SUMMARY

• My skill set in Information/Cyber Security includes creation of Security Policies, Procedures and Plans, auditing, risk assessment, hands - on network routing and switching, troubleshooting, monitoring, management activities and working with a variety of security software tools in Windows and NIX environments with two factor authentication (PKI - CACs - smartcards).
• My work has involved reviewing, updating and creating Security Policies, Procedures, Standards and Plans. Work included active directory security policy and auditing, vulnerability audits/assessments, Pen-Tests, HIPAA/HITRUST/HSR and network infrastructure.
• Used security tools such as IDS/IPS, SEIM (Symantec Endpoint Protection), AlienVault, FTK (Forensics Tool Kit), Tripwire and inter-connections. Played a key role in assisting with the security education and training of process/control owners for their understanding of ISO 27000 series and NIST 800-53 security controls by conducting detailed analysis and presenting results to information security management teams. Coordinated SOC and SSAE compliance/reports.
• Designed and conducted user Security Privacy and Awareness Training.
• As a CyberSecurity Manager, I led an incident handling team and worked with incident analysis/remediation/forensics on a daily basis, coordinating with Network Operations, DataCenter and the Helpdesk. Coordinated with Project Managers, Network Operations, Data Center Operations and Information Assurance Teams using ISO 27000 principles, standards for PCI/SOX/DSS, etc. and guidelines on risk management/analysis (Risk Assessment) for the identification, assessment, and prioritization of risks (ISO 31000) followed by application of resources to minimize, monitor, and deal with the impact of security events.
• Provided oversight for vulnerability scans (Retina and Nessus) and worked with security tools such as Symantec Endpoint Protection, AlienVault, McAfee, InMon, FortiAnalyzer, etc. for security information, event management and IDS/IPS.
• Responsibilities included managing, monitoring, analyzing, improving and troubleshooting security systems.
• Created and worked with Disaster Recovery and Business Continuity Plans.
• Managed virus protection program for prevention, detection and elimination of viruses.
• Participated in Compliance and Risk Assessment programs.
• I meet requirements of the National Information Assurance Training Standard for Senior Systems Managers (CNSSI 4012) certification and the standards for the National Training Standard for Information Systems Security (INFOSEC) Professionals and System Certifiers (NSTISSI 4011 and 4015 certifications). DoD IAT/IAM Level III. CNDSP Analyst/Incident Responder/Auditor/Support.

PROFESSIONAL EXPERIENCE

Confidential

Responsibilities:

• Acquire a complete understanding of a company’s technology and information systems.
• Plan, research and design robust security architectures for any IT project.
• Perform vulnerability testing, risk analyses and security assessments/audits.
• Research security standards, security systems and authentication protocols.
• Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.
• Work with public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers.
• Test final security structures to ensure they behave as expected.
• Provide technical supervision for (and guidance to) a security team.
• Define, implement and maintain corporate security policies and procedures.
• Oversee security awareness programs and educational/training efforts.
• Respond to security-related incidents and provide post-event analysis.
• Update and upgrade security systems as needed

Director, IT Security

Confidential

Responsibilities:

• Designed Security Program including creation of over 100 Security Policies for HIPAA/NIST Compliance.
• Conducted Security, HIPAA/HSR, HITECH internal risk assessments and audits.
• Created Security Privacy and Awareness Training Policy and slide sets.
• Created SDLC document to include security and mobile application considerations.
• Developed Risk Management Policy including Risk Assessment checklists.
• Assisted research for HITRUST CSF Certification.
• Worked with Vendor security checklists and created Vendor Security Policy.

Confidential, Mountain View, CA

Network Security Analyst

Responsibilities:

• Created and built the Security Architecture including a Corporate Information Security Program including all Policies, Procedures and Plans to include HITRUST and HIPPA regulations/standards.
• Conducted Security, HIPAA/HSR, HITECH internal risk assessments and audits.
• Developed HR Policy and Procedure.
• Created Security Privacy and Awareness Training Policy and slide sets.
• Created SDLC document to include security and mobile application considerations.
• Developed Risk Management Policy including Risk Assessment checklists.
• Assisted research for HITRUST CSF Certification.
• Worked with Vendor security checklists and created Vendor Security Policy.
• Created over 90 Policies and Procedures including Remote Access (VPN) Policy.
• Assisted with Vulnerability scans and Pen-Tests.
• Assisted with AlienVault.
• Worked with SOC/SSAE compliance and reports.