SUMMARY

• Web application vulnerability assessment/testing against internal and 3rd party systems. Automated scanning for application vulnerabilities including the OWASP top 10, etc (CSRF, SQL injection, XSS, etc); Manual testing, verification, exploit development/demonstration for application vulnerabilities and validation against false positives; Vulnerability report creation; Alternative continuous scanning/vulnerability management using vendor scanning resources; vulnerability remediation enforcement
• Server/Network device vulnerability assessment/testing against internal port/protocol vulnerabilities (i.e. insufficient encryption, vulnerable protocols & ports, etc); Vulnerability report creation, delivery, education, and recommendations; Vulnerability remediation enforcement & compensating control recommendation.
• Incident Management
• Network Malware/Threat analysis and testing against multiple known industry leader signature sets. Follow - up notification to remediate internally and deliver new signature identification back out to industry leading prevention vendors supporting future control measures.
• Data Loss Prevention (DLP) policy definition and management (i.e. prevention credit card or SSN number transmission across network boundaries in email or FTP transmissions)
• ACL requirement management, definition, and associated System Design Document integration & approvals processing.
• Layer 7 Web Application Firewall (WAF) policy tuning, testing, and implementation; Network Layer Firewall rule coding
• Security Information and Event Management (SIEM) integration with distributed systems allowing their data to be aggregated & correlated allowing more effective and efficient application of control measures and compliance alignments.
• Mobile Device Management (MDM) security policy definition & integration testing
• Sensitive Data Classification, controls, and education
• Information Security Governance, risk management, and compliance (GRC): Assets Identification, BIA, Control Assessment/Risk Assessment, etc
• Information Security Policy & Standards Compliance enforcement & education Systems requirements analysis, architecting, and deployment.
• 20 years in IT managing the full life cycle of development projects whereby analyzing situations, and providing solutions to support the web and database needs of multi-departmental organizations.
• In-Depth experience in developing and analyzing the logical structures and algorithms involved in application development and maintenance while utilizing structured, object-oriented, and eventdriven programming techniques.
• JIRA Process automation/orchestration

TECHNICAL SKILLS

Information Security & Assurance: IBM Appscan Standard, IBM Appscan Enterprise, BurpProfessional Suite, Whitehat Security/WhiteHat Sentinel DAST & SAST, Qualys/QualysGuardVontu/Symantec Data Loss Prevention, RSA Archer eGRC, FireEye, McAfee Platinum PortalMcAfee ePolicy Orchestrator/VirusScan, McAfee Nitro, PGP Universal, F5 ASM, Airwatch MDM Operating Systems Windows (All), DOS, UNIX/AIX, Linux, RHEL, Solaris, Macintosh (All), VMware, Virtuozzo

Network: F5/Big IP, TCP/IP, Firewalls, NAT, IPSec, DNS, Appletalk, LAN design, WLAN design,VIP, Pooling, Load Balancing, Reverse Proxy, VLAN, Traffic Analysis

Development: Web Services/SOAP/REST, Socket programming, LDAP, WSDL, Java, J2SE,Applets, C/C++, Visual C++, Visual Basic, VBScript, COBOL, FORTRAN, BPEL, Perl, PythonEclipse platform, UML, RPM packaging, UNIX Shell Script, Eclipse, CodeWarrior, MacPerl, Cheetahmail, Gammadyne Mailer

Database Development: Oracle, Oracle Enterprise Manager, OCI8, OODBMS, MySQL, MSSQL,RDBMS, ADO, ODBC, SQL, PL/SQL, SQL*Plus, Filemaker, Access, IBM UniVerse, PICK BASIC

Web Applications Development: Zend Development Environment, Zend Framework, WebServices, SOAP, HTML, DHTML, Java, JavaScript, AJAX, JSON, XML, WML, VML, VBScriptPHP, JSP, Apache, CSS, WebSTAR, Lasso, Tango, ASP, MS IIS, Siteminder Integration

Web Applications Hosting: JBOSS/JON, IBM Websphere, LAMP, Apache, MS IIS/.Net, WebSTAR

Monitoring/Data Mining: Splunk, Foglight, Nagios, Opsview, Verity Search/Ultraseek, Sawmill, CVS, Subversion

Design: GoLive, Dreamweaver, Photoshop, ImageReady, Illustrator, Freehand, Flash,Actionscript, FrontPage, Fireworks, AutoCAD, Acrobat, QuicktimeVR Studio, CorelDraw, Visio

Productivity: JIRA, Confluence

Management: Totality, MS Project

PROFESSIONAL EXPERIENCE

Confidential

Vulnerability Management Solutions Architect

Responsibilities:

• VM Productivity tools architect
• JIRA VM Process Automation/Orchestration
• JIRA/Confluence Management
• Productivity Tools SME and training

Confidential

Vulnerability Management Regional Manager

Responsibilities:

• Global Vulnerability Management (VM) Integration & Regional VM Solutions analysis, implementation, and orchestration
• Direction/Coordination of contracted Penetration testing resources
• Web Applications Information Security assessments
• Server/Network Device Information Security assessments
• JIRA VM Process Automation/Orchestration
• Manual vulnerability validation and exploit development/demonstration
• Provides direction to others to facilitate their work effort within my regional scope.

Confidential

Senior Information Security Analyst

Responsibilities:

• Web Applications Information Security assessments
• Server/Network Device Information Security assessments
• Information Security Governance, risk management, and compliance (GRC) assessments
• Information Security Compliance education & adherence
• Manual vulnerability validation and exploit development/demonstration
• Incident Management
• Malware analysis
• DLP admin
• MDM admin & testing
• General information security issues & systems management

Confidential

Systems Admin Architect / Senior Applications Developer

Responsibilities:

• Systems architecting for JBOSS, Websphere, Apache, and IIS environments ACL definition, Systems Design/deployment, and monitoring.
• WAF policy tuning & testing, Network Layer Firewall rule coding
• Splunk, Foglight, Nagios, Opsview, Verity Search/Ultraseek, Sawmill administration.
• CVS, Subversion admin
• Mysql, Postgresql, MSSQL Admin, Oracle
• Web Services development
• Application development/maintenance
• Siteminder, LDAP integration
• Client requirements gathering, service analysis, quote distribution, and approvals