SUMMARY:

He has over 10 years hands on experience leading variety of Cybersecurity projects (E.g., IAM, PKI, Cryptography, Data protection, Privacy, GRC). He has a proven record of performance and results in deadline driven IT and business environments. He is highly effective in identifying business needs and implementing security controls while utilizing applicable technology processes.

TECHNICAL SKILLS:

Applications: Microsoft suite (Word, PowerPoint, Excel, Visio) Service Now, Fidler, Jira

Tools: IBMWeb-sphere, Web SEAL and Federation manager, JBOSS, IIS Webserver, Window Server, AirWatch, Iron Mountain, Cisco ISE, NDES, Linux/Unix, Putty, WinSCP, API, Web services, LDAP v3, SAML, SSO, Open SSL, Java Key tool, TELNET, Wireshark, SSH, FTP Oracle SQL Developer, SQL Studio

Frameworks: NIST, FIPS 140 – 2, PCI-DSS, GDPR, CCPA, SOX, SOC and 2 GLBA, ISO2700, Agile, Scrum, PIA, RBAC

PROFESSIONAL EXPERIENCE:

Confidential 

Cybersecurity Advisor 

Responsibilities:

• As a member of EY National Cyber Risk Practice, I assist clients in the development and execution of design, architecture, engineering, and operation strategies to continuously enhance client’s privacy and data security posture
• Collaborate and participate in practice development efforts, including the development of service offering and thought leadership
• Provide support to go-to-market strategies with the account teams, participate in account activities, and identifies business opportunities at existing and new clients
• Serves as a liaison with clients and account teams addressing service need, requests, and issues
• Coordinate and communicate cybersecurity (i.e., IAM, Data protection, Encryption, PKI, Cyber Transformation, Privacy, GRC, Cloud, and Emerging Technology) topics to client’s leadership teams
• Manage and multiple pursuits and delivery efforts with responsibility of contractual commitment, scoping engagement specifics and delivery of client’s outcomes
• Manage $5m+ sales pipeline
• Client’s engagements are as follows:
• Conducted an enterprise identity and access management (IAM) assessment that encapsulate central identity management solution (SailPoint IIQ), identity governance (RSA Identity governance), password and privilege identity management (CyberArk), Authentication management (SSO, MFA) identify deficiencies and develop recommendation and roadmap for future state
• Coordinated and performed detailed cybersecurity maturity program assessments to identify gaps, risks, potential opportunities and build out a remediation roadmap inclusive of people, process, and technology to improve overall cybersecurity program. Additionally, assist with the design and implementation of security policies, standards, guidelines and procedures
• Cybersecurity transformation—Developed strategies, build detailed road maps to align cybersecurity with business goals and objectives; primarily assigning priorities to cybersecurity domains with less visibility and establishing plan of action as it pertains to timelines, resources budgets, and technology deployments
• General Data Protection Privacy (GDPR) and California Consumer Privacy Act CCPA —Coordinate and manage GDPR and CCPA assessment. Project include developing business process data flows and system diagrams/data mapping for various IT functions, and conducting privacy impact assessment and privacy risk reports. In addition, proposed future state strategy for GDPR PIA automation
• Performed data protection program assessments and build data protection programs. Implement data classification policies, data handling guidelines, deploy data loss prevention (DLP), data tagging and labeling mechanisms
• High Value Asset Assessment and Data discovery—Developed strategies and governance to identify critical data (on premise and cloud), data discovery lifecycle, and deploy network discovery scans
• Encryption and PKI Program modernization: Performed encryption key management audit and provided audit reports, develop an encryption standard, and assist in implementing and modernizing various encryption technologies (ADCS, Thales Luna HSM, Venafi, SSH key management) to mitigate highlighted risks based on the report findings
• Cloud Security— Developed strategies and risks associated with deploying to the cloud, apply deep information security and risk management skills to the design, build and protect enterprise systems, applications, data & assets in the cloud platform
• Utilized E & Y’s CPA, COBIT, NIST, FIPS-140, PCI, SOX, Fed RAMP, ISO 2700, CMMI methodologies and frameworks to conduct risk assessments.
• Developed and present business proposals, use cases, SOW and RFP for current and prospective clients.
• Ensured quality of work products, engagement economics (total engagement revenue, project margin, performing ETCs, and developing staff

Confidential

PKI and Encryption Solution Consultant

Responsibilities:

• Assessed existing Encryption program, public key infrastructure (PKI) and made recommendations for possible solution to address PKI, certificate lifecycle management and encryption key management issues.
• Lead and coordinated vendor selection for certificate and key management solutions (e.g., Venafi, Key Factor, AWS Key Management, Sectigo, HSM, Vormetric DSM and Protegrity).
• Facilitated business and security requirements for new certificate and key management solutions.
• Developed a decision matrix for selecting best certificate and Key Management solution based on the client’s business and security requirements.
• Assisted with the implementation, configuration and operation of Venafi and Vormetric as an on premise-based certificate and encryption management solution.
• Developed and maintained certificate and encryption key policy and certificate practice statement.
• Developed and configured various use cases to utilize certificate and encryption mechanism (2 factor authentication, Mutual authentication, SSL intercept, data at rest, in use and data in motion etc.).
• Acted as the technical resource for all things PKI, and encryption technologies (MS CA, NDES, Thales Luna HSM, SCEP, CDP, CRL, OCSP, PGP, Vormetric)

Confidential 

IAM Consultant

Responsibilities:

• Responsible for providing project and engineering support to SailPoint IIQ as a centralized IAM solution
• Engaged business and IT stakeholders and to develop entitlements and provisioning policies.
• Collaborated with various IT functions to integrate business applications with centralized IAM
• Assisted with troubleshooting all system failures, identify root causes, fix any issue, and provide availability and integrity of the identity management product.
• Managed, and maintained health and wellness of IAM technical Controls.
• Provided guidance and consultation to various business functions on role base access controls, entitlements and Provisioning Policies.

Confidential 

PKI/ Encryption Engineer

Responsibilities:

• Designed, architected, and deployed Symantec Managed public key infrastructure
• Configured Symantec MPKI integration with Luna HSM.
• Issued, revoked, and renewed CA, EV, OV, DV, Code Signing, wild card, and S/mime certificates.
• Developed strategy and collaborated with the vulnerability team to deprecate all SHA-1 certificates and SSHv1.
• Updated, patched, and maintain Hardware Security Module and the Enterprise gateway servers.
• Provided consulting to all lines of business on security related topics pertaining to encryption and certificates authentication (Mutual, basic, WS, SSL/TLS, two factor authentication).
• Provided engineering and operational support to Vormetric data encryption manager and Symantec PGP Key encryption.

Confidential

IAM Security Engineer

Responsibilities:

• Responsible for providing project and engineering support to various IAM technical controls (Varonis, Tivoli identity suite, Aveksa, Entrust MPKI, and CyberArk) in an agile scrum environment.
• Assisted is developing provisioning entitlements and provisioning policies.
• Collaborated with various IT functions to integrate business applications with centralized IAM, Access and Federated manager (IBM Tivoli suite)
• Troubleshoot all system failures, identify root causes, fix any issue and provide availability and integrity of the identity management products.
• Managed, and maintained health and wellness of IAM technical Controls.

Confidential

Associate IAM Security Engineer

Responsibilities:

• Assessed IAM processes and conducted technical interviews relating to IAM investigation with application owners.
• Assessed potential threat and weakness in existing IAM Technical controls (IBM identity.
• Assisted with the configuration of IAM standards and controls.
• Recognized technical gaps in IAM programs and source applications based on best practices, industry process and technical standards.
• Provided guidance and consultation to various business functions on role base access controls, entitlements, and Provisioning Policies.