Summary of Qualifications:

• Information security professional with over 15 years of IT experience in many facets of information security infrastructure, systems, and compliance .
• Exceptional understanding of how to align security initiative to the business goals.
• Experience across industries SOX, HIPAA, PCI DSS .

Technical Skills:

Checkpoint, Fortinet, Juniper, Palo Alto, Firemon, Tufin, TCP/IP, SSL VPN, IPSEC, IDS/IPS, Websense, Windows OS, Linux, Unix, VMWare, Symantec Antivirus, Active Directory, Network Protocols, Packet Capture.

Key Skills:

Great Verbal and Written Communication Skills, Ethically Sound, Great Research and Troubleshooting Skills, Customer Focused, Self-Motivated, Great Teamwork and Technically Savvy.

Experience

Confidential

• Provide knowledge as a subject matter expert on security processes and procedures as it relates to Check Point and Juniper firewall solutions for the lines of business as well as IT Infrastructure groups consisting of more than 1300 firewalls across multiple zones and site locations DMZ zones, Presentation zones, Secure zones, Internal zones and B2B zones .
• Engaged in multiple projects responsible for designing, implementing and verifying enterprise solutions as identified by the project/technical manager and customer. Projects included segmenting PCI data utilizing firewalls to only allow for CDE traffic, port turn ups for new network segments to build out line of business systems for proof of concept or production roll out, identifying the different firewalls and rules for new AD hardware deployments, new VPN tunnels for traffic separation of pre-prod and prod traffic to outsourced vendors.
• Provide analysis and recommendations pertaining to firewall optimization and enhancements to improve performance and increase efficiency. Analyze firewall policies to reduce the size, review of static routes to reduce the number of host routes, review interface throughput for saturation and determine if interfaces can be upgraded for higher throughput or if a new firewall is needed to keep up with the traffic demand.
• Manage security vendor to implement the solutions and meet project SLAs. Coordinated with Dell Secureworks and HP engineering team to ensure they understand the engineering scope, review their work after completion to ensure accuracy and completeness. Escalate to appropriate vendor management team when needed to ensure timely and accurate execution of work.
• Collaborate with other security engineering groups to engineer solutions that comply with company policy and standards. Work closely with proxy engineering, traffic management, content filtering engineering and global security services teams as well other infrastructure engineering groups.
• Oversee bank proprietary request system for firewall and proxy requests, ensuring only bank employees and direct contractors have rights to request firewall and proxy rules. This required verification of mandatory firewall and proxy high level training to be completed and a test score of 90 or better.
• Provide governance, compliance, architecture and engineering oversight related to Check Point and Juniper firewalls, Citrix Web Application Firewalls, TippingPoint IDS.
• Review vendor playbooks for firewall/ids software/hardware refreshes to ensure date and time do not conflict with other infrastructure changes, specific features are either turned off or on such as enabling Check Point's Secure XL or disabling IPS features, proper configuration scripts are used to initially build the firewalls, proper firewall code is used, the order of firewalls to be refreshed first to avoid the least amount of downtime.
• Review, update and/or create standard operating procedures, standards documents and research papers regarding perimeter security. Update operating procedures to reflect current environment, work with team members to create firewall standards consisting of different platforms Check Point and Juniper and the version of OS to use, perform proof of concepts and write up pros/cons relating to firewall audit tools such as Tufin, Skybox and Firemon.
• Responsible for firewall rule remediation to avoid SEV1 audit, analyze firewall rule usage reports and contact owners to disable/remove unused rules. Responsible for reporting tool firemon to conduct rule usage as well as integrate with bank proprietary system to conduct red risk review of inappropriate combinations of ports and IP/Networks.

Confidential

• Provide consulting services to upgrade, deploy and troubleshoot Check Point and Juniper solutions. Services included configuration of hardware adding interface cards, port turn ups, adding hard drives to convert from flash base to disk base , software configuring firewall security policy, troubleshoot connectivity issues with security policy, routes, proxy arps, enabling and tuning IPS policies , troubleshoot device configurations high availability, sync issues while bringing firewalls under centralized management, converting from local logging to centralized log management, IPSEC vpn creations to remote offices, authentication integrated with third parties such as RSA tokens.
• Configure and stage customer equipment Check Point and Juniper firewalls and/or Juniper EX Switches for initial burn in prior to deploying them at customer's site as well as provide onsite configuration per customer's change process.
• Provide pre-sales and post-sales support and delivery of a security services and product, Check Point, Juniper, Fortinet, Sourcefire, and Managed Security Services.
• Interface with clients to define project scope, create statement of work and implement technologies.
• Communicate and coordinate directly with clients and internal personnel to deliver and complete assigned projects to client's satisfaction.

Confidential

• Provide assessment and analysis of firewall capabilities, recommend and conduct changes on over 300 firewalls consisting of Nokia/Check Point firewalls and Fortinet Fortigate firewalls.
• Research and recommend emerging technologies for NexGeneration Firewalls, Firewall Auditing Tools, IDS/IPS technologies included Palo Alto Firewalls, Sourcefire IPS, Tufin, Firemon, Skybox and AlgoSec.
• Create and maintain IPSEC VPN tunnels on Nokia/Check Point Firewalls and MPLS VPNs on Fortinet Fortigate firewalls with vendors and partners who wish to interface with MassMutual's global network and systems.
• Maintain Check Point and Fortinet firewalls to protect company data by configuring security policies, configure traffic logs to be sent to MSSP for event correlation, monitoring and alerting on potential threats.
• Oversee ISS Proventia IDS, configure and send logs to MSSP for event correlation, monitoring and alerting.
• Participate in incident response when alerted by MSSP to block the threats at the perimeter and provide traffic data to potential systems compromised.
• Ensure firewalls are in compliance and provide evidence for internal and SOX audits by performing firewall rule remediation every 12 months, integrate firewall user accounts with corporate active directory via tacacs and restrict who has admin and read only rights, retain audit and traffic logs on centralized log server for 15 months then archived to LogLogic for another 7 years, all firewall policies contain a stealth rule and drop all rule, perform disaster recovery plan on a yearly basis, formal request system is utilized for business to request rule changes and ensure there is an offline copy of firewall policies in the event that firewall policies need to be manually recreated.
• Responsible for hardware RMA and break/fix for firewall and IDS appliances.
• Consulted with multiple lines of businesses and layers of management to ensure compliance and provide secure solutions.

Confidential

• Manage all aspects of Information Technology by maintaining Windows Active Directory, AS400 Mainframe, Websense, Symantec AntiVirus, Netbackup, Windows Update Server Services, Windows desktop and laptop, Microsoft office products, HP Proserve switches, Juniper Netscreen and Cisco ASA firewalls.
• Perform vulnerability assessments and patch any known weaknesses within a network environment utilizing Digital Defense Inc. security appliance to run automated quarterly scans and yearly external penetration tests.
• Evaluate and recommend security devices including IDS/IPS, Firewall and VPN technologies.
• Support organizational technical and strategic planning, disaster recovery and business continuity planning by working closely with Board of Directors, CEO and compliance officer to update or create new policies.
• Enforce principle of least privilege to network shares and system database by creating users, user groups and access levels on Windows Active Directory and AS400 Mainframe.

Confidential

• Supporting approximately 150 Senior Executives hardware/software needs 24/7.
• Build Image new PCs, replace pc hardware, support MS Office XP/2000 products XP/NT operating systems questions either by visiting machine or using SMS.
• Support VPN/RAS MCI PAL connectivity problems and setup home wireless networks, install configure wireless cards, install and support Blackberry RIM devices, Palms iPaqs resolve printer problems
• Strong technical expertise in desktop applications and products, LAN's, WAN's network operating systems and infrastructure.
• Act as a level 3 problem resolution resource.
• Worked with multiple engineering departments by participating in pilot programs including: Wi-Fi, Verizon 3G EVDO, Avaya IP Softphone, Connected DataConnected backup software and Windows SP2 office 2003.

Confidential

Desktop Analyst

• Provided desk side support.
• Install/troubleshoot desktop hardware, software and network connections.
• Supported desktops and network printers in a Novell/Windows environment.
• Provided support for Lotus Notes email and databases.
• Windows XP deployments.

Confidential

• IS Liaison for the Financial, Investments and Law departments.
• Windows 2000 Professional migration and installation.
• Install/troubleshoot desktop hardware, software and network connections.
• Provide phone and desk side support.
• Build PCs, order and recommend computer hardware and software.
• Participate in Virtual Private Networking, Notes R5 and in-house applications migrations.