SUMMARY:

• Insightful, results - driven IT security professional with over 13 years of experience & notable success directing public & private sector cyber security & infrastructure initiatives whilst engineering, analyzing, selling & implementing high tech solutions in support of business objectives. Excel at providing comprehensive secure network & systems design, analysis, infrastructure, security & operations & project management, penetration testing whilst executing the full organizations security, systems & software development life cycle.
• Proven ability to work independently and dependently within a business/client area and foster collaboration at the enterprise level to influence the strategic and technical decisions during all phases of a project. Demonstrated leadership skills and communication skills including conducting formal presentations to key decision makers at the executive level and grasping key client issues.

TECHNICAL SKILLS:

PLATFORMS: Microsoft (Windows Server, Exchange, SQL, SharePoint, Office 5, MIM, Active Directory ADFS, SSO, SCCM, WSUS Skype, Lync, Azure, Hyper-V) Linux (Red Hat RHEL, CentOS, Ubuntu, FreeBSD), Solaris (UNIX) Apple (MacOS, iOS) Android, VMWare (ESXi, vSphere, NSX), Hyper-V, Amazon (EC2, AWS, RDS, AMI, S3) Azure, PKI, ElasticSearch, Avaya PBX, MDM, MTP, Citrix, Sophos, Fortigate, Puppet, AppDynamics, PowerVault, Equalogic, EMC, StorageWorks, Novell (GroupWise, NDS), Cisco (ASA, PIX, Catalyst, IOS, NX-OS, ISA, WLC, Nexus, FirePower) SonicWall, WatchGaurd, Foundry, Palo Alto, GoogleApps, Odoo, SalesForce, Asterisk, NetApp, Veritas (NetBackup, BackupExec), SolarWinds (NMS), MRTG, APC PDU, Akamai, Unified Threat Management (UTM), Tableau, SAS, Raiser s Edge NXT, LAMP, DAS, RAID, PaaS, SaaS, IaaS, Jenkins, ALM, DBMS

NETWORKING: LAN, WAN, TIC, WLAN, VLAN, MAN, 802.1X, 802.11, VPN, NAC, TCP/IP, NAT, Ethernet, DNS, MPLS, VoIP, RADIUS, DNS, WAF, AAA, IPS/IDS, TFTP, DHCP, SNMP, SAN, NAS, DSL, T1, PRI, ICAP, BGP, OSPF, RIP, EIGRP, OC3, F5 (ASM), HIDS, NIDS, HA, IPSec, TIC, VCMTS, OSI, LACP, 802.1q Trunking, LUN, LDAP, QoS, SFTP, ACL, SIP, HSRP, VRRP, IEEE 802.11, H.323, PIM, IPAM, NTP, Fiber Channel (FC), VRF, VTC, SDN, HTTPS, FCoE, SDN

TOOLS: Centrify, McAfee ePo, Symantec, ATTIVO, SailPoint CSAM, IAM PowerShell, Splunk UBA, Tenable (Security Center, Nessus, LCE) Kali, Python, BASH, PERL, JavaScript (JS), STIGS, Group Policy, Retina, ForcePoint (WebSense Triton USC) SCAP, SNORT, WireShark, MetaSploit, nMap, CSS, FireEye, Encase, Varonis, GigaMon, Digital Guardian, DBProtect, OpenSSL, Cuckoo, XML, J2EE, .NET, JSON, Postini, Bro, Sourcefire, Tanium, Moloch, Threat Connect, Vormetric DSM, nShield HSM, Trend Micro, Cuckoo, UML, UI, UX, DLP RDP, SSH, VNC, CASB, Phantom, WMI, REST, HTML5, DDoS Shield, BigFix, AlienVault OSSIM, OAuth, SAML, OpenID, InfoBlox

PROFESSIONAL EXPERIENCE:

Confidential

Security Engineering III/ Security Architects

• Lead programs to develop, maintain, and govern the security architecture across the organization.
• Define, explain, and advocate security technology strategy.
• Collaborate with IT leaders and project managers to ensure progress towards security architecture alignment with project goals and requirements.
• Participate in enterprise architecture governance process to influence projects to align to enterprise security architecture standards, as well as to identify when it is necessary to modify the enterprise security architecture.
• Direct and conduct research on emerging security technologies in support of systems development efforts, and recommend security technologies that will increase enterprise security.
• Administering security tools, platforms & applications stack that protected On-Premise & Cloud infrastructures. Present captured metrics to executives demonstrating security posture, risk scores, budget planning and process review on a weekly basis. Maintain patch levels; perform vulnerability assessments & implement hardening baselines per STIG & USCB for all Linux, Windows & MacOS host systems. Leverage malware (APT) analysis to develop IDS signatures, rules & perform Root Cause Analysis (RCA) for Forensic incidents. Performed static & dynamic code review & security testing via OWASP tools & processes.
• Analyzes Decennial change and account requests for security impacts and provides recommendations to the 2020 CENSUS TI GPMO.
• Monitors and tracks security-related defects and resolutions; assigns tasks to the appropriate working group or individual. Coordinates and facilitates working groups and integrated process teams to achieve solution.
• Assists in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls for the 2020 CENSUS System of Systems (SoS).
• Focuses on communications and networking needs between Cloud and on premises Data Centers, and Cloud and Internet (VPN) users
• Interfacing with vendor and procuring enterprise security solution tools, preparing BOM, ensuring tools compaction with already deployed enterprise solutions e.g. Gigamon, DB Protect, InfoBlox, Oracle Enterprise Manager (OEM) Oracle Identity Management (OIM), Cylance, Tanium, TrendMicro, Attivo, Splunk, CrowdStrike, Oracle Enterprise Manager and all other enterprise tools.
• Enables continuous monitoring to proactively survey, monitor, and track security-related defects and the status of their resolutions to report to the 2020 US CENSUSGPMO.
• Provides guidance and best practices for the implementation of SoS to support the 2020 Decennial DOC.
• Provides expertise with Federal Requirements related to special classifications of data especially Title 13 and 26, FISMA, FedRAMP. NIST

Confidential

Information Risk Manager

• Assists in maintaining appropriate operational security posture for information systems and programs
• Designed and implemented secure TCP/IP networks. Performed security product testing, evaluation and configuration assessments.
• Designed and reviewed network security policies, plans, and network architectures of major financial services clients.
• Determined corporate risk management objectives, and business priorities.
• Prepared findings, corrective actions and security enhancement reports based on industry best practices. Conducted penetration testing including network scanning, war dialing, and configuration analysis, reviewed and validated client’s current IT environment, methodologies, procedures and technologies.
• Work with other information and physical security system security personnel, IT Operations and Enterprise Management System engineering teams and others to implement, refine and maintain an appropriate vulnerability and patch management security program
• Provides assistance for proposing, implementing, and enforcing information systems security policies, standards, and methodologies
• Supports CIO to ensure they are addressing current and emerging risks
• Assists with the management of security aspects of the information system and is assigned performs day-to-day security operations of the system
• Providing assistance to Business Owners and System Owners related to the program security assessments and continuous monitoring processes
• Assists in maintaining appropriate operational security posture for an information system or program
• Maintains current knowledge of relevant technology as assigned.
• Solution Architect for security and network tools, participating in BOM, designing tools based on organization requirements and standards, incorporating and integration review of tools like Sailpoint, Tivoli Access Manager (TAM), Oracle Identity Management (OIM), Oracle Enterprise Manager, PAM, Elasticashe, AWS dynamodb, (OEM) to align with enterprises solutions.

Confidential

Information Risk Manager

• Assists in maintaining appropriate operational security posture for an information system or program
• Work with other information and physical security system security personnel, IT Operations and Enterprise Management System engineering teams and others to implement, refine and maintain an appropriate vulnerability and patch management security program
• Provides assistance for proposing, implementing, and enforcing information systems security policies, standards, and methodologies
• Supports CIO to ensure they are addressing current and emerging risks
• Assists with the management of security aspects of the information system and is assigned performs day-to-day security operations of the system
• Providing assistance to Business Owners and System Owners related to the program security assessments and continuous monitoring processes
• Provides support to plan, coordinate, and implement IT security programs and policies
• Assists in maintaining appropriate operational security posture for an information system or program
• Perform risk assessments of policies, procedures, Business Continuity Planning, operational, physical, access control, asset classification, and compliance. Identify risks to data with security architecture review and risk analysis processes, and develop remediation plans to mitigate the risks. Assist in security awareness training program. Work with relevant personnel to evaluate new security technologies

Confidential

Senior IT Audit Consultant

• Extensively involved with Internet Security and Operational security including data privacy, monitoring and logging. Collaborate with senior Laureate IT staff and management to define expectations and technical goals for assigned technologies.
• Performed Root cause analysis, risk mitigation, analyzed security threats and security assessments. Responsible for Infrastructure security including Windows/Linux/Unix systems.
• Document design, implementation, and ongoing engineering approach. Define initial configuration of technologies and identify opportunities for improvement or optimization after technology burn-in period. Provide training and ongoing direction to staff analysts on how to utilize technologies for operational security practices.
• Act as a trusted adviser to line-of-business CISO and Director of Information Security. Mentor technical staff as necessary. All work tracked and managed via Scaled Agile Framework. Notable
• Developed the audit plan and performed the General Computer Controls testing of Information Security, Business Continuity Planning, and Relationship with Outsourced Vendors. Identified gaps, developed remediation plans, and advised IT director on the FISCAM/FISMA/SOX compliance activities and controls.
• Evaluated IT and business processes for effectiveness and efficiency, through obtaining an understanding of and documenting key business processes and internal controls.
• Review SSP, Risk Assessment reports, Contingency Plan, PII, PTA, PIA, SORN, Access Control policies, SOPs, Configuration Management Plan to identify gaps between documentation and IT Security policy and governance e.g. NIST and other industry standards.
• Liaised between in-house managers/IT department and External Financial and Operational Auditors
• Prepare audit scopes, audit report findings and present recommendations for remediating audit findings and system weaknesses.
• Design and Conduct walkthroughs, formulate test plans, test results and develop remediation plans for each area of the testing.
• Develop a Business Continuity Plan and relationship with outsourced vendors.

Confidential

FISMA Analyst/ISSO

• Participated in initial data gathering exercise for FISMA implementation in newly created system environments. Worked with ISSO to create and maintain validity of System Security Plan and Security Assessment Report. Responsible for system Plan of Action and Milestone Management (POAM).
• Ensure that NIST SP A control is met by verifying that C & A documentations are in place in accordance with organizational policy. These documentation includes: system security plan (SSP), Security risk assessment (SRA), Memorandum of understanding, Information technology contingency plan (ITCP), Privacy impact assessment (PIA), Active plan of action and milestone (POA&M), Additional responsibilities include assurance of vulnerability mitigation, training on C&A tools, supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
• Conduct risk assessment, and Incorporates threat and vulnerability analyses, likelihood assessment, Business Impact Assessment (BIA) and considers mitigations provided by security controls planned or in place. Conduct penetration testing and determine the appropriate steps required to correct weaknesses and deficiencies identified during the assessment.
• Ensured that management, operational, and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to federal guidelines (NIST ). This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.
• Review and report identified weaknesses from questionnaire responses to information system security officer (ISSO).

Confidential

Oracle DBA / Network Security Engineer

• Maintained with sys admin team 99.9% uptime of all systems & network devices
• Perform administrative functions to adjust the running MTS system, functions, which include monitoring the efficiency of the dispatcher and shared servers. Experienced using 9i, RAC on Windows NT and XP. Upgrade of the OWS to the Oracle 9i Application Server. Installed and configured the latest version or the Oracle 9i AS ver 1.0.2.2, including defining the destination or location of the file system, the group, and the schema prompts for 9i portal. Successfully configured the Oracle Label Security. Worked with a team of auditors on security and internal control requirements over Information system resources.
• Process configuration management requests to promote programs from the development and test environments into the production environment perform quality assurance audits, and follow-up with the completion of post implementation verification approvals. Coordinate the testing of applications with responsible managers, and report performance results.