We provide IT Staff Augmentation Services!

Director / Sr. Cyber Security Consultant / Architect Resume

5.00/5 (Submit Your Rating)

Santa Clara, CA

EXPERIENCE SUMMARY:

22 years of experience in Enterprise Information Security, Cyber Security and Compliance Architecture, Planning, Designing, Re - Engineering, Implementing, and Deploying Industry Security Solutions, Enterprise Security Risk Assessments, Policy and GRC Framework Development, Data Privacy & Protection, Application and Infrastructure Security, Cloud Data and Cloud Application Risk Assessment, Enterprise Threat Modeling, Detention and Vulnerability Management, GRC Strategic Alignments of Business Objectives, Regulatory and Legal Obligation and Road Mapping, Pre and Post Cyber Security Internal and External Audits, Vendor & Business Partner Security Risk Assessments.

KEY AREAS OF EXPERTISE:

  • Cyber Crimes & Countermeasures for Protection
  • Cyber Security & Data Privacy & Protection
  • Cyber Security Incidents, Investigation & Litigation
  • Cyber Ransom Attacks, Investigation & Litigation
  • Legal Regulatory Compliance & Internal Audits
  • Corporate, InfoSec, Legal and Regulatory Policy Alignments
  • SOX 404, HIPAA, PCI-DSS, Readiness Expert
  • New York State NYCRR 500 Cybersecurity Audits & Compliance
  • Symantec Control Compliance Suite 11 Planning, Deployment & Assessment
  • Integration of ISO 27001, NIST, COBIT, NIST, NIST Cyber security Framework, and PCI - DSS 3.13
  • Security Controls & Mapping into RSA Archer GRC, RSAM GRC, ServiceNow GRC Compliance Tools
  • Reviewing Corporate and Security Compliance Policies
  • Cloud Vendors & Partners Risk Assessment & Compliance
  • Vendors & Partners Cybersecurity Compliance Contractual Legal Agreement
  • Knowledge of ISO 27000 frameworks, BITS SIG, NIST, or COBIT/SOX IT control testing
  • Enterprise Infrastructure Security Risk Assessment Audits
  • Enterprise Infrastructure IT Strategic Planning
  • Open Web Application Security Project (OWASP) Top 10 Vulnerabilities Detection
  • Web Application SDLC Secure Development, Code Review and Pen Testing
  • Web Application Vulnerabilities Mitigation / Management
  • IT Infrastructure Network Vulnerabilities Mitigation / Management
  • Enterprise Systems (Mission-Critical Servers) Vulnerabilities Mitigation / Management
  • Cyber Security Threats Modeling Planning, Development and Case Testing
  • Securing AI Platform (video/audio/infrastructure)
  • 3rd Party Independent Audits and Risk Assessment
  • Regulatory Compliance Readiness & Preparation
  • Application Security Assessment & Audits
  • Network Security Assessment and Audits
  • System Security Assessment and Audits
  • Database Security Assessment and Audits
  • Enterprise Infrastructure IT Strategic Planning
  • Technical Writing and Authoring Technical Program, Procedures and Plans
  • Authoring and Development of IT Security Policy, Procedures, Standards and Guidelines
  • Business Continuity Planning Development & Testing
  • Disaster Recovery Planning Development & Testing
  • Incident Handling Planning Development & Testing
  • Crisis Management Planning Development and Testing
  • Security Policies Mapping, Cross Check and Identify Security Controls IT Governance Framework Development (Security Polices, Procedure, Standards, and Guidelines, Best Practice and Awareness Program)
  • Database Protection and Encryption Planning / Integration and Deployment
  • Security Systems Administration / Support
  • Vulnerability Management
  • Wireless Network Security Audits (802.11a, b and g)
  • High Level Data Encryption / Cryptography
  • Development IT Security Policies, Standards, & Guidelines
  • IT Security Penetration Testing
  • Technical Writing & Document Development
  • Network / Host Based IDS Administration / Monitoring
  • SIEM Log Management
  • Windows Vista/ 2003/2008 Server Administration & Support
  • IT Business Impact Analysis (BIA) Audit
  • VMWare ESX Server Systems Designing, Planning & Support
  • IT Security Project Management
  • Develop Security Awareness Programs Specific to Business Units
  • Technology and Security Products Evaluations / Testing
  • Active Directory (AD) Infrastructure Planning (FSMO Rules, GPOs, OUs, Group Policies)
  • Internal IT Workflow / Change Control Planning and Audits

SECURITY PRODUCTS & SOLUTIONS:

Compliance Product: RSA GRC Archer Suite, ServiceNow GRC, RSAM GRC, Symantec Control Compliance Suite 11 (CCS)

One-Trust GRC Compliance Tools:

Regulatory Security Standards: ISO 27001 ISO 27002, ISO 27034, SOX 404, PCI-DSS v.3.2, GDPR, HIPAA, HITECH, NERC CIP, GLBA, MARS-E, FISMA - NIST 800 Series 53/54/167/145/50/40/82/64 , IRS 1075, DOD 8570 COBIT 4 and COBIT 5, ISACA RISK IT,, Federal Information Processing Standards Publications (FIPS PUBS), National Institute of Standards and Technology (NIST-800 Securities Series PUBS), FDA Security Standards, ISO 27000 Information Security Management Risk and Controls/ Preparation

Web Application Security/VM: IBM- App Scan (WatchFire), Accunetix, HP Web Inspect (Spy-Dynamic), Fortify, Rapid 7 Metasploit Pro and Express

IT Infrastructure Security/ VM: QualysGuard Scanner/ GFI LanGuard Scanner, Super Scanner, Nmap Scanner, Nessus Scanner, Rapid 7, CyberCob Scanner, Internet Security Scanner, Nexpose Scanner, Retina Scanner, Tiger Tool Suite, Encase

Threats Countermeasure Solutions: Check Point Endpoint Security, Check Point Pointsec Mobile, Symantec Endpoint Protection, Symantec Control Compliance Suite (Policy Enforcement), Symantec Security Information Manager (Log Management), Barracuda Web Application Firewall, Check Point Web Intelligence (Web Application Firewall), Imperva SecureSphere Web Application Firewall, Imperva SecureSphere Database Firewall (Database Firewall), Imperva Database Activity Monitoring, Imperva File Activity Monitoring, VMware ESX Server Virtualization, Websense Web security, and DB Protect, Protegrity Database Protection and Security, TriGeo SIEM Log Management Appliance. Cisco IDS/IPS, Palo Alto Firewalls, Ironkey USB Flash Drive Enterprise Solution, Damballa- Fail-Safe Malware Detection, IBM QRadar SIEM Threats Monitoring, FoundStond Vulnerabilities Scanner, Nessus Vulnerabilities Scanners, HP Project Portfolio Management, HP IT Service Manager, ForeScoute- CounterACT 7.0 Network Access Control (NAC).

Firewalls & VPN: Cisco ACS, RSA SecureID, Cisco PIX / ASA, Check Point NGX, Juniper Netscreen NS-25/NS50, Firebox III, MS ISA Proxy 2004/ ISA 2006/ Microsoft Threat Management Gateway (TMG), 2FA and 3FA

PROFESSIONAL EXPERIENCE:

Confidential, SANTA CLARA, CA

DIRECTOR / SR. CYBER SECURITY CONSULTANT / ARCHITECT

Responsibilities:

  • SOX 404, HIPAA, PCI-DSS, EU-GDPR, Readiness Expert
  • California Consumer Privacy Act (CCPA)
  • Enterprise Infrastructure Security Risk Assessment Audits
  • Enterprise Infrastructure IT Strategic Planning
  • Open Web Application Security Project (OWASP) Top 10 Vulnerabilities Detection
  • Web Application SDLC Secure Development, Code Review and Pen Testing
  • Web Application Vulnerabilities Mitigation / Management
  • IT Infrastructure Network Vulnerabilities Mitigation / Management
  • Enterprise Systems (Mission-Critical Servers) Vulnerabilities Mitigation / Management
  • Cyber Security Threats Modeling Planning, Development and Case Testing
  • 3rd Party Independent Audits and Risk Assessment,
  • Regulatory Compliance Readiness & Preparation
  • Application Security Assessment & Audits
  • Network Security Assessment and Audits
  • System Security Assessment and Audits
  • Database Security Assessment and Audits
  • Enterprise Infrastructure IT Strategic Planning
  • Technical Writing and Authoring Technical Program, Procedures and Plans
  • Authoring and Development of IT Security Policy, Procedures, Standards and Guidelines
  • Business Continuity Planning Development & Testing
  • Disaster Recovery Planning Development & Testing
  • Incident Handling Planning Development & Testing
  • Crisis Management Planning Development and Testing
  • Security Policies Mapping, Cross Check and Identify Security Controls IT Governance Framework Development Security Polices, Procedure, Standards, and Guidelines, Best Practice and Awareness Program)
  • Database Protection and Encryption Planning / Integration and Deployment
  • Security Systems Administration / Support
  • Vulnerability Management
  • Wireless Network Security Audits (802.11a,b and g)
  • High Level Data Encryption / Cryptography
  • Development IT Security Policies, Standards, & Guidelines
  • IT Security Penetration Testing
  • Technical Writing & Document Development eGRC lifecycle planning and Integration of ISO 27001, NIST and PCI - DSS 3.13 Security Controls & Mapping into RSA Archer GRC, RSAM GRC, ServiceNow GRC Compliance Tools.

We'd love your feedback!