SUMMARY

• Experienced Cyber Security/IT professional with 20 years experience within Information Security and Technology in an effort to build world class global networks and effective security solutions.
• Outstanding ability to effectively determine risk to an organization and provide the needed solutions to rectify these shortcomings.
• Proven experience developing solutions, partnering with multiple business units and managing projects to a successful outcome.
• Develop short and long term strategic plans, budgeting and plan presentation to "C" level executives and Board of Directors.
• Participated in annual IT Audit Reviews with the SEC.
• Relevant industry knowledge of PCI, HIPPA, NIST and ISO 27000 suites

TECHNICAL SKILLS

Network Security: Firewalls (checkpoint, ASA and Juniper), SIEM, AV, Riverbed Cascade, Lancope, Fireeye

Vulnerability Assessment: Tenable Security Center, Rapid7, nCircle

System Management and Security: IBM Big Fix, developed hardening templates for multiple operating systems

Network Hands - on: Cisco, Juniper, Gigamon

PROFESSIONAL EXPERIENCE

Confidential - Glen Mills, PA

Global IT Security Engineer

Responsibilities:

• Provide global security solutions.
• Provide short and long term plans for senior management and the Board of Directors of Axalta
• Provide security recommendations for business acquisitions
• Heading up global deployment of IBM QRadar solution
• Developed a Threat and Vulnerability Management process
• Developing an automated patch management program utilizing IBM Big Fix
• Running a proof of concept with AV vendors McAfee and Sophos
• Developing a hard disk encryption Proof of Concept
• Did proof of concept of RedSeal and currently deploying
• Provide policies and procedures where needed.

Confidential - Philadelphia, PA

Senior Security Engineer

Responsibilities:

• Researching security tools that will improve coverage of Sungard’s infrastructure.
• Responsible for running vulnerability scans using Rapid7 and looking for improvements where necessary.
• Support Sungard’s consulting team for client engagements. Will assist on site engagements by doing architectural reviews, proper security tool deployments and vulnerability remediation process review.
• Responsible for Sungard’s Radware DDOS solution.
• Responsible for Sungard’s Sourcefire IDS solution.
• Responsible for testing new solutions and provide documentation to support staff.
• Designed, tested and implemented URL filtering using Checkpoint R77.10 running GAIA.
• Provide level 3 support for Checkpoint, Juniper and Cisco firewalls.

Confidential - Moorestown, NJ

Senior Security Engineer

Responsibilities:

• Reviewing the current security infrastructure and processes and then providing recommendations for improvement where needed. Also providing level 3 support for our firewall, SSL VPN/IPSec and router/switching infrastructure.
• Currently reviewing and providing recommendations on integrating vulnerability scanning, Intrusion Detection Systems and Network Anomalies utilizing nCircle, Lancope, Sourcefire and Fireeye.
• Developed a process for a prioritized approach to vulnerability scanning and how to handle remediations. Starting with PCI compliant hosts and then determine other key Confidential systems.
• Product lead for Confidential wide deployment for Websense, nCircle and RedSeal.
• Recommended the deployment of Tufin for our firewall infrastructure. Product go live target is Q1 2014.
• Working on a firewall upgrade project, upgrading to Checkpoint R76 GAIA

Confidential - New York, NY

Vice President - Senior Network Security Engineer

Responsibilities:

• Provided strategic direction and process improvements for the Network Security Group.
• Evaluated current network infrastructure and providing recommendations where improvements were needed.
• Evaluated our Managed Security Service Provider to ensure proper coverage of the infrastructure and accuracy of reporting and alerting.
• Participated in Security Assessments of SMBC applications and assisting in remediation.
• Developed a Threat and Vulnerability Management process with vulnerability data originating from multiple sources and integrating into Modulo.
• Developed an auditable Firewall Request Process with AlgoSec.
• Evaluated vendors for a Network Behavior Anomaly Detection for deployment into the environment.
• Core member on the Palo Alto firewall migration project for North America.

Confidential - New York, NY

Security Engineer

Responsibilities:

• Provided security solutions and support for Confidential ’s production, Client Test, QA and development environments. The operations security group works with Confidential ’s Corporate Information Security team to get direction on security policies and develop solutions based on those policies. Also an escalation point for any security issues in Confidential ’s Production, Client Test, QA and development environments.
• Participated in SECs annual infrastructure review.
• Worked with a core team that developed Confidential ’s Threat and Vulnerability Management program. Participated in regularly scheduled vulnerability scanning with Confidential ’s Corporate Information Security Team and work with the Production Operations team to remediate any high or critical vulnerabilities within Confidential ‘s remediation time lines. Vulnerabilities are tracked within Archer.
• Participated in Certification and Accreditation reviews for system, database and network equipment
• Participated in the review of Penetration Test results and provide recommendations to remediate findings. Attended the following SANS Institute course: Security 560 Network Penetration Testing and Ethical Hacking
• Knowledge of Vulnerability Scanners Tenable Nessus and Rapid7.
• Deployed an enterprise wide vulnerability scanning solution utilizing Tenable Security Center and Nessus scanners across multiple data centers to scan our dev, QA, Client Test and Production networks. Developed process and procedure to run vulnerability scans against Production and Client Tests hosts before they go live in to Production and Client Test. Remediation process of high and critical vulnerabilities falls in to Confidential ’s Standard TVM process. Worked with the Production Operations Staff to define configuration audits against Operating Systems (Solaris, Linux and Windows), Databases (Oracle and SQL).
• Designed, deployed and support EnVision. Forwarded all syslogs from production, client test, qa and development hosts to envision. In addition to syslogs we forward iplanet and RSA Cleartrust logs to EnVision from a subset of hosts.
• Designed, deployed and support Firepass F5s. F5s are deployed to manage access to Confidential ’s Production and Client Test environments. F5s allows the use of RBAC controls instead of just depending on firewall rules to allow access to the production and client test environments. With the deployment of the F5s it has allowed the removal of a large amount of firewall rules.
• Designed, deployed and support Tufin. Tufin was a fairly new deployment in the environment. Since Tufin was deployed it has identified numerous redundant rules in our firewalls. Next phase was to determine the rule usage and remove rules that are not used and arrange the rulebases for better performance. Tufin is also used to notify the network and security staff when configuration changes occur in the firewalls, routers and switches.
• Designed isolated network infrastructure for placement of security devices.
• Worked with a core team to determine the appropriate placement of IDS sensors in the Confidential Production Network.
• Designed, deployed and support Riverbed Cascade Profiler and Sensors. Developed service maps via the Performance Analytics module for proactive notifications of applications issues. Developed daily reports and user defined alerts on inappropriate user and protocol usage.
• Worked with a cross functional team to design and deploy an enterprise wide Identity and Access Management solution. Integrated Windows, Solaris and Linux in to a central authentication model. Evaluated vendors for possible next steps.
• Worked with the Production Operations staff to develop baseline configurations for Solaris, Linux and Windows Operations Systems based on CIS Benchmarks.
• Designed, deployed and support Gigamon. Deployed Gigamon to consolidate monitoring tools such as Sniffers, Cascade Sensors, IDS Sensors and Imperva. This will allow for a better configuration of span ports in our switches.
• Managed and Oversaw Confidential ’s Network and Firewall infrastructure in Confidential Corporation (DTCC) data centers.
• Managed weekly project meetings with the DTCC to get status on current projects that were on-going as well as discuss new projects that had been opened. In the meetings would prioritize projects for the DTCC so they could allocate resources correctly.
• Managed quarterly meetings with the DTCC to review Confidential ’s Network SLE with the DTCC. Made modifications to the SLE when necessary.
• Participated in Cross Functional Teams to get network requirements that were needed to complete new projects. After receiving the requirements, develop a solution and then work with the DTCC networking staff to develop timelines and determine what resources were needed to complete the projects.
• Co-managed a network build for a data center consolidation project. Provided technical direction and developed milestone dates for completion. The project consisted of migrating Confidential ’s production servers that were running in Thomson Financial data centers and housing them in the DTCC’s data centers. The project was composed of 4 sections: Host to Host connectivity, Client connectivity, Replication and Enterprise/Campus.
• Oversaw Confidential ’s Technical Operations outsourcing of ITO monitoring and first level application support with Patni.
• Network Lead for Confidential Connect network build. Provided design and worked with the DTCC on personnel resources that were needed and developed timelines to complete the project.
• Provided technical direction and project management for the migration from Nokia IP440s to Crossbeam X80s running Checkpoint NG.

Confidential - New York, NY

Senior Internetworking Engineer

Responsibilities:

• Was a team member in the Inter-networking Design and Management group. The IDM group provided DTCC with new network solutions and level 3 network support.
• Lead Engineer for the network build for a new financial services company called Confidential that is hosted in the DTCC data centers. Confidential is a joint venture between Confidential Corp (DTCC) and Thomson Financial. I was responsible for all aspects pertaining to both the Production and Enterprise networks including design, implementation, procedures and documentation. Equipment utilized for this project includes the following: Cisco - 7206, 2600, Catalyst 6509(IOS with SLB); Nokia IP440s Firewalls running Checkpoint 4.1. Routing protocols: EIGRP and RIP. Implemented Policy Routing to minimize static routes and prioritize routes in the WAN.
• Developed Disaster Recovery strategy and documentation for Confidential ’s network and firewall infrastructure.
• Lead the evaluation AT&T’s IP Enabled Frame Relay Solution that was eventually deployed in the DTCC SMART network.
• Lead Engineer for the design and implementation for DTCCs migration to SNI pertaining to Networking. Provided procedures and documentation. DTCC allows their participants access via Ethernet, Token Ring or SDLC for application access.
• Lead Engineer for the design and implementation pertaining to networking for the insourcing project of NSCC in to DTCC. NSCC utilized SIAC for all networking services. The insourcing project allows DTCC and NSCC to pass data seamlessly without using the networking services of SIAC. Equipment utilized for this project: Cisco - 7206 and Catalyst 6513; Nokia IP 530s running Checkpoint NG.
• Joint Lead Engineer for the build of DTCC’s Packet Over Sonet network. DTCC built a POS network to link three Data Centers. I was responsible for the design and implementation of the Cisco 7609s (Optical Routers) using EoMPLS.
• Developed DTCC’s perimeter security policy for the customer facing Frame Relay network. DTCC provides a full service WAN solution for its Participants to access its various applications. Determined that there was a need to secure DTCCs perimeter network to help protect DTCC from unnecessary intrusion.
• Provided support for the integration of MBS in to DTCCs network.

Confidential - New York, NY

Communications Specialist

Responsibilities:

• Verified monthly communication expenses with office administration.
• Managed all Customer Frame Relay accounts, including new installations.
• Maintained Columbine JDS Frame Relay accounts from strategic business partners.
• Managed access to the internet

Confidential - Braintree, MA

Communications Manager

Responsibilities:

• Primary contact for LAN/WAN/COMM support for the Massachusetts State Lottery commission during their conversion onto Confidential Computer Gaming Systems.
• Supervised LAN/WAN/COMM project staff from other Confidential regional offices that were assigned to Massachusetts State Computer Gaming upgrade project.
• Responsible for giving weekly project status updates to the Massachusetts State Lottery Commission on the status of the project.
• Periodically reviewed and revised procedures for the LAN/WAN/COMM administration areas based upon system software, hardware and configuration changes that may have occurred.
• Managed and Oversaw the following: Novell 4.X, Windows NT, Cisco 7500 and 2500 series routers, Cisco Catalyst 5000 switches, Telenex 2K Matrix Switch, 3 COM 6200 Series Multiplexer

Confidential - Denver, CO

Service Technician

Responsibilities:

• Troubleshot PCs at customer sites
• Spec in cable jobs and did installations.
• Upgraded customer PCs that included new motherboards, RAM, Hard Drives and other devices specified by the customer.
• Experience with Novell and Windows NT