (25 direct/2,300), & re-aligned 12 failing companies
  • Co-wrote private book on Portals & Advanced Queries Management / publishing FRAML dictionary, self-help Guide for Cyber Fraud Resolution & mini-book on contextualization of data and evidence through cyber analytics/ LI posts / Monthly education / Published 100+ articles on cyber security & fraud
  • Developed & deployed advanced data management (MDM) & security solutions at small to Global 1000 & Fortune 500
  • Bilingual self-sponsored EB-1 Green Card (authorized to work in security in US & Canada) & (in-process) US citizenship

SECURITY SKILLS:

Safe (Agile) Deployments: 15 critical applications (100+ Million t/day) at 50% of budget in 4 weeks with threat escalation

Security Assessments: Completed 40 audit-ready reviews in 6 months / remediated over 350,000 findings

Security Information and Event Management (SIEM tools): CA - eTrust Security Command Center, Symantec-SIEM appliance, McAfee Enterprise Security Manager, AlienVault, CheckPoint, Websense, EMC RSA Security Analytics

Prevention tools: BeyondTrust, Palo Alto Networks, Cisco, Websense Content Protection, RSA DLP

Protection tools: Protegrity, FalconStor

Cyber-Tools: CASE, IBM Threatmetrix

ID Management tools: Oracle ID Manager / LDAP, Netgear, Centrify, Bitium, CA Identity

Log Mgmt tools: Qualys, RSA, Cisco

Forensics tools: FTK, Nuix, EnCase, SANS SIFT, Ms COFEE, BlueRISC WindowsSCOPE, Access Data, Cellebrite, Paraben

Vulnerability tools: Qualys Guard, Black Duck, CORE Security, Metasploit, Meterpreter, Shavlik, IBM AppScan

Authentication tools: 2FA, LDAP, ActivID

IAM: Sailpoint, IBM, Oracle ID Governance

Security Practices: Incident Response, Business Assurance & Continuity, Security & Risk Assessments, Disaster Recovery, Governance, Vulnerability / Gap Analysis & Predictive Analytics

Deep Dark Web tools: Tor, C6, Onion.City, Onion.to, Memex, Stumpedia, IceRocket

General Technology Skills:

Cloud & Virtualization tools: VMWare vSphere Hypervisor, Free Virtualization (ESXi), Akamai, Blue Coat, Cloudera Hadoop, Amazon (AWS), IBM AppCore

Social Media: LinkedIn, Facebook, Google Plus, Skype, Social Discovery, YouTube, VIMEO, Twitter, Pinterest, Instagram

Analytics & Intelligence: ACL Analytics Exchange, IBM Watson & Cognos, Hyperion, MicroStrategy, BusinessObjects, SAS, Oracle Hyperion & Forms, OpenText, Splunk

Data Management: Oracle DBMS / AppServer / Cloud, Information Builders, Teradata, Informix

Data Modeling: Embarcadero ER/Studio, CA Erwin, Oracle SQL, Essbase

Visualization: Tableau, Google Charts, DataWrapper, Timeline JS, infoGram, iDashboards, Domo, Sentinel Visualizer

Languages: SQL, Fortran, LDAP (directory queries), COBOL, CQL

MS-Office: Project, Access, Excel, Word, PowerPoint, Visio, Outlook, One Note

Other Skills: Multi-tasker with project management of 360 simultaneous solutions & assessments, investigator, professional demeanor, supervisory & analytical skills

Functional Skills: Problem-solver, brand management, e-Commerce, social & direct marketing, event management, competitive & pricing analysis, sales, risk analysis

Financial Skills: Inventory management, cost & margin analysis, budgeting & forecasting, process Improvement, cash flow analysis, sales reconciliation, Benford Law detection

GRC: Monthly reports to the board, public incident response and continuous GRC with regulatory agencies / 2 audit committees (FRAML, IT Sec & GRC expert)

GRC+ Tools: Archer, Xcellerator by Incisive Software, Jolt, Z-Discovery, Oracle GRC, Integrify, FastTrack, Predict360, EMC2 Documentum Compliance Manager, Symantec Compliance Accelerator

Regulations: SOX, GLBA, PCI-DSS, FATCA, GLBA, EFTA, C-TPAT, FAST, COPPA, ITAR, DFARS, FATCA, ISO, CAN-SPAM, HIPAA, SB-1386, FCRA, FRCP, FISMA, PIPEDA, NERC, HITECH, FERPA, NISP, SafeHarbor

Frameworks: COBIT, COSO, NIST, TOGAF, ITIL, Zachman /standards OWASP, FFIEC, ISO 17799/27000 , Key controls & TSRs

Risk Assessments: 60 risk reviews (enterprises & technical inherent & residual, mitigation, probability, timeframe, impact, costs estimates (estimated monetary value - EMV), categorization, priority, ranking, modeling, simulation, incident response, mitigation, avoidance & compensating controls in opinions to reports) in 6 months

Tools: Appthority, BAE Systems, ActRisk, HyTrust (cloud), Prevalent vendor risk analytics), Archer, IBM SPSS Risk Modeler, RiskNav, Domo, Oracle AppServer Portal

Project Management: PMI at UC Berkeley / MS-Project at Learning Tree used for 15+ years in over 1,000 projects

Privacy: Mozilla Thunderbird, Claws Mail, Ricochet, Master Password, Encryptr (cloud), StrongBox, Reddit

Others: Programs Management, Product Marketing & Management, Optimization

WORK EXPERIENCE:

Confidential, Austin, TX

Security Expert

Responsibilities:

  • Delivering corporate/IT/physical security vision/plans/strategies/standards/policies via cooperative intelligent architecture, critical DevSecOps / Agile / SCRUM solutions (integrated security automation & intrusion detection, behavioral analytics & contextual reporting) at 50% of budget in 4+ weeks
  • Assessing/authorizing e-commerce systems (100+ Million t/day), completing 40 audit-ready security (1st VE/VI) & 60 risk assessments in 6 months
  • Architecting solutions (providing technical leadership/guidance/mentorship) to mitigate security risks, limit attack surface, pass audits & ensure GRC
  • Building, expanding & managing teams (15) plus budgets (augmented security & boards/committees / C-cyber-security & FRAML expert)
  • Deploying solutions (tools: CASE, IBM integrated security intelligence Threatmetrix) to prevent, detect & resolve malicious cyber & FRAML crimes
  • Reducing corporate exposure through secure solutions and preventive defense (Tools: ID Mgmt = Oracle ID Manager/ LDAP, Netgear, & Log Mgmt=Qualys, RSA, Cisco), incident response, business assurance, continuity & disaster recovery plans (Frameworks: COBIT, COSO, NIST, TOGAF, ITIL, Zachman /standards: OWASP, FFIEC, ISO 17799/27000 , sSDLC) and ensuring compliance (GLBA, PCI-DSS, FATCA, ITAR, SOX, DFARS, FATCA, ISO, ITIL, CAN-SPAM, HIPAA, SB-1386, FCRA)
  • Remediating in cyber-fraud crime via investigations (Open Source, Deep Web, covert surveillance, background checks, net worth & fraud ratio analysis), processes, policies & practices, plus development of emergency plans, ITSEC awareness, training & standards, lowering costs by 35%

Confidential, Arroyo Grande, California

Advisor

Responsibilities:

  • Architected (SOA / EAI / BPI) & deployed global (cloud & cyber) security programs of large scale, complex & distributed multi-platforms systems enabled the transformation of chemical & toxic waste into re-usable by-products
  • Restructured conglomerate with high-availability (24*7 load balancing/switching), redundancy, disaster recovery & continuous uptime role-based security dashboards for sales
  • Expanded clientele by 400% over unique tech security offerings, co-produced ROI forecasts, and gained $45M in new channel repeated sales.

Confidential, Austin, Texas

Consultant

Responsibilities:

  • Spearheaded global corporate security vision, direction and strategy, while leading 5 departments (marketing, investor relations, corporate communications, IT & security) - including cross-functional projects, threat management & crisis management to protect enterprise assets (EISA)
  • Reported security posture & practices to customer & investor inquiries (daily), executives(weekly), board (quarterly), and authorities (yearly)
  • Helped grow revenues from $20 M to $32.5 Million via corporate presentations, strategy, cloud (SaaS/IaaS/PaaS) / virtualization & 3 M&As
  • Developed security programs/plans, implemented roadmaps, designed contingency plans, performed privacy impact assessments, built incident response plans, configuration management plans, configuration checklists & negotiated interconnection security agreements, deployed security (endpoint protection, encryption, anti-virus & patch management) & privacy solutions, enhanced policies, re-aligned processes, completed risk assessments, completed regulatory requirements, offered training programs & ensured GRC (FIPS 140-1/-2, levels 1-3, SP800-131A)
  • Completed cost-benefit analysis, cyber risk, BC/DR, audits, incident response, SAN/WAN/LAN, outreach policies & training program deployment

We'd love your feedback!