SUMMARY:

As a Small Business Owner, Corporate Project Manager and Network/Security Engineer, I provided customer - focused hands-on installation, support and maintenance for IT/IS Enterprise Infrastructures; including creating enterprise network specification, architecture/design, vendor management/procurement, risk-based security analysis, and administration of data, voice, and video networks.

TECHNICAL SKILLS:

• Provided business and technical analysis, development, and deployment of computer/network policies/procedures/practices based on ITIL and other standards/frameworks, as well as updating/ redesigning, and developing feasibility studies and policies/procedures (Change/Configuration Management, Event/Incident Handling/Response, Knowledge Management, Security, and Problem Management) for production, development and R&D environments for managers, directors, and executives (CIO, CTO, CEO) for 31 years.
• Experience gathering customer/business requirements and translating them into effective project/operational plans and successfully completed projects on-time and on budget utilizing CPI/SPI and Earned Value methodologies for Financial, Engineering, and e-Commerce clients to ensure customers become more sustainable, adaptable, and strive for continuous improvements.
• For the past 3 year I have been responsible for HIPAA security controls/compliance for the computer systems that utilize the UNMH/HSC data network. Provided complex, high-level technical support for HIPAA policies/procedures/requirements that support the data and infrastructure at UNMH. Primarily developed, deployed, and maintained projects to developing a HIPAA compliant organization. Provided and developed new and/or improved computer systems risk mitigation techniques and procedures. Formulated, developed, and implemented integrated secure architectures for medium-to-large systems, risk assessments of vendors and products, provided team leadership (5 staff, one manager), management of the Team, and provided documentation/procedures for audits/annual assessments (HIPPA, PCI, and Security Controls) and other projects. Deployed Mcafee EPO, Splunk, Airwatch, PhishMe, Pen Testing, and other security endpoint and infrastructure systems for 20,000 nodes.
• Provided security audits, reviewed IDS/IPS/Firewall logs/sensors, and utilized other analysis/change management tools, then processed the data to develop security strategies for ecommerce and other business models, and develop new systems/risk assessment and strategic analysis for all clients based on industry/SANS best practices
• Provided ongoing development/analysis of organizational IT and security policies/procedures, daily use, backups/recovery, systems continuity, user/group security policies, forensics for incidents, and network security design/usage in Development, R&D, and Production Enterprises.
• Provided support for organizations bound by SOX, HIPPA, PCI, FDCC, USCGB, FISMA, (FIPS-199/200, 800-53, sp800-137, Etc.) policies and controls; performed audits, vulnerability scanning, penetration testing, user/data compliance testing/GPO’s, server & systems analysis & support, syslog consolidation & analysis, and developed training/user documentation.
• Installation/development of secure LAN/WAN/WLAN networks, desktop/laptop/server support with industry standard tools like anti-virus, encryption, spyware/malware, ransomware, and other security scanners, sniffers, IDS/IPS sensors and other desktop/laptop security software, and server technology for e-commerce and other clients ( Mcafee EPO, Secure Fusion, Tenable Security Center, Splunk, FTK forensics suite, and other industry standards applications and security tools.
• Directly involved with the project planning, design, procurement, implementation, operation, administration, training, securing, and maintenance of Cisco, 3Com, Juniper and Foundry networking equipment, switches, routers and firewalls in a 24x7, high availability (99.99% uptime) production & R&D environments utilizing network monitoring tools and services including SNMP, RMON, CiscoWorks, HP Openview, What's up Gold, Tivioli, Solarwinds, and others, as a highly-adaptable/flexible engineer and manager.
• Strong understanding and experience with installing & debugging networking protocols (IOS 12.x, EIGRP, RIP, and OSPF), switching technologies (VLANs, 802.1d trunking, and spanning tree protocol), firewall configuration (PIX/ASA, NAT/PAT, Access Lists, VPN, IDS), proxy services, voice over IP (VOIP) telephony, wireless networking technology (802.11(x), AP’s, Client configs), WAN technologies including ATM, T1, DS3, optical carrier, Sonnet, Ethernet topologies including 10/100/1000BaseT/Tx/Fx/FDDI on Cisco and other vendor hardware
• Proven success delivering LAN/WAN/Wireless LAN backbones (running cabling), security systems/peripherals, and multi-platform design/installation of production Internet e-Business/e-Commerce and Engineering client/server/database-related infrastructures for 5 users to 1500 users

PROFESSIONAL EXPERIENCE:

Confidential

Cybersecurity Engineer III/Team Lead

Responsibilities:

• Provided security analyst/project-program management role for UNMH/HSC IT Security Department, which required developing 40 project plans within my first 6 months to deploy security technology to meet the TrustCC Security Assessment findings & Coalfire PCI Audit findings. Also provide budget analysis, team lead, and mentoring/training of 5 staff members to ensure IT Systems deploy a secure architecture (NIST 800-160).
• Had to step in and provide management of the ITSEC team while my manager was in the Hospital for seven months, as soon as I stated with UNMH.
• Developed Projects/Service Design Plans (SLA’s) to create ITSM based Security operations services to manage Mcafee EPO (AV, HIPS, Encryption, DLP), Incident Response, Disaster Recovery, Pen-Testing, Splunk Logging and Alerting, Nessus Vulnerability/Remediation/Exception, Vulnerability Management/remediation, Vendor/Product Security Risk Assessment, and policies/procedures for all of UNMH/HSC. Provide high-level/SME technical support for all these pieces of our Service Design Portfolio, as well as project development/deployment/management.
• Formulated, developed, and implemented/integrated secure architectures for medium-to-enterprise systems, based on development of technical security standards for computer and network systems, to include standards for infrastructure hardening, system security, and risk mitigation. Installed, configured, and deployed secure computer and network operating system and application software, as appropriate; deployment of Juniper Mag 2600VPN Gateway with MFA for the radiology group.
• Daily Utilization of Mcafee Endpoint Complete Protection Suites, Nessus Scanner, CPTRAX, Splunk, and Vulnerability Remediation software, etc. to perform daily security monitoring, risk mitigation, and incident response. Provided lead in Data Segmentation development and policy development-enforcement for ePHI data.
• Developed and implemented standards for systems and communications to protect the integrity and confidentiality of the financial, patient record and other systems in compliance with state and federal requirements. Researched, developed, and wrote, information security processes, procedures, and risks assessments of UNM Hospitals' department systems. Utilizing 800-53, FIPS-142 standards, HIPAA/PCI standards, and Mcafee ePO disk, usb, cd, encryption technologies.
• Provided project management of technical staff in the implementation, installation, configuration, and technical support of secure computer systems architecture, while coordinating projects with other departments and external organizations and agencies, i.e. Team rebuild of Mcafee ePO server Splunk architecture, and knowledge transfer. Communicated and collaborated with technical and non-technical personnel to understand and define user needs, gather and analyze data and recommend solutions. i.e. HSC-Wide Vendor Security Risk assessment workflow and check sheet analysis forms. Utilization of industry standard PMP methodologies/standards, ITIL 3.0 and other industry standard PM methodologies/techniques.
• Provided planning, leadership, direction, and advanced technical expertise regarding systems security, while serving as primary point of contact and liaison with vendors; review vendor products, and coordinate and facilitate vendor interviews and presentations i.e. licensing of Mcafee ePO products, ePO optimization and knowledge transfer. Negotiated exact technical requirements with vendors; establish contracts, and write technical contract specifications and proposals i.e Splunk Logging/SIEM systems.
• Designed, developed, and delivered training classes, WIKI’s, and workshops in areas of computer security systems. Maintained a broad knowledge of current and emerging state-of-the-art computer systems/security/testing technologies, architectures, and products. Maintained knowledge of current trends and developments in the field in order to enhance expertise i.e. Knowledge transfer, documents/materials to train a team of 5 security analyst.
• Lead the team and organization in our annual Security Controls and HIPAA controls assessments from CLA/Trustcc for 3 years. Gathering all required documentation on security policies/procedures (wrote many of these documents), coordinated the remediation/mitigation of findings, provided all reporting and updates to executives, down to individuals responsible for systems being remediated.
• Developed and administered the division's annual budget; monitor and approve expenditures i.e. initial FY 2015/2016/2017 budget entered into StrataJazz, developing current budget analysis of current budget to ensure we purchase the remaining budget items before end of the Fiscal Year.
• Develop project plan to prepare for an OCR HIPAA audit based on NIST sp-800-53 R4. Worked with stake holders to collect and organize the documentation and other relevant information for the auditors.
• Provided positive learning and working environment, and a “lead by example” work process, along with a sense of ownership with all projects/tasks, ensuring fiscal responsibility, safety awareness, and superior customer service and personal integrity.

Senior Network Engineer/Team Lead

Responsibilities:

• Responsible for the design, maintenance, troubleshooting, and daily operations related to enterprise wide data network systems and associated peripherals in a Health Care Environment.
• Evaluated and recommended changes to current Juniper and future Cisco data network requirements in order to meet organizational needs
• Participated in the planning, installation, operation and maintenance of enterprise-wide data networking solutions for 17 clinics around the ABQ and Rio Rancho Area
• Provided testing and documented system behavior, performance and security for Juniper network components (100 switches, 30 firewalls/routers, 3 VPN concentrators, etc.)
• Provides network disaster recovery expertise for routers, switches, load balancers, firewalls, network connectivity, vpn tunnels, etc.
• Worked closely with both equipment vendors and service providers to ensure timely and successful deployment of new services as well as acting as the main point of contact for resolution of outages and service disruptions for all 17 facilities
• Adhered to Health Care policies, procedures and regulations to ensure compliance and patient safety.
• Facilitated the resolution of issues/outages/maintenance regarding the hardware and software environment.
• Control and maintain accurate data network system, device inventories at 17 locations through ABQ/RR on Metro Ethernet, PPP lines, and PRI lines
• Provided guidance on data network system selection and remediation policies and best practices for HIPPA, SOX and CDM for the organization
• Assisted IT management with technical architecture related to planning, installation, operation and maintenance of all data network devices, systems and software that support mission critical functions for the Data center, local DR site, and California DR site
• Provide daily and project planning to develop quarterly maintenance for Juniper, Cisco, Citrix, Xirrus, and other vendor systems; firmware upgrades/updates, configuration standardization, documentation of all network systems/components, etc.
• Review and revise policies, procedures, access forms and access agreements related to the security of patient health information. Work with other Information Technology teams to evaluate, recommend and implement new technology to increase data security. Ensure the successful implementation and maintenance of defined standards and policies.

CDM Information Assurance Network Specialist/Team Lead

Responsibilities:

• Provided advanced vulnerability, compliance, and systems support/analysis of the Indian Health Services 42,000 systems with Symantec RAS or Secure Fusion, Tenable Security Center and Nessus Scanners, Nmap, Metasploit, penetration testing, protocol analysis, and utilization of other security software platforms for their CDM program
• Performed daily scans of the IHS network to determine if any connected devices don’t follow the configuration protocol outlined by IHS policy/procedure and Federal mandates (USGCB,FDCC, FISMA, HIPAA, SP800-53, CDM SOP, etc.)
• Provided senior level network engineering/administration, compliance and vulnerability analysis/reporting, as well as tracking of mitigation plans/POA&Ms.
• Provided mechanisms to ensure the protection of sensitive personal information - both health records and personally identifiable information that could be used for identity theft and entails a high level of public trust
• Provided state-of-the-art knowledge, troubleshooting, and utilization of Microsoft operating systems, desktops, tablets, servers 2000-2012, XP-windows 8.1, and complete Microsoft catalog of software
• Provided senior level knowledge, troubleshooting, and utilization of Active Directory, Group Policy Objects, logging, event correlation, regedit, PS tools, and other capabilities within Microsoft products.
• Provided basic knowledge, troubleshooting, and utilization of various Linux variants for servers, desktop systems, and vulnerability scanners
• Provided advanced utilization of VMware 5.1 virtualization to create Microsoft & Linux servers for Scanners, Secure Fusion, etc.. Creating/deploying test-bed hosts and other related systems
• Provided cutting-edge skills for patch management with Symantec Endpoint Management, WUSUS, Shavlik, and Big Fix systems.
• Provided user training for patching, removal of vulnerabilities, and related issues to securing systems to federal standards to all Area ISSO and other Security personnel.
• Performed in depth analysis of Federal NIST USGCB, FDCC, and 800-53 requirements against IHS GPO’s for compliance, determined where compliance is not met and what GPO’s require creation or waiver to ensure 100% compliance.
• Coordinated and conducted information risk assessments to protect patient health information Coordinated, analyzed and documented application access audits. Ensured appropriate access controls, both physical and application access controls to all IT/IS resources.
• Provided Vendor relations to ensure Vendor products in use at IHS meet federal security compliance. Worked with Abbott Laboratories to modify their glucose metering software and Mitel Phone Switch software to make their products compliant
• Provided senior level reporting, analysis, and evaluation of various security topics as related/required by the Continuous Diagnostics and Mitigation program from DHS/HHS/IHS: Hardware/software inventory management, Configuration setting management, Vulnerability management, Network/physical access control management, Trust-in-people granted access (access control management), Security-related behavior management, Quality management, Credentials and authentication management, Privilege management, Prepare for incidents and contingencies, Respond to incidents and contingencies, Requirements, policy, and planning, Operational security Generic audit/monitoring
• Documented all processes and procedures required for daily operations with Secure Fusion, Tenable Security Center and Nessus Scanners, bi-monthly vulnerability reporting, and other related CDM programmatic documents.

Sr. Systems/Network/Security Engineer & IT/IS Architect

Responsibilities:

• Managed 5 direct reports, managed teams of 2-10 individuals for clients as a 1099 contractor or W-2 employee. Provided leadership/mentorship to client employees/teams on various network, server, and desktop infrastructures with 1000-2 users. Provided CIO level services to organization, small businesses, and executives. Acted as adjunct instructor at local college and taught Windows 7 & Server 2008 admin/installation, ethical hacking, and computer forensics to classes of 20 students
• Lead information security training and awareness programs to educate the workforce. Ensure alignment of privacy and security policies. Established, implemented and lead an incident response team to contain, investigate and prevent future breaches of patient health information
• Participated in breach investigations and maintain documentation of breach investigation and mitigation plans
• Provided hands-on technology support (desktops, laptops, peripherals, blackberries/iPhones, video conferencing, T-1 installation/support, VOIP, etc.) and vendor management (IT/IS and construction trades) for the Executive Chairman of the Board of Cengage Learning (formerly Thomson Learning) and Other CEO’s in the San Diego Area
• Provided high-level enterprise network/security support on site and remotely: Resolved problems and provided technical lead to answer questions related to the network/systems/security, utilized vendor and carrier support when necessary to resolve network problems and/or outages, that were not internal in order to recover systems as quickly as possible (pen testing, vulnerability monitoring, IDS/IPS, and deep packet analysis)
• Provided security functions for all employers for networks, servers, desktops, and other systems, which include the following functions/specialties:

Confidential, San Diego, CA

Principle Network Systems Analyst/Team Lead

Responsibilities:

• Provided project management for network designs, cost analysis, and implementation plans for a 300 user LAN/WAN/WLAN with a 2 million dollar budget. Gathered client/ corporate specifications/requirements and translating them into project/implementation action plans utilizing earned value methodologies for their new E-commerce insurance production network, as an engineer, trainer and network manager. New Backbone replaced 3Com FIDDI network and concentrators with a Cisco high-availability e-commerce, development, and business network segments, with high end security systems and tactics
• Provided the skills as a tactician/strategic thinker in order to orchestrate the re-designed and implementation/installation of a new network backbone and a Network Operations Center in a new facility, brought up new backbone and collapsed the old network without any interruption to customers. Designed/installed the NOC to monitor internal and external systems onsite, and remotely (VPN, IDS, etc.) in order to meet the strategic and operations plans of the organization and customers with leading-edge technologies to provide on-line services to clients
• Provided senior level IT/IS support/troubleshooting, LAN/WAN/Wireless LAN installations, and network security for onsite and offsite business units in order to manage overall network backbone design and construction of large projects; software development, QA, Trade Shows, M&A of competitors, etc. (including management of staff to best utilize manpower, monitoring projects and workloads as necessary to meet deadlines and schedules, and budgeting and monitoring of approved project funds) for their R&D, software development, and insurance e-commerce products
• Provided executive management the presentations, plans, and implementation of BPR to migrate from CD based products to eCommerce (B2C, B2B) digital mediums and complete documentation of the IT/IS infrastructure (created internet/intranet web sites, servers and portals) to inform their 42 insurance company clients, their investment bankers, and prospective financial based transactional clients in the collision/repair industry
• Designed, installed, administered, maintained, and documented internal/external client network backbone and data center for R&D, QA, Software Development, Business Departments, and the e-Commerce network. Provided ether-channel and other connectivity to:

Confidential, CA

Senior Systems Analyst/Team Lead

Responsibilities:

• Provided senior level IT/IS installation/troubleshooting of Cisco LAN/WAN/WLAN backbone and network security devices (Firewalls, IDS sensors, Sniffers) for Level 3 Communication’s ISP production/transactional national network backbone, i.e. 85 national data centers, Denver campus headquarters, and regional/national offices with 5 to 500 users
• As the network test lab manager incorporating best practices to spearhead the utilization of a self-healing production/transactional Cisco network backbone provided Level 3 Communications with senior level operational testing of Cisco network hardware and security technologies (VPN, PGP, IDS, Firewalls, etc.), Provided software development of network monitoring systems, and remote monitoring of IT/IS systems (servers, workstations, and other technologies)
• Provided senior level network strategic planning/leadership, created network and other requirements documentation, and provided training for network engineers on Level 3’s production/ISP based networks, as an engineer and team lead
• Provided proactive, pioneering change agent practices as a project team leader, conducted root cause analyses to determine corrective and preventative actions, including procedure improvements, deployment of resources or training, and re-tooling to develop performance improvements on both the SAIC and Level 3 network teams
• Provided project management, collected, categorized, analyzed and evaluated real-time transactional, informational, and production data to recommend solutions, then assisted in solution implementation and developing acceptance testing criteria to accelerate Level 3 from a startup to a mature ISP

Confidential, NM

Network Analyst/Systems Process Re-Engineering Manager

Responsibilities:

• Project manager enlisted to drive “out of the box” thinking, provided evaluation and BPR to streamline/consolidate and re-design/re-tool the existing network infrastructure to migrate 25 servers from Microsoft 3.51 to 4.0 server (email, file, and web srv/sites), utilize SMS to deploy new desktop operating systems and applications, and software development for specialized DOE Databases and applications for 1500 users in their existing data center
• Provided project management for the senior IT/IS staff, the knowledge transfer, mentoring, and skills transfer for all aspects of their IT/IS portfolio to meet and exceed the DOE’s MIS goals and strategic plans within the 3 months contract and meeting/exceeding the project scope on time and on budget
• Provided hands-on desktop, server and network hardware support, as needed to apply patches, upgrade software, and trouble systems.
• Hands-on experience with DOE government security systems/procedures reviewed and deployed new Network Security Technologies for the transmission of Top Secret and Secret data over Fiber and twisted pair technologies for onsite and off-site DOE facilities (PGP, VPN, etc.)
• Provided ongoing development/analysis of organizational security policies/procedures, daily use, backups/recovery, and systems continuity, user/group security policies, network security design/usage.
• As a Project manager and team leader, provided training for IT/IS and DOE staff for software and hardware platforms (timely management of IT related contracts and manages software licenses and IT hardware inventory) to overcome the resistance to the new software/hardware portfolio

Confidential, NM

Customer Service Unit Manager, Technologist, Budget Analyst

Responsibilities:

• Provided resource and project management, with the responsibility for hardware/software evaluation, procurement, installation/deployment for IT/IS technologies and utilization methodologies was part of the job scope to identify potential opportunities and work to completion with little direct supervision
• Provided network security manager, desktop support manager/trainer (responsible for 25 staff members), intranet web developer, and trainer for Sandia Labs staff (1400 users), flexibility and adaptability and was working closely with clients to insure their expectations are met as the key to success
• Provided vendor relationship management for in-sourced and out-sourced personnel the goal was to create RFP’s/SLA’s, perform contract negotiations, define and design performance and deliverable monitoring for personnel, and develop mechanisms to reduce and eliminate conflict during new building construction and other projects between Kemtah and Sandia Labs while seeking win-win solutions
• Provided the technical skills to build and maintained 25 Microsoft servers (email, web, file, and SMS), 1400 user desktops, and wired the building with Fiber and Ethernet, while deploying PGP, VPN, and other security technologies for safe and incident free planning and execution of security and IT projects (created internet/intranet web sites, servers and portals) for their existing and new data centers
• Interviewed, hired, trained, and managed 20 desktop, server and other IT/IS staff
• Utilizing strong analytical and administrative skills, project planning, process workflow, and milestone management developed budget analysis processes for the 100 million dollar New Production Reactor Project (NPR) and provided QA auditing, project management and records management
• Provided installation of networks, servers, desktops, network security, and specialized systems for the Energy and Environment Sector and NPR Project
• With the ability to win cooperation at all levels as a team leader, provided Geostatistical Modeling for the Environmental Remediation Organization and installation of hardware/software for data collection/analysis and monitoring of experiments in Labs and in the field
• Provided ongoing development/analysis of organizational security policies/procedures, daily use, backups/recovery, and systems continuity, user/group security policies, network security design/usage.
• Provided senior level IT/IS support/troubleshooting, LAN/WAN/WLAN installations, and network security for onsite and offsite facilities/buildings/labs (PGP/VPN/RAS)
• Provided BPR to migrate from print based deliverables to eCommerce digital mediums (created internet/intranet web sites, servers and portals, SEO Duties)
• Provided training for business unit staff and mentored two support engineers as their team lead
• Provided vendor relationship management: RFP/SLA, contract negotiations, performance and deliverable monitoring/QA, and conflict resolution for new building construction and other projects