Seasoned information security and software engineering professional with proven results developing breakthrough information security solutions and software products in leading global technology environments.
- Risk Analysis
- Vulnerability Assessment
- ISO 17799 Standard
- HIPAA and FISMA
- Project Management
- Software Development
- ISS Site Protector
- ISS Internet Scanner
- Checkpoint VPN
- Checkpoint Firewall
- Tipping Point UnityOne
- McAfee ePolicy Orchestrator
- McAfee Virus Shield
- McAfee Desktop Firewall
- Shavlik HFNetChkPro
- Tripwire Manager
- Confidential Sharepoint
- Confidential SQL Server
- Confidential IIS
- Confidential Developer Studio
- Crystal Reports Enterprise
- Windows Server 2008
- Windows Vista
- Windows XP
- Novell Netware
- Sun OS and Solaris
- Confidential Visual Studio
- Clear Case
- Authored risk management program charter document for GFS, with guidance and collaboration. Wrote and peer - reviewed all risk management documentation including processes for identifying, assessing, normalizing, reporting, and managing risks.
- Derived software functional specifications, software test plans, feasibility studies, and conducted acceptance testing for Governance, Risk and Compliance (GRC) software.
- Managed projects for selecting, planning, tailoring, and testing Archer SmartSuite Framework and ember HeatShield risk management technology products. Developed training material and delivered training for risk managers and system administrators.
- Wrote information technology risk management process for all risks related to hosting of email, web, and Internet commerce for Confidential . Improved key risk management decision making procedures and communicated them to business unit managers.
- Streamlined risk management process by 70% while identifying new opportunities for collaboration and savings of millions of dollars.
Information Security Analyst
- Managed information security technologies including intrusion detection, patching, and vulnerability scanning.
- Authored security policies, procedures, standards, and training documentation.
- Assisted with Sarbanes-Oxley regulatory compliance audit. Selected technologies and managed process to distribute sensitive audit information.
Confidential, Redmond, Washington
- Managed a Windows Server security “ Confidential ” feature that enables the customer to properly secure their data regardless of their security expertise. Led a team of seven engineers in software specification, development, inspection and release.
- Enhanced over 30% of the original product and doubled the features of the Confidential for Windows Server firewall configuration. Explored customer needs, derived technical requirements and wrote a feature plan specification.
- Developed a new security configuration XML schema and knowledgebase for Confidential products. Wrote and delivered training on the standard for partner teams. Integrated the standard with networked Confidential Windows components, coordinating the efforts of over 230 partner teams around the world.
- Provided post-sale product implementation, monitoring and incident response services for the client guaranteeing real-time visibility and control of network behavior.
- Defined project implementation milestones, estimated work, and coordinated efforts across 15 branch offices throughout the U.S.
- Tailored real-time monitoring for the network environment and provided detailed reports of AD, SMB, NetBIOS, HTTP, HTTPS, SSH, and DNS traffic. Configured custom signatures and alerts for increased awareness of specific network attack risks.
- Identified thousands of previously unknown infections over the national Confidential network and identified potential improvements for network architecture and asset placement.
- Delivered a custom, policy-based, positive-model network security solution for the organization. Determined applicable regulatory requirements, designed sensor placement, and validated FISMA and HIPAA compliance. Validated solution using Confidential security standards and best practices.
- Audited network traffic on all layers of the OSI protocol stack. Provided insight on specific network protocols and network segments they occur on, including behaviors indicating outbreak or malicious use.
- Reported network health and security status to operational and executive management. Distilled complexity from the data so that managers could understand and act on the information in a timely and efficient manner.
Information Security Analyst
- Assessed and met the information security needs of the enterprise based on business objectives, regulatory requirements, and risk analysis. Researched and recommended risk mitigation actions. Developed project proposals and presented to executive management for purchase approval.
- Managed scope, schedule and deliverables for implementation of core information security technologies ensuring HIPAA regulatory compliance. Trained technical and non-technical staff on these technologies.
- Performed weekly vulnerability assessments of production servers, documenting results and presenting to IT administrators and management. Directed specific and effective risk mitigation actions. Escalated compliance issues to executive management.
- Performed forensic analysis of information systems including log analysis, file system reconstruction and network tracing. Preserved evidence for possible law enforcement use and authored summary reports with absolute regard for legal standards, ethical integrity, and objectivity.
- Effected HIPAA regulatory compliance through security program gap analysis, peer review, and implementation of revised information security policies, procedures, and best practices. Developed a training program for operational compliance.
- Developed and institutionalized information technology policies and procedures for 46 areas of HIPAA regulatory compliance. Delivered training for 5,000 hospital staff of all backgrounds.
- Planned, deployed, tested and documented security technologies ensuring the safety of critical patient data. Accomplished a 90% reduction of security incidents by planning and implementing:
- Efficient virus scanning for 2,500 client PCs.
- Effective distribution of security patches for 2,500 client PCs.
- Comprehensive vulnerability scanning of 26 Windows, HP-UX, and Unix servers.
- Detailed intrusion monitoring of 35 servers through tailored host-based IDS.
- Thorough network protocol monitoring and control through network-based IPS.
Confidential, Arlington Heights, Illinois
- Managed a team of five software engineers for the customization, testing, and implementation of a UML modeling tool that streamlined software. This leading project produced a 60% cost savings (in millions of dollars) and a 70% reduction in software coding defects. Developed and delivered training to my department of 50.
- Participated in a 20-person, company-wide process improvement team, representing my department and its Six Sigma software development process, sharing project status and progress, lessons learned, and breakthrough results for efficiency, quality and savings.
- Formally recognized for superior performance.
Confidential, Ames, Iowa
Project Manager and Web Database Developer
- Designed, developed, and implemented a web-based inventory management system.
- Defined hardware and software requirements, selected technologies, and developed the system.
- Developed database management system using Confidential SQL Server, Internet Information Server and Active Server Pages.
- Performed integration testing and trained staff.