A performance - driven leader with expertise in managing all aspects of a successful Information Security Program for large enterprises. Proven ability to manage seamless implementations and deliver next-generation solutions which improve the Availability, Confidentiality, and Integrity of an organizations critical data and systems.
AREAS OF EXCELLENCE:
- Information Security Management
- Security Architecture and Engineering
- Incident Response
- Secure Design Review
- Risk Management
- Security Frameworks (ISO27001, COBIT, NIST, etc.)
- Vendor Relations / Negotiations
- Change Management
- Regulatory Compliance (PCI DSS, SOX, HIPPA, etc.)
- Security Awareness
- Leadership and Mentoring
- Budget Management
Sr. Global Information Security Manager
- Responsible for the overall management of the Confidential Global Information Security program with 12 direct reports, 3 Security as a Service (SaaS) companies, 6 Physical Data Centers, Multiple cloud instances 25,000 + employees, 150 + branch offices, and 70 + applications.
- Responsible for rebuilding the Global Information Security program. Responsibilities include all facets of information security (i.e. Secure Network Design Reviews, Architecture, Engineering, Compliance, Incident Response and investigations, Change Management, IPS/IDS, Application reviews, Penetration and Vulnerability Assessments, etc.)
- Created security reference architectures for Cloud based solutions, applications, network infrastructures, and new business acquisitions. Efficiency was increased within the Project lifecycle and corporate acquisitions. Developed acquisitions "playbook", which included conducting security assessments, gap analysis, providing Level of Effort (LOE) information for project tasks, budgetary management. This included procedures for review of organizations security policies, vendor access, security methodologies, and infrastructure design review.
- Facilitated the global deployment of IS Security policies, regulatory controls and operational disciplines while integrating appropriate IT security process changes as business needs required.
- Responsible for maintaining security controls for PCI, SOX, and ISO 2700x compliance requirements. The process consisted of getting the company to achieve PCI 3.2 compliance and to ensure that company processes and procedures were automated where possible as well as validating that the proper controls are in place to satisfy each requirement.
Sr. Security Solutions Manager
- Provided Subject Matter Expert (SME) security consultation to manage and facilitate the design and implementation of secure solutions. Responsibilities included the management of project teams, coordination of deployment activities with the business and business partners, configuration of security controls and on-going support once solution was in place.
- Created security reference architectures that mapped regulatory compliance standards to produce requirements. Efficiency was increased within the Project lifecycle, as initial security requirements would remain consistent and readily available at the beginning of a project. These architectures also ensure we covered all angles (i.e. state and federal laws, regulatory obligations, etc.)
- Developed Risk Assessment “runbooks” for healthcare companies and several UC School medical centers. This included procedures for review of organizations security policies, vendor access, security methodologies, and infrastructure design review.
- Designed architecture and responsible for the deployment and day-to-day management of multiple security controls including but not limited to F5 Load Balancers (GTM and LTM), Raipd 7 (Nexpose) CheckPoint Firewalls (R77.20 GAIA), InfoBlox, BlueCoat Proxies, Q1 Radar, and Brocade switches.
Sr. Security Analyst
- Accountable for results, identifying gaps by conducting focus groups to determine the need for new systems, timeliness of existing systems and the impact of proposed changes that in turn helped identify gaps and prioritize initiatives.
- Provided upper management with proposals for time and cost effective procedures and technological advances to help reduce duplication of effort and resolution of system conflicts.
- Developed Risk Assessment “play book” for new company acquisitions.
- This included procedures for review of new organizations security policies, vendor access, security methodologies, and infrastructure design review.
Lead Security Analyst
- Automated all SOX responsibilities as they related to Information Security. Responsibilities included but not limited to the following: vulnerability assessments, penetration testing, monitoring and logging, incident response, firewall configuration review, policy and procedure creation, etc.
- Designed architecture and deployed the following security solutions: StoneGate IPS, LogRhythm SEIM, Rapid7, OpenDNS and QualysGuard.
- Day-to-day administration consisted of tuning SEIM alerts, IPS alerts, incident response, firewall change review, Malware response and investigations.
Confidential, Denver, CO
Sr. Security Consultant
- Responsible for Enterprise firewall migration of infrastructure firewalls from Juniper (SreenOS and JUNOS) to CheckPoint Gaia R75.46. Migration consisted of eight 21600 firewalls, thousands of rules, working with multiple vendors and developing a sound migration plan.
- Developed Risk Architecture “play book” for new bank acquisitions. This included procedures for review of new organizations security policies, vendor access, security methodologies, and infrastructure design review.
Confidential, El Segundo, CA
Sr. Manager, Information Security Engineering
- Managed a team of 12 Security Engineers and Analysts who were responsible for the integration, deployment and tuning of all security devices. Devices included the following: Imperva’s WAF, IDS/IPS (Cisco, Snort, and Palo Alto), Splunk, McAfee HDLP, WebSense, FireEye, Infinistream, Vulnerability and Penetration Testing tools.
- Worked as the lead security engineer on all enterprise projects as a part of the SDLC process. Responsible for reviewing business and functional requirements, HLD’s, Pre-Build designs. Projects included but were not limited to network and application integration, streaming video and 3rd party integration.
- Responsible for managing a budget of close to 2 million dollars, conducting performance reviews, coaching and mentoring, development of job descriptions, vendor negotiations, hiring and terminations, etc.
- Automated a majority of key PCI and SOX responsibilities as they related to Information Security. Responsibilities included but not limited to the following: vulnerability assessments, penetration testing, monitoring and logging, incident response, firewall configuration review, policy and procedure creation, etc.
- Developed Reference Architecture “play book” for new company acquisitions and Confidential data centers. Architectures included security standards mapping of ISO27001, PCI, SOX and HIPPA requirements.
Lead Security Engineer
- Implemented a full life-cycle provisioning system utilizing Sun’s Identity Manager. Directly responsible for the architecture and design process, as well as the overall implementation. Led a team of two developers on this engagement and served as the day-to-day lead and project manager for this project.
- Responsible for the design, implementation, and day-to-day administration of all security devices including but not limited to Juniper, Imperva, Barracuda Load Balancers, WebSense, PIX and Checkpoint firewalls.
- Conducted vulnerability assessments on over 5000 + systems, 250 servers, 100 + databases, and over a dozen websites. Conducted regular remediation workshops to educate others on the importance of remediation.
- Developed security baselines, guidelines, and procedures for all data center systems. This included server hardening and security reviews of 250 + servers. Worked on all aspects of security implementation including training, mentoring, and support.
Sr. Information Security Manager
- Managed a team of 8 individuals. Responsible for reviewing and monitoring user performance and ensuring all provisioning procedures were followed. Responsible for individual evaluations and periodic reviews of the both individual and our teams overall numbers ensure we were exceeding the goals set forth by upper management.
- Responsible for the maintenance of security access to confidential data systems used by customer service personnel, which requires adding, deleting and correcting authorization levels for all staff. Worked closely with team to ensure the highest level of service to our customers. This included the mentoring, testing and training team members on new procedures and security best practices.
- Responsible for the development and implementation of new security baselines, guidelines and procedures. Assisted in all aspects of security implementation including training, mentoring, and support. This also included, working closely with our SOX coordinator to ensure we are SOX compliant by the creation of complete auditing, segregation of duties, and elimination of super user privileges.
Environment: Windows 2000 & 2003, Linux, AD 2003, Exchange 2003, Juniper, Checkpoint, Crossbeam, Linux, Suns’ IdM, Cisco MARS, Cisco Security Agent (CSA), MXtreme, ESX VM Ware, QualysGuard, McAfee Foundstone, BlueCoat Proxy, IIS, Cisco Security, McAfee EPO, TSM Backup Mgr, Tumbleweed, WebSense, Netscreen Security Mgr, SQL 2005.