Information Protection Manager Resume
SUMMARY:
- Highly experienced, enterprise - level, Information Technology Director.
- Departmental leadership and oversight
- Independently researching blockchain technology.
- Keen interest in developing capabilities
- Exceptional interpersonal and communication skills with demonstrated ability to achieve consensus among multiple stakeholders.
- Well known for establishing strong relationships between customers, operators, and management.
- Laser-focused on customer care. Widely acclaimed for exceptional service and responsiveness.
- Responsible for encryption availability for a Confidential 100 enterprise.
- Highly regarded for ability to analyze, understand, and to easily communicate complex information.
- Responsible for information management, system analysis, and operational security initiatives for a 30,000 user organization. Personally developed and scripted numerous, valuable solutions for the most intractable problems.
- Demonstrated, repeatable ability to identify, develop solutions for, and sustain order-of-magnitude improvements in cyber security automation and general business processes. Renowned for creating disruptive solutions that re-define large-scale business workflows.
- Deep experience in developing, managing, and auditing Key Performance Indicator Dashboards.
- Extremely capable at conducting Subject Matter Expert (SME) and customer interviews and communicating user requirements to technical staff. Extensive experience modeling workflows across disparate departments into cohesive Use Cases.
- Results oriented with a strong passion and ability for Business Process improvement and requirements elicitation.
- Extensive API experience integrating data across disparate platforms.
COMPUTER LANGUAGES, PROGRAMS, PLATFORMS:
- IBM Blockchain Foundation for Developers by IBM on Coursera
- Solidity, Hyperledger Composer
- PowerShell, Python, jQuery, JavaScript, JSON, HTML5, CSS3, BPMN, BPEL, UML, AJAX, XML, KML, PHP, Perl, multiple API’s, Google Visualization, UX / UI, SPServices, SVG, VBA, Java, C/C++/C#
- XCCDF, OVAL, SCAP, NESSUS, ACAS, CRM, flot.js, Raphael.js, AgileCRM, Zapier, Enterprise Architect, SOAP / web services, GIS
- SQL Server, SSRS, SSMS, SSIS, Reporting Services, Visual Studio, Sharepoint Designer ( ), Sharepoint 2007/2010, MySQL, MS Office, SaaS, PaaS, MS Project
PROFESSIONAL EXPERIENCE:
Confidential
Information Protection Manager
Responsibilities:
- Accountable for Confidential ’s Public Key Infrastructure (PKI)
- Eliminated unplanned outages due to expiration
- Member of team establishing an internal PKI based on MS Active Directory Services
- Developed and maintained Application Programming Interface (API) for PKI automation
- Data-in-flight encryption SME for external information security audits
- Developed RESTful microservice for PKI automation
- Designed and developed interfaces between company systems, Venafi Trust Protection Platform management software, and Authorities (CA)
- Consulted as PowerShell SME by other enterprise departments
Confidential
Virtual Application Security Consultant
Responsibilities:
- Contract Virtual Application Security Consultant / Confidential Engineer for Confidential . Supported Confidential ’s Federal Compliance Initiative for vRealize Automation (vRA), VRealize Operations Center (vROps), vCenter Server Appliance, vRealize Log Insight, and Confidential Identity Management
- Contracted to analyze product components, identify security issues, create Requirements / Vulnerability Discussion / Check / Fix Content for Vendor-developed STIGs
- Conducted application security analysis and developing STIGs from Cloud Infrastructure / App Server / Web Server SRG’s for HAProxy (load balancer), lighttpd (web server), VAMI (virtual appliance), TC Server (Apache Tomcat derivative), identity management, and Information-as-a-Service components
- Develop bash commands for Confidential assessors, determine applicable SRG Rules, analyze interactions between system components, advise on requirements to secure component configuration files
- Developed OVAL content for automation of product security hardening with OpenSCAP toolset.
Confidential
Virtual Appliance / Network Storage Security Consultant
Responsibilities:
- Supporting security hardening delivery requirements of equipment for US federal and commercial customers
- Analyze product components, identify security issues, create security documentation, and develop configuration procedures for Confidential field installation personnel
- Assessing effectiveness of existing Confidential hardening automation.
- Advise on improvements where necessary
- Conducting application security analysis and assessing security posture for numerous products across Confidential product line including network storage devices, vApps, virtual networking systems
- Develop bash commands for customer’s security assessors, determine applicable SRG / Confidential Rules, analyze interactions between system components, advise on requirements to secure component configuration files
Confidential, Newport News, VA
Cyber Software, Information Assurance Analyst
Responsibilities:
- Product manager and primary developer / maintainer of software tool suite that has reduced Confidential assessment labor requirements for a 200 mixed-host system-of-systems by 90%.
- Tools have been explicitly demanded by Confidential in accordance with contractual obligations.
- The suite of tools provide end-to-end automation of the IA business process. Included are automated Confidential compliance checks (85% automation of Windows, 75% automation of Linux), metadata referential integrity checks, vulnerability file aggregation, maintenance of current system vulnerability status, integration with SCAP data, version control for vulnerability updates from DISA, and reporting. Reporting of all types are supported; from ad hoc to Confidential POA&M.
- Presented tool, at request of local management, to senior Confidential Cyber leadership as a company-wide, step-change differentiator. Subsequently requested to investigate developing a continuous-monitoring, RMF variant.
- IA Section business process developer.
- Re-defined business processes and re-aligned section resources to maximize IA productivity.
Confidential, Newport News, VA
Information Assurance Analyst
Responsibilities:
- Responsible for developing scripts that improve Information Management and data integrity for the Information Assurance team of the Confidential Air Operations Center Weapon System (AOCWS) 10.2 development project.
- Developed Windows Confidential -compliance automation program (OSCR). Combining PowerShell, .NET, XML parsing, XCCDF, Linux bash, Confidential, PuTTY, SQL, SCAP, Confidential Viewer, and other DISA tools, the tool has significantly reduced IA labor requirements and improved project data integrity.
- Developed procedures for enhancing communication, coordination, and collaboration amongst IA team members to continuously improve data integrity metrics.
- Developed PowerShell utility (PARVATI) for automated Business Rule compliance. PARVATI monitors IA information flow to ensure external and internal data consistency with overall project metadata.
- Developed UNIX / Linux Confidential -compliance companion (SONAR) to OSCR. SONAR is a bash script adjunct that automates manual compliance checks for Linux machines.
- Revamped and improved information management process of IA department. Confidential units external to AOCWS; e.g., Joint Stars, GCCS-J, etc.; have requested briefings on the combination of scripts, programs, and procedures that have dramatically improved Confidential IA data management.
- Supervision of Scripting and Automation team members for project IA section.
- Confidential Cyber Division exercised hiring clause in temp-to-hire contract.
Confidential, New Orleans, LA
Consultant, Information Assurance and Decision Support Analytics
Responsibilities:
- Designed and implemented access control security policies and procedures in advance of HQMC C4I Cyber Command Readiness Inspection (CCRI). The new policies enforce least privilege and implicit denial doctrinal guidelines in accordance with DoDI 8500.01, March 14, 2014. Created documents to educate, monitor and evaluate compliance.
- Reviewed system configurations to ensure compliance with security requirements and compliance with SECNAV INST 5211.5E, Department of the Navy (DON) Privacy Program. Discovered and rectified numerous breaches. Investigated and reported violations of established standards, guidelines, policies, and procedures. Provided risk assessment recommendations to senior leadership to mitigate Information Security risks in accordance with DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), March 12, 2014.
- Developed and implemented a Decision Support System for USMCR Headquarters. System provides executive-level dashboards and KPI scorecards to enable strategic monitoring of all major Events (deployments, exercises, community relations events, etc.) for Marine Forces Reserve (MFR). Responsible for architecting and implementing Role-Based Access Control system to ensure Confidentiality of sensitive Personally Identifiable Information (PII) in the system.
- Primary architect and developer of SIPR SharePoint knowledge and business operations portal. The system provides a one-stop-shop Communication, Collaboration, and Coordination environment to integrate MFR operations with all higher-headquarter strategic initiatives.
Confidential, New Orleans, LA
Director, Information Assurance and Knowledge Management
Responsibilities:
- In-Uniform Director of Information Management for Marine Forces Reserve. Regularly produced and conducted briefings to flag-level officers to provide status of ongoing initiatives and recommend future direction.
- 10+ years of experience in all aspects of architecting, securing, selecting, and implementing appropriate information technology solutions across an enterprise. Responsibility for ensuring Confidentiality, Integrity, Availability, Authentication, and Non-Repudiation of enterprise data. Responsible for ensuring corporate compliance with DISA IA requirements. Successful implementations of secure macro- and micro-scale data portals, dashboards, scorecards, and other visualizations to facilitate seamless information integrations across institutional and functional boundaries.
- Provided direct leadership and supervision of IT department for a 3,000 member organization. Presented department status and critical issues to senior leadership. Primary point of contact for & Accreditation process for new applications. Responsible for Information Assurance requirements for organization. Responsible for department performance reviews and mentorship. Created department procedures and conducted appropriate . Monitored work schedules and assigned duties.
- Identified a need for a scheduling and payment system (FORUM) for an aviation command. Acquired funding to analyze business inefficiencies, specify system components, and develop 3-tier, MVC application. Developed robust Role Based Access Control mechanism utilizing Public Key Infrastructure (PKI) system. Responsible for application hardening against SQL Injection, Session Hijacking, and Cross-Site Scripting (XSS) attacks. Users reported an improvement of payment from 2 weeks to 2 days. System enabled significant organic growth of the parent unit.
- Designed, scripted, and implemented task management tracking system for MARFORPAC. Ensured compliance with DISA Confidential requirements for web application hardening during development phase. Successfully managed the and Accreditation to enable the application to be placed in production environment. Participated in Configuration Management Control Board.
- Hurricane Katrina exposed a critical gap in the Continuity Of Operations Plan (COOP) for the New Orleans based command. Selected to lead an inter-departmental team to architect, specify, and document a Contingency Collaboration System (CCS) to provide uninterrupted command and control functionality under all conditions. Provided IT-related input for Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). The CCS functioned perfectly during two subsequent hurricane evacuations.
- Enterprise-wide business re-organization effort (FSRG) lacked an effective collaborative working environment. Led cross-functional working sessions to convert business requirements into functional and detailed system requirements. Created common data warehouse that included data input forms and KPI dashboards. System provided primary means of HQ staff tracking of Plans Of Action & Milestones (POA&M).
- Developed and promoted groundbreaking client-side data retrieval and charting mechanism using SPServices. Developed enterprise policies for Change Management of applications built upon this stack. This technique revolutionized and systematized development of business applications.
- Primary command-wide developer of executive dashboards, and KPI scorecards. Business purposes include executive metrics analysis, near real-time system monitoring, project management, and disaster management. Technologies include jQuery, SQL, Timemap, Google jsapi, XML, KML, json, MVC, HTML5, CSS3.
- Existing request system (OSTR) was an antiquated, email-based process. Led the alignment of process, products, and people. Specified and developed a Sharepoint-based system to integrate requests, approval processes, staff action, and archiving functions. OSTR provides an ArcGIS-based interactive map for input and visualization of request status. Completion cycle of requests decreased from 3 months to 3 days.
- Critical aviation logistics function lacked an effective system to manage core business data. Using agile methods, in a four-week period developed a SIPR-based prototype (AES) to provide immediate relief. The initial success and subsequent improvements of the software resulted in displacement of the $1.6B incumbent program, TBMCS, for a five-year period. The program improved operational efficiency by 50%. Program included unique dynamic spiral chart for time-of-day metrics / analysis.
Confidential
Owner
Responsibilities:
- Founded, grew, and sold SaaS business.
- Designed, developed, and marketed proprietary B2B, map-based, CRM SaaS for independent sales associates. The system provides an affordable, first-in-class system to import leads, geocode leads to a map, schedule visits, assess prospects, and monitor follow-ups with prospects. The CRM integrates with BrainTree Payments Gateway, GMail / GCalendar, SaaSquatch referral program, FreshDesk help desk system, and multiple leads sources. Responsible for ensuring PCI compliance. P&L responsibility for CRM.
- Consulted with Regional Executive Director of Business Network International (BNI) to create KPI dashboards using Google Visualization API. Created a data platform that conducts Extract Transform and Load (ETL) operations from a standardized XML report. Client data analysis overhead reduced from 4 hours to 20 minutes.
- On site consulting with local Chamber of Commerce to conduct business process analysis and improvement for their external communication, CRM, and data architecture needs. Provided cost estimate data for project budgeting.
- Developed and implemented all aspects of a digital Marketing Automation campaign for a B2B SMB client to collect and analyze 15 separate data points on their entire list of contacts in a SaaS CRM. Campaign enjoyed a 33% open rate and 25% compliance rate with the intended data collection requirements.
- Significant experience with 3 rd -Party, cloud-based, Platform as a Service (PaaS) vendors. Vetted and selected PaaS vendor to develop production codebase for in-house CRM. Provided project management, budget, and scope control. Project delivery schedule reduced 25%.
- Provided on-site consultation with DoD vendor to assist their RFP for an IT consulting contract. Vendor was the successful bidder.
Confidential, Pensacola, FL
Simulation / Modeling Engineer
Responsibilities:
- Created and analyzed gigabyte-scale scientific data sets. Company-wide Subject Matter Expert for visualizing and analyzing Big Data.
- Modeling and Simulation Engineer for a nylon manufacturer. Primary focus was Computational Fluid Dynamics (CFD). Identified significant process safety issue (U-238 catalyst), resulting in estimated $10M savings.
- System administrator for UNIX supercomputer for company modeling & simulation department. Responsible for patch management and remote user access control.
- Lead Mechanical Engineer for Research and Development (R&D) department. Responsible for O&M budget.