We provide IT Staff Augmentation Services!

Principal Resume

SUMMARY:

  • Held professional leadership positions that accomplished enterprise security vision, goals, and methodologies as well as built security teams. Integrated multiple security disciplines to achieve effective global Risk Management Program (RMP). Executive leader responsible for multi - million dollar security programs in several different industries. Consultant in charge of million dollar security projects to enhance enterprise information technology security profile.
  • Continuing to build world-class security solutions and organizations.
  • Performed Interim Chief Information Security Officer leadership role at Confidential and identified key strategic security initiatives in line with healthcare goals.
  • Oversaw infosec alignment with Confidential Health System during the merger.
  • Decreased costs at Confidential . Confidential Cancer Center through effective integration of over 15 security solutions.
  • A five million information security budget annually saved the organization over 30 million dollars. At times, managed over 50 contractors and 18 full time employees.
  • Set up a million dollar-plus information security program at Confidential including firewalls, antivirus, and software development application reviews.
  • Responsible for Confidential ( Confidential ) source research and selection at Confidential University Health Center to integrate multiple security tools into cohesive security response and detection capability
  • Managed and led a 10 million dollar program at Confidential consisting of outsourced contractors. Had one chief medical officer state that I had introduced a new level of security enhancement and protection at Confidential
  • Led the information security program at Confidential over sighting several security programs and introducing others. The overall security program exceeded one million dollars annually (firewalls, antivirus, vulnerability scanning, etc.)
  • Responsible for over sighting all business applications as well as architecting two million plus security enterprise solutions (firewalls, antivirus, intrusion detection/prevention, Confidential, etc.)

SPECIFIC HARDWARE & SOFTWARE EXPERIENCE:

  • Cisco, Checkpoint, and Sonic Wall Firewalls, CICSO Routers/Switches/Pix/NetRanger/NetSonar, Network Multiplexors, Gateway, PCs, AT&T 3B2, HP 9000/650, Sun Servers, RISC 6000 and AIX, Pyramid
  • UNIX BSD 4.3, AIX, Linux Redhat, MVS, VS, MS-DOS, Windows 7, 98, XP, 2000 (and server platforms), UNIX MLS, Solaris, Sun O/S, Novell Netware, TCP/IP, Lantastic, Futura Team, Right Hand Man, T1/2/3, 802.3 IEEE Fiber Optics, Token Ring, Thin Net, WANG FASTLAN, broadband/baseband methodologies, POSIX, GOSIP, OSE, MS Windows, Windows NT, Norton Utilities, PC Tools, CheckIt, Norton Commander, WordPerfect, Microsoft Word, Oracle/ Informix/Ada RDBMSs, Fortran, Pascal, PL-1/D, Basic, COBOL
  • Critical Watch Vulnerability Management, White Hat, Veracode, F5 ASM, SAINT Vulnerability Scanner, Cenzic Hailstorm Web Vulnerability Scanner, NESSUS vulnerability scanner, System Configuration Management (SCM), Cisco Wireless Security Control, Aruba Wireless Security, AirDefense Wireless Security, Splunk Syslog Server, SolarWinds LEM, MoveIT Confidential and Central Secure FTP Server, ArcSight, Confidential Proxy and Malware, ESET Antivirus, dotDefender, Sophos Anti-Virus, Keystroke Logging, SecurComputing Safeword Softoken/DES Gold Card, Axent ESM/Intrusion Detection/Net Recon, Finjan Surfin' Shield/Gate, RiskWatch, Buddy System, PGP E-Server/Key Server/Desktop Encryption, E-Security Centralized Logging Utility, Aim Safe 2000 (DRP tool), AT&T System V Ver. 4 MLS, SCO SecureWare (SixMax, CMW, CSP), RACF, ACF-2, Top Secret, IST RAMP, WANG VS Secure, WANG ESAC, Cisco Secure Authentication Server, TACACS/ TACACS+, Radius, Sun Basic Security Module/ARM/ASET, NIS+, Sun Network Security Manager, Raptor Firewall, Checkpoint Software Firewall-1, Gauntlet Firewall, Pix/FWSM/IOS Firewalls, Nokia Checkpoint FW-1, Nortel Contevity VPN, Symantec Enterprise Security Management, Symantec DeepSight Threat Management System, E-Security Central Alert Logger, Sanctum’s AppShield and AppScan, SpiDynamic’s WebInspect, WebSense, SurfControl, TrendMicro AV/ E-Manager/Mail Protect/Server Protect, Cisco Network Intrusion Detection System, Host-Based Intrusion Detection (ISS, Okena, Entercept), Netscreen and SonicWall Firewalls, CompuTrace, Air Defense, Air Magnet, NetStumbler, and Kismet. RSA One Time Password Token, Keon UPS, PowerBroker, TripWire, AppDetective, ISS DB Scanner, Autosecure, ISS, HP-UX System Administration Module, SATAN, SPI, OpenVision SecureMax, Tivoli Management Environment (a group account manager), Oracle RDBMS, Central Point Anti-Virus, Norton Anti-Virus, F-Protect, FIPS Publications, OMB, DoD/NIST Security Directives

PROFESSIONAL EXPERIENCE:

Confidential

Principal

Responsibilities:

  • Responsible for oversighting all business applications as well as architecting two million plus security enterprise solutions (firewalls, antivirus, intrusion detection/prevention, Confidential, etc.)
  • Responsible for Confidential ( Confidential ) source research and selection at Confidential University Health Center and Confidential to integrate multiple security tools into one cohesive security response and detection capability as well as wireless security implementation
  • Architected/implemented Unified Threat Solutions ( Confidential and Confidential integrated security systems), Checkpoint 61K 8 blade firewalls, f5 intrusion detection systems, OpenAM authentication control, Virtual Directory Systems at State Farm Insurance, Confidential, and Accelion Home Healthcare
  • Established virtual private network site-to-site tunneling
  • Set up laptop sanitization (using CyberScrub) and data backup for departing executives
  • Evaluated/configured secure profiles for Mobile Device Management (MDM): AirWatch, iConfigurator, and iCloud at Accelion Home Healthcare and Confidential
  • Streamlined, at Accelion Home Healthcare, enterprise anti-virus/intrusion prevention/content filtering for TrendMicro OfficeScan & WorryFree
  • Accomplished compliance management at Confidential (ConfigureSoft) across disparate IT silos. Developed succinct reports, templates, and assessment formats for over 4,000 devices
  • Implemented and put into production a centralized secure FTP server that is now being used by over 200 people and scores of departments/divisions
  • Integrated key forensic and investigative tools and processes for the Information Security team to utilize in their daily operations. This effort has resulted in streamlining task accomplishment,
  • Created matrix of regulatory and security standards and cross matched to organizational security practices (HIPAA, HITECH, HITRUST, JCAHO, GLBA, SOX, FISMA, ISO, FFIEC, Confidential, and COBIT)
  • Performed enterprise vulnerability management testing using tools (Nessus, HailStorm, AppScan and CriticalWatch)
  • Utilized, ArcSight, Sensage. Sophos Anti-Virus, Confidential e-Orchetrator, and Splunk central log analysis to correlate myriad of system & security events
  • Reviewed Datadvantage file access and permissions application for possible use
  • Assisted in evaluation of new proxy tool ( Confidential ) to overcome vulnerabilities associated with accessing the Internet from work. Also created production stage metrics to track and adjust program as needed.
  • Created template reports within Managed Security Support Program ( Confidential ) so that analysis of millions of security events could be rapidly correlated and appropriate response more easily deployed,
  • Interfaced with systems staff to acquire needed assistance in accomplishing compliance and security initiatives.
  • Streamlined and enhanced reporting products for monthly metrics and vulnerability venues
  • Researched, acquired, and implemented medical-based Internet hosting service to overcome multiple security events
  • Oversaw, research, implementation, and monitoring of Cisco Management Analysis Reporting System (MARS),
  • Used Air Defense wireless security. Used Cisco Wireless Security Manager to enhance same security environment,
  • Enabled two-factor authentication schema into outsourced alert monitoring service
  • Conducted extensive data loss prevention (DLP) scans and recommended ways to secure sensitive data
  • Reviewed Vericept and Vontu DLP application for feasibility of use
  • Outsourced security monitoring company comparisons, acquisition, and set up of monitoring events and criteria
  • Evaluated network intrusion detection systems (IDSs) to enhance alerting and monitoring of same (Snort, and Cisco)
  • Instituted system development life cycle security (SDLC) oversight (iNotes, process flow charts, project repositories)
  • Worked with security engineers to create procedures for analyzing e-Eye REM reports and Retina vulnerability scans
  • Reviewed LDAP security profiles (Active Directory and Novell e-Directory) to enhance incident and event analysis.
  • Compiled/published incident response procedure manual and configured an incident handling database
  • Provided process streamlining via easy-to-follow contingency response checklists ( Confidential eOrchestrator Antivirus, Sophos Antivirus, intrusion detection, firewall, MARS, and outsourced SecureWorks security monitoring reporting)
  • Integrated virtual private network solutions for existing infrastructure as well as security tool protection/communication
  • Evaluated organization with respect to Confidential security standards

Confidential

Chief Information Security Officer & Director

Responsibilities:

  • Ran information security at Confidential .
  • The overall security program consisted of firewalls, antivirus, vulnerability scanning, web-based content and malicious logic prevention, etc.
  • Researched more effective monitoring and management of company’s security incident and even management system (SIEM)
  • Drafted up policies to further enhance regulatory and security standards practice (HIPAA, ISO, COBIT)
  • Recommended information security web site on the intranet to better communicate the overall program and increase security awareness
  • Researched and led effort to install Air Defense wireless security as well as integrating it with existing Cisco wireless
  • Reviewed a key software development management tool from a security perspective
  • Performed technical security vulnerability assessments on Confidential development platforms.
  • Reviewed current employee handbook and HIPAA policy statements to fine tune recommended additional policies
  • Executed short-notice security review of possible HIPAA breach issues and provided conclusions and recommendations to key senior management
  • Coordinated with legal and other business groups to respond to client security assessment requests

Confidential

Chief Information Security Officer

Responsibilities:

  • Led the information security program at Confidential over sighting several security programs and introducing others. The overall security program exceeded one million dollars annually (firewalls, antivirus, vulnerability scanning, etc.)
  • Initiated more effective monitoring and management of Tipping Point Intrusion Prevention System (IPS)
  • Evaluated organization with respect to Confidential security standards
  • Ensured regulatory and security standards were used (GLBA, SOX, FISMA, Confidential, ISO, COBIT)
  • Recommended two-factor authentication solutions to enhance financial transaction security in compliance with Confidential
  • Built up security office and capability from one analyst to several federated security focal points
  • Directed better way to spot trends from multiple Cisco firewalls via Stonylake Firewall Reporter
  • Researched and led effort to install Air Defense wireless security as well as integrating it with existing Cisco wireless
  • Established security group capability to quickly spot threat trends in Symantec’s Antivirus Suite
  • Reviewed Microsoft Active Directory to tighten up permissions
  • Performed DLP tasks to protect financial and personal information in compliance with Confidential DSS
  • Created process to regularly scan for sensitive data and security levels for that data
  • Responded to acquisition company security questions and facilitated Confidential in corporation into that company
  • Coordinated with compliance, legal, and internal audit groups so third party relationships would not compromise Confidential

Confidential

Chief Information Security Officer

Responsibilities:

  • Managed and led a 10 million dollar program at Confidential consisting of outsourced contractors. Had one chief medical officer state that I had introduced a new level of security enhancement and protection at Confidential
  • Established executive information security council (ISC) to better integrate security goals with healthcare vision
  • Provided senior management with sufficient risk impact and countermeasure option rankings so that budgeting and execution on programs was facilitated
  • Provided tailored security awareness programs to various medical divisions
  • Set up overall risk management plan and communicated same at all levels in Confidential
  • Ensured adequate review and enforcement of existing LDAP and VPN technology solutions
  • Researched and recommended implementation of ISS Proventia IPS for better coverage of real time events
  • Injected regulatory/security standards into security solutions (HIPAA, JCAHO, GLBA, Confidential, SOX, FISMA, ISO, COBIT)
  • Evaluated organization with respect to Confidential security standards (e.g., two factor authentication)
  • Assisted internal audit in security deficiency resolution
  • Integrated multiple security gathering and protection devices to provide heightened level of monitoring and response:
  • Nokia Checkpoint Firewalls
  • DLP scans of organization files
  • TrendMicro Antivirus
  • Concord event tree alerting of servers and systems
  • SMART application monitoring

Confidential

Director - Information Security Department, Houston, TX

Responsibilities:

  • Decreased costs at Confidential . Confidential Cancer Center through effective integration of over 15 security solutions. A five million information security budget annually saved the organization over 30 million dollars. At times, managed over 50 contractors and 18 full time employees.
  • Led highly effective ISC comprised of key physicians and senior management. This permitted quicker acceptance of security goal implementation
  • Sold information security department and technical solutions as “enabler” for healthcare operations and e-health initiatives as well as a wide range of industry business operational needs
  • Provided “inside consulting” to federated information technology shops so that everyone would be using same security processes
  • Integrated regulatory and security standards solutions (HIPAA, JCAHO, GLBA, Confidential, SOX, FISMA, ISO, COBIT)
  • Formed SDLC program and implemented security review of 100% of all development projects
  • Built security group up from two remote access account analysts to 18 operational, administrative, and architectural professionals (to include business response)
  • Reviewed Microsoft Active Directory environment and made recommendations to improve it
  • Responsible for implementing over 16 key security solutions providing comprehensive defense in depth coverage:
  • 16 Nokia Checkpoint firewalls with enhanced VPN and encryption schema
  • Six Cisco IDS blades on core switches
  • TrendMicro Antivirus (mail server, network, servers, desktops/laptops)
  • TrendMicro Spam reduction (over 90& reduction in spam emails)
  • WebInspect and AppDetective to analyze weaknesses in databases and web applications
  • Sanctum WebShield to provide additional web “firewall” protection
  • DLP scans and process formulated to provided heightened ePHI security
  • Security lab to test and fine tune proposed and implemented security solutions
  • Symantec Enterprise Security Manager on over 80 systems with weekly security status reports
  • TeleSweep phone scanner to identify vulnerable modem configurations
  • Participated in Houston Medical Information Security Council and University of Texas Information Security Council

Confidential

Vice President, Englewood, CO

Responsibilities:

  • Set up a million-plus information security program at Confidential including firewalls, antivirus, and software development application reviews.
  • Established enhanced use of NetScreen Firewalls and VPN networks
  • Set up SDLC security oversight of over 50% of ongoing development projects
  • Accomplished network security architecture design analysis
  • Built up information security team to five members

Confidential

Sr. Mgr., San Joe, CA

Responsibilities:

  • Formulated and tailored People, Process, and Technology concept to information security. Integrated SMARTS (sustainable, measurable, achievable, realistic, time bound, scalable) practices into all aspects of the security solution. These two major methodologies have been incorporated in all subsequent career locations, as well.
  • Remote access greatly enabled due to integration of CiscoSecure and SecurComputing One Time Password integration (VPN and two factor authentication)
  • Refined incident response and escalation procedures to quickly resolve attacks on Cisco electronic environment
  • Incorporated a more effective communications plan including a greatly upgraded security web site
  • Firmed up team member development plans and goals and measured performance to those goals and expectations
  • Linked Technology Roadmaps to risk management programs so that senior management was always aware of where the security group was along their implementation timeline.

Hire Now