SUMMARY:

An Information Technology Professional with 30 years of experience. Primary expertise in: Information Security, Information Privacy and IT Audit, in verticals which include the Technology, Consumer, Government, Healthcare, Financial, Telecommunications, Manufacturing, Industrial and Consulting Markets.

TECHNICAL SKILLS:ISACA: Information Systems Audit and Control Association

ISC2: International Information Systems Security Certifications Consortium

IETF: Internet Engineering Task Force

ISSA: Information Systems Security Association

IAPP: International Association of Privacy Professionals

PROFESSIONAL EXPERIENCE:

Senior Cyber Security Analyst / Confidential Archer Technical Lead

Confidential

Responsibilities:

• Supporting the Internal Revenue Service (IRS), Office of Cybersecurity division in the deployment of the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) risk management program
• Supporting as - is analysis and solution architecture activities related to CDM and continuous monitoring
• Leading IRS tool strategy and gap analysis initiatives to assess existing tools and capabilities across the enterprise with the goal of reducing redundancy and cost
• Providing technical support to the IRS for the Confidential Archer Migration from CSIRC to Eops, that includes a new build of the hardware and software in a clustered virtual environment and an upgrade from Confidential Archer version 5.5 to 6.1
• Working with IRS Tool Owners to create RESTful API Web Services to integrate tool source data into Confidential Archer for reporting
• Configuring custom Confidential Archer Front-End Solutions and Application, while also performing the Operation & Maintenance duties on the Back-End

Senior Security Engineer / CDM Team Lead

Confidential

Responsibilities:

• As the CDM (Continuous Diagnostics and Mitigation) Team Lead for the Federal Aviation Administration I lead a team of Engineers in the Phase 1 design of the CDM Architecture
• Wrote 2 white papers detailing the specific tasks associated with Consolidated Inventory and Dashboard Design
• Lead and participated in the drafting of the ISCM (Information Security Continuous Monitoring) CONOPS for the Confidential in compliance with the Confidential SP 800-137

Director of Technology

Confidential

Responsibilities:

• As a key member of the Quick Response Team ( Confidential ), conduct independent assessments of clients’ infrastructure and security controls. Perform federal security test and evaluation efforts related to FISMA, DHS 4300A, and/or Confidential 800-53 including Vulnerability Scanning/Analysis, Penetration Testing and Remediation
• Perform as the company’s Computer Forensics Investigator, using Encase v7. Conducts examinations of all digital media, develops Investigative Plans to perform the investigation and analysis, responsible for recovering deleted, hidden and encrypted data. Thorough understanding of hardware and data recovery, evidence handling, chain of custody, evidence storage, use of sterile media, forensic imaging techniques, cracking system and file passwords, detecting steganography with signature analysis
• As the Director of Technology for both Confidential and Confidential, oversee all technical issues including IT Design, Engineering and Support as well as supporting Business Development in both the proposal process and in the delivery process

Cyber Security Technical Lead

Confidential

Responsibilities:

• Performed as the company’s Computer Forensics Investigator, using Encase v7. Conducted examinations of all digital media, developed Investigative Plan to perform the investigation and analysis, was responsible for recovering deleted, hidden and encrypted data. Had thorough understanding of hardware and data recovery, evidence handling, chain of custody, evidence storage, use of sterile media, forensic imaging techniques, cracking system and file passwords, detecting steganography with signature analysis
• As a Contractor Side Lead for Archer Deployment Project at Cyber Security Division ( Confidential ), primary duties include implementation of the Confidential Archer Risk Based Management Tool as per Confidential requirements, act as primary interface to Confidential Archer Development Team and provide them sample data for testing & development, supervise overall progress to ensure all the project deliverables are completed on time and meet the customer requirements
• Provided leadership and mentoring to a team of 35 Cyber Security Analysts

Information Assurance Subject Matter Expert

Confidential

Responsibilities:

• As an Information Assurance Subject Matter Expert at the Confidential, Bureau of Engraving and Printing was responsible for leading a group of nine Cyber Security Analysts ranging from Junior to Senior. Responsibilities included reviewing/revising project developed Confidential 199 categorizations, system security plans, security impact assessments and privacy impact assessments. Additionally, was responsible for developing and reviewing system hardening guides. Performed as a technical resource/mentor for the project team.
• Performed Security Risk Assessments, Gap Analysis, Documentation, and Vulnerability Assessments. Produced written reviews and recommendations and delivered in the form of an Audit Report.

Senior Technical Business Analyst

Confidential

Responsibilities:

• As a member of an 8-person team, performed as the Senior Technical Business Analyst for the Walmart Pharmacy/Vision HIPAA Security Remediation Program.
• Tasked with the supervision of 2 Technical Business Analysts, designed and implemented solutions to the failure to detect alterations and deletions of Confidential data at rest, lack of encryption of Confidential data in transit and unauthorized/undetected access to systems

Senior IT Auditor/Information Security Consultant

Confidential

Responsibilities:

• Performed Data Security Audits, Security Risk Assessments, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Produced written reviews and recommendations and delivered in the form of an Audit Report
• Performed Business Process Improvement and PII Data Privacy Audit for SEEDCO. The objective of this engagement was to review the procedures and controls over the current operation, to identify opportunities for improvement and deficiencies, and prepare implementable recommendations

Independent Consultant

Confidential

Responsibilities:

• Performed Project Management tasks to ensure compliance with the Final HIPAA Security Rule

Security Architect

Confidential

Responsibilities:

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments.
• Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools. Provided HIPAA Compliance, Networking and Security consultation

Senior Information Security Analyst

Confidential

Responsibilities:

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools
• Evaluated the organization’s security and risk management program to determine the security of a networks design and evaluated Disaster Recovery Plans

Senior Information Security Analyst

Confidential

Responsibilities:

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools
• Conducted FISMA Certification & Accreditation evaluation for the Information Assurance section of the network infrastructure
• Determined whether the computer systems and network infrastructure are in compliance with the NIACAP, Confidential or industry best practice security policies and standards
• Conducted training sessions on topics such as Networking and Security Awareness

Senior Information Security Analyst

Confidential

Responsibilities:

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools
• Conducted FISMA Certification & Accreditation evaluation for the Information Assurance section of the
• network infrastructure
• Determined whether the computer systems and network infrastructure are in compliance with the NIACAP,
• Confidential or industry best practice security policies and standards
• Conducted training sessions on topics such as Networking and Security Awareness

Senior Security Specialist

Confidential

Responsibilities:

• Provided support for Confidential Enterprise Solutions salesforce of 50+ Corporate Account Managers and 60+ Sales Engineers regarding Security and Internet related topics. Regional coverage area encompasses the entire State of New Jersey covering all verticals. Accomplished task of selling 3.1 Million Dollars’ worth of security solutions and products
• Provided HIPAA and CIPA consultation
• Performed Confidential standardized evaluations to include Penetration Testing, Risk Analysis, Policy Review, VPN and IPS/IDS
• Conducted In-House training seminars for Sales Engineers and Executive Security Briefings for CIO/CTO level Clients

Senior Network Engineer

Confidential

Responsibilities:

• Network comprised of Cisco Equipment to include: 70 Routers, 170 Switches and 10 ATM Switches with a variety of Hubs. Network is a fully redundant EIGRP and IP/IPX environment with multiple Campuses and Remote Sites
• Assigned supervisory role of Lead Engineer supported by 5 Engineers and a 24/7 Help Desk. Primary duties were comprised of managing infrastructure projects between the Cornell and Columbia Medical School networks to include providing LAN/WAN support
• Completed the design, configuration, and implementation of a Remote Access VPN solution
• Project managed a network-wide IOS upgrade on all routers and switches to conform with contractual SLA and documentation of the LAN/WAN infrastructure
• Configured, Installed and Monitored the Cisco IDS sensors and responded to security breaches
• Converted the once Public Class B network to a more secure network using Checkpoint/Nokia Firewalls and NAT

Internetwork Solutions Engineer

Confidential

Responsibilities:

• Configured and implemented 100MB Fast Ethernet and Full Duplex links, HSRP redundancy and IGRP routing protocol with RIP redistribution
• Handling configuration and deployment of the Market Data Branch Sites Firewall Infrastructure and implementing LAN upgrades
• Upgrade of the Cisco PIX Firewall. Configured and implemented EDMZ and IDMZ Cisco routers and switches. Also upgraded the LAN infrastructure to include moving all ethernet segments from WAN router and shared hubs onto dual Cisco 5509’s with RSM’s
• Worked as part of an 11-member team of Internetworking Solution Engineers (TAC) to develop a troubleshooting tool (Output Interpreter). Tool can be found on the Cisco Web Site under CCO. Tool was developed through use of Cisco’s proprietary scripting language (Maven), and enables troubleshooting for a wide range of networking problems based on analyzing show command output. Created the first analysis ever of a “Show Running Configuration” command

Network Design Engineer

Confidential

Responsibilities:

• Responsible for providing Network Designs and Integration Documentation for Client locations Worldwide. Wan Designs comprised a variety of technologies including OSPF, Frame Relay, Dedicated T1, T3 and ISDN, Created Out Of Band Management via terminal servers over POTS lines. Implemented High Speed Encryption with Cylink Encryptors.
• Provided full detailed packages to include: Cabling Diagrams, Cisco Router Configurations, Misc. equipment, cable order lists, and step by step site installation procedures
• Most recent designs included Citicorp’s Backbone Infrastructure for North America and the integration of several Core Hub and Feeder sites for domestic Internetwork

Internetwork Consultant

Confidential

Responsibilities:

• Responsible for a wide range of consulting assignments dealing with LAN/WAN solutions, including evaluation, LAN/WAN design, router configuration and implementation
• Provided 3rd level support for remote access issues regarding the SecurID network. Included were Ascend and Cisco routers, Ascend ISDN Pipeline, Shiva Lanrovers and Radius server
• Configured, Implemented and Project Managed token ring to ethernet conversion followed by a 4,000 workstation Windows NT rollout while working on the Woolworth project
• Completed survey of cabling and PBX installations at various schools as part of the Contract with the NYC Board of Education.
• Conducted a walk thru inspection of several NYC Dept. of Finance facilities and Evaluated the needs and requirements for future installation of imaging system

Senior Telecommunications Analyst

Confidential

Responsibilities:

• Responsibilities included troubleshooting connectivity issues related to the 500+ node LAN/WAN and evaluating capacity problems
• Using tools such as NV/6000, PROCOM and U.S. Robotics Total Control Manager. Monitored and configured routers and modem chassis at remote sites

Network Engineer

Confidential

Responsibilities:

• Responsibilities included monitoring and troubleshooting 1,000+ nodes LAN/WANs for Campbell Soup Company and Rhone Poulenc, Inc.
• Using network tools such as NetView/6000 for AIX and Intel Landesk I remotely managed the networks consisting of Cisco, Cabletron, Novell, and Windows NT
• Handled such duties as configuring Cisco routers, assigning TCP/IP addresses, assisting users and logging trouble tickets using DP Umbrella

Network Administrator

Confidential

Responsibilities:

• Monitored a 476 node WAN consisting of Cisco, Welfleet routers and Synoptics hubs via SNMP on a UNIX SunSparc Station
• Created new user accounts and login scripts on a Novell network. Created trouble tickets using Paradigm

Senior Computer Operator

Confidential

Responsibilities:

• Managed console of IBM 3090 including running batch jobs and starting CICS sessions
• Duties also included training new operators to run the console and various peripherals

Systems Engineer

Confidential

Responsibilities:

• Monitored performance of IMS, CICS and network in an IBM ES/9000 MVS/JES3 environment
• Performed DB loads and backups using CA-7