PROFESSIONAL EXPERIENCE

Confidential

Cyber Forensics Manager

Responsibilities:

• SIEM content developer for RSA Security Analytics and Arcsight for Cyber Investigators and SOC Analyst Team
• Transition SIEM content from RSA Security Analytics to Arcsight 6.8c in a Hierarchical 300k+ EPS environment
• Build out advanced use cases for SOC, Counter Threat Unit and Cyber Intelligence
• Train, mentor and manage Counter Threat, Deep Dive Analyst, Forensic Investigators, SOC Analyst, Hunters
• Prove incidents of compromise, supporting 225,000 endpoints for a $155 billion dollar company
• Tune Information Security Architecture controls to provide meaningful value add security control and content
• Malware analysis, reverse analysis with tools such as Ollydebug, Volatility, MAS, Cuckoo, Viper, IRMA, JOE
• Build process flows and document Cyber security operations, Run Blue Team Counter Defense Operations
• Work with tools such as FireEye, Damballa, SEP, Palo Alto, Checkpoint, Cisco ASA, F5 ASM, LanCope
• Search for Indicators of Compromise and work war rooms to respond and manage cyber incidents
• Log security threat data to HADOOP and build threat intelligence platforms, Built Security metrics
• Collect and process threat intelligence, disseminate to external business partners, integrate into workflow
• Work with acquired companies and external business partners to resolve Cyber Incidents
• Building virtualized labs to identify and detect malicious activity to enhance toolsets
• Build proof of concepts and develop security strategies to support Cyber Security Architecture
• Stand up SOC, train entry level staff, develop procedures and integrate with other business units

Confidential

Arcsight Content Developer

Responsibilities:

• Develop advanced SIEM content to detect policy violations, data breaches and support NERC CIP initiatives
• Manage breach investigations, work with internal and external teams
• Baseline network and security incidents and build advanced correlation rules
• Map out business data flows and establish patterns of interest
• Train Dominion Cyber investigators, Palo Alto Firewall rule validation and baselining
• Develop threat management actions to reduce attack surface and mitigate risk
• Malware Analysis

Confidential

Vice President Information Security

Responsibilities:

• Manage and maintain PCI Compliance audit program for Level 1 Payment Processor ($40bn Yearly)
• Manage and Maintain TR - 39 Compliance
• Develop and implement business continuity program
• Document daily operations, Direct investigations and manage incidents
• Develop Imperva WAF policies, Develop Q1 Radar SIEM content
• Review and investigate compromised devices
• Build out Incident response capabilities
• Physical security management
• Worked with stake holders to insure strategic security decisions and technologies enhanced business processes

Confidential

Cyber Security Architecture

Responsibilities:

• Working in client environments ranging from 5k-250k end users and 5k-40k cross platform servers
• Develop advanced SIEM content to detect policy violations and data breaches
• Built Threat Intelligence and Information sharing platforms using STIX, CYBOX, TAXII
• Deploy and manage multiple global sensors to collect threat intelligence
• Deploy and manage deep packet engines like RSA Netwitness, Solera networks, Silent runner
• Deploy, use and manage case management tools
• Deploy Vontu, Mcafee, RSA Data Loss Prevention systems, develop DLP policies and SIEM content
• Deploy SSL decryption technologies in proxy or pass thru mode
• Manage breach investigations, work with internal and external legal support teams and law enforcement
• Perform forensic imaging of laptops, desktops, servers, phones, tablets and produce report of findings
• Perform memory and image analysis to identify malware, malicious code
• Review and negotiate legal contracts, develop corporate policy, standards and procedures
• Develop security architectures, project plans and implementation plans for global technology deployments
• Deploy Endpoint solutions such as Symantec or McAfee ePo for antivirus, endpoint encryption, DLP
• Deploy Imperva, F5 ASM Web application firewalls and database activity monitoring solutions
• Deploy Network Access Control (NAC) Forescout/Cisco/Aruba to manage guest networks and rogue connections
• Manage PCI, SOX, HIPAA, FTC, GLBA, NERC CIP compliance mandates, gather evidence and maintain compliance
• Develop and implement enterprise vulnerability management solutions with solutions Ncricle, Qualsys
• Develop CSIRT programs to detect and manage global incidents
• Deploy and tune IPS solutions such as Palo Alto, Sourcefire, Tipping point, IBM Proventia
• Deploy other security controls such as Bit 9, Tripwire as mitigating controls as identified during risk assessment
• Develop network architectures and migrate routing protocols, re-architect DMZ networks, core networks and perform migrations to Cisco Nexus and Cisco UCS platforms
• Build network zoning and defense in depth security architectures
• Build application performance monitoring to identify slow-downs and service outages
• Develop and deliver detailed flow diagrams, develop operational procedures, policies, risk analysis, gap analysis
• Program manage the enterprise to develop, test and implement business continuity plans
• Build out security operations centers,
• Trained onshore, offshore staff, develop career progression plan and mentor staff
• Perform daily CyberSecurity investigations, hands on with tools and processes
• Built custom logging, data mining and monitoring solution based on HADOOP
• Perform Pentesting and Application security scanning and analysis for diverse client base
• Acquire, process and report on forensic images with Encase, FTK, ProDiscover, Gargoyle, Autopsy, SIFT,DEFT
• Deploy Threat Management program to identify incident trends, control failures and high risk events to remediate
• Migrate Checkpoint, Cisco ASA, Juniper firewalls to Palo Alto Firewalls
• Build and manage Enterprise Lockdown projects and security enhancement projects
• Deploy and Implement Google Rapid Response into the workflow

Confidential

Security Architect

Responsibilities:

• Educate and mentor permanent and contract staff on GRC compliance program objectives
• Develop and deliver implementation project plans for global technology deployments
• Develop and deliver risk impact statements, risk assessments and report of findings
• Develop and deploy security controls to meet PCI compliance mandate
• Deploy proxy solutions globally (Bluecoat, ISA 2006), Deploy and manage Kazeon e-discovery solution
• Architect and deploy IBM Proventia Intrusion Prevention appliances globally
• Perform data flow mapping to identify regulated data flows
• Deploy Data Loss Prevention solution to monitor use of sensitive data, Perform E-discovery and legal holds
• Perform incident response & Investigations based on RSA Envision SIEM use cases
• Architect and deploy secure file transfer solutions
• Virtualize systems with VMware, performed P2V, Vshield Configurations
• Global firewall migrations on Cisco, Checkpoint and Nokia Appliances
• Network architecture design, troubleshooting and deployment
• Policy, standards and procedure development, train and mentor staff on compliance requirements
• Produce technical Visio documents containing security and network infrastructure diagrams
• Deploy optical DWDM solutions for high availability networks.
• Application Penetration testing and Source Code Analysis (Ounce Labs, Fortify, Web Inspect)
• Perform GRC activities in risk management and compliance group
• Deploy and configure Cisco routers, switches, Nexus based switches, MDS platforms, firewalls, Cisco load balancers, troubleshooting layer 2,3 and routing protocols
• Deploy, manage and application onboarding for 30 Imperva web application firewalls globally

Confidential, Albany, NY

Responsibilities:

• Develop policy, procedure and technical controls to move forward security project within the State of NY
• Deploy open source SIEM for event correlation
• Deploy security controls such as IPS, Firewalls, RSA two factor authentication

Confidential

Information Assurance Network Engineer Manager

Responsibilities:

• Worked closely with senior military leadership for all GRC efforts in the Middle East theatre of operation
• Weekly briefings to military commanders on security incidents and operations
• Lead team of Information Assurance (IA) network security engineers at diverse locations throughout Middle East
• Worked with IA managers to become compliant with DISA security standards and STIG’s
• Developed detailed documentation and performed security testing for DISA certification & accreditation
• Deployed and supported all ASA, PIX, Sidewinder and Symantec firewalls in IRAQ, Afghanistan and Kuwait
• Troubleshoot routers, switches, routing protocols, load balancers, VOIP and LAN/WAN circuits consisting of Frame relay, SONET, MPLS, ISDN, Troubleshoot VPN, QOS, Routing Protocols such as OSPF, EIGRP, BGP and Multicast networks
• Deploy Cisco routers, switches, firewalls, content switches, Vbrick multicasting solutions in a 220,000 user endpoint multi country WAN infrastructure
• Support IDS appliances and work with Kuwait TNOSC on Arcsight SIEM events
• Security monitoring on MNC, NIPR and SIPR classified networks

Confidential, CT

Program Manager

Responsibilities:

• Develop agency HIPAA security program and gained executive acceptance
• First State agency to become compliant with HIPAA security mandates for State of CT
• Deploy wireless network statewide to achieve cost savings by eliminating point to point circuits
• Business continuity program for continued care for State hospitals in the event of a declared disaster
• Deployed centralized HIDS, NAC and Antivirus management solution to reduce virus infections and security incidents by 95%, freeing up two FTE's for other project work
• Performed Malware identification, analysis and remediation
• Implemented patching and vulnerability process
• Configured, deployed and supported Cisco routers and switches for wired and wireless networks statewide
• Deployed identity management and single sign-on solution
• Monitored State networks with ISS Site protector IDS System
• Deployed, configured and supported McAfee EPO & HIDS agents for agency
• Train and mentor agency staff
• Developed project plans, operational manuals, procedures and response plans

Confidential, Pittsburgh, MA

Principal Consultant

Responsibilities:

• Trained and educated hospital executive management on HIPAA compliance mandates
• Project management, security strategy development, perform assessments, gap analysis and remediation
• Developed and deployed technical and procedural controls, Develop security and network architectures
• Troubleshoot networks and systems, Deploy single sign on solutions and identity management
• Deploy Dragon and SNORT IDS system, Web application security testing using Cenzic for regulated systems
• Implemented vulnerability management program, Workstation forensics
• Support client during network outages to resolve complex routing or network issues

Confidential, Minneapolis, MN

Chief Technology Officer

Responsibilities:

• Worked closely with the CEO and CFO to overcome funding challenges for Internet startup
• Designed and implementing Internet data center, develop and implement network infrastructure design
• Worked closely with contractors to build out and commission datacenter
• Developed company security, network strategy and drove budget process
• Implemented security strategy to insure zero security incidents for hosted customer environments
• Maintained VOIP hosted solution, Developed and managed Incident response program
• Design and deploy LAN/WAN/MPLS networks, Troubleshoot routing protocols (BGP, OSPF, RIP, EIGRP), deploy routers, switches, load balancers, security appliances
• Deploy and support IDS/IPS solutions, mitigate DDOS attacks, Deploy PIX, ASA, Sidewinder, Checkpoint and Smoothwall firewalls. Support servers and Operating systems
• Configure reverse proxies, Load balancers, 3rd level support for hosted client solutions
• Deploy SIEM platform for event correlation and logging
• Deploy application and networking monitoring
• Forensic investigations to support intellectual property claims
• Managed 24 indirect reports, 3 direct reports
• Develop Physical Security program for secure data center
• Develop CSOC, NOC and CSIRT capabilities and managed daily high priority events