Summary

• Member of FBI's Infragard and ISC2.
• Cisco Network Security Expert with over 11 years working with Cisco Security Technologies
• CCNA and CCNP training at Cisco Networking Academy in 2000-2001
• Cisco Certified for over 11 years
• Over 20 years of computing experience with various operating systems including Apple, Windows, Unix, and Linux
• PCI DSS 1.1 and 1.2 expert in all 12 requirements for organizations that store, process, or transmit cardholder data. Led both service providers and retailers to the goal of PCI DSS compliance while representing the organization with a high degree of integrity and professionalism.
• 15 years of public speaking experience in various capacities including:
• Cloud Security Summit presentation on Brightalk: The Importance of the CIA in Virtualization/Cloud

Environments

• Daily Cyber Security briefings to the Assistant Commissioner/CIO and other Executives of Customs and Border Protection.
• Reports on all cyber security, privacy, and classified incidents affecting the security posture of DHS
• Communicates the latest threats, exposures, and vulnerabilities to the Directors of various information technology branches and expects compliance in accordance with FISMA.
• Adjunct Professor Taught Securing Linux Platforms and Applications 2010
• Security Awareness Training 2008
• Presented Cisco Wide Area Application Engine Implementation and Support 2007
• Presented Motorola Encryption Design and Architecture 2004
• Non professional speaking engagements 1992 - 1995
• 12 years of information systems security experience including networks Cisco, Checkpoint, Brocade, Aruba, Juniper, Extreme, Enterasys, Motorola, Netopia, Nortel, Avaya, Fortinet, servers Windows, VMware, Linux, and UNIX , databases, and applications.
• 11 years of IPAM, DNS, and DHCP experience at the operational, engineering, and architecture levels.
• Nortel QIP
• Successfully led global level 1 service provider payment processor organization towards Payment Card Industry Data Security Standard Compliance PCIDSS 1.1 and 1.2 .
• Passed audit conducted by Trustwave in November 2008. Audit focused on network security, data security, penetration testing, access controls, application security, change management, physical security, server hardening, security policies, and penetration testing/vulnerability management.
• Conducts Security Assessments of financial applications including penetration testing, vulnerability scanning, business requirements, SDLC, and teaches developers about SDLC and secure coding practices.
• Information Security experience including audits, incident response, Disaster Recovery/Business Continuity
• 2 years of experience with forensic analysis and investigations using SEIM Trigeo and MARS ,FTK, Helix, and Encase Enterprise Edition
• While conducting log analysis, I caught an employee performing unauthorized privilege escalation.
• I had to counsel the employee. The employee admitted the wrongdoing.
• Penetration testing and Vulnerability Assessments Foundstone, Qualysguard, and Appscan
• 4 years experience with both Application Networking, Network Virtualization, and Application Security knowledge and experience including OWASP, Trustwave training in writing secure code, penetration testing against web applications, SDLC, Web Application Security Remediation, Bluecoat, Radware Loadbalancer, Cisco CSS 11XXX Loadbalancers, Cisco WAE 512, Cisco WAAS WAN optimization , Cisco ACE 4710, and Cisco ACE XML Gateway
• Trained Entire Networking Group 30 people on Cisco WAE web caching/proxy technology, implementation, and support.
• Led Worldwide Deployment of Cisco Application Networking appliances including complex support and project leadership.
• Presents Security Awareness training to highly technical IT development and operations staff.
• Trained by the USAF in information security, encryption, Wireless, and voice technologies.
• 12 years of Wireless experience including RFID, Wireless LANs, Satellite GPS, Radio, FCC, Wireless Hacking, Wireless Encryption WEP keys, Cisco Unified WIRELESS/SWAN experience to include WPA, WPA2, LEAP, and 802.1X
• Audit/Compliance experience includes Sarbanes-Oxley, PCI, Federal Reserve, Defense Information Technology Systems Certification and Accreditation Process, and Health Insurance Portability and Accountability Act HIPAA .
• Effectively utilizes NIST, DIACAP, FISM, ISO27001, PCI DSS, and other security publications as the basis for policy, procedure, and management of an enterprise security program
• Security engineering and architecture utilizing the following products- Cisco NAC, Cisco IPS, Cisco ASA, Cisco CSM, Cisco VPN, Cisco Security Agent, Third Brigade, Trend Micro, Cisco ACE Web Application Firewall , Foundstone, Bluecoat, Tripwire File Integrity Monitoring , Imperva WAF, Fortinet UTM, CSM, MARS, Trigeo SEIM, Safenet, PGP Desktop, and Truecrypt
• 12 years of data, voice, encryption, and wireless communications experience.
• 7 years of WAN Architecture experience including MPLS, MLPPP, VOIP, Cisco ICM, Frame Relay, VPN, TCP/IP,VOIP, BGP, EIGRP,and Dialup
• Manages large-scale VOIP enterprise projects for global call centers in an Avaya/Nortel environment 4000 TDM Endpoints converted to 4000 VOIP endpoints . Leads team of senior level engineers.
• 12 years of WIRELESS communications experience, including MANETs, WLAN, VOIP over WIRELESS using advanced QOS.
• Ethical Hacking using Omnipeek, Backtrack, Kismet, PKI Encryption, Netcat, NMAP, Burp Suite, Metasploit, and many other hacking tools.

EMPLOYMENT

Confidential

Government Manager for Department of Homeland Security Cyber Security Operation Centers

• Daily Cyber Security briefings to the Assistant Commissioner/CIO and other Executives of Customs and Border Protection.
• Reports on all cyber security, privacy, and classified incidents affecting the security posture of the DHS
• Communicates the latest threats, exposures, and vulnerabilities to the Directors of various information technology branches and expects compliance in accordance with FISMA.
• Technical Leader with superior knowledge of cyber security methods, practices, processes, and architectures.
• Ensures contingency and incident response plans are followed during any minor/major disasters which affect the confidentiality, availability, or integrity of information assets.
• Managed Cybersecurity Compliance Validation assessment for DHS SOC.
• Writes Roles/Responsibilities, Processes and Procedures documentation, RACI charts, and other documentation as directed by management.
• Schedules work, assigns tasks, counsels employees in a Team Lead role
• Recruits new talent, and interview candidates for new positions within the agency.
• Performs Computer Security Incident Response activities for the Department of Homeland Security
• Coordinates with other government agencies to record and report incidents.
• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems. Assists with implementation of counter-measures or mitigating controls.
• Evaluate firewall change requests and assess organizational risk.
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
• Prepares briefings and reports of analysis methodology and results. Creates and maintains Standard Operating Procedures and other similar documentation.

Confidential

• Hands-on Director of Cyber Security Architecture/Officer position focused on information security, voip security, application security, database security, Wireless security, compliance, security policy development, forensics investigations, penetration testing, remediation, and incident response for a PCI Level 1 Service Provider.
• Develops, writes, enforces, and tests adherence to information security policies based on NIST, Gold Disk STIGS .
• Manages security of all operating systems including Windows 2008 Server, VmWare, and Red Hat Linux.
• Monitors Security Event and Information Management SEIM logs looking for security incidents.
• Directs the security activities of network security engineers, developers, DBAs, and IT Managers.
• Enforces security rules of behavior for the entire IT organization and vendors.
• Conducts network security audits and risk assessments and presents findings to the VP, COO, and CEO
• Successfully led the organization towards PCI DSS compliance in 8 months.
• Security engineering and architecture utilizing the following products- Foundstone, Bluecoat, Tripwire File Integrity Monitoring , Imperva WAF, Fortinet UTM, CSM, MARS, Trigeo SEIM, Safenet, PGP Desktop, and Truecrypt
• Led the Organization's Security Program by conducting security awareness training and presenting new security policies and procedures
• Evaluates, recommends, and selects security products based on technological review, accreditation, and proof of concepts.
• Defines security requirements, policies, and procedures in a complicated PCI DSS Level 1 Service Provider environment.
• Designs advanced technology solutions that include the latest technologies VMware ESX, Wireless 802.11g/n, Cisco ACE 4710, MPLS, Imperva Web Application Firewall, Trigeo, Cisco ASAs, and Red Hat Linux.

Confidential

• Architect level position focused on flawless design and implementation of highly secure network architecture solutions.
• Presents complex design solutions for bank processor institutions in a time-sensitive manner.
• Tunes ASA IPS Module signatures utilizing CSM and MARS.
• Resolves highly complex issues related to IPS, CSM, Web proxies, VPN, PKI, and NAC.
• Conducts wireline wireless vulnerability assessments and presents findings to Senior Management for review.
• Thorough Incident Response, responding and reacting to threats within seconds.
• Tunes IPS systems according to customer network security requirements.
• Manages mission-critical network security systems including MARS, CSM, Foundstone, Nessus, IPTables, Fortinet UTM, and CACS.
• Complete Life-Cycle management of projects from conception to delivery to support.
• Implements highly advanced web content/caching solutions from Bluecoat.

Confidential

• Management level position focused on large scale VOIP technology projects that include the following VOIP technologies: QOS, SIP, Cisco ICM, and H.323.
• Network Architecture and engineering in an advanced MPLS environment including ONS, Metro Ethernet, VPLS, L2 and L3 VPN, and H-VPLS.
• Lead worldwide deployment of Cisco WAE Content Engines for the secure and efficient delivery of media-rich learning applications to call centers all over Asia, Europe, Canada, and USA.
• Hand-picked to lead PCI Security initiatives including PCI Self-Assessment questionnaires and design of FWSM, Juniper IPS, and ASA for the secure deployment of financial networks.
• Manages complex issues related to IPT, VOIP, Avaya CNA, GRE tunnels, OC3/DS3 circuits, OSPF/EIGRP routing, Pix firewalls, Infinistream Network General, and enterprise VOIP/QOS for distributed call centers.
• Designs, secures, and troubleshoots complex WIRELESS/RFID issues for the campus.
• Conducts security risk assessment of Wireless/RFID networks and presents findings to Senior Management for review.
• Audits 802.11a/b/g Wireless LANs for security vulnerabilities and presents findings to management.
• SME for various CISCO technologies including WAAFS, WAE, WCCP, ACNS, HTTP, and WCCP
• Conducts informal technical training presentations in a TEAM environment.
• Management level expertise in network architecture, design, and deployment.
• Consults business units with regards to network design, architecture, and security.

Confidential

• Team oriented member of a technical group which includes developers, solution architects, system engineers, and network architects.
• Designs MPLS-ATM network in collaboration with other architects and engineers in a team environment.
• Engineers several different networking changes for devices such as Cisco 6509, FWSM, Pix 525, Cisco 7206, Cisco VPN Concentrator 3060, Cisco IDS Module, Cisco CSS, Radware loadbalancer, and Cisco IDS 4215.
• Meets with technical committee to review and authorize changes to the network operating environment.
• Designs and Implements complicated network security solutions to include two-factor authentication with RSA, VPN 3060, WIRELESS Surveillance Cameras, and Wireless LANs/WIRELESS Architectures.
• Architects and designs an enterprise network which includes Cisco Catalyst 6509 with Sup720, FWSM, CSS 11506, IDS Modules, and VPN 3060 Concentrators.
• Provides network solutions for many high profile government agencies and departments to include the DOD, Medicaid, Government Etravel Initiative, and other major government and commercial entities.
• Leads in whiteboard discussions on complex network design solutions.
• Improves network security and functionality in accordance with industry best practices and procedures.
• Network Security Design Architect for secure enterprise networks in a datacenter environment consisting of the latest information technologies developed by Cisco, Sun, Storagetech, Microsoft, Veritas, and Radware.
• Network Architecture and engineering in an advanced MPLS environment including Metro Ethernet, VPLS, L2 and L3 VPN, and H-VPLS.
• Consults EDS Management on network security and architecture, best practices, compliance, network management, and other functional areas in a virtualized datacenter environment.

Confidential

• Designs network to integrate with Network Management applications such as Ehealth and CA Unicenter.
• Collaborates with Software Engineers, Database Analysts, Mainframe Engineers, Project Engineers, and Account Executives in a team environment.
• Leads in Cisco design and architecture duties related to consolidation of network management and monitoring.
• Provides one-on-one and group training for network operations and network engineering personnel in the subject areas of vpn, authentication, encryption, routing maps, BGP, EIGRP.
• Consults clients on the successful implementation of firewalls, servers, routers, and switches.
• SME in Cisco product line, Cisco Pix 525, VPN, DLSW, Encryption, Authentication, access control lists, EIGRP, BGP, SSH, tacacs, AAA, encryption, and VPN.
• Lead Engineer for business continuity/disaster recovery projects for Visa, Mastercard,
• Researches, develops, and tests new security technologies and presents the findings to senior management.
• Level 3 Network Security Engineer responsible for the design of secure financial networks.

Confidential

• Consults senior management on LAN/WAN design, security, VPN, capacity planning, and disaster recovery.
• Converts mission critical application from IBM RS6000 to Dell Poweredge servers without incident.
• Assists in the migration from Windows NT network to Windows 2000 Active Directory network.
• Develops and deploys security policies and procedures that protect the network from internal and external
• threats.
• Assists Director of Information Technology in successfully migrating key business processes to Applied Systems.
• Proposes sophisticated networking designs for migrating network infrastructure to layer 2 and layer 3 technologies.
• Installs, administers, and troubleshoots Microsoft Windows 2000 servers.
• Administers and supports Citrix Metaframe XPe servers in WYSE thinclient infrastructure.
• Configures and implements Outlook Web Access through effective administration of Internet Information Server, Exchange 5.5, and ISA Server 2000.
• Implements and supports firewall rulesets for Cisco Pix 515 and Microsoft Internet Security and Acceleration Server ISA .
• Manages and maintains security infrastructure including Norton Corporate Virus Protection, Cisco Pix 515, and Windows 2000 security.
• Manages IP address assignment and allocation through skillful configuration of DNS, WINS, DHCP, VLAN, and VLSM.
• Effectively utilizes Microsoft Visio to document all aspects of the network infrastructure.
• Configures and troubleshoots SNA network and the applications that utilize the connection.
• Leads, develops, and mentors help desk personnel.
• Administers and manages SAN using various hardware and software solutions including Computer Associates, Veritas, Adic, and HP Ultrium

Confidential

• Design, configuration, testing, and troubleshooting of an enterprise level network.
• Implementation and support of complex ipsec-based VPNs.
• Support of Checkpoint firewalls, Cisco 5000 series VPN Concentrators, Cisco enterprise switches and routers.
• Provides technical guidance and direction to field engineers for installation, configuration, and troubleshooting of vpn routers, vpn concentrators, aDSL/sDSL/IDSL gateways/modems, switches, Windows 2000 servers.

Confidential

• Network troubleshooting of Asynchronous Transfer Mode ATM /Fiber Optic switch products designed by Marconi.
• Administers Unix network in order to manage the testing of network appliances.
• Supports various circuit technologies including DSL, asynchronous, OC3, OC12, and OC48.
• Interfaces with Marconi equipment through administration of Unix and Windows workstations.
• Effectively utilizes rlogin, telnet, dhcp, and xwindows in order to diagnose and troubleshoot optical switches.

Confidential

• Maintains, Supports classified wireless DOD networks/systems for the United States Air Force.
• Formal DOD training in INFOSEC and COMSEC concepts, practices, and procedures.
• Access to sensitive information that if disclosed could compromise national security
• United States Department of Defense Secret Clearance for access to sensitive information.
• Secures encryption devices used to encrypt government data classified as secret.
• Responsible for key management systems, encryption, computer security, and electronic communications.
• Implements advanced military technologies including satellite, WIRELESS, voice, and Doppler systems.
• Honorable Discharge DD256/DD214