SUMMARY:

Information Technology professional with extensive experience in a broad range of Cyber Security domains including Security Architecture and Design, Application Development Security, Information Security Governance and Risk Management, Operations Security, Digital Forensics and Malware Analysis and Telecommunications/Network Security. Experience in the synthesis of business strategies and the application of technologies to operationalize those strategies across commercial and federal government markets. Proficiency in consulting with CxO level clients and delivering business results. Experience in creating and implementing information security programs across multiple industries.

WORK EXPERIENCE:

Principal Security Consultant

Confidential

Responsibilities:

• Handled complex and detailed technical work necessary to provide comprehensive cybersecurity monitoring and threat detection within the organization. Identified and evaluated emergent cybersecurity threats and vulnerabilities as well as investigated and recommended appropriate corrective actions for information security incidents.
• Developed communications and training for information security awareness among all staff.
• Evaluated, architected, developed, implemented, communicated, operated, monitored and maintained information security technologies, security policies and procedures.
• Supported cross - functional and technically complex projects, often involving combinations of platforms and computing environments (e.g., host based, distributed systems, client server, Web, e-commerce) and technologies.
• Provided technical expertise and support to clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.
• Designed, evaluated, tested and oversaw the implementation of appropriate security methods, standards and control techniques, such as firewalls, intrusion detection software, data encryption, data backup and recovery, and develops and oversees the implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications).
• Participated in and maintained an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and data privacy to identify changes that will affect the company's information security policy, standards and procedures and recommended appropriate changes.
• Performed static and dynamic security application testing at a unit, functional, and system wide level within an agile software development environment;
• Implemented a SSDLC within various components of development; Performed end-to-end system and application security assessments;
• Translated assessment results into business requirements and communicated business impact and risk to executive leadership; Assisted with incident response; Conducted attacker-centric, software-centric and asset-centric threat modeling against systems, networks and applications; Conducted vulnerability training; Designed software security standards, guidelines, polices and procedures to meet ICD 503, NIST, ISO & COBIT, FISMA, HIPAA, PCI-DSS, FFIEC, GLBA, Safe Harbor, EU Data Privacy Directive, NERC CIP, etc; guidelines and controls;
• Acted as subject matter expert to software and network security issues on various company projects; Researched and understood new methodologies for exploiting system level, network level and web based applications;
• Created disaster recovery and business continuity plan; ; Implemented the security framework for mobile application development (Android and iOS);
• Conducted extensive penetration tests against information systems, mobile devices (hardware/firmware/middleware), computer/mobile applications and web applications; Held red team and blue team exercises/events.
• Provided appropriate & security assessments of SAP security and controls including design, testing, and delivery of security roles for named users and processes across multiple SAP platforms including ECC 6.0, HCM, CRM, BI and Enterprise Portal;
• Acted as a subject matter expert on all issues related to security for SAP;
• Collaborated with various internal teams and act as primary point of contact for testing evidence and documentation for SAP Access Controls; Conducted attacker-centric, software-centric and asset-centric threat modeling against systems, networks and applications; Conducted extensive penetration tests against mobile devices (hardware/firmware/middleware), mobile applications and web applications.
• Architected SIEM solutions to improve the security value, service management, and scalability for our clients.
• Possessed working knowledge of SIEM, threat trends and vectors, and IT/IS architectural design. Delivered robust SIEM designs and implementations.
• Worked closely with clients to understand the current and target state of the SIEM and insured effective and efficient incident identification, resolution and root-cause analysis leveraged through a productive implementation of multiple SIEM platforms.

Sr. Technical Director of Incident Response & Threat Management

Confidential

Responsibilities:

• Served as a key member of the Global IT leadership team and Cyber Security Leader to the organization with dual reporting to the board of directors and CTO;
• Provided leadership with vision and oversaw the management of an array of IT functions and Cyber Security groups;
• Designed and implemented multiple departments in alignment with corporate strategies;
• Worked with SVP and key stake holders in assessing organizational challenges and global trends, took long-term views of possibilities, made decisions and provided input to shape the future for the organization's transformational opportunities;
• Developed and implement an aspect of a global Cyber Security strategy and planned/oversaw the implementation, ensuring alignment with the company's overall strategy; Instituted a culture of motivation and inspiration by leading groups, teams and departments to achieve goals, build capacity to develop and innovate, and creatively manage challenges and changes; Partnered with the business at the VP level to align strategy, goals and objectives;
• Owned all internal and cross dependency interactions of function and was fully accountable for achieving financial, strategic, and operating objectives.
• Led and managed the definition and execution of the Incident Response Team;
• Led digital forensic investigations and malware analysis efforts;
• Determined appropriate participants and processes based on incident type, application area, etc.;
• Defined processes and procedures to ensure an effective and efficient incident management process;
• Directed in process definition for recording and producing management information related to the Incident Management process;
• Performed trending and analysis of incidents to proactively identify problems;
• Developed and maintained documentation associated with incident management processes and execution of the Incident Response Team;
• Planed and managed support for incident management tools and processes;
• Planed and managed support for incident management tools and processes;
• Collaborated, coordinated, and communicated across disciplines and departments;
• Ensured compliance with all applicable regulations and requirements; Held red team and blue team exercises/events.

Enterprise Security Architect

Confidential

Responsibilities:

• Provided leadership to ensure that the technological services met the present and future needs of all information security staff; recommended innovative Cyber Security strategies, direction, solutions, guidelines, and processes to leadership; provided realistic, data-driven recommendations to executives based on existing resources and leveraged resources to meet the organizations goals; identified and evaluated new technological developments and gauged their appropriateness for the organization;
• Facilitated communication and collaborative problem-solving among staff; advocated for the effective and efficient application of cyber security technology and technical services; built and maintained transparent and collaborative relationships both internally and externally;
• Managed multiple projects; provided direction on the integration of technology infrastructure, user support, administrative systems, and external access to support business goals;
• Provided creative leadership and a vision for a responsive and efficient customer-service-driven Information Security department;
• Designed, architected and implemented, analyzed and correlated events from security solutions/technology such as firewalls, IPS/IDS, security event management, anti-virus software, web and reverse proxies, data encryption, data loss prevention and other industry-standard solutions;
• Led digital forensic investigations and malware analysis efforts; Led the design and implementation of an in-house and commercial content protection solution for digital content and intellectual property,
• Conducted attacker-centric, software-centric and asset-centric threat modeling against systems, networks and applications;
• Implemented the security framework for application and mobile application development;
• Developed and implemented solutions to provide secure services, access controls, awareness training, and specialized controls in order for the organization to meet contract specific security requirements;
• Developed and enforced corporate information security policies and procedures;
• Appropriately maintained and demonstrated compliance with U.S. Federal, State and Local regulations including SoX, NIST, FISMA, HIPAA, HITECH, PCI-DSS, FFIEC, GLBA, Safe Harbor, EU Data Privacy Directive, etc; Assisted in winning key organizational contracts and ATOs;
• Succeeded in building corporate information security department from the ground-up;
• Managed departmental budget, vendors, and systems; Served as an internal information security consultant to the organization;
• Designed security policies and procedures based upon the NIST, ISO & COBIT guidelines and controls;
• Designed and implemented an organizational incident response program; Enforced adherence to established organizational information security policies and procedures; Initiated, facilitated, and promoted activities to create information security awareness within the organization;
• Performed end-to-end information system, application, web application and network security assessments;
• Developed and implemented internal and external security assessment procedures and processes;
• Translated assessment results into business requirements and communicated business impact and risk to executive leadership;
• Served as an internal auditor for security and risk related issues;
• Planned SoX audit engagements, identified inherent risks and control objectives, and drafted audit deliverables defined in the audit methodology.

Network Security Engineer

Confidential

Responsibilities:

• Installed, configure and maintain network services, equipment and devices;
• Supported administration of servers; managed all system back-ups;
• Planned and supported network and computing infrastructure;
• Managed user accounts, permissions and Anti-Virus;
• Oversaw software and network security;