SUMMARY:

• A result driven information techology professional experienced in strategy, architecture, operations, compliance and management including building/leading teams.
• A history of outstanding performance with excellent written and verbal communications skills and a recognized cyber security industry leader with extensive experience interfacing with regulators and auditors as well speaking at national and international conferences.

TECHNICAL SKILLS:

Risk Management: RiskIT, RMF, Brinqa, RSA Archer, GARP, RSAM

Security: Symantec, RSA Access manager, SecurID, VIP, smart cards

IAM: Oracle, SailPoint, FIM, UniCERT, MS CA, Ping Identity, Siteminder.

Firewall/IDS/IPS: Cisco, Check Point, Juniper, Sourcefire

WAF: Imperva, F5 ASM

NIDS/HIDS: Tripwire, Snort, OSSEC, Verisys

Scanners: Nessus, Qualys, Rapid7, WebInspect, AppScane

Discovery: Encase, Clearwell

Databases: Oracle, SQL Server and MS Access

Mobile Devices: iOS, Android, MDM - AirWatch, MobileIron, Good

DLPSIEM: ESM RSA DLP, Symantec, Websense ArcSight, AlienVault; NetIQ, IBM Tivoli

Cryptography: JSSE, JCE, Microsoft CAPI

Healthcare: Cerner, McKesson

Operating System: VMware ESXi 4.1, Linux, Solaris, SUSE, HP-UX OS X, Windows Server, Windows7

Digital Signatures: MS Office, Adobe, custom

MS Office: Visio, Project, Word, Excel, PowerPoint

Cloud: SAAS, PAAS, IAAS

PROFESSIONAL EXPERIENCE:

Confidential, NYC, NY

Enterprise Security Strategist

• Trusted Advisor - Trusted advisor to customer and partner executive management for the north east sales team. Able to command relationships at the C-level as a trusted advisor as well as communicate on a deep technical level with security analysts and engineers.
• Technical Advisor - A deep technical knowledge in: Security Operations, Incident Response, Security Metrics, Forensics, Research-emerging technologies, Threat Detection, Penetration Testing, Software Security Assurance, Security Product/Service Development, Cyber Security Legal, Compliance, and Security Assessments.
• Product Development Consultant - Worked with product development teams to define strategies for product development, roadmaps and marketing strategies.
• Featured Speaker & Facilitator - Invited speaker at conferences, partner and events with a focus on C-level attendees.

Confidential, Washington DC

Trusted Advisor

• Advised the legislative community on technology and cybersecurity issues by providing recommendations on technology policy to Senate and House members, senior congressional staffers, committee and caucuses members and federal agency leadership. Provided industry thought leadership though interviews, publications and other educational offerings focused on critical infrastructure sectors such as government, healthcare, finance, energy and biotech.

Confidential, NJ

Vice President

• Program Management - Managed Secure Software Development Lifecycle including system and design analysis, code assessment, AIM, Multi-factor authentication for FFIEC compliance, vulnerability assessment, threat assessment, risk assessment, and training.
• Senior Security Application Architect - Managed global risk and controls and compliance, drive S-SDLC initiatives, perform threat analysis and modeling, proposed technical controls, manage risk and vulnerability analysis, perform special security analysis project. Established relationships with application manager, domain architects and senior management. Developed new risk assessment criteria based on the threats.
• Application Risk Management - Performed application risk and vulnerability analysis for high risk applications transacting trillions of dollars per day. Oversaw static and dynamic code review, established policies and procedures worked with development teams to remediate issues.

Confidential, NJ

Associate Director

• Staff Management - Managed recruitment, staff development, cross training, goal setting, performance reviews, communications, motivation, and remuneration.
• Service Delivery Manager - Delivered identity, encryption & signature services used worldwide for identity, access control, sign documents and secure network communications. Maintained an uptime of 99% while reducing staff by 30%. Managed provisioning of outsourcing of service infrastructure to the cloud. Managed service providers & KPIs
• Enterprise Security Architecture - Worked closely Enterprise architects with various models - TOGAF, SABSA, FEA, & Open Group - to ensure security is integrated with enterprise architecture.
• Vendor/Service Provider Management - Worked closely with vendor/service providers including cloud based solutions providers ensuring compliance with performance metrics, regulations, and finances. Managed negotiations and contract compliance including billing & consumption reports, incident/change management and performance management.
• Regulatory Compliance/System Validation - extensive experience with maintained national and international compliance with various regulations (NIST, ISO 2700x, PCI DSS, FedRAMP, HIPAA, EMA, GxP, and FDA). Passed 100% compliance audits
• Design and Architecture of Cyber Security Solutions - Designed and implemented qualified worldwide IT identity management solutions including technical architecture, design of business solutions and marketing of the Services including help desk and end user education. Managed day-to-day operations.
• Large Scale Integration - Point of Contact-Work Stream lead for $5.3B Amylin acquisition of IT infrastructure services including identified and mitigated risks, progress against milestones, macro finances of $19B budget covering networking, servers, data centers, application integration, and work place services. Received awards for integration success.
• Global Mobility - Designed mobility authentication solutions to meet business demand for secure access to mobile applications and secure access from mobile device to corporate assets.
• Risk Management - Developed risk management process that links risks between data, applications, network infrastructure, operating system, data bases to business tolerance for risk including cost benefit analysis.
• Application Development – designed & implemented custom vulnerability testing tools for web services & SSL security vulnerabilities.

Chief Technology Officer

Confidential

• Industry Leader – Provided guidance to senior pharmaceutical and healthcare companies. Established strong relationships across industry including with US Government including NIH, NCI, FDA, and Department of Commerce. NCI Pilot was recognized by the White House and commerce department in announcement on the “National Strategy for Trusted Identities in Cyberspace”. Streamlined business processes to facilitate bring cancer therapies to market more quickly with the added benefit of cost savings of $500 per user per year.
• Business Acumen – Provided strategic direction that positioned company as a leader in trusted identity framework for pharmaceutical and healthcare industry based on SAAS. Interfaced with European Medicines Agency (EMA), National Institute of Health (NIH), National Cancer Institute (NCI) and Federal Drug Administration (FDA).Project finalist for ComputerWorld Laureate Award
• Strategic Direction – Provided strategic direction for industry leaders in the expansion of the standard to encompass federated identity management and access control including global strategy. Designed standards and infrastructure to implement the vision including innovative cost effective cross industry solutions. Expanded scope of infrastructure within major pharmaceuticals – expanding reach to 10’s of thousands of users.
• Cloud based Access & Identity Management (AIM) – Designed and implemented qualified worldwide IT identity management solutions including technical architecture, design of business solutions and marketing of the Services including help desk and end user education.
• Audit and Regulatory Compliance – Oversaw for cross certification to Federal Bridge standards (NIST 800SPxxx, ISO2700x, HIPAA, DIACAP, HSPD-12, FedRAMP, SSAE 16, PCI, SOX, EMA, Safe Harbor, FICAM, HSPD-12, FBCA, GxP, and FDA) including SAAS & IAAS infrastructure.. Passed 100% compliance audits.

Confidential, NJ

Director

• Managed strategic and tactical plans, business development, sales team interactions, customer development, business partner development, staffing, contracts, SLAs and vendor management. Ensured technical excellence, customer satisfaction and fiscal management
• Staff of Technical Consultants – Managed major contracts with Fortune 500, Pharmaceutical, Telecommunications, and wall street/Financial firms.
• Data and Network Security – Developed security solutions, managed sourcing and delivery for various security services including policy. Clients included large financial firms.
• Vulnerability assessment & patch management – penetration testing, forensic services, and patch process development
• Risk Assessments and Audit – Designed, managed and implemented risk assessment and audit processes for financial/pharmaceutical/utility companies. Processes used worldwide to mitigate risk.
• Advisor to CEO/COO – Evaluated features and functionality of products and developed corporate-wide strategy for the product lines. Projects were classified as a trade secret; all details are on a need-to-know basis only.
• Hands-On-Expert – Security, networking, OS, application development, services deployment, process improvement, vendor management, program management, and project management.