15 years of consulting network security and information risk program management experience involving network security design/architecture and policy formulation, evaluation / compliance, and security incident response management.

• Consulted as a Chief Information Security Officer, Information System Security Manager, Security Director, Project/ Program Manager and Senior Cyber Security Consultant for NERC CIP, NIST, FIPS 201 and NRC programs. ted a SCADA Smart-Grid security assessment methodology based on NERC CIP, NIST and NRC controls.
• President and CISO of Camillus Security - Application Security and SOA design contracts.
• Consulting Architect for several multi-million dollar projects involving 36 PCI-DSS PA-DSS 1.1 1.2 assessments, policy reviews, firewall and ACL rule set reviews, reviewing IDS/IPS systems Managed 24 ISO 27001/27002 security assessments, 48 C A packages for government agencies, 12 SAS-70, SOX 404 and HIPAA assessments. All assessments were done in mixed Windows, Unix/Linux environments.
• Project Manager for incorporating and teaching engineers use of GRC tool into NEI compliance process
• 9 years of solid experience in risk management and governance.
• 8 years experience with vulnerability scanning, penetration forensic testing for PCI-DSS and PA-DSS environments and 3 years experience involving application code reviews for PA-DSS.
• Program Manager for a security risk assessment and DLP security re-organization for a major multi-national
• 6 years experience assisting former U.S. Treasury agent with forensic investigations, using FTK and EnCase.
• Monitored and implemented Qrader by Q1labs IBM , Splunk and Arcsight, also Sourcefire IDS and Blue Coat.
• 10 years experience with AppScan, Rapid 7, Nessus, Airsnort, NMAP, WireShark, WebInspect Tivoli products.
• Experienced with LogRhthym, Tripwire, SNORT, NetSparker, GFI Languard, Acunetix and QualysGuard.
• Utilized manual techniques to exploit vulnerabilities and defiencies in applications involving cross-site scripting, session hi-jacking, buffer overflows and SQL injections for controlled access to target systems. Experienced using BackTrack, Qualys, Metasploit, Samurai, OWASP live CD and Core Impact
• 6 years experience working with IBM Global Services involving the implementation of networking security solutions, firewall management, Microsoft Active Directory and LDAP on a 7,200 person campus.
• 18 years of international network/security consulting including over 9400 hours of project management.
• Developed an innovative framework with modular policies for operational security, business continuity and incident response.
• Worked as a Subject Matter Expert SME for an Incident Response practice at VeriSign using IBM, Oracle, etc.
• Developed Oracle Identity Management Implementation of Identity and Access Management solutions for over 12 international clients. Also consulting on Checkpoint implementations

EXPERIENCE

Confidential

Reviewing plans to examine McGuire Nuclear generating station policies and procedures as well over 2,600 CDA's against NEI 08-09 CFR 73.54 standards. Advising on Risk Management. Senior Nuclear Cyber Security Specialist, managing/assessing team of 3 , working with CSIRT. Advising on Risk Management. All assessments were done in mixed Windows, Ubuntu/Debian Linux Redhat and all digital assets.

Confidential

Senior Nuclear Cyber Security Consultant, managing/assessing team of 5 , working with CSIRT. WCNOC policies and procedures as well over 1,000 CDA's against NEI 08-09 CFR 73.54 standards. Advising on Risk Management. Reviewing rule sets on Juniper SSG320M, Cisco ASA 5500 appliances and Fortinet SSL VPN Client Installers. All assessments were done in mixed Windows, Ubuntu/Debian Linux Redhat environments. Advised on design of Business Continuity security practice. Architect of remediation roadmap: recommending corrective action efforts. Reviewing Owl digital diode. Project Management for incorporating and teaching engineers use of GRC tool and database into NEI compliance process at Southern Company.

Confidential

Contracted as consulting security engineer, managed, directed Synchro Phaser project for ISO of New England. Assisted in preparation for NERC CIP audit, reviewed Checkpoint R75 rule set. Penetration testing consultant. Contributed to Oracle GRC IAM implementations. Began Hyper V installation. Installed, configured and monitored IBM Appscan for security enclave. Assessments were done in mixed Windows, Unix/Linux environments. Reverse Engineering of Malware. Assisted with Palo Alto networks My SQL implementation and McAfee EPO implementation.

Confidential

Developing Risk Threat management program for Southern California Gas. Evaluation ofTippingPoint IPS solutions. Review of SCADA, Smart-Grid and Smart Meter security engagements.Consulting to Sempra NERC CIP effort. Architecting design of IAM implementations. Designing VDI environment. Assisted with PCI compliance project. Palo Alto networks, Nitrosecurity, Qradar, Checkpoint R65.

Confidential

Management, consultation and delivery for Payment Application PA-DSS assessments resulting in a Report of Validation ROV , designing remediation program. SME for PCI-DSS in virtualized environments. All assessments were done in mixed Windows, Unix/Linux environments. Performed ISO 27001 vulnerability assessments. Assited with development of Business Continuity security practice Using languages: Java, PHP, ASP, SAML, XML and HTML.

Confidential

SME for PCI-DSS PA-DSS 1.2 assessments. Project manager for NAC policy compliance, NERC SME, Assessments were done in mixed Windows, Unix/Linux environments. Used IDA pro tool for reverse engineering of malware. Assisted with Palo Alto networks implementation. Reviewing SOX 404 PCI. Business Continuity security practice