SUMMARY:

• Security, Cloud, and Virtualization Consultant
• Support for AWS Cloud infrastructure (Cloudfront, Python, PowerShell, Java, YAML, S3, EC2, SQS, VPC, Docker, API Gateway, Beanstalk, Cloudwatch, Redshift, AWS Systems Manager, AWS Patch Manager, Route 53, Terraform, HCL, Ansible)
• Support for VMWare environment with VSphere, VCenter 6.5, 6.7 (vRealize Ops Manager, vRealize LogInsight, vRealize Automation, NSX, ESXi, NSX Manager)
• Support for Palo Alto environment (4050, 5050, virtual, Panorama) v8.1 (Panorama configuration, HA firewall clusters, FW changes and implementations)
• Support for Tufin Orchestration and Automation Suite (Firewall and management automation and analysis)

PROFESSIONAL EXPERIENCE:

Confidential

Security Consultant

Responsibilities:

• Support for Checkpoint global environment and next generation UTM appliances
• Versions supported: R77.30, R80.10, R80.20
• Support for all DC migration re - IP rule requests with Algosec
• Support for troubleshooting bridge calls for FW issue resolution
• Support for all IPS updates (manual and online)

Confidential

Security consultant

Responsibilities:

• Support for all Symantec SEP, DLP, and DCS environments
• Support for Palo Alto TRAPS endpoint environments
• Support for all Palo Alto firewalls and Panorama environment
• Support for all virtual Palo Alto firewalls and physical firewalls
• PA-4050, PA-5050, virtual FW and M500 Panorama Appliances

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Support for all Checkpoint environments of R77.30, R80, and R80.10
• Support and design for all Provider-1 environments
• Support for all IPS updates both manual and online
• Upgrades and support for all Checkpoint environments
• Worked on all documentation for PCI related requirements for Checkpoint environments
• Support and administration of Beyond Trust UVM20 Password Safe appliances
• Support for all Cyber Ark Password Safes and asset and account management
• Support and administration for Cyber Ark platform
• Support for Power Broker for Windows Beyond Trust
• Support for all Password Safes and asset and account management
• Support for Symantec Endpoint Protection administration
• Support for Symantec DLP administration
• PowerShell scripting

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Support for all Checkpoint firewalls on R77.10, .20, and .30
• Support for all Checkpoint Provider-1 environments
• Led all firewall remediation efforts for PCI requirements
• Support for all IPS signature updattes
• Support and upgrades for Blue Coat Proxy SG800 and 900 series appliances
• Support for all Palo Alto management for Panorama and PA-4050, and 5050 firewalls
• SME for the migration from Checkpoint environment to Palo Alto using Palo Alto Networks Migration Tool 3
• Support for Panorama M100 appliances and Panorama running on ESXi host. Support for PA4050, 5050 and VM500 for PANOS 7.1

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Responsible for daily support of Imperva SecureSphere WAF v11.5, for alerts, support and administration
• Support for all Threat stream, Bit9,Carbon Black support and administration
• Daily support of Bit 9 Carbon Black alerts, remediation, quarantined hosts alerts, agent status, and overall endpoint support for the corporate network
• Splunk, Q-Radar, Webinspect, AppScan PCI requirements
• Support for all security related issues throughout the corporate SaaS environment
• Support for Panorama and Palo Alto firewalls PANOS 7.0

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Support and upgrades for all Checkpoint firewalls on the client global network
• Firewall versions are R75.40 and R77.20 Support for 200 Checkpoint firewall models, which are 12600, 21400, and 4800
• Support for all Provider-1 infrastructure and corporate domains
• All firewall configurations with HA failover
• All URL filtering for corporate environment enforced with Checkpoint URL filtering service in R77.20
• Support for all Symantec CSP v5.2.9 client agents and policies.
• Support for Symantec Endpoint Security v12.1 for all gateway policies, and administration
• Disaster Recovery testing for firewalls and infrastructure
• Full testing with application owners, application testers, and technical teams

Confidential, Irving, TX

Security SME and Security Project Manager

Responsibilities:

• I pulled firewall and router configurations with Firemon, along with editing all company PCI documentation to meet PCI DSS 20 standards
• I led QSA observations for all processes, procedures, and reports for all tasks and requirements Perform remediation tasks for firewalls, routers, and IPS infrastructure
• Met with Vice-Presidents, and Senior Vice-President's weekly, to ensure all PCI audit timelines and deliverables were met
• I was responsible for ensuring that all PCI audit project documentation was uploaded to SharePoint, and that all tasks, and responsibilities were updated and tracked in QuickBase
• I tracked all PCI project timelines in MS Project, and distributed it to senior management, the security team, and the QSA auditors
• Corporate URL filtering enforced with WebSense Security and Web Filtering
• Support for all Bit 9 Carbon Black alerts, remediation, and endpoint security
• Client compliance settings, policies, and infrastructure analyzed and compared for PCI DSS 3.0 audit Fireeye 7400 NX series appliances used for threat detection, management, and analysis
• Symantec CSP (Critical System Protection, as well as Symantec SEP and DLP.
• Worked with the devops team using Ansible automation for all corporate dev, test, pre-prod, prod, environments for the PCI audit

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Support and upgrades for all Checkpoint firewalls, and datacenter migrations
• All Checkpoint environments have an HA Provider-1 Smart 50 appliance for redundancy
• Each checkpoint environment contains 100 firewalls running in an HA configuration
• All firewalls are upgraded to R75.45 from their original firewall revisions
• Company URL filtering enforced with WebSense Security and Web Filtering suite
• Support and administration for Imperva G4 Securesphere WAF.
• Support for Checkpoint endpoint administration and updates

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Supported, designed, and upgraded all Checkpoint firewalls running R75.40 Support for all Provider-1 environments with 150 Checkpoint gateways
• All firewalls are in an HA configuration running on Checkpoint 21400 UTM's

Confidential, Bloomington, Illinois

Security Consultant

Responsibilities:

• Designed and implementation of sixteen 61000 blade system firewalls, and fifty 21400 firewalls for perimeter and segmentation of the network
• PCI DSS 20 and SOX requirement and mitigation support Ongoing support for the firewalls, and company applications
• The firewalls are on R7540, with a Provider-1 environment
• All firewalls are running in a HA configuration All management stations are Smart-100 devices in an HA configuration
• Vulnerability assessments done with Nessus, Internet Scanner, and Languard, for support of all compliance regulatory requirements
• Used Splunk within the corporate network for log analysis, alerts, and as a aggregation tool
• Full Disaster Recovery testing with application owners, application testers, and technical teams
• Fail-Over for all critical applications and infrastructure
• Firewall analysis for active/passive fail-over as well as support throughout full testing cycles

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Provided support for all Checkpoint and Cisco environments
• Provided 1 management upgrades from R65-R75
• All gateways are in an HA clustered configuration running VRRP
• Performed upgrades for all IP series firewalls from R65-R75
• The upgrades are to meet regulatory requirements for PCI audit remediation
• PCI DSS and SOX requirement and mitigation support
• Support for all Checkpoint endpoint administration and updates

Confidential, Arlington, TX

Security Consultant

Responsibilities:

• Provided support for all firewall related activities and upgrades for the Checkpoint environment from R60 to R70, R71, and R75
• Supported for Nokia/Checkpoint firewalls in a P-1 environment with 300 firewalls
• Supported for all migrations, upgrades, and daily firewall changes

Confidential

Security Consultant

Responsibilities:

• Performed upgrades on all Checkpoint firewalls, and support for client services
• Firewalls are R65 and R70 clusters
• Administration of Juniper firewalls at corporate and remote locations

Confidential, Springfield, Massachusetts

Security Consultant

Responsibilities:

• Performed Checkpoint firewall upgrade of 50 firewalls from R55 to R65
• The firewalls were on Nokia IP 1220 platforms
• Administered Juniper 50, 200, 500, and SSG 520 firewalls
• Upgraded and administered 75 Fortinet 5000A and 100A firewalls
• Administration and management of all firewall environments for MassMutual clients was one of the daily tasks
• Management of each firewall is done remotely and onsite at client sites
• Network documentation was done with MS Access, Visio, and Power Point
• Microsoft Project was used to ensure that all project timelines were adhered too Security Management Tool was used to tailor company security policies
• All Juniper firewalls are managed through NSM Site to site vpn for all b2b and vendor tunnels with Checkpoint and Cisco vpn's
• McAfee was the anti-virus used at the desktop and server levels within Confidential
• All DMZ and intranet traffic was segmented with firewalls and acl's to ensure security to company resources
• PointSec was the encryption software used to encrypt all laptops for protection for remote users
• SOX audits were the driving force behind the firewall upgrades and network segmentation
• SOX vulnerability assessments where done on a monthly basis using Languard and Internet scanner
• Each assessment is tailored for SOX compliance, and is one of many layers in the risk mitigation arena and compliance framework
• Administration of Sidewinder firewalls at remote locations
• Supported Pointsec encryption products for the MassMutual corporate network
• Tailored policies and support around company business requirements

Security Consultant

Confidential, Little Rock, AR

Responsibilities:

• Administered 24 firewalls running Checkpoint R60
• Upgraded the firewalls to R62, and all firewalls were running on Nokia IP 1220 firewalls
• Implemented two Site Protectors, Proventia G devices for Confidential client
• Administered Juniper firewalls consisting of 75, 100, and 200, firewalls
• Implemented Blue Coat SG510 and 810 appliances, and Blue coat reporter for the corporate network
• Checkpoint firewall upgrade from R55 to R65 on Nokia 390 appliances for headquarters and remote sites
• Risk assessments where done using Nessus, and Internet scanner, on a monthly basis to help ensure that risks to the network are mitigated in a timely manner for all Confidential client networks

Confidential, Houston, TX

Security Project Manager/ Security Engineer

Responsibilities:

• In charge of development of security solutions, and the evaluation of products suitable for security within all Confidential networks
• Over 15 years’ experience in Information Security related technologies, with experience in Cisco routing; Checkpoint firewall, and, IDS systems, Proxy Systems such as Bluecoat, Wireless LANS, Wireless IDS systems and vulnerability scanning systems and services in a corporate environment

Confidential, Hurst, TX

Interim Security Manager

Responsibilities:

• Lead firewall team in multiple locations, for change management, firewall security related duties and IDS support
• All firewalls are Checkpoint R62, IPSO 42 IDS infrastructure is Proventia G appliances
• Remote access support with Nortel Contivity appliances
• Risk assessments and vulnerability scans where done on a semi-weekly basis using Languard, and Internet Scanner, to ensure company resources are secure

Confidential, Arlington, TX

Security Engineer/Project Manager

Responsibilities:

• Firewall administration and configuration on Pix 515E, 525, and Checkpoint IP 1220 firewalls for Confidential clients

Confidential, Memphis, TN

Security Engineer/Project Manager

Responsibilities:

• Performed security audits on corporate network in support of NERC requirements
• Upgraded all Checkpoint firewalls to IPSO 38 NGAI R55
• Also administered Cisco PIX 520 and 515E firewalls running IOS 63 as well
• Used Languard to scan hosts for vulnerabilities, and used App Detective to scan for vulnerabilities on all databases
• Cisco IDS was also used for IDS
• Did a major DMZ upgrade using F5 load balancers, Blue Coat reverse proxies, Checkpoint firewalls, and Firepass vpn solution as well
• Support for all security related needs at the Confidential headquarters

Confidential, Woodland Hills, CA

Senior Security Engineer

Responsibilities:

• Put processes and procedures in place to start a new security department
• Wrote all IDS and Firewall assessments, testing methodologies, and setup all internal infrastructure for the new Enterprise Security Department
• Administered Juniper 50, 75, and 100 firewalls to segment off network traffic and applications for the corporate network
• Performed firewall testing utilizing Ixia Load, Ixia Chariot, and Ixia VPN for performance testing
• Other vendors used for testing consisted of Blade Software's Firewall Informer, and IDS Informer
• All of these where utilized to test for performance, conformance, and stress testing of the production infrastructure

Confidential, Bellevue, WA

Security Engineer

Responsibilities:

• Daily duties include: All firewall rule pushes, firewall design, documentation, and troubleshooting
• Within the corporate network
• Firewalls consisted of Checkpoint IP 1260's, and 650's, in a Provider -1 environment
• Alteon load balancers where utilized as well

Confidential, Greenville, SC

Security Project Manager/ Security Engineer

Responsibilities:

• In charge of Internet Access, Security, Auditing, and all E-commerce Infrastructure
• The following are different platforms that where utilized to enforce security and handle the day-to-day infrastructure requirements: Permeo Security Server 41, and 42, Alteon Content Cache, 305, and 310, Alteon Ace
• Director 400, all used in load balancing and clustering
• Administered Nortel Contivity appliance for remote access to company resources for employees
• Web Trends 70, and 80, Checkpoint Firewalls running NG on 330, 440, and 650's, and Nokia Horizon Manager to handle all administration
• Administration with Pix 520 firewalls as well
• LAN/WAN design, administration, implementation, installation and maintenance of the corporate network
• The environment also consisted of UNIX, (AIX, Solaris, Confidential -UX, Linux Red hat, and Free BSD which had to then be hardened and secured using Bastille, or other unix hardening software)