OBJECTIVE

To obtain a challenging position within the field of Information Security that will allow me to utilize my business and technical skills to reach my highest potential.

TECHNOLOGY SUMMARY

Programming Languages and Software

• Awk, Bash, C, C , C , Java, JavaScript, HTML, MySQL, Perl, PHP, Python, PowerShell, sed, SQL

Office Suites

• MS Office Word, Excel, Outlook, PowerPoint, Project, Access, Visio , Openoffice.org

Operating Systems

• Windows, Linux, Mac OS X

Networking Technologies

• Basic cable standards, network devices, wireless technologies, OSI, TCP/IP
• Security Technologies
• Vulnerability Scanning Qualys, Nessus, OpenVAS, Nexpose, Retina , Penetration Testing Backtrack-Nmap, Core Impact, Metasploit and Metaploit Pro , Security Event Log Monitoring/SEIM LogRhythm, McAfee Nitro, IBM qRadar , Endpoint Encryption Bitlocker, Checkpoint, Symmantec , Antivirus Forefront Endpoint Protection, Symmantec Endpoint Protection, Checkpoint Endpoint Security , Patch Management IBM BigFix, SCCM , Firewall Microsoft Threat Management Gateway, Fortinet Unified Threat Management , Email Filtering and Antivirus Forefront for Exchange , Application Whitelisting, Applocker, Bit9, CoreTrace , End User Privilege Management Powerbroker , Packet Analysis Wireshark , Intrusion Detection/Prevention Sourcefire, Industrial Defender

EMPLOYMENT

Information Security Analyst

Confidential

• Perform infrastructure vulnerability assessments
• Utilize various penetration testing tools to validate vulnerabilities
• Perform application vulnerability assessments
• Provided technical support to corporate technology investigations team on an ad hoc basis
• Design and create metrics and associated graphical dashboards to support business intelligence efforts related to information security
• Perform system architecture reviews
• Review application threat models
• Performed cost analysis of potential antivirus vendors.
• Managed a POC for vulnerability assessment products and performed cost analysis of multiple vendor solutions.
• Expanded and improved the corporate asset management program utilizing existing tools
• Developed a database to store associated data
• Formalize the patch management strategy for the enterprise
• Created acceptable use policy for internet access
• Created a risk model to quantify information security risk in the enterprise
• Provided technical insight and surge support to incident response team
• Participated in tabletop incident response exercises

Security Systems Administrator

• Granted access to protected Critical Infrastructure CIP
• Responsible for technical planning, implementation, and maintenance of network switches and firewalls.
• Responsible for the implementation of a backup solution for all PC based critical assets
• Supported the installation of the host and network based intrusion detection systems
• Supported migration of network assets to Active Directory and creation of GPOs to ensure security standards were met
• Improved workflow for provisioning network switches that reduced initial deployment time by 400 by researching best practices and scripting standardized configurations.
• Improved workflow for patch management process by developing scripts to expedite patch deployment and analysis of patching results before implementing completely automated solution.
• Completed work in adherence to change management process as directed by team leadership in support of compliance NERC compliance efforts.

Cyber Intel Analyst

• Active TS/SCI with polygraph
• Responsible for technical planning, implementation, and maintenance of endpoint firewalls
• Designed and implement software tools, scan policies, and reports for vulnerability scanning for all corporate assets
• Received Special Recognition Award from Corporate Information Office 2011
• Designed and implemented antivirus scan policies and procedures for all corporate assets.
• Performed initial forensics portion of the incident response procedure utilizing SIEM tool for log analysis as it relates to endpoint antivirus or email detections.
• Lead team responsible for definition and implementation of email filtering policy.
• Created workflows that engaged multiple teams for endpoint and server vulnerability remediation, endpoint and server patch management, endpoint firewall policy changes, application whitelisting policy changes, and the process for granting elevated privileges.
• Developed policy for the distribution of elevated privileges in the enterprise and related audit processes.
• Lead team responsible for evaluation of Data Leak Protection, Application Whitelisting, and Endpoint Encryption tools.
• Administered web proxy in response to validated user requests, the needs of system administrators, or based upon security threats.
• Lead team responsible for definition and administration endpoint and server patching procedures.
• Provided metrics to leadership based upon malware and vulnerability detection statistics.
• Provided metrics to leadership to provide updated status on tasking and projects.

Systems Engineer Associate

• Active TS/SCI with polygraph
• Responsible for technical planning and implementation of enhancement to
• software tool using C
• Implemented a ODBC connection to facilitate storage and retrieval of simulation output using a database
• Performed verification and validation of a COTS tool utilized to provide scheduling predictions for customer event process chain.
• Drafted white paper documenting the verification and validation process
• Produced and presented technical analysis using mathematics, physics, and engineering concepts used to perform Orbital Analysis
• Executed weekly reports used to perform orbital maintenance analysis
• Lead model development using COTS software for the purpose of availability analysis on a repairable ground system.
• Received Special Recognition Award from skill center leadership 2010
• Received a certificate of appreciation from a customer 2009
• Received SPOT award from skill center leadership 2009
• Conducted and presented technical analysis using mathematics and engineering concepts used for reliability evaluation to customers and management.
• Participated in and prepared documentation that recorded the verification and validation of internally developed analysis tool
• Contributed to the creation of the user manual for the internally developed analysis tool
• Designed and implemented MySpace pages and contributed to development of website for a professional basketball team.

Confidential

• Designed and implemented database to be used by the Research and Development personnel to track inventory. Configured Statistical Process Control software to generate reports required for quality control.