- Highly accomplished Information Security Architect with a proven track record of successfully completing complex technical projects, disciplined budget holder, effective communicator with experience in managing multi discipline and multinational teams.
- Over 20 years of rich experience in IT Infrastructure Management, Security Design, Network Management, System Administration and Technical Support.
- Proficient in setting up IT Infrastructure including Information Security Programs, Wide Area / Local Area Networks, Server & Networking Devices Administration.
- Adept in Designing Security Solutions, IT Infrastructure Management, Change Management/Configuration Management, Technology Resource Administration with experience in establishing vendor networks, forging strategic alliances & partnerships and ensuring SLA s are met with both internal and from external agencies.
- Adept at mapping client& rsquo s requirements, custom designing solutions & troubleshooting for complex environments.
- Results oriented team player with demonstrated ability to respond to a fast paced dynamic environment with enthusiasm & confidence.
- Strong IT/business experience and knowledge in clarifying business requirements and designing information assurance/security processes and system improvements to increase productivity and reducing cost, thereby improving the ROI of the organization.
- Experienced in drafting enterprise Policies/Procedures/Standards/Guidelines related to Information Security.
- High level of business acumen on providing guidance in meeting regulatory requirements in many diverse industries.
- Experienced in multiple high skill areas including: penetration testing, vulnerability assessment, risk assessment, and intrusion investigation.
- Excellent communication and interpersonal skills, interfaces effectively with upper management, subordinates, vendors, co workers & peers.
- Committed to keep abreast of current IA & InfoSec trends, technologies and companies.
- Needs assessment and preparation of IT blueprint for the organization.
- Key driver for IT infrastructure (Security & Networks) design and solution identification.
- Implementation of project plans within pre set budgets and deadlines.
- Quality Management and testing of solutions/ certification.
- Developing long term partnerships with suppliers & vendors managing day to day supplier performance to ensure meeting of service, cost, delivery and quality norms.
- Consistently evaluating vendor performance to ensure adherence to predefined specifications and supply of quality material / execution of job works.
- Balancing technical solutions with business and interpersonal factors.
- SLA Management with an eye on constant improvements in service deliverables.
- Enterprise Architecture: FISMA (OMB / NIST / FIPS), NISPOM, HIPAA / HITECH, COBIT, ISO/IEC 27002:2007, IBM Red Books
- SEM / SIM:
- Commercial: LogLogic, RSA enVision, ArcSight, Splunk, Cisco Security MARS, Custom correlation tools
- Open Source: LogZilla, OSSIM, Prelude
- NIDS / NIPS / HIDS / NIDS: ISS, Sourcefire, McAfee, Symantec, OSSEC, TippingPoint
- Scripting and Programming: C, Bash Shell Scripting, Python
- Vulnerability Scanning:
- Commercial: Nessus, Critical Watch, GFI LANguard
- Open Source: Nessus, OpenVAS, MBSA,
- Packet Sniffers: Wireshark, tcpdump
- Exploit tools: Metasploit, Core Impact, Canvas
- Firewalls: Checkpoint, Cisco Pix, iptables
- Server Platforms: Linux (various flavors), Windows (various flavors)
- Design & Implementation of Security Architecture.
- Formulation of Corporate Information Security Policies, Standards & Guidelines.
- Deployment of Security Management Framework and lead FISMA, DCID, SOX, GLB, COBIT, HIPAA Compliance Efforts.
- Provide Information Security Risk Assessment and Consulting.
- Periodically review Information Security Metrics. Ensure compliance with SLAs and assist with related Risk Mitigation efforts.
- Work closely with internal and external audit towards regulatory requirements and compliance objectives.
- Conducting Information Security Risk Assessments, Footprint Analysis and Vulnerability tests.
- Conducting Case / system / Process Study for project planning, scoping, estimation, tracking.
- Implementation of project plans within budget and timeline.
- Team mentoring, deployment, monitoring and development.
- Defining best practices for project, support and documentation.
- Extensively used: NISPOM FISMA (OMB / NIST), ISO 17799, ITIL / ITSM, HIPAA,
- Acquaintance with : COSO, COBIT , GLBA, PCI DSS, DIACAP / DITSCAP, OCTAVE
ConfidentialSr. Information Security Architect
- Use industry specific Information Security frameworks and generally accepted Information Security principles to create, re mediate, or strengthen the Information Security Program for clients (the Transformation Design).
- Create technical solutions in support of the Transformation Design.
- The solutions covered a wide array of Information Security technologies including, AV, IDS, Patch Management, Authentication, and many other technologies.
- Performed high level technical assignments including:
- penetration tests
- intrusion investigation
- act as Security SME for complex environments or those requiring government clearance
- Perform Facilities Security Officer functions as needed for staff augmentation assignments.
Senior Enterprise Security Architect
- A founding member of the security engineering group for a newly formed enterprise information security program.
- Wrote security Standards, Guidelines, and Opinions covering a range of topics including, OS security, wireless security, border security (including router hardening, firewalls, and proxy servers).
- Designed and implemented security solutions to support policies and standards. Peer reviewed three other engineers whose work included anti virus, personal firewall, IDS, and incident response and hired 5 security technicians in Guadalajara, Mexico to provide 24/7 support of security systems.
- Primary internal security consultant working with other business towers to ensure security of global projects.
- Served as the security and network representative on a project responsible for the upgrade of all exchange servers from 5.5 to 2003 and for the design and installation of Active Directory. The plan included eliminating 63 NTLM Domains and reducing the number of Exchange servers from 120 to 6.
- Designed a new enterprise directory based on LDAP and led project team responsible for installation.
- Moved 50% of security resources to low cost country.
- Security lead in new WAN design and implementation. Design included architecture eliminating 90% of existing proxy servers and 30% of existing firewalls.
Senior Security Consultant
- Created and conducted training in the use of TCPDUMP as a troubleshooting tool and building VPNs between Checkpoint Firewall 1 firewalls and Firewall 1 and Cisco PIX firewalls
- Wrote PERL, SED, and AWK scripts to help with day to day management of 300+ firewalls
- Wrote documentation for Nokia IPSO upgrades and basic network troubleshooting
- Created security architecture for Raleigh Universal Server Farm
- Assigned as the pre sales engineer for the southeastern US and created technical solutions for sales group
Network Infrastructure / Security Manager for Americas
- Designed, installed and managed network and host based security in accordance with relevant OSI and FDA guidelines.
- Managed ERP application installation in North American data center as well as other shared applications such as e mail, DNS, DHCP, NNTP, FTP, proxy services, and video conferencing.
- Instituted formal helpdesk solution and began monthly IS Committee meetings with department heads from all departments to ensure IS infrastructure was aligned with the business objectives of internal and external clients.
- Drafted and published security procedures, guidelines, and alert bulletins.
- Migration to pure IP network from IPX and IP. Utilized Linux to run network services on servers leftover from consolidation. Reorganization provided greater flexibility and reliability without any additional funding.
- Designed new voice network and specified new PBX equipment New equipment allowed seamless communication and travel between sites.
- Designed Frame Relay WAN covering 18 sites in North and South America, VPN technology used to connect 35 small clinics in South America and Canada. New WAN topology gave greater control over network latency and access which was crucial to the success of the ERP implementation.