Demonstrated background in IT Strategic & Operational Governance, Financial Management, Team BuildingSecurity Architecture, IT Security Program Development & Leadership, IT Project Planning & SchedulingTechnically adept, Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP) trained, offering 20+ years of leadership success and verifiable achievements leading program team members, executing security policy development/compliance monitoring procedures, delivering effective consultative advice on compliance projects and administering projects with immediate risk - avoidance results. Top performer with experience delivering leadership in a diverse corporate culture, network security architecture, program oversight, technology management, staff management and supervision, system risk analysis, compliance management, training and employee development plans.
KEY AREAS OF EXPERTISE:
- Security Architecture & Engineering
- IT Security Program Design
- Change & Config. Management
- Project & Delivery Methodologies
- Technology Management & Deployment
- Metrics Developer - Dashboards
- Standards and Quality Control
- Business Process Improvements
- Personnel Development
Information Technology Governance: Proficient at establishing governance framework that aligns Information Technology Strategy with Business Strategy in order to achieve the goals of the organization.
Security Architecture: Skilled in building secure networks following several industry standards, NIST, FISMA, HIPAA, FedRAMP, ISO 9000, ISO 27001. Adept at building security programs, security policy development, and security audits.
Change Management: Comprehensive knowledge of the process, tools and principles of change management with the ability to institute standards, stress configuration controls, create change processes, and monitor all change actions.
Team Leadership: History of collaborating with teams in order to maintain professional standards. Great ability to provide direction, leadership, mentorship, develop relationships and maintain favorable public relations. Employee satisfaction increases with fair assessment against goals and employee development. Shares performance success methodologies with peers.
Project Management: Strong project management skills with expertise in developing project plans, coordinating resources, supervising project teams, controlling budgets and managing delivery performance. Metrics skills include developing and delivering: progress reports, continuous improvements, project proposals, documentation, and gateway and final presentations.
Hardware: Cisco, Windows Server | Dell | HP | Apache
Operating Systems: Windows | Linux | Unix
Languages: Ada | BASIC | C* | COBOL | Fortran | JAVA | JCL | Pascal | Perl | PHP | RPG | SAS | Visual Basic
Databases: Oracle | DB2 | Microsoft SQL | Microsoft Access | PeopleSoft | Hyperion
Web: HTML | CSS | XML | Java Script
Applications: MS Office | MS Project | MS Visio | MS Exchange | MS Office 365 | PeopleSoft | SASS | Hyperion | McAfee | Symantec | Nessus | Box | Drop Box | IntraLinks
Senior Consultant, IT Security
- Forensics Review using Autopsy.
- Intrusion Detection Systems/Intrusion Prevention Systems.
- Vulnerability Scanning using: Qualys FreeScan, OpenVAS, Microsoft Baseline Security Analyzer (MBSA), Flexera PSI, Metasploit Framework.
- Designed and implemented NIST/FISMA compliant IT Security Program frameworks for two major customers. In addition, authored three Incident Response Playbooks for a third customer.
- Provide expertise in Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP).
- Documentation now includes updates for new technologies, testing frequencies, and lessons learned.
- Provide expertise on a variety of IT security topics.
- Managed exceptions to standards and conducted third-party assessments in the compliance tool, Archer. Baselined expected response times, which led to significant Vendor Management improvements.
- Various technical assignments: XML Insertion, built Shell code & CBD code list for DLP purposes, designed and executed Transition Plans with AIGBP, evaluated several cloud-based file-sharing products, led several clean-up efforts while at AIG, built outstanding PowerPoint presentations for the Director, etc.
- Provide expertise on IT security risks and practices.
- Evaluate security requirements against Gramm-Bliley-Leach Act for a financial/banking/insurance client.
- Evaluate existing controls for effectiveness; IT Audit methodology. Bolster Security Program, as needed.
Senior Manager/Associate Director, IT Security
- Build, staff, and optimize a comprehensive IT Security Program for Confidential ’s Space Shuttle Program. The program is to satisfy Federal requirements, be managed to: be reactive and proactive to threats as they develop, mitigate risks, and remain within budget thresholds.
- Program was so successful within the Mission Operations Directorate, it was embraced .
- The budget performance was also successful, leading to Confidential regularly awarding completion-form contract evaluation points for cost performance, while returning profits for the stakeholders that exceeded expectations.
- Managed a team of 40+ computer security officials, auditors, and investigators located in Texas and Florida. Controlled a $1.6M with oversight of $6.3M operational budget.
- Instituted IT Security policies and procedures.
- Conducted risk assessments; threat and vulnerability analysis. Developed risk remediation action plan database. Administered access controls. Monitored the application authorization repository, a role-based database. Maintained configuration management and change control.
- Generated security plans as well as plans for disaster recovery/continuity of operations. Conducted: penetration tests, IT audits, investigations, and annual security awareness training. Scheduled and delivered the certification and accreditation (C&A) packages to application owners, information owners, and Confidential Administrators for authorization to process. Coordinated Annual IT Audit Plan, covering 100% of the assigned infrastructure.
- Installed an Intrusion Detection System (IDS/IPS) to replace manual scanning of all network segments.
- Coordinated the Incident Response Team (Security Incident & Event Management (SIEM)).
- Ensured communications security (COMSEC).
Senior Security Engineer
- Provide AIS Security expertise to the small McDonnell Douglas team supporting the Confidential Space Shuttle Program (SSP) Office, and the Space Station Level II Systems Integration Office (SIO).