PROFILE:

• Hardworking, highly skilled, and multifaceted IT professional offering more than 30 years of experience in information technology with the past 20 years devoted to security and risk management, focusing on cloud security, wireless security, project management, and software architecture and engineering.
• Equipped with comprehensive background in developing and implementing strategic technology and security roadmaps with business alignment to deliver exceptional security and privacy solutions.
• Expert at developing security architectures for federal, commercial, and educational clients as well as worked on projects for financial, federal, and commercial entities
• Knowledgeable of IT security compliance, as well as Health Insurance Portability and Accountability Act (HIPAA), PCI, Sarbanes - Oxley (SOX), Federal Information Security Management Act (FISMA), SAS 70-2, and ISO 27001
• Dedicated to leveraging first-rate management skills in meeting and exceeding organizational goals and objectives while achieving impactful results
• Known for keen eye for detail in identifying improvement needs; streamlining business operations; developing and implementing standards, policies, and procedures; reducing project costs; and responding to clients

AREAS OF EXPERTISE:

Application Security | HP Cloud Protection Foundation Service for VMWare HP Cloud Protection Center of Excellence (CoE) | NIST Cloud Computing Security Working Group (SWG) NIST Cloud Computing Risk Management Framework (CRMF)

TECHNICAL ACUMEN:

Cisco Security Partner (ISE, NAC, IDS, FW) | IBM AppScan | NitroSecurity NitroView | AccelOps | ArcSight | Q1Labs (SIEM/SIM) Aruba Wireless Networks Partner (ArubaOS, Clearpass, AirWave, AppRF) | Siemens HiPath Wireless Partner | Juniper ISG | SSG FW/IPS Host-Based IDS | Honeyd | HP WebInspect | Java | Python | C# | Spring Tool Suite | Hadoop | Big Insights

PROFESSIONAL EXPERIENCE:

Confidential, Arlington, VA

Information Risk Management practice Lead

Responsibilities:

• Building Cisco Identity Services Engine (ISE) 1.3 Posture Assessment with AnyConnect 4.0 client Service for Global Telecommunications Company’s Managed Security Practice.
• Building Aruba Wireless and ClearPass Access Management Service for Global Telecommunications Company’s Managed Security Practice
• Building Aruba AirWave Network Operations Service for Global Telecommunications Company’s Managed Security Practice
• Building Business Intelligence (BI) component of Network Access Control service for Global Telecommunications Company’s Managed Security Practice using Splunk and AccelOps
• Leading initiative to add Commercial, State/Local and Federal Clients to IRM Practice
• Leading implementation teams for SOW Projects for Multiple Clients

Confidential, Columbus, OH

Information Risk Management Consultant

Responsibilities:

• Provide outstanding support to finance IT and IT applications
• Conduct systematic security architecture review to support new and updated applications and infrastructures
• Perform extensive usage of Factored Analysis of Information Risk (FAIR) to assess the financial impact of risk associated with application
• Designed Security Architecture for Data Scientists developing controls for BigInsights access and analysis of multiple data stores and streaming data
• Designed Security Architecture for Enterprise Risk Management Predictive Data Analytics
• Expertly generated effective risk mitigation strategies and take part in mitigation planning and oversight
• Carry out systematic evaluation of firewall rule change requests to identify the best way in enabling the access needed by the business while retaining and enhancing the enterprise security posture
• Function as an efficient liaison for the business solution area (BSA) leadership, assisting with the tactical planning and incorporating the security early in the software development life cycle (SDLC) for both waterfall and agile development methodologies
• Actively join and participate in the Cyber Security Initiative “Secure by Design” silo within NW
• Directly collaborate with the leaders in creating a software assurant maturity model within NW
• Render direct assistance with the knowledge transfer in IBM AppScan Source

Confidential, Columbus, OH

Security and Risk Management Consultant

Responsibilities:

• Took charge of providing security architecture services to internal development teams for Confidential
• Carried out security architecture assessment of different components of Confidential, which included Confidential ; generated a software that directly supported Secret Stores
• Gave expert advices to the chief information security officer (CISO) in leading the program management function to improve the security posture of Confidential ’ internal and partner-managed security infrastructure in their stores
• Led the execution of network and application vulnerability analysis for sites going live and rendered security recommendations for risk mitigation to separate components for Confidential ’s Confidential
• Assessed all vendor products to enable provision of protected information discovery on an enterprise level; reviewed the current security information and event management (SIEM) implementation which brought significant improvement to its efficiency
• Spearheaded the employment of a static code analysis component into an agile development methodology project to increase its value in an agile environment

Confidential, Palo Alto, CA

Senior Solutions Architect

Responsibilities:

• Assumed full responsibility in creating and updating security services within the IT Assurance for other portfolio groups, including network security and cloud security portfolio
• Established strong relationship with partners for joint initiatives
• Played an integral role in producing a global enterprise private/hybrid cloud protection architecture life cycle services for HP comprised of cloud protection workshop, roadmap, design, implementation, and foundation services
• Created HP Cloud Protection Foundation Service for VMWare
• Created HP Cloud Protection Center of Excellence
• Utilized Symantec Data Loss Prevention (DLP) in creating DLP assessment and implementation services globally; generated delivery materials for client interviews in developing data loss policy and training for discovery and protection components of Symantec DLP
• Ensured accuracy in writing a Confidential, certificate high-level, and detailed architecture documents
• Directed and collaborated with the Implementation Team in conducting a knowledge transfer and lead implementation of test and quality assurance environments; as well as in developing a training collateral for production implementation
• Led the successful employment of a global security infrastructure for secure terminal services access for a leading risk management company
• Initiated a two-factor authentication through AD and RSA SecurID and customized the UAG UI with ASP.NET coding to comply with all client’s requirements

Confidential, Baltimore, MD

Chief Information Security Officer

Responsibilities:

• Led the development, resource and management, and the profit and loss of the security practice company-wide
• Accomplished various major projects, including the following:
• Took charge of upgrading the Global RADIUS infrastructure for BMS and installed the Juniper Steel Belted Radius V6.1.3 on both RHEL and Solaris platforms
• Conducted a Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Assessment for a long-term healthcare institution in San Francisco, California and implemented a new SIEM solution for the enterprise
• Managed the information security infrastructure and planning for a global hosting provider specializing in insurance companies as well as for the architecture of a secure infrastructure for an insurance client’s access to Application Service Provider (ASP) applications
• Administered the web vulnerability scanning of web, database, and application servers for several insurance company
• Performed systematic forensics investigations and generated solutions to enhance the security incident management, governance, and service-level objectives through evaluation of IT infrastructure business intelligence solutions
• Displayed expertise in conducting business continuity planning, disaster recovery, and business impact analysis for Caldwell Memorial Hospital in North Carolina

Confidential, New York, NY

Security Architect (Consultant)

Responsibilities:

• Took charge of the operating system, network, and applications security design and testing to support applications
• Exemplified outstanding skills in completing specific projects, including:
• Secure Application Development Standard
• Linux Nextgen Security Architecture platform
• Security Architecture for Confidential for their Next-Generation Wireless Data System (WDS2)
• Evaluation of the Wireless IDS and WLAN infrastructure products for recommendation for both the Confidential LAN (CLAN) and the Confidential Trading Floor
• Penetration tests on the common access point (CAP) network infrastructure that enabled member firms in accessing Confidential applications through network Mapper (NMAP) and Nessus
• Application pen tests for Confidential through OWASP model
• Intraday Comparisons of Equities (IDCE) project