Technology Summary:

Security Technologies: Security Information Event Management SIEM , Vulnerability assessment VA , Penetration testing, Access Control, Application Security analysis, Operations Security, Risk Assessment, forensic analysis, Host Based and Network Based Intrusion Detection and Prevention Systems HIPS/IDS/IPS , Configuration assessment, File Integrity, Network Access Controls NAC

Compliance Standards: NRC, NEI08-09, PII, ITAR, HIPPA, GLBA, Sarbanes-Oxley, PCI, NIST

Systems: Windows 2000-2008 Server, VMWare ESX, Cisco ASA Firewalls, switches, routers, call manager , Linux, Ubuntu, Debian, NICE, backtrack, bluecoat proxy, Microsoft ISA, SourceFire, Cisco IPS, Tipping Point, McAfee Network Security Platform, Snort, SANS, EMC VNX series NAS, DataDomain, EMC Sans, Websense, Forescout

Networking: LANs, WANs, VPNs, Cisco Routers/Switches, Cisco ASA, Cisco IPS, PaloAlto, Juniper, TCP/IP, VOIP, IPSec, SSL, Brocade Fiber Switches, NAC, IDS/IPS

Software: VMWare all , Microsoft Server all , SQL, Entrust Authority TruePass Entelligence , Lotus Notes, HTML, VBScript, Remedy, Wireshark, Network Monitor, SSH, PuTTY, LogParser, SafeNet, Snort, CommVault, Backtrack suite, WebInspect, FTK Imager, Burp proxy, McAfee, Symantec, RSA SecurID, Nexpose, Rapid7, Metasploit, NetIQ Aegis, NetIQ DRA, NetIQ Security Manager, Log Monitoring, RSA envision, Nessus, Tripwire, Solar Winds, Nitro SIEM, Forescout NAC, Cisco ACS

Experience:

Confidential

Senior Security Architect / Senior Security Consultant / Vulnerability Assessor

• Architected and implemented technological, administrative and physical security controls to National critical infrastructure while exceeding the Nuclear Energy Institute's NEI08-09 requirements. Architected and implemented a SIEM solution, Intrusion detection, rogue device detection, file level integrity, event flow monitoring and vulnerability scanning of the network which provided in-depth security and advanced monitoring solution for the critical infrastructure network. Created policies and procedures required for auditing and on-going support of the security controls. Performed vulnerability assessments on critical digital assets and provided a solution to harden those systems.
• Passed a Nuclear Regulatory Commission audit and a Homeland Security audit on securing a National critical infrastructure network.
• Designed and executed enterprise wide SIEM solution security upgrade ensuring code on all SIEM appliances is updated to proper level and ensuring that SIEM was functioning optimally. The security upgrade provided better functionality and solved known issues with all reporting security devices.
• Architected and deployed an enterprise centralized Syslog solution, meeting business and security requirements while providing a more secure way of handling the Syslog data used for forensic analysis.
• Architected and provided engineering with an enterprise-wide firewall solution providing a defense in-depth solution by isolating the power plants and mines reducing potential interruption of operations by security events.
• Performed physical security assessments as well as network security assessments and consulted with clients on network hardening solutions and physical security concerns. Provided the IT teams with a roadmap to better harden their network and secure applications while meeting regulatory compliance requirements.

Confidential

Security Information Engineer

• Provided managed security services across a diverse set of clients from state to local governments to Fortune 500 companies across all sectors of industry. Worked with clients to provide ingress and egress protection of their networks as well as adhering to PCI, SOX, HIPPA, and other regulatory and compliance standards. Architected intrusion detection and prevention IDS/IPS security solutions for all clients which provided network protection and met regulatory compliances. Directly managed over 300 IDS/IPS sensors ranging from open source Snort, Palo Alto, Cisco solutions, to McAfee Security platforms. Worked well under demanding deadlines and heavy workloads to ensure the SLA was met. Provided security consulting expertise technical, compliance, and business operations to clients to develop their company's security postureing an IDS/IPS strategy as well as log monitoring solution for future growth and regulatory compliance. Provided security consultation to clients regarding configurations and security offerings to mitigate security risks identified during reviews and audits.

Confidential

Senior Computer Systems Security Technician II

• Managed Security audits of Enterprise Active Directory ensuring adherence to enterprise policies and procedures. Managed project audits. Team Lead of PKI Security Team. Performed vulnerability security testing on systems utilizing penetration-testing methodologies, and implemented prime secure configurations. Analyzed security logs for intrusion and malicious activity. Developed and deployed multiple workflows in security applications automating repetitive security-related tasks throughout the enterprise. Built PKI Secure forms infrastructure utilizing paperless PKI, expediting subscriber registration and renewal, as well as reducing labor for PKI audit activities. Migrated several production servers into secured VMWare farm, reducing energy consumption and overall rack space. Participated on Enterprise Design Reviews making security recommendations for the entire Enterprise.

Confidential

Senior Infrastructure Engineer

• Managed team of engineers. Assigned and assessed projects. Technical lead ensuring all deliverables completed properly by junior technical staff. Managed, designed and built secure redundant internal LAN and data center network infrastructure with off-site disaster recovery. Responsible for over 50 servers in production, performing daily/weekly maintenance. Designed network providing a fully redundant network topology to ensure maximum up-times and fault tolerance. Created backup policies and maintained backup software, de-dupe appliance, and off-site tape rotations. Oversaw all company-wide applications, assisted with researching new and improved software suited to each business unit. Created a secure wireless solution separating trusted access from un-trusted access. Migrated SharePoint 2003 to SharePoint 2007, and Exchange 2003 to Exchange 2007 clustered environment. Designing a fully capable 'Hot Site' and true Disaster recovery site. Provided infrastructure security company-wide through a layered approach utilizing firewalls, group policy, anti-virus, hardening systems, access systems and training end-users in secure practices. Managed Cisco ASA firewalls and Microsoft ISA firewalls in production environment providing secure configurations and monitoring of the firewall logs. Performed vulnerability testing on existing networks utilizing penetration methods and hardened the network with secure configurations. Utilized SourceFire IDS/IPS to monitor incoming and outgoing traffic, as well as to assist in preventing intrusion. Provided detailed security audit reports directly to executive team.

Confidential

Network Team Lead

• Managed a team of consulting engineers, servicing a vast client base throughout the southwest region of the U.S.
• Managed project assessment and assignment. Team lead on proposals and designs for large-scale network configurations including LAN/WAN/VPN and remote users, disaster-recovery, security, firewalls, upgrades, ROI, and continual network maintenance. Oversaw network security assessments on new and existing networks using commonly available vulnerability tools. Audited security configurations of servers and workstations. Managed all new and challenging projects from quote to completion. Senior Network Engineer representing team's client base.

Senior Project Engineer

• Performed pre-sales Engineer consulting as well as post-sales implementation and engineering. Audited existing client networks, designed network configurations for large-scale network upgrades. Responsible for all new projects throughout the U.S. Planned and executed complex network upgrades and migrations including: Timberline, Exchange, Active Directory, Data, Software, firewalls, Citrix and Terminal Server. Primary Engineer for all pre-sales and post-sales project implementation.

Senior Network Consulting Engineer

• Managed proposal, design, installation, security configuration and maintenance of multiple client networks throughout the U.S. Performed network security audits/assessments on networks utilizing commonly available tools. Troubleshot and resolved complex customer network issues as well as provided on-call customer service and remote access solutions. Performed numerous 'new network' installations and migrations for clients, as well as solving day-to-day end-user issues. Top performer in quarterly hours billed as well as peer review.

Confidential

Senior Network Engineer

• Primary engineer with multiple client base in DFW metroplex. Responsible for the design, installation and maintenance of client's Windows 2000/NT networks. Made recommendations, upgraded and implemented new servers, routers, firewalls, PCs, switches, printers, cabling, bandwidth solutions, and software depending on clients' need. Designed, implemented and maintained Windows 2000 Servers, NT 4.0 Servers, Microsoft Exchange 2000 Servers, SQL 2000 Servers, Internet Information Servers 5.0, and print servers. Implemented network security policies, anti-virus policies and developed disaster recovery policies. Designed VPN access for and trained clients on the benefits, security and use of VPNs. Responsible for detection and removal of viruses on servers and workstations. Instructed N study session for employees with a 90 pass rate. Trained clients on the proper use of operating systems, Office Suites and basic maintenance of computer networks.