Summary:

Held professional positions that accomplished enterprise security vision, goals, and methodologies as well as built security teams. Integrated multiple security disciplines t achieve effective global Risk Management Program RMP . Executive leader responsible for multi-million dollar security programs in several different industries. Consultant in charge of million dollar security projects t enhance enterprise information technology security profile. Continuing t build world-class security solutions and organizations.

Key Accomplishments:

• Decreased costs at UT M. D. Anderson Cancer Center through effective integration of over 15 security solutions. A five million information security budget annually saved the organization over 30 million dollars. At times, managed over 50 contractors and 18 full time employees.
• Set up a million-plus information security program at Rhythms Netconnections including firewalls, antivirus, and software development application reviews.
• Responsible for managed security service program MSSP source research and selection at Virginia Commonwealth University Health Center t integrate multiple security tools int one cohesive security response and detection capability
• Managed and led a 10 million dollar program at Clarian Health Partners consisting of outsourced contractors. Had one chief medical officer state that I had introduced a new level of security enhancement and protection at Clarian
• Led the information security program at Collegiate Funding Services over sighting several security programs and introducing others. The overall security program exceeded one million dollars annually firewalls, antivirus, vulnerability scanning, etc.
• At Apoll Group, Inc, responsible for over sighting all business applications as well as architecting tw million plus security enterprise solutions firewalls, antivirus, intrusion detection/prevention, DMZ, etc.

Employment History:

Confidential

Principal

• Principal and Executive Consultancy-multiple healthcare institutions, major insurance company, on-line university, 2006-2014, Phoenix, AZ, Bloomington, IL, Dallas, TX, Richmond, VA. Provided security mentoring t current CISOs and enterprise architect services t health care systems and management organizations as well as formulated extensive processes for improving security environments:
• At Apoll Group, Inc, responsible for oversighting all business applications as well as architecting tw million plus security enterprise solutions firewalls, antivirus, intrusion detection/prevention, DMZ, etc.
• Responsible for managed security service program MSSP source research and selection at Virginia Commonwealth University Health Center t integrate multiple security tools int one cohesive security response and detection capability as well as wireless security implementation
• Architected/implemented Unified Threat Solutions SonicWALL TZ and NSA integrated security systems , Checkpoint 61K 8 blade firewalls, f5 intrusion detection systems, OpenAM authentication control, Virtual Directory Systems
• Established virtual private network site-to-site tunneling
• Set up laptop sanitization using CyberScrub and data backup for departing executives
• Evaluated/configured secure profiles for Mobile Device Management MDM : AirWatch, iConfigurator, and iCloud
• Streamlined enterprise anti-virus/intrusion prevention/content filtering for TrendMicr OfficeScan WorryFree
• Accomplished compliance management ConfigureSoft across disparate IT silos. Developed succinct reports, templates, and assessment formats for over 4,000 devices
• Implemented and put int production a centralized secure FTP server that is now being used by over 200 people and scores of departments/divisions
• Integrated key forensic and investigative tools and processes for the Information Security team t utilize in their daily operations. This effort has resulted in streamlining task accomplishment,
• Created matrix of regulatory and security standards and cross matched t organizational security practices HIPAA, HITECH, HITRUST, JCAHO, GLBA, SOX, FISMA, ISO, FFIEC, PCI, and COBIT
• Performed enterprise vulnerability management testing using tools Nessus, HailStorm, AppScan and CriticalWatch
• Utilized, ArcSight, Sensage. Sophos Anti-Virus, McAfee e-Orchetrator, and Splunk central log analysis t correlate myriad of system security events
• Reviewed Datadvantage file access and permissions application for possible use
• Assisted in evaluation of new proxy tool McAfee Webwasher t overcome vulnerabilities associated with accessing the Internet from work. Als created production stage metrics t track and adjust program as needed.
• Created template reports within Managed Security Support Program MSSP s that analysis of millions of security events could be rapidly correlated and appropriate response more easily deployed,
• Interfaced with systems staff t acquire needed assistance in accomplishing compliance and security initiatives.
• Streamlined and enhanced reporting products for monthly metrics and vulnerability venues
• Researched, acquired, and implemented medical-based Internet hosting service t overcome multiple security events
• Oversaw, research, implementation, and monitoring of Cisc Management Analysis Reporting System MARS ,
• Used Air Defense wireless security. Used Cisc Wireless Security Manager t enhance same security environment,
• Enabled two-factor authentication schema int outsourced alert monitoring service
• Conducted extensive data loss prevention DLP scans and recommended ways t secure sensitive data
• Reviewed Vericept and Vontu DLP application for feasibility of use
• Outsourced security monitoring company comparisons, acquisition, and set up of monitoring events and criteria
• Evaluated network intrusion detection systems IDSs t enhance alerting and monitoring of same Snort, and Cisco
• Instituted system development life cycle security SDLC oversight iNotes, process flow charts, project repositories
• Worked with security engineers t create procedures for analyzing e-Eye REM reports and Retina vulnerability scans
• Reviewed LDAP security profiles Active Directory and Novell e-Directory t enhance incident and event analysis.
• Compiled/published incident response procedure manual and configured an incident handling database
• Provided process streamlining via easy-to-follow contingency response checklists McAfee eOrchestrator Antivirus, Sophos Antivirus, intrusion detection, firewall, MARS, and outsourced SecureWorks security monitoring reporting
• Integrated virtual private network solutions for existing infrastructure as well as security tool protection/communication
• Evaluated organization with respect t Payment Card Industry PCI security standards

Confidential

Chief Information Security Officer Director Information Security

• Accomplished leadership direction at Birmingham, AL and information security risk management:
• Ran information security at Medseek.
• The overall security program consisted of firewalls, antivirus, vulnerability scanning, web-based content and malicious logic prevention, etc.
• Researched more effective monitoring and management of company's security incident and even management system SIEM
• Drafted up policies t further enhance regulatory and security standards practice HIPAA, ISO, COBIT
• Recommended information security web site on the intranet t better communicate the overall program and increase security awareness
• Researched and led effort t install Air Defense wireless security as well as integrating it with existing Cisc wireless
• Reviewed a key software development management tool from a security perspective
• Performed technical security vulnerability assessments on Medseek development platforms.
• Reviewed current employee handbook and HIPAA policy statements t fine tune recommended additional policies
• Executed short-notice security review of possible HIPAA breach issues and provided conclusions and recommendations t key senior management
• Coordinated with legal and other business groups t respond t client security assessment requests

Confidential

Chief Information Security Officer

• At Confidential, accomplished executive direction, security management, and at times, actual security monitoring and response as situation dictated:
• Led the information security program at Collegiate Funding Services over sighting several security programs and introducing others. The overall security program exceeded one million dollars annually firewalls, antivirus, vulnerability scanning, etc.
• Initiated more effective monitoring and management of Tipping Point Intrusion Prevention System IPS
• Evaluated organization with respect t Payment Card Industry PCI security standards
• Ensured regulatory and security standards were used GLBA, SOX, FISMA, PCI, ISO, COBIT
• Recommended two-factor authentication solutions t enhance financial transaction security in compliance with PCI
• Built up security office and capability from one analyst t several federated security focal points
• Directed better way t spot trends from multiple Cisc firewalls via Stonylake Firewall Reporter
• Researched and led effort t install Air Defense wireless security as well as integrating it with existing Cisc wireless
• Established security group capability t quickly spot threat trends in Symantec's Antivirus Suite
• Reviewed Microsoft Active Directory t tighten up permissions
• Performed DLP tasks t protect financial and personal information in compliance with PCI DSS
• Created process t regularly scan for sensitive data and security levels for that data
• Responded t acquisition company security questions and facilitated CFS incorporation int that company
• Coordinated with compliance, legal, and internal audit groups s third party relationships would not compromise CFS

Confidential

Chief Information Security Officer

• At Confidential, set up the overall framework for strategic information risk management:
• Managed and led a 10 million dollar program at Clarian Health Partners consisting of outsourced contractors. Had one chief medical officer state that I had introduced a new level of security enhancement and protection at Clarian
• Established executive information security council ISC t better integrate security goals with healthcare vision
• Provided senior management with sufficient risk impact and countermeasure option rankings s that budgeting and execution on programs was facilitated
• Provided tailored security awareness programs t various medical divisions
• Set up overall risk management plan and communicated same at all levels in Clarian
• Ensured adequate review and enforcement of existing LDAP and VPN technology solutions
• Researched and recommended implementation of ISS Proventia IPS for better coverage of real time events
• Injected regulatory/security standards int security solutions HIPAA, JCAHO, GLBA, PCI, SOX, FISMA, ISO, COBIT
• Evaluated organization with respect t Payment Card Industry PCI security standards e.g., tw factor authentication
• Assisted internal audit in security deficiency resolution
• Integrated multiple security gathering and protection devices t provide heightened level of monitoring and response:
• Nokia Checkpoint Firewalls
• DLP scans of organization files
• TrendMicr Antivirus
• Concord event tree alerting of servers and systems
• SMART application monitoring

Confidential

Director Information Security Department

• Confidential integrated institution-wide risk management within a complex healthcare environment:
• Decreased costs at UT M. D. Anderson Cancer Center through effective integration of over 15 security solutions. A five million information security budget annually saved the organization over 30 million dollars. At times, managed over 50 contractors and 18 full time employees.
• Led highly effective ISC comprised of key physicians and senior management. This permitted quicker acceptance of security goal implementation
• Sold information security department and technical solutions as enabler for healthcare operations and e-health initiatives as well as a wide range of industry business operational needs
• Provided inside consulting t federated information technology shops s that everyone would be using same security processes
• Integrated regulatory and security standards solutions HIPAA, JCAHO, GLBA, PCI, SOX, FISMA, ISO, COBIT
• Formed SDLC program and implemented security review of 100 of all development projects
• Built security group up from tw remote access account analysts t 18 operational, administrative, and architectural professionals t include business response
• Reviewed Microsoft Active Directory environment and made recommendations t improve it
• Responsible for implementing over 16 key security solutions providing comprehensive defense in depth coverage:
• 16 Nokia Checkpoint firewalls with enhanced VPN and encryption schema
• Six Cisc IDS blades on core switches
• TrendMicr Antivirus mail server, network, servers, desktops/laptops
• TrendMicr Spam reduction over 90 reduction in spam emails
• WebInspect and AppDetective t analyze weaknesses in databases and web applications
• Sanctum WebShield t provide additional web firewall protection
• DLP scans and process formulated t provided heightened ePHI security
• Security lab t test and fine tune proposed and implemented security solutions
• Symantec Enterprise Security Manager on over 80 systems with weekly security status reports
• TeleSweep phone scanner t identify vulnerable modem configurations
• Participated in Houston Medical Information Security Council and University of Texas Information Security Council

Confidential

Vice President, Information Security Department

• At Englewood, CO, began the process t initiate strategic security int all segments of the company operations:
• Set up a million-plus information security program at Rhythms Netconnections including firewalls, antivirus, and software development application reviews.
• Established enhanced use of NetScreen Firewalls and VPN networks
• Set up SDLC security oversight of over 50 of ongoing development projects
• Accomplished network security architecture design analysis
• Built up information security team t five members
• Note: This company went out of business in 2000 s I was unable t implement a full set of security goals

Confidential

Sr. Mgr. - Corporate Information Security Department

• At San Joe, CA, developed, mentored, and achieved institutional security risk management initiatives across the following areas:
• Formulated and tailored People, Process, and Technology concept t information security. Integrated SMARTS sustainable, measurable, achievable, realistic, time bound, scalable practices int all aspects of the security solution. These tw major methodologies have been incorporated in all subsequent career locations, as well.
• Remote access greatly enabled due t integration of CiscoSecure and SecurComputing One Time Password integration VPN and tw factor authentication
• Refined incident response and escalation procedures t quickly resolve attacks on Cisc electronic environment
• Incorporated a more effective communications plan including a greatly upgraded security web site
• Firmed up team member development plans and goals and measured performance t those goals and expectations
• Linked Technology Roadmaps t risk management programs s that senior management was always aware of where the security group was along their implementation timeline.

Confidential

Security Programs Manager - Paranet.

Confidential

• Deliverables - Provided extensive Internet, system, intellectual property, and network architecture security procedures and implementation support for a major insurance corporation, an options corporation, the IRS, and the DoD. Formulated and executed in-depth security assessment and penetration study of corporate Internet services. Marketed, developed, formulated, and managed Access Rights Matrix project with five analysts for the same company. Interviewed over 300 people in less than tw months and developed a matrix that will serve as a template for telephony and switch security throughout the industry. Knowledge of technical threats/vulnerabilities generated a 52 increase in AIS security factors considered in sensitive DoD classified networks.
• Business Development - Created marketing strategies t increase security business. Responsible for over 1.3 million dollars in revenue in less than one year for three branches in the Midwest. Formulated security product services group concept due t development of extensive security support service offerings. Increased business at one client site over 700 in less than four months. Received award for Pre-Sales Contributor of the Year. Personal/professional commitment t excellence resulted in significant repeat business for the company.
• Management - Site Leader for 14 analysts. Received Gold Eagle Award for this effort. Developed several Site Lead management processes, report formats, and analyst coordination. . Managed 10-40 personnel involved in SQT execution as Co-Test Chairperson/Director .

Confidential

Financial/Cost Analysis Specialist, Aeronautical Systems Division

• Initiated software applications, research methodologies, and automated data retrieval systems t enhance security-related analysis. Integrated software products t upgrade threat analysis and reporting capabilities. Extensive experience with PC-based commercial and TEMPEST end-use. Debugged software configuration errors. Knowledge of command, help, and batch file structures. Contingency Planning Section Chief. Configured Condor and DBASE RDBMS' t categorize large amount of evidence seized during arrests. Established Lotus 1-2-3/PeachCalc 5000 configurations for unit budgetary tracking and cost control. Programmed in Basic/Pascal/FORTRAN t fulfill specialized unit investigative and counterintelligence functions. Formulated account management procedures for sensitive applications. Unit Contingency Planning focal point. Responsible for extensive revamping of automated application software utilization activity which reduced man-hours spent on analysis by 24 . Managed significant numbers of application group accounts as division Security Manager.
• Speaking, Publications, Interviews - Architected and managed enterprise-wide security systems for major corporations. Have spoken internationally on leading edge security topics at client sites, the HP World Conference, Seguritec 2001 Peru , Mosler User's Conference, eSecurity's User Conference, Texas Association of State Systems for Computing and Communications TASSCC , Scottsdale Institute Fall Program, The College of Health Information Management Executives CHIME 2003 Fall CI Conference, and the ASIS International Information Technology Security Council Security Workshops and ASIS International Security Annual Symposia. Published author in the information security field. Als interviewed by several security and health related periodicals t include CI Online, CS Online, Network Magazine, ComputerWorld, Network Computing, ASIS's Security Management Magazine, CNet News, and Health Data Management Magazine as well as written articles for the Journal of AHIMA, and Information System Security Association ISSA Password magazine.
• Education Training - Master's degree in National Security Affairs political science at the Naval Postgraduate School, Monterey, CA Bachelor's degree in Finance Indiana University and numerous specialized courses in budgeting, cost analysis, economic analysis, political analysis, computer programming Basic, Fortran, PL-1/D, USCD Pascal, and COBOL , security, and information acquisition and analysis.
• Indiana University, Bachelors of Science, Business, Bloomington, IN, May 1979
• Naval Postgraduate School, Masters, International Security Affairs, Monterey, CA, June 1986.

Specific Hardware Software Experience

• Cisco, Checkpoint, and Sonic Wall Firewalls, CICS Routers/Switches/Pix/NetRanger/NetSonar, Network Multiplexors, Gateway, PCs, AT T 3B2, HP 9000/650, Sun Servers, RISC 6000 and AIX, Pyramid
• UNIX BSD 4.3, AIX, Linux Redhat, MVS, VS, MS-DOS, Windows 7, 98, XP, 2000 and server platforms , UNIX MLS, Solaris, Sun O/S, Novell Netware, TCP/IP, Lantastic, Futura Team, Right Hand Man, T1/2/3, 802.3 IEEE Fiber Optics, Token Ring, Thin Net, WANG FASTLAN, broadband/baseband methodologies, POSIX, GOSIP, OSE, MS Windows, Windows NT, Norton Utilities, PC Tools, CheckIt, Norton Commander, WordPerfect, Microsoft Word, Oracle/ Informix/Ada RDBMSs, Fortran, Pascal, PL-1/D, Basic, COBOL
• Critical Watch Vulnerability Management, White Hat, Veracode, F5 ASM, SAINT Vulnerability Scanner, Cenzic Hailstorm Web Vulnerability Scanner, NESSUS vulnerability scanner, System Configuration Management SCM , Cisc Wireless Security Control, Aruba Wireless Security, AirDefense Wireless Security, Splunk Syslog Server, SolarWinds LEM, MoveIT DMZ and Central Secure FTP Server, ArcSight, McAfee Webwasher Proxy and Malware, ESET Antivirus, dotDefender, Sophos Anti-Virus, Keystroke Logging, SecurComputing Safeword Softoken/DES Gold Card, Axent ESM/Intrusion Detection/Net Recon, Finjan Surfin' Shield/Gate, RiskWatch, Buddy System, PGP E-Server/Key Server/Desktop Encryption, E-Security Centralized Logging Utility, Aim Safe 2000 DRP tool , AT T System V Ver. 4 MLS, SC SecureWare SixMax, CMW, CSP , RACF, ACF-2, Top Secret, IST RAMP, WANG VS Secure, WANG ESAC, Cisc Secure Authentication Server, TACACS/ TACACS , Radius, Sun Basic Security Module/ARM/ASET, NIS , Sun Network Security Manager, Raptor Firewall, Checkpoint Software Firewall-1, Gauntlet Firewall, Pix/FWSM/IOS Firewalls, Nokia Checkpoint FW-1, Nortel Contevity VPN, Symantec Enterprise Security Management, Symantec DeepSight Threat Management System, E-Security Central Alert Logger, Sanctum's AppShield and AppScan, SpiDynamic's WebInspect, WebSense, SurfControl, TrendMicr AV/ E-Manager/Mail Protect/Server Protect, Cisc Network Intrusion Detection System, Host-Based Intrusion Detection ISS, Okena, Entercept , Netscreen and SonicWall Firewalls, CompuTrace, Air Defense, Air Magnet, NetStumbler, and Kismet. RSA One Time Password Token, Keon UPS, PowerBroker, TripWire, AppDetective, ISS DB Scanner, Autosecure, ISS, HP-UX System Administration Module, SATAN, SPI, OpenVision SecureMax, Tivoli Management Environment a group account manager , Oracle RDBMS, Central Point Anti-Virus, Norton Anti-Virus, F-Protect, FIPS Publications, OMB, DoD/NIST Security Directives