PROFESSIONAL PROFILE:

• Information Security - Information Technology - Software Development
• I am currently a Senior Information Security Architect at Confidential looking for an opportunity for change.
• My role recently has been formulating and executing on next-generation architectures and strategies to improve security maturity, including hybrid cloud, mobility, and identity & access management.
• Overall my career has spanned software development and IT with many years in information security.

PROFESSIONAL EXPERIENCE:

• Senior Information Security Architect with overall security architecture responsibility for the company
• Lead Security Architect on important strategic IT and security projects
• Experienced in researching and developing security requirements for new projects and technologies
• Development of security reference architecture, including capability map, high level architecture, capability maps, as-is / to-be states, roadmaps, security patterns/models
• Participation in IT/security architecture meetings, core/steering teams, committees, and planning processes
• Developing and executing security strategy with multi-year outlook
• Automating security processes (Policy Exceptions, Risk Management, Project Security Reviews, Third Party assessment, and others)
• Development of security policy, technical standards and guidelines
• Security Risk Management: risk assessment, business risk acceptance, risk reduction, risk process automation
• Dashboard and security metrics development and automation
• Security compliance and asset classification (self-assessments and automated compliance assessment)
• Strong understanding of security frameworks such as ISO 27001, ISF, NIST, SABSA
• Experience in managing smaller teams, managing staff, setting goals, monitoring progress
• Business case development, presentation to senior management, initiation of projects
• Relationship building and project execution in cross-functional model (cross-organization).
• Experience in security consulting, RFP response, pre-sales and statements of work (SOWs)

AREAS OF EXPERTISE:

• Senior Security Architect
• IT Expert, strong technology background
• Security Strategy and Governance
• Cloud Security Expert (Public, Private, Hybrid)
• Identity and Access Management (IAM) Expert
• Security Policy, Process, Procedure Development
• Staff Management / Leading Teams
• Business Case Development
• Cross-Functional Project Execution
• Security Consulting Experience
• Security Standards (ex. ISO 27001, ISF)

PROFESSIONAL / TECHNICAL SKILLS:

Security and IT Standards: ISO 27001, ISF, Integrated Architecture Framework (IAF), SABSA, ITIL

Technologies: OpenStack, VMWare, RSA Archer, CyberArk, Websense, Syslog-NG, McAfee Full Disk Encryption, Bit9, McAfee Anti-Virus, Juniper SSL VPN, Checkpoint Firewall, Safenet MobilePass, RSA SecurID, Qualys, Nessus, Snort, Microsoft Certificate Services (PKI), nCipher/Thales HSM, Syslog-NG

Electronic Discovery and Data Forensics: Encase, FTK, iCONECTnxt, iPRO eCapture, Concordance, FYI Reviewer

System Administration: MCSE, Windows/Active Directory, Linux, Solaris, IIS, Apache, MSSQL Server, MySQL

Software Development: Python, Perl, Visual C/C++, C#, VB.NET, ASP.NET, Java, JavaScript, PHP, HTML, CSS, XML

WORK HISTORY:

Confidential, Murray Hill, NJ

Senior Manager & Senior Security Architect

Responsibilities:

• Strong involvement / consulting on projects including: Vulnerability Management (Qualys), Data Loss Prevention (WebSense), Software Whitelisting (Bit9 Parity), Security Information and Event Management (IBM QRadar), SOC (Security Operations Center), Identity and Access Governance (IBM ISIG), Cloud Identity Service (MS Azure AD / Office 365)
• Member of “Cloud First” core steering team for cloud initiatives
• Development of 3-year overall security strategy and next-generation security architecture for cloud, mobility, BYOD, identity & access management on which we are currently executing
• Produced security requirements for projects researching best practices and industry standards
• Performed security and IT vendor selection (RFP process) and scoring of vendor RFI/RFQ/RFP responses
• Supported annual security compliance activities, data element inventory and asset classification
• Ensured that security was “baked-in” to business processes with appropriate checkpoints (projects, RFC’s, etc.)
• Performed security risk assessments and managed exceptions to security policy (risk management)
• Supervised a team of 2-3 security consultants working on the following activities
• Metrics/dashboard for business and security leaders aggregating different security metrics (risk management, compliance assessments, critical information protection, vulnerability scans)
• Security reference architecture, including high level architecture, capability map and service catalog
• Automating security processes (Risk Management, Security Reviews, Third Party Assessment, etc.)

Confidential, Eatontown, NJ

Director, Security Consulting Practice

Responsibilities:

• Led project to develop ISO 27001 compliant security policies and standards for a major client.
• Developed security policy for client regulatory compliance, including SOX, HIPAA, PCI-DSS, data privacy
• Performed consulting engagements in areas: Information Security, E-Discovery & Forensics. Including: Security readiness assessments, security policy development, penetration tests, e-discovery & data forensics
• Led a software solutions team developing web-based (e-discovery) solutions for clients
• Responded to RFP’s and developed statements of work
• Performed data analysis and report generation on very large (>1TB) data sets for clients
• Implemented secure access method for clients and consultants to access data center services and applications

Confidential, Warren, NJ

Senior Manager, Network Security

Responsibilities:

• Developed security policies and procedures
• Performed security certification of IT technologies before deployment
• Participated in architecture teams developing IT solutions and standards for Confidential
• Managed the Computer Security Incident Response Team (CSIRT) tracking computer security incidents to closure
• Developed security procedures for monitoring and incident response
• Delivered security training for the Network Operations Center
• Developed a security incident response toolkit and trained security operations staff
• Lead architect for the Security Incident and Event Management (SIEM) solution
• Led development of custom security software to scan 80,000 internal hosts for security vulnerabilities
• Led a project to collect and analyze 40GB of email log data daily
• Deployed a Public Key Infrastructure (PKI) based on Microsoft Windows Certificate Services
• Managed a 4-person team deploying RSA SecurID cards to Confidential employees

Managing Principal

Confidential

Responsibilities:

• Engagement manager, leading a team of 8 security consultants
• Worked on consulting engagements for major clients (security assessments, system hardening)
• Gave presentations of Confidential ’s Security Services to customers
• Developed RFP responses and statements of work
• Developed web applications on Windows 2003 Server, Microsoft SQL Server, IIS, ASP.NET
• Designed, developed and maintained security software used by over 10,000 employees for single sign-on (SSO)
• Administered Windows 2000 Servers, Linux, MS SQL Server databases and Microsoft IIS web servers
• Performed penetration tests of mission critical systems: Voice Mail, PeopleSoft HR database and Exchange
• Supported security investigations in technical matters
• Presented security topics at Confidential internal conferences

Confidential, Cranford, NJ

Software Engineer

Responsibilities:

• Software developer for control system handling ship-to-shore telephone calls.