SUMMARY:

Certified information systems security professional (CISSP) with more than 10 years of experience and expertise in it security management, it security architecture, and risk management. Demonstrates expertise in the establishing, implementing, and maintenance of large information security programs. Designs and implements tool - based vulnerability management frameworks that monitors and detects cybersecurity threats. Performs evaluations and selections of it security tools and implements it security systems to protect the availability, integrity, and confidentiality of critical information and information systems. A Highly skilled, dedicated, and passionate leader with excellent communication skills.

PROFESSIONAL TOOLS:

• JIRA & JIRA CONFLUENCE
• SPLUNK
• MS OFFICE SUITE
• TENABLE NETWORK SECURITY SUITE
• SYMANTEC ENDPOINT PROTECTION
• METASPLOIT
• ACTIVEGUARD
• TRIPWIRE IP360
• METASPLOIT
• WEBINSPECT
• HPFORTIFY
• NMAP
• SNORT
• BURPSUITE
• WIRESHARK
• RETINA EEYE
• CYBEREASON
• RAPID7 INSIGHT & INSIGHTIDR
• CISCO
• LINUX/REDHAT/SOLARIS/CENTOS
• SECURITY STANDARDS, FRAMEWORKS & BEST PRACTICES
• HITRUST
• HIPAA
• SOC (SSAE 16)
• FISMA
• CMS ARS
• NIST
• DIACAP/RMF
• DISA IASE
• ISO/IEC 27000
• PCI

EMPLOYMENT HISTORY:

Confidential, TOWSON, MARYLAND

InfORMATION SECURITY MANAGER

Responsibilities:

• As the first Information Security professional for SPHS I developed an Information Security program, which included selecting a security framework, designed short and long-term program roadmaps, as well as create a long-term budget forecast.
• Created a change management program including a Change Control Board. The introduction of change management included the implementation of a ticketing system and help desk online request portal.
• Introduced and deployed an enterprise-wide Endpoint Detection & Response tool (EDR) and light SIEM.
• Implemented, designed, and engineered the transition to a new enterprise-wide antivirus tool.
• Conducted organizations first HIPAA Risk Assessment.
• Created and implemented new policies, procedures, and instructional documents, including but not limited to an enterprise-wide incident response plan, acceptable use agreement, and password complexity policies.
• Gathered and presented security metrics to the governance committee and board of trustees.
• Presented an organization-wide televised Town Hall to guide and educate employees on security awareness in the work and personal endeavors.
• Devised an organizational-wide Information Security Awareness program and Awareness campaign.
• Established new hire and annual training for all users.
• Worked with a dedicated team to create and in corporate a new outcomes patient survey portal into our patient care regime. Surveys track, remind, and input patient wellness data directly into the patient’s health record allowing for the removal of paper components, streamlining and reducing overhead effort and risk.
• Assisted with the health system’s initiatives to meet Meaningful Use/Interoperability.
• Shaped the plan for a Single-Sign deployment and introduction of multifactor authentication.
• Designed and supervised Office365 migrations ensuring secure implementation standards
• Architected vulnerability and configuration scanning for the health system.

Confidential, Towson, Maryland

Senior Analyst, Information Security

Responsibilities:

• Led internal and external audits, including presenting audit results to stakeholders
• Supported certification/ATO audits, including evidence collection, interviews, and finding resolution
• Overhauled and administered vulnerability and configuration scanning in government and commercial healthcare environments
• Implemented security standards, including maturity assessments while detecting and eliminating gaps
• Built, deployed, and maintained servers and IT security tools
• Develop, execute, and maintain policies, procedures, and instructional documents
• Design and implement security architecture
• Gather and present security metrics to stakeholders
• Perform risk assessments and security approval prior to purchase and installation of new hardware/software
• Participated in the successful bidding for CMS contract awards.
• Executed vulnerability and configuration scanning architecture for varied healthcare environments
• Implemented continuous monitoring in compliance with US Department of Health and Human Services (HHS) rollout
• Configuration management and system hardening (SCAP)

Confidential, Woodlawn, Maryland

Information Security Analyst

Responsibilities:

• Designed and conducted regular audits of computer systems to determine if they are operating securely and that data was protected from both internal and external attack
• Created and conducted annual security training
• Handled security incidents including initial investigation, reporting to CMS program managers, and implementing recommended mitigation
• Prepared metrics and reports on intrusions and provided analysis to management
• Deployed, managed, and maintained a companywide vulnerability management tool as well as the vulnerability management and configuration management program
• Deployed log monitoring solution
• Analyzed collected system logs
• Implemented host intrusion detection system (HIDS) tool and activity monitoring solutions