SUMMARY:

• Experienced consulting and support services in all aspect of Information Technology area including Network and System Designing, Security Architecture.
• Currently at SunTrust, focusing to help clients achieve meeting SOX, HIPAA, HITECH, PCI - DSS, GLBA, ISO 27001/2 and SAS70 Security Compliance Requirements.
• Performed security audits and disaster recovery tests and helped write and develop HIPAA compliant policies, procedures and audits.
• Created and executed program process to ensure plans are updated and reviewed following Confidential 800-53.
• Assist fortune clients meeting many internal and external information security regulatory audit requirements and 3rd party security risk assessment audits to provide them an unbiased risk assessment and reporting that helps securing their information assets and data.
• Document and communicate with business and IT regarding security risks and deficiencies.
• Led process improvement activities, participating in information security assessment special projects and other assessment related activities.

TECHNICAL SKILLS:

CORE COMPETENCIES: IT Security Quality Assurance Goal-Oriented System Upgrades/Improvement Team Development Presentation/Report Development Employee Training Communication Problem Identification/Resolution

OPERATING SYSTEMS & APPLICATIONS: Windows Linux Mac OS X Microsoft SQL Server Adobe Connect Microsoft Office Splunk SharePoint Cisco VPN Client Application Patch Management Retina Network Security Scanner WAPT Acunetix Web Vulnerability Scanner iBoss Trend Micro Qualys Guard Express Wireshark TCPDump WASSP 5.0 DISA SRR Syncsort Backup Express, Symantec Confidential Active Directory DNS SSL FTP SMTP DHCP NetBIOS IIS TCP/IP Nessus Nmap AppScan Metasploit HTML XTML XML CSS JavaScript

PROFESSIONAL EXPERIENCE:

Confidential, Atlanta, GA

Information Technology Data Security Specialist

Responsibilities:

• Develop strategy and roadmaps.
• Mature capabilities.
• Ensure that teams execute against the defined strategy and roadmap.
• Identify new and innovative ways to ways to prevent data loss and protect the organization more effectively and efficiently.
• Provide leadership and direction to develop enhanced security protection for EDGE IT devices.
• Maintain rolling plan of security projects and programs.
• Maintain alignment of client’s Cyber Security vision with business objectives and requirements.
• Provide gap analysis for information security functions and provide plans for gap remediation.
• Predict and recognize technology trends and ensure that information security functions adequately plan for them.
• Position client’s Cyber Security as an industry leader in enhanced security for the medical community.
• Develop relationships with health care industry peers, research communities, and cyber security groups
• Provide insight and actionable intelligence to client’s leadership.

Confidential, Tallahassee, FL

Information Technology Data Security Specialist

Responsibilities:

• Assisted with planning, implementation and tuning of the Department’s SIEM (Splunk).
• Supported Internet monitoring appliance (iBoss) and maintain site block list.
• Supported and maintain Trend antivirus software functionality on servers and client systems.
• Monitored Cisco IDP/IPS for information security threats and advise/participate in response actions.
• Member of the Computer Security Incident Response Team (CSIRT).
• Performed security monitoring in security operations center environment (SOC).
• Supported administration of secure messaging and second factor authentication capabilities.
• Developed and maintain technical specifications, standards, procedures, and systems documentation.
• Experience maintaining and supporting 3rd party antivirus applications.
• Supported administration of Trend Antivirus products.
• Supported administration of intrusion detection/prevention systems (IDS/IPS).
• Supported administration of Office 365 Data Loss Prevention (DLP).
• Assisted with planning, implementation of Data Motion Secure Mail portal for CJIS
• Analyzed, troubleshoot and resolve antivirus software issues with minimal impact on users.
• Provided recommendations for possible process improvements within the FDC information security team.
• Prepared status reports and providing management briefings.
• Researched and recommends appropriate technical solutions to meet functional requirements.
• Adhered to best practices, and alignment with the Customers security requirements for project execution, documentation, and reporting
• Managed Customer relationships at the project delivery level
• Knowledge of OWASP tools and methodologies.
• Collaborated with system and application owners on metrics and reporting of vulnerability data
• Experience using automated vulnerability assessment tools Nessus, Qualys, Qualys, nmap, as well as manual assessment techniques.
• Understanding of the common vulnerability scoring system (CVSS) and common attack vectors
• Administrative experience on Windows, Mac, and/or Linux-based operating systems from both a user-endpoint and server perspective.
• Patching programs and systems of major hardware and software vendors.
• Performs policy and technical controls reviews to identify areas of improvement for information security for multiple CIS 20 control categories.
• Systems and network background with an emphasis in secure configuration and hardening.
• Create and modified security standards and policies
• Engaged with agency employees of all levels to advise on best practices with regards to security
• Participate in multiple training courses, including vulnerability scanning, SDLC
• Identify performance and security issues for client applications & networks, and proposed solutions for resolving the issues

Confidential, Atlanta, GA

Information Technology Security Assessment Analyst

Responsibilities:

• Reviewed Confidential supplier security policies to insuring they are following Federal regulations and in line with SunTrust policy’s.
• Assisted fortune clients meeting many internal and external information security regulatory audit requirements and 3rd party security risk assessment audits to provide them an unbiased risk assessment and reporting that helps securing their information assets and data.
• Performed a variety of assessments against security compliance frameworks, including ISO 27001, SOC2, HIPAA, HITECH, PCI-DSS, GLBA,and Confidential Cybersecurity frameworks.
• Lead process improvement activities, participating in information security assessment special projects and other assessment related activities.
• Performed third party vendor risk, project risk, or technology risk assessments.
• Conducted on- site security assessments to measure the effectiveness of the third parties current control environment.
• Conducted ongoing security assessments to validate appropriate controls are in place.
• Documented and communicated with business and IT regarding security risks and deficiencies.
• In-depth understanding of Payment Card Industry- Data Security Standard (PCI-DSS), and proficiency in applying and National Institute of Standards and Technology ( Confidential ) standards.
• Identified and evaluated Qualitative Risk Analysis with the DREAD Model and using the Common Vulnerability Scoring System.
• Understand classification (STRIDE) scheme for characterizing known threats according to the kinds of exploit that are used to more efficiently preform security assessment of third party venders.
• Worked both independently and as part of a team at all levels and across departments.
• Demonstrated an understanding of business processes, internal control risk management, IT controls, and how they interact together.
• Demonstrated leadership and problem solving skills - Possess advanced interview skills to tailor the types of questions based on responses provided by internal personnel or supplier contacts.
• Processed complex business and information technology management processes.
• Identify and evaluated technology risks internally and/or at third parties, internal controls that mitigate risks, and related opportunities for internal control improvements.
• Developed an understanding of the third parties’ IT control environment and perform basic risk management approaches to evaluate their IT controls.
• Actively participated in decision making with third parties and internal company management for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
• Established and nurture positive working relationships with third parties and service managers with the intention to exceed their expectations.
• Assessed IT general controls and/or application layer security controls to ascertain whether they comply with organizations policies.

Confidential

Information Technology Services System Engineer

Responsibilities:

• Updated disaster recovery program and IT security procedures for Confidential and coalition forces at Camp Leatherneck Afghanistan.
• Reviewed and suggested changes to Confidential applications user access policies as they pertained to each nation.
• Monitored Server logs for any irregularities that might suggest systems were compromised.
• Assisted in the identification of potential security exposures that currently exist or may pose potential threats to Confidential networks or systems.
• Collaborated and communicate effectively with a diverse set of customers at different levels in the organization.
• Monitored security blogs, articles, and reports and remains current on related laws, regulations, and industry standards to keep up to date on the latest security risks, threats, and technology trends and recommends ways to incorporates information into processes, procedures, and audit preparedness activities.
• Assisted with the Implementation of Security Awareness goals defined as part of organization's strategy; help design and implement programs and activities to achieve those goals.
• Assisted with the development, deployment and support of Data Protection solutions and program.
• Controlled security by creating users, groups, and access rights for Confidential coalition forces to cloud resources.
• Identified emerging technologies, products, processes or practices that could contribute to the policy framework.
• Checked systems for vulnerabilities or unauthorized privileges. Provided integrity checks.
• Developed corporate policies and department procedures to address information security, change management, business continuity, and disaster recovery.
• Developed processes for reporting deficiencies and requesting changes to database components or systems and updated trouble tickets with pertinent information.
• Identified and managed database security issues through monitoring usage and generating reports.
• Designed and tested databases to ensure data consistency and developed database maintenance practices to include availability, performance, resilience, sizing, capacity, housekeeping and backup storage strategy.
• Trouble shouted Window systems to identified system issues.
• Performed Confidential virus scan enterprise updates on Confidential computer systems at RCSW Camp Leatherneck/Bastion Afghanistan.
• Produced and updated standard operating procedures for automated data processes such as SSIS.
• Conducted database user and administrator training and provided training to Confidential joint forces.
• Collected and analyzed statistics for capacity planning and produced server configuration reports.
• Performed iisresets and JAVA cash clearing when needed in support of SOAP and asp.net products.
• Custom configured XML files for use with varicose.
• Maintained a high level of quality of service across 80+ exercises providing detailed and useful reporting to Communications Planners and team members.
• Provided consultative architecture, systems management, and troubleshooting support to, Coalition forces in Afghanistan client’s environments running VMware-virtualized OLTP and OLAP SQL workloads, web portals, and data analysis environments.
• Performed technical planning, system integration, verification and validation, cost and risk, and supportability and effectiveness analyses for total systems.

Confidential

System Analyst Database Administrator

Responsibilities:

• Instrumental in developing and implementing Business Continuity and Disaster Recovery ( Confidential & Confidential ) Plans for corporate sites throughout Okinawa Japan.
• Assisted updating Confidential ePolicy Orchestrator servers and Agents.
• Translated functional requirements into technical specifications in conjunction with designated technical experts
• Provided guidance and direction consistent with policy and planning formulation process along with its missions and objectives to prepare IT polices and plans; system architecture, integration techniques, and testing methods; and analyzing complexities of existing technology, analysis/develop policy, initiate plans for enhancements, and provide management sufficient technical and cost analysis information. Communicated, explain or defend ideas or information clearly.
• Managed software teams, participating in the full life-cycle of the development process database administration support for SQL server databases, database support included creating and loading databases, reviewing data models, testing and tuning queries, developing stored procedures, scheduling backups, developing and testing contingency plans, etc. and developing standard operating procedures, monitoring and maintaining database security and database software, and travel to internal and external customer sites for onsite support of customer programs.
• Overseen and executed planned infrastructure maintenance activity while minimizing impact to services.
• Participated in a periodic on-call rotation to support a 24-hour, seven-day operation Incident response team .
• Scheduled, configured and maintained network security upgrades and daily backups.
• Performed security audits and disaster recovery tests and helped write and develop HIPAA compliant policies, procedures and audits.
• Utilized ArcSight Express to analyze threats within thirty database.
• Maintained web records, portal roles, LDAP accounts, active directory, and bookmark groups.
• Configured security class upgrade that resulted in 100% error free production implementation.
• Developed a series of SLA trend reports for team that decreased resolution time by 50%.
• Consulted on strategic direction for architecture and recommended hardware and software implementation to improve quality, efficiency, security, and minimize cost.
• Collaborated with developers and system and network administrators to implement secure, reliable database environments on NIPR, SIPR, RIPR and CENTRIX networks.
• Directed design, implementation and testing of Microsoft SQL database backup, recovery systems, migration and archiving systems and procedures.
• IIIMEF in engineering solutions for disaster recovery, storage, and the continued maintenance of a COOP site for the IIIMEF.
• Performed limited LAN administration and provide on-site and remote technical support to customers for the Navy/Marine Corps Intranet (NMCI)
• Identified areas at risk following the Microsoft’s threat modeling process for the SharePoint farms databases and applications.
• Created maintenance plan schedules for databases, log backups and cleanups while overseeing decommissioning and consolidation of end of life-cycle and maintaining an ongoing inventory of old and new hardware for each location.
• Documenting the changes in change management tickets. Assisted an enterprise-wide virtualization effort, overseeing vendor/hardware qualifications, architecture/design, installation, configuration, migration and documentation. Reduced the company’s server hardware footprint by 60% leading to savings in power and cooling.
• Documented and suggested changes to SLA’s of the 3MEF tenant commands.
• Assisted in updating the Confidential change control policies.
• Provided on-site server support Automated Logistics Management Support System (ALMSS) used by USMC to sustain global depot level logistics for Command and Control, Intelligence, Surveillance and Reconnaissance (C2ISR) programs.
• Evaluated and developed tools for operating system, database management system, and network security testing as well as data analysis, incident tracking, and reporting.
• Establish, maintain and monitor complete identity management, including authentication, access to systems and data, define specific access to network, files and database management systems. Systems include Active directory and SharePoint farm.
• Delivered weekly reporting on server outages and usage to management.

Confidential, Fairfax, VA

Web Hosting Support Engineer

Responsibilities:

• Configured, maintained and supported Confidential Web Gateway (MWG).
• Monitored, interpreted and investigated network intrusion alerts for both Network and Host-based systems using Arcsight and Nitro SIEM.
• Provided support for email and helpdesk generated tickets concerning security risks such as computer virus infections, phishing attempts, spam, social engineering and crisis management
• Provided support for distribution of Confidential VirusScan Enterprise and AntiSpyware Enterprise DAT updates.
• Coordinated and assisted with resolving potential conflicts within Confidential ’s File Integrity Management (FIM) system.
• Configured, maintained, and monitored Forward Proxy vs Reverse Proxy.
• Lead the design and operation of specific compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
• Planned and assisted rolling out of Confidential ePolicy Orchestrator servers and Agents.
• Performed access control, incident management, training for property security.
• Drafted incident case reports, collected background info and evidence from statements during investigation and uploaded data into proper management information system for proper processing.
• Implemented and modified Group Policy for multiple domains to align them to Confidential and corporate standards.
• Supported web gateway by filtering by reputation, expression, and category.
• Assisted in several HIPPA and security audits to confirm that the account was aligned with state and federal standards.
• Design and implement security processes and procedures and perform cost benefit analysis on all recommended strategies.
• Assisted the information technology director in creating company policies and procedures governing corporate security, email and Internet usage, access control, and incident response.
• Collaborated with concerned stakeholders for legal, regulatory, security and compliance updates.
• Analyzed business unit compliance with enterprise standards, legal, regulatory and contractual obligations, provide feedback and coaching to business units, and report to the Corporate Risk Council, Executive Management and other stakeholders about the status of compliance across the organization.
• Protected vulnerable networks following detailed risk assessments.
• Guided cross-functional teams in the design, validation, acceptance testing and implementation of secure, networked communications across remote sites for several key clients.
• Supported the design, implementation, operation and maintenance of security applications and tools based upon the established security architecture.
• Created and executed program process to ensure plans are updated and reviewed following Confidential 800-53.
• Deployed and maintained security monitoring tools including SAINT Security Suite, Tenable Network Security Nessus, SolarWinds IT Management Software & Monitoring Tools, Nessus, Acunetix web vulnerability scanner, Tripwire File Integrity Monitoring, IBM virtual security operations center, and Websense.
• Conduct analysis of malicious events and known exploits/vulnerabilities for the creation of custom signature rule sets for the accompanying modules, as necessary.
• Perform troubleshooting of local and remote installation of HBSS components and deployment of HBSS modules and policies.
• Administered change management, uploaded and tracked DIACAP artifacts into eMASS and created Plan of Action and Milestone reports to ensure proper remediation methods.
• Oversaw full lifecycle documentation of accreditation process using Department of Defense Information Assurance Certification and Accreditation Processed and Platform IT requests.
• Performing VMware crash/error analysis, Root cause Analysis, Coordinate Post Problem Analysis and Trend Analysis.
• Managed web services, third party SSL certificates and general server configurations, including patch installation and web server security in Windows and Linux environments.
• Managed acquisition, implementation, deployment and ongoing administration of data loss prevention systems.
• Developed information security training modules for annual employee completion and lead weekly training sessions for newly hired employees.
• Performed daily maintenance and monitoring of anti-malware, vulnerability scanning, web proxies, host and network based intrusion detection systems.
• Responded to client security audit questionnaires to detail compliance with contractual requirements and due care of industry best practices and regulations.
• Deployed and maintained security monitoring tools including Tripwire, Scriptlogic, SolarWinds, Websense, and IBM VSOC.
• Maintained the collection and retention or documentation and execution of remediation plans as agreed to with the IT Management Team.
• Identified potential areas where existing data security policies and procedures require change.
• Supported security system upgrades and installations; assist with and coordinate installations and changes to automated operations.
• Developed ad-hoc reports for management regarding metrics/compliance.
• Identified potential areas where risk existed following the Microsoft’s threat modeling process (STRIDE/DREAD).
• Ensured that each standard/supporting policy fully and accurately supports the master policies.
• Maintained network security posture through patch maintenance, ensured virus definitions were current, testing of the disaster recovery plan and implemented security policy and virus protection.
• Established and maintained documentation of technologies, standards, and in-house operation procedures while ensuring IT enterprise framework aligned with organization goals and procedures.
• Established, maintained and monitored complete identity management, including authentication, access to systems and data, define specific access to network, files and database management systems. Systems include Active directory, RACF, Exchange 2007, Office Communicator, MCS Oracle, and CISCO VPN.

Confidential, Fairfax, VA

Information Management Analyst

Responsibilities:

• Managed quality assurance of web design projects, including usability, accessibility, testing and debugging, image creation, optimization and section 508 compliancy.
• Installed, configured, and updated workstations hardware/software and Windows Operating Systems and all related hardware and manage trouble calls by logging, prioritizing, user follow-up and customer.