- Over 18 years of professional experience in Information Security, with a broad range of skills including, but not limited to, Vulnerability Management, PCI Compliance, Risk, Incident Response, eDiscovery, Digital Forensics, HR / Corporate Security Investigations, and User Access Administration.
- Currently holds the following certifications: CCE (Certified Computer Examiner), CHFI (Computer Hacking Forensic Investigator); CISSP (Information Systems Security Professional), Qualys Certified Specialist, Oracle DBA OCA 10g, and ITIL Foundation. Currently pursuing CEH (Ethical Hacker). An undergrad with a Bachelor of Science in Organizational Security and Management/Criminal Justice (with Honors). A member of ‘The National Criminal Justice Honor Society’. Possesses a strong work ethic. Received several project and performance based awards.
Sr. Information Security Analyst for Information Security ComplianceResponsibilities:
- QualysGuard Administration, scanning, reporting, vulnerability assessments, and lifecycle management for two legacy airlines ( Confidential & US Airways) as result of a merger. PCI Compliance scanning, reporting, and governance of related CVSS score/remediation policy. Takes part in yearly PCI assessment in support of PCI DSS. Works closely with Threat Intel team in the review of US - Cert alerts, research of CVE’s, and providing actionable intelligence. Involved in preliminary discussions surrounding GDPR (General Data Protection Regulation).
- Additional functions include integration with Brinqa (Vuln Mgmt Platform), use of RSA Archer eGRC to maintain DR (disaster recovery), and identify application owners. Incorporated the Agile methodology through the use of Rally for projects. Planview used for timekeeping. Extensive use of SharePoint
Database Analyst for Technology InfrastructureResponsibilities:
- Member of the Citi Technology Infrastructure group as part of the Desktop Standardization Initiative. Responsible for gathering requirements from the business for new reports and tool functionality, reviewing and researching existing reports and data for broken links, as well as, other inconsistencies within conversion automation tool. Create and update documentation and reports to be posted on Sharepoint, with functions as a Sharepoint owner.
- Work closely with developers to resolve findings and recommend improvements.
- Perform testing before moving any changes to production. Reviewed/updated policy information in Archer.
- Pull ad-hoc data for migrations and other projects as needed, as well as pivot tables. Utilizes MS Access, SQL, MS Office 2007, and Sharepoint. Use Planview Enterprise 9.0.1 for projects and time keeping. Thin Client office connectivity and Citrix remote access. Extensive use of MS Office. Trained other contract staff.
- Migrated two sites into one - IBM/ISS Site Protector
- Evaluated NetIQ Security Manager for 3 months as potential tool replacement
Network Security AnalystResponsibilities:
- Department contact for Audit related inquiries.
- Initiated, coordinated, and participated in Websense cleanup project using Active Directory groups vs. by user acct.
- One of a handful of people in the company on a pilot team to demo and evaluate new security tools, such as Configuresoft Enterprise Configuration Manager; Arcsight and Symantec security monitoring tools; McAfee Foundstone Scanner; and IDS/IPS products.
- One of 3 contacts in the company that creates Entrust certificates for the various IT depts.
Sr. Application Security Analyst
- Created templates for company job titles, as well as maintaining a template database with network access requirements and badge access requirements identified by job title.
- Worked with other technical groups and developers to have tasks streamlined and to give recommendations for process and tool modifications.
- Became the dept. contact for internal/external auditors.
EDI Data AnalystResponsibilities:
- Researched and resolved 2-year backlog of error transactions. Trained senior team members and management on issues and resolution.
- Worked with developers to automate repetitive tasks, have templates created, and gave feedback on tool modifications.
Sr. Data Security AnalystResponsibilities:
- Received several project and performance based awards: 'Leadership', 'Trusting and Teamwork' and 'Doing The Right Thing'.
- Monitored work queue and had assignment responsibilities as backup to Team Lead.
- Served as subject matter expert by being the 'Exceptions' contact for the department.
- Remedied access and functionality issues by restructuring the NDS tree.
- Developed and implemented a local "clean up and audit" campaign to secure network.
Lead Network AnalystResponsibilities:
- Responsible for monitoring network devices (servers, routers, hubs, switches, etc), which mainly included Novell 4.11 and Lotus Notes 4.5 NT servers nationwide for performance issues, via enterprise wide monitoring tools such as Patrol, PEM and HP Openview. Remotely troubleshot/resolved Novell Netware 4.11 and Lotus Notes 4.5 server issues, or escalate to appropriate group/vendor.
- Ran nightly backup script on Unix Sun Solaris system and monitored jobs/reports. Push software, patches, files, etc to servers via SMS (Systems Management Server). Provided after-hours backup Helpdesk support, which included Notes 4.5, MS Office 97, Windows 95 and Dial-Up connectivity support for remote users using TCP/IP or SPX. Lotus Notes database development/administration in Notes 3.33 and Notes 4.5. Selected major accomplishments include:
- Promoted to Team Lead shortly after joining the department, and supervised 4 - 6 staff members and provided training.