SUMMARY:

A highly motivated IT security consultant who leverages 30 years of enterprise security policy, planning, and operations experience within major state government agencies, associations, and the military. I have excellent communication and documentation skills and am adept at collaborating successfully within large organizations.

PROFESSIONAL EXPERIENCE:

Independent Contractor / Consultant

Confidential, Tallahassee, FL

Responsibilities:

• Performed IT security, digital publishing, and project management consulting services.
• Developed business and IT plans, security plans, project plans, and related work products addressing client needs, such as enterprise Content Management Systems and Web Management deployments, and presented deliverables directly to senior management for review.
• Developed and supported enterprise IT security policies, standards, and procedures (PSPs).

Confidential, Tallahassee, FL

Enterprise Information Security Officer

Responsibilities:

• Served as EISO with primary responsibility for IT security audits, including internal and external scans, war - dialing, desktop risk assessment testing, vulnerability mitigation, essential practices and configurations, and security policy maturity;
• Developed and supported IT security policies, standards, and procedures (PSPs) per Confidential and Confidential ;
• Performing technical aspects of IT security and identified best practices suitable for enterprise initiatives;
• Served as Special Projects Manager for many enterprise security initiatives;
• Served as Project Manager for the following physical and operations device testing projects: Intrusion Detection Systems (IDS), firewalls, encryption, PKI, biometrics, smart card and VPN;
• Served as Project Manager for the IT Security Survivability Planning that linked IT Risk Management and Assessment with Business Continuity Planning (BCP), including the enterprise Continuity of Operations Plan (COOP) and Disaster Recovery Plan (DRP) projects for asset, vulnerability, and risk assessments;
• Assisted with IT network tools utilization, IT Architectural Design, IT strategic planning and budget requests ( Confidential ), and many other infrastructure functions; and
• Assisted in Risk Management, Risk Mitigation Strategy, Risk Prioritization, & other risk-related activities.
• As a security consultant between Fiscal Year 2001-2009, I assisted the Department of Management Services (DMS) in servicing seven key enterprise initiatives for transforming the acquisition, use, and management of information technology within the Confidential . All these initiatives included a variety of collaborations, both inside and outside the agency, in examining business financial, management/organizational programs, processes, and activities for providing liaison support to management. The initiatives included:
• Enterprise Security Program-Policy Development - Enterprise-wide security policies/standards
• MyFlorida Portal - Secure approaches for Florida’s enterprise portal
• Document Records Management - Secure approaches for Florida’s enterprise records management
• MyFloridaNet - Secure approaches for Florida’s network infrastructure
• Enterprise Technology Services Desk - Secure approaches for enterprise support services/tools
• Data Center Consolidation and Virtualization - Secure approaches for consolidation and virtualization
• Enterprise Procurement - Secure approaches for Florida’s procurement infrastructure

Confidential

Security Officer

Responsibilities:

• Was responsible for administrative, physical, and technical safeguards and organizational requirements of Confidential for the State Technology Office (STO) and Department of Management Services (DMS).
• I was instrumental in vetting the statewide cyber audit into the technical security baseline gap-analysis for the other eight departments as covered entities for the Confidential .
• Oversight of Sarbanes-Oxley (SOX) disclosure and internal controls sections 302 and 404, corporate responsibility for financial reports, management assessment of internal controls respectively impact on 3rd party contract - outsourcing.
• Also working with the IT Infrastructure Library (ITIL) and COBIT model as part of the foundation which defines control objectives for IT in support of business processes
• Also, instrumental in linking Confidential and SOX privacy and data concerns to the Confidential reporting mechanism as a security incident for subsequent investigation and resolution as well as change control. Team member of change control board ( Confidential ) and special projects - use of network tools (Tripwire, Symantec ESM) for policy compliance.

Confidential

Team Leader

Responsibilities:

• Was responsible for activating, coordinating the Confidential team for high impact, interagency or enterprise wide cyber incidents.
• Also investigated, diagnosed, and analyzed toward incident resolution for senior management reporting.
• Coordinated findings with the Chief Information Officer, especially when criminal activity is involved and law enforcement authorities must be contacted.
• Developed and supported enterprise IT security policies, standards, and procedures (PSPs).

Project Manager

Confidential

Responsibilities:

• Was responsible for the integration of three major organizations- security operations, network operations, and systems operations impacting over thirty positions.
• Developed role clarification, task lists, configuration and management for all sections including the Security Operations Center (SOC) Situational Awareness methodology in order to serve as a focal point, gathering data from all areas of a network, automatically sifting through alerts, prioritize the risks and preventing attacks before they can be executed and cause costly damage.

Confidential

Team Leader

Responsibilities:

• Appliance Testing and Evaluation Management: Server based Content Filtering, Intrusion Detection Systems, Cache Accelerators, SAN and NAS Appliances, Load Testing Application Performance and Metrics (Mercury Interactive - LoadRunner).
• SMS- Microsoft Patching and management tool
• Languard Patching
• NetRecon Symantec Scanning Tool
• ESM Security and Confidential Policy Compliance
• Cisco Cisco VMS Works, IDS Event Monitoring (WAN), Access Control Appliance
• Tripwire Change Control
• Encase Forensics
• Fluke LAN Meter for network diagnostics
• Qualsys Scanning and vulnerability analysis
• Freeware Ethereal, Active Ports, Snort, L0ftCrack (password cracker), Nessus
• Q-Radar Meta Analysis and Log Fusion Tool by Q1 Labs
• Cisco Security MARS-Meta-Analysis, Log Fusion and Mapping

Confidential, Tallahassee, FL

Systems Analyst

Responsibilities:

• WAN Administrator: Routers, hubs/switches, leased lines (T1, Fiber, ISDN, DSL)
• RDBMS Administrator: MS SQL 7.0, Access, Progress & Oracle
• Security Officer: Developed policy, procedures addressing Confidential Bug. Procedures included 3rd party testing and validation, inventory control, software programming (legacy systems, COBOL). Also, focused on common vulnerabilities, exposure (CVE) assessments, and the annual security audits.