SUMMARY:

• 29 years of Information Technology with a 24 year concentration in IT Security
• Recognized subject matter expertise through international certifications including CSSLP, ISSMP, ISSAP, CISSP, CISM, CISA, NSA - IAM, NSA-IEM, GAWN-C, GSNA, AWS Solutions Architect Associate
• International IT consulting experience with world leading organizations ( Confidential and Confidential )
• Multi-million Information Security Management & Architecture experience with various Fortune 500 organizations across multiple industries in the US and Europe
• IT Subject Matter experience at various government organizations.

TECHNICAL SKILLS:

• CISA, CISSP
• Currently used
• CISM, ISSAP, ISSMP,
• CSSLP
• NSA-IAM & IEM
• Technical Project Management
• Security Architecture
• Network Security/VPN/Firewalls/IPS
• O/S Security/AV/HIDS
• AppSecurity/WAF/OWASP

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Chief Technology Officer

Responsibilities:

• C loud Security Subject Matter Expert - Consulted various private organizations such as Confidential, Confidential ( Confidential ) with their Amazon Web Services Cloud Architecture and migration requirements. Worked on security, networking and operational issue resolution in converting traditional data center hosted applications to the Cloud and the correct implementation & utilization of Cloud specific security controls as well as legacy security products such as Checkpoint NG, BlueCoat, AlienVault, Nessus, FireEye, Sophos, Symantec, McAfee, etc. Ensured compliance of security controls with project applicable standards such as CIS, OWASP, PCI DSS, ISO 27001, ISO 27002, etc.
• Chief Security Officer - Chief Security Officer for eTouchFederal which developed PoC Hybrid Cloud for NASA. The ongoing effort was a private venture to provide Hybrid cloud services from IaaS to SaaS including VDI across all NASA centers. The system would provide NASA with compute & storage choices depending on the risk associated with the data processed/stored. Both AWS and Azure where target as the external Public Cloud choices for extending compute and storage requirements. Full FedRAMP, FISMA, etc. compliance were the targeted goals as well full synchronization with the NASA SOC, and all NASA security policies & procedures. The design requirements included full integration with the NASA IAM, a layered defense in conjunction with existing agency/center controls and SLA agreements with applicable NASA IT groups. Some of the tools selected to proactively detect malicious activity include GitHub-Threat-Intelligence, Recorded Future, AlienVault(SIEM)/OTX, Nessus, Juniper(FW/VPN/IPS), McAfee, CIS (hardening), OWASP (application testing). In addition, the various log information generated within the cloud would be forwarded to ArcSight solution currently implemented by the NASA SOC.
• Security Subject Matter Expert - Provided subject matter expertise for the NASA Headquarters in the implementation of the HSPD-12 directive which for NASA incorporates all of the projects under the NASA Integrated Services Environment Project (NASA Consolidation of Active Directory, Cyber Identity Management System, e-Authentication, NASA Account Management) as well as the PKI, Common Badging and Access System, and IP Address Management projects. The large combination of projects was required to bring NASA in compliance for centralized identity management, common logical and physical access controls and the overlapping requirements imposed by the projects. Although the primary goal of the work was to ensure full compliance with HSPD-12 requirements, secondary goals included full compliance with FIPS-201, 199, 200 as well as other relevant standards, OMB requirements, and NASA policies and procedures. Due to the strong consensus culture of the organization, close collaboration with various stakeholders and partners was required to achieve the goals of the overall program.
• IT Security Architect - Assisted the National Aeronautics and Space Administration (NASA) Chief Security Officer (CSO) in the development of a series of Master Security Plans (MSP) utilized to standardize IT Security policy, processes and architecture across the entire organization. MSPs inherently reduced the number of OMB reportable systems and improved the overall FISMA grading for NASA. The MSPs where based on NIST SP 800-18 security plans, using FIPS-199/SP 800-60 information system categorizations, FIPS-200/SP 800-53 controls tailored for NASA as part of this work effort, and SP 800-30 based risk assessments with SP 800-37 certification and accreditation criteria as well as industry best practices such ISO-17799. When correctly applied MSPs can significantly reduce security planning and C&A work efforts.

Confidential, Vienna, VA

Sr. IT Auditor

Responsibilities:

• Provided network security subject matter expertise to the Computer Sciences Corporation Internal Audit department for their Sarbanes-Oxley evaluation & testing of the CSC global infrastructure.
• The infrastructure consisted of an MPLS network inte-connecting multiple data centers across the world.
• Over one hundred (100) components including Firewalls, VPN Gateways, Routers, Switches, etc., where audited from various vendors such Checkpoint, Cisco, Nortel, etc. as well as the applicable policies & procedures.

Confidential, Arlington, VA

Security Architect

Responsibilities:

• Assisted the Department of Justice’s Chief Information Technology Architect with the development of the department’s Enterprise Security Architecture.
• The work included the definition of a scalable infrastructure that addressed the large number of offices of different sizes & requirements across the United States.
• The approach utilized three basic patterns (small, medium, large) for each office type with applicable baseline patterns for the various IT components (Firewall, Router, Switch, Application Server, Web Server, etc.) within each basic pattern.
• An additional task was the creation of department policies, standards, C&A processes (including tools and procedures), Security Awareness & Training program, and the identification of Management, Technical & Operational controls and associated test cases for the Senior Information Security Officer (SAISO) in regards to the implementation of FISMA requirements.

Confidential, Gaithersburg, MD

Security Manager/Architect

Responsibilities:

• Architected, managed, and implemented the security of various eBusiness solutions including security policies, procedures, and technical controls.
• Lead the Network Security for FIFA 2002 WorldCup under a contract for Avaya to ensure the security of the events networking components.
• Managed a team of engineers who developed the security infrastructure and prototyped an n-tier infrastructure to improve the business functionality for Confidential .
• The infrastructure was built around J2EE servers and re-usable Java components utilizing a centralized security policy & provisioning with distributed authentication & authorization controls. The infrastructure was required to handle millions of user accounts, delegated administration, complex role definitions, distributed directory synchronization, etc.
• A combination of enterprise scalable security tools where utilized to provide a layered security approach while maintaining a comprehensive assurance of security policy implementation. Implemented an SSO solution (Tivoli-Access Manager) for Confidential supporting 50,000 users in its initial phase and providing over $500,000 yearly ROI savings.
• A $500,000 PKI (Tivoli-TPKI) upgrade project for Confidential enabling enhanced business functionality through tighter security controls of transactions.
• Developed the security blueprint definition for the World Wide Retail Exchange which in it’s first year traded 100’s of millions.
• The exchange included 62 member companies and 100,000+ suppliers, partners, and distributors.
• Other work involved various enterprise security assessments ( Confidential, Confidential, Confidential, etc.), application engineering and Confidential security designs including security organization definitions.
• Managed teams sizes varied from 2 to 10+ depending on the effort involved and budgets ranged from $150K to $2.5 million.

Confidential, New York, NY

Sr. VP Security & Network Operations

Responsibilities:

• Responsible for architecting & managing the overall security & network operations for a startup company focused on Internet debit/cash payment transactions.
• Confidential competed with VISA & MasterCard as an Internet payment mechanism by offering an enhanced level of security & privacy through practically anonymous but extremely secure transactions.
• Assisted senior management in identifying the business Security risks and developed corresponding security policies and procedures to address them.
• Defined & lead the implementation and operation of a multi-layer security architecture to assure policy & regulatory compliance.
• Presented the security aspects of Confidential to investors and partners at various stages of funding.
• The technologies involved included various Cisco components such as PIX, Load Director, Catalyst 5509, and various routers, SonicWall Firewalls, Solaris 2.6/7, Oracle 8i, Tuxedo, HP Node Manager, Netscape, ISS RealSecure, Axent ESM, ITA, NetProwler, nmap, queso, etc. Overall budget responsibility $1+ million.

Confidential, Washington, DC

Security Manager/Architect

Responsibilities:

• Managed the security assessment for the Snet (online banking) project for Banque Et Caisse D’Epargne De L’Etat, Luxemburg. The assessment considered the organizational, process and technical security issues as well as the incident response processes in place. The network, platform, and application controls where analyzed for known vulnerabilities and series of penetration tests performed. Policy compliance was assured with both external & internal vulnerability scanning. Root causes and specific recommendations where included in the final results. Finally, to ensure that security strategy was correctly identified, business recovery issues where addressed with the client. The technologies included Cisco routers & switches, Firewall1, AIX, Brokat (Internet Banking software), StoneBeat (high availability), ADSM & MQSeries, ISS (Network & Host scanners), Axent ESM, Nmap & other shareware utilities.
• Managed the security team for Confidential of Florida’s largest Confidential project. The work involved an assessment of 20+ enterprise systems, ranging from Mainframe applications to Unix relational databases and Web servers/clients. Corrective measures where identified in a number of areas including the selection and implementation of central user administration policy, management, and audit systems. Account management was provided for at both the platform (NT/Unix/Mainframe) level as well as in various applications build around Tuxedo, Netscape and Oracle. Coordination of departments for project funding, resource commitment by the client and a sufficient evaluation/test process proved critical to the project’s success. Another success factor was the streamlining of the organizational change process and decentralized user administration procedures while maintaining overall central control & audit. The technologies included Tuxedo, RACF, NT, AIX, Solaris, Oracle, various Netscape servers, Control-SA, Diamond, SAS, etc.
• Managed a combined client/consultant security team and designed the security for the Commerzbank’s (presently third largest bank in Germany) Internet banking solution. At the time the Chaos Computer Club was in the news and the existing system utilized private terminals & connections, therefore Internet banking was considered extremely risky, but vital for future competiveness. To address their risk the bank imposed a contractual requirement of 2X project fees (~$5,000,000) if 1 year of implementation a security flaw resulted in a data breach external or internal. One of the bank’s primary requirements was the “two-man rule” where all critical IT Security functions such as encryption key changes required two individuals to implement. Following a comprehensive risk analysis of Internet connectivity requirements, the flow of customer account information through the system as well as internal risks due to rogue employees a multi-tiered design emerged. The design included compliance to German/European technology banking standards and the utilization of non US high encryption due to the stringent US export regulations at the time. Multiple environments (development, QA, staging and production) were developed as well as a comprehensive training program for various bank IT groups. The technologies included Windows NT, HP/UX, Cyberguard, Axent ESM & ITA, ISS, Hardware Security Modules, Oracle, NetDynamics, Virtual Vault, MQSeries, customized smart card tokens and encryption software, etc. Probably the most complex security solution provided by the project was an Application Firewall based on best practices for web input filtering validation to prevent SQL injection attacks. Before the system went live it had to first pass a series of security assessments and penetration tests by third parties while ensuring that incident response procedures and alerts worked as designed.

Confidential, Washington, DC

Manager IT Security & Network Engineer

Responsibilities:

• Defined the IT Security design & managed the security operations for the entire organization. Worked with senior management to define Security strategy and policy.
• Implemented and/or managed the security controls & procedures, the security awareness program, various external communications projects including Internet and telecommuting (VPN).
• Participated in technical evaluation committees on issues of computer security and network connectivity.
• Typical external access circuits included Internet, X.25, Frame Relay, ISDN, and POTS technologies; some of the products included Cisco 2000 /40 00 series routers, Synoptics 3000/4000 hubs/switches, HP Openview, CiscoWorks, etc.
• Managed the design and implementation of the Confidential Internet Firewall (TIS FWTK, Firewall1) as well as various departmental Firewalls. Responsible for oversight of the Confidential Internet services (HTML, Email, FTP, News, Audio, Video, etc).
• Technologies included Netware, NT, Lan Manager, OS/2, HP/UX, Solaris, OSF/1, TIS, Oracle, Cisco, BayNetworks, Axent ESM, SecureID, TACACS, Radius, Sendmail, etc.

Confidential, McLean, VA

Network Engineer

Responsibilities:

• As a lead member of the Network Control Center team assisted the Confidential with the implementation of the Confidential project.
• Confidential scope was the upgrade of the NRC’s outdated IBM 5520 mini-computers spread out among 5 regional & 6 local offices in the US with a Novell Netware Token Ring network, interconnected via a meshed leased line WAN. The upgraded infrastructure consisted of 20+ SPX/IPX & TCP/IP Routers (Wellfleet CN), 50+ Smart Concentrators (Synoptics 3000), 30+ servers (Tricord) and 3,000 nodes all managed via HP OpenView.
• The Confidential team managed the evaluation, testing, & integration of applications, file servers, routers, hubs, asynchronous communications and desktop to Unix communications. A critical part of the replacement consisted of the email & document translation (5520 to WordPerfect) system via SoftSwitch for every 5520 user.
• I was personally responsible for the implementation of Netware 3.11, TCP/IP protocols, network asynchronous communications and the creation of the training programs for the 25+ LAN administrators on the project.

Confidential, Herndon, VA

Network Engineer

Responsibilities:

• Provided Network Engineering & Administrative support for a 1500 node, 19 servers Ethernet based Novell network running Netware 2.15 through 3.11.
• Established hardware/software configuration procedures of network PCs, installation, maintenance & upgrade of file servers, Ethernet cable plant (transceivers, repeater, bridge & router units), data backup systems, Email & communications servers and LAN software.
• Developed a user/inventory database, implemented various LAN maintenance applications, and restructured the LAN & workstation menu systems.
• Configured the Novell to SNA 3270 & SoftSwitch gateway and was responsible for the support and maintenance of the systems.
• Previous work experience included MGB Computers (proprietor/engineer), The Washington Post Co. (computer technician),3 years of Information Technology and Engineering experience primarily in IBM compatible microcomputers, Novell networks and Harris mainframe systems.