Summary:

• Senior information security, compliance and risk professional with several years of experience in managing major security projects, working with C-Level security executives on critical strategic and technical initiatives in varied industries including communication, financial services, hospitality and public Services.
• Strong expertise in Security/Compliance assessments, Security/Risk Management, Threat, Vulnerability Management, Network Engineering/Administration/Security, IT infrastructure management and Security Architecture.
• Skilled in developing Security Strategy, Security Program, Security Governance, Policies, Procedures and Guidelines. Industry certified with broad technical knowledge, strong analytical ability, strategic thinking and excellent communication skills. Proven track record of leading projects successfully with solid planning and execution. Familiar with security standards such as GLBA, SOX, PCI and CPNI.

Professional Experience

Confidential Top 8th service provider offering residential and commercial video, high-speed data HSD and voice services needed help with developing and maintaining Security Program.

• Acting as a primary security contact for the company reporting to CTO and Group VP of IP Networks.
• Researched and evaluated DDoS mitigation tools both in-house and cloud based including Arbor Peakflow SP DDoS Threat Mitigation System TMS , Sandvine Network Protect and AT T Internet Protect DDoS Defense .
• Lead network and security architect for a new Collocation Data Center that's hosting critical customer facing applications. Managed all aspects of deployment including budget, project management, vendor communication, Internet/MPLS circuits, end-to-end network and security build.
• Researched and evaluated Botnet security products for HSD Internet customers including Damballa, KindSight, Sandvine, and Xerocole. Setup lab network to compare and analyze each product and conducted field trial.
• Network Security Lead on several high profile multi-million dollar projects. Planned, deployed and managed network and security for various applications including Cisco CNR, ARRIS SAA, Cisco TelePresence etc. Migrated several critical applications with minimal downtime.
• Lead architect for new corporate head quarters building including end-to-end planning, designing and deployment.
• Developed SOC processes, policies to be able to respond to a security incident in an appropriate timeframe based on the severity and deployed several tools required for building SOC.
• Deployed Tivoli Security Operations Manager as the primary Security Incident and Event Manager SIEM tool
• Deployed ArcSight as the centralized logging platform for both network devices and servers.
• Reviewed their current network architecture and strategically placed the IPS sensors to detect/deny malicious traffic, tuned sensors, and integrated with TSOM for security events.
• Deployed ACS View to monitor and audit TACACS access to all network and security devices.
• Deployed Allot for enforcing corporate network traffic policies such as restricting P2P, video streaming etc.
• Configured Tivoli Security Operations Manager to integrate with several security devices on the network including but not limited to Firewalls, IPSs, and Deep Packet Inspection tools Arbor , Vulnerability Management systems Qualys and critical servers. Created rules to filter high security events and generate tickets.
• Deployed BotNet Traffic Filters ASA for internal corporate network on all internet egress locations.
• Worked with internal security team to analyzed network security controls in place to prevent potential intruders from unauthorized access to the HealthSmart internal network from remote locations and analyzed application security posture from the Internet
• Confidential a health care solutions company, needed help with evaluating their security posture from outside world.
• Configured always-on and auto-connect profiles for specific field users.
• Configured Certificate based authentication and Active Directory based authentication for different user groups.
• Configured various profiles for employees, consultants and vendors with different access controls.
• Worked with Director of Global Infrastructure and Security to deploy fully redundant SSL VPN solution at geographically diverse locations in US and Asia.
• Confidential sports equipment maker needed help with deploying secure remote access solution.
• Developed a comprehensive list of security policies and lead security program development.
• Conducted security audit/assessment to find the gaps in the network based on ISO 27002 standards to assess the security of Mediacom network
• Provided on-going guidance as needed to be compliant with PCI, CALEA and CPNI security standards.
• Performed an external vulnerability assessment and penetration test of public facing systems in order to identify potential exploits and vulnerabilities.
• Performed Social Engineering and Phishing attacks to determine to what extent information security awareness training had been communicated.
• Provided a final Security Assessment report based on the vulnerabilities found and provided recommendations to mitigate the risks.

Confidential

Parent company for hotels, restaurants, travel services including Radisson, Country Inn, TGI Friday's, Carlson Wagonlit Travel needed help with identifying, mitigating security risks with access to restricted traveler information when migrating military and government clients from an acquired company into their core applications.

• Worked with Information Security Officer to review core applications that impact migration and assessed associated risks specifically in terms of access to restricted traveler information to be compliant with government regulations and contracts.
• Created access control processes, and workflow diagrams to gain access to restricted data.
• Created data flow diagrams to depict end-to-end flow of 'restricted' data.
• Worked with several application owners, business owners, and system application administrators etc., to revoke access to individuals that are not cleared for access.
• Provided a final Risk Assessment report based on NIST 800-53 and FIPS 200 and provided recommendations to mitigate the risks.

Confidential one of the top 4 wireless and wireline provider needed to ensure compliance with various classified and unclassified government customers, applicable regulations and industry standards.

• Worked with several executives from Corporate Security and legal counsel to assess provider's compliance with personnel, data and access security requirements in government contracts, regulatory requirements and industry standards including but not limited to OMB Cir A-130 Appendix III , NIST SP 800-53, FIPS Pubs 199 200, NISPOM, DCID 6/3 etc.
• As a Security Lead, managed all aspects of migration including designing security architecture, configuration, vulnerability management, transition plan, documentation, executive communication, status.
• Confidential Mediacom, one of the top 10 service providers offering residential and commercial video, high-speed data and voice services wanted to migrate security management for their corporate IT network from a managed security services vendor to in-house and to develop security program.
• Assessed insider threats that include access to government sensitive information available from provider's internal back office and core OSS applications. Assessed personnel clearance requirements according to the data that was being accessed. Provided recommendations on security measures to correct deficiencies that were discovered in order to be compliant.
• Redesigned security architecture, managed all new circuit deployments, firewall deployment in various sites, VPN deployment that included remote access for users, setting up RADIUS authentication, integrating with Active Directory, migrating more than 200 site-to-site tunnels with various vendors and branch offices on Cisco ASAs/PIX. Deployed Cisco Security Manager to manage these hundreds of firewalls, IPS's and site-to-site VPN tunnels. Reviewed/updated firewall rules and managed changes to all firewalls.
• Managed, implemented distributed Network Behavioral Analysis System Arbor Peakflow to detect and contain known and unknown malicious behavior, monitor employee usage activity p2p etc , monitor the bandwidth etc.
• Developed and implemented end-to-end vulnerability management process. Deployed the trial hardware and evaluated vulnerability management vendors Qualys, NeXpose Nessus and provided a final recommendation on a product that meets client's requirement Qualys . Deployed and initiated vulnerability management life cycle by grouping sets of critical infrastructure devices based on the risk associated, delegated roles to different department owners.
• Setup lab environment, deployed trial hardware for Cisco NAC to evaluate both options in-band and out of band.
• Researched SIEM solutions for the client that included products like Tivoli Security Operations Manager, Cisco MARS, and Prism Micro Systems etc.
• Worked with Chief Security Officer to develop Information Security Policy and other security policies such as Third Party Access Policy, Information Classification Policy, Application Development Policy etc includes 8 other policies aligned with ISO 27002 standard.
• Confidential an international investment bank needed help with developing security program, governance structure, policies, standards, guidelines for securing critical infrastructure housed in their data centers.
• Developed security program that included developing several security policies and governance structure, steering committee to include business owners from various departments.
• Provided design, as-built and operational documents for all the projects.
• Worked with several Corporate Security executives to assess several areas including access controls User Account Management Vendor Network Access Applicable Documentation Design, Operations Documents, configuration/security guidelines etc. Change Control Processes physical connections firewall configuration NOC workstation security systems hardening/compliance as applicable for both CDMA and SMS networks with industry leading security practices, and standards such as NIST, ISO NRIC. Conducted vulnerability scans, analyzed, categorized according to the risk.
• Confidential security posture for the CDMA distribution/management network, SMS network, Call Detail Record CDR systems.
• Recommended best practices for security architecture and design and provided recommendations to remediate security issues.
• Developed an Information Security Policy that included all aspects of security ranging from Physical Security to Network and Password Policies.
• Performed Vulnerability assessment on the agency network, conducted security scans using Qualys and Nessus. Conducted penetration testing to further verify the vulnerabilities.
• Worked with Director of IT to conduct Security Assessment which included Policy assessment verifying the compliance with DOI/CISAFE Department of Investigation /Citywide Information Security, Architecture, Formulation, and Enforcement security directives and the industry standard ISO 127002.
• Confidential needed help with assessing their security posture for their network and with developing security policy.
• Developed Information Security governance roles, responsibilities and organizational structure Policy and Procedures Committee that incorporate security functions from each department.
• Developed Incident Response Framework that includes policy, guidelines, procedures for handling various incidents and Risk Assessment Framework to address risks associated with the IT controls.
• Developed security guidelines covering specific technical areas including but not limited to OS, Application, Database, Network, Firewall, Vulnerability and Patch Management etc includes 14 other guidelines .
• Assessed CDR database security, end-to-end transport security of the call records, and communication path security for SMS network.
• Designed a new IT organizational structure for the functions that report to CIO based on 'success profiles' for each role to be successful at their positions.
• Confidential an investor service and credit rating agency, needed help with IT strategy and re-structuring.
• Planned IP allocation and assignment process in a phased manner and migrate off of the existing outsourced provider's assigned IP space over few months with minimal service interruption to both commercial and residential subscribers 700,000 . Managed all communication with ARIN for requesting initial IP blocks and subsequent addresses for subscriber growth. Designed IP hierarchy for use in different regions for both customers and management with a commercial tool for IP address management IP control .
• Worked on all aspects of migration including, deployment management, and security ensuring smooth transition with minimal downtime. Specific areas of migration that were transitioned from the provider to in-house included TACACS Authentication, SNMP, Logging, ACLs, etc. Managed changes to all firewalls, core routers and other devices to support these new services internally ensuring tight security. Setup redundant Cisco ACS servers for authentication.
• Confidential video, high-speed data and voice services wanted to migrate network management from an outsourced provider to in-house in several states and to migrate subscribers' public IP addresses that belonged to the outsourcer to their own.
• Provided a catalog of applications from different regions that had overlapping OSS functions across the enterprise. Provided a current state architecture that had multiple custom built and COTS applications with numerous point-to-point integrations between each other and target state SOA based architecture with integrated communications framework for various application interfaces.
• Reviewed, analyzed various vendor products focused on Network Discovery/Reconciliation and recommended semi-Automated Discovery/Reconciliation process to minimize the amount of human interaction to maintain a well synchronized Network Inventory improving real-time data accuracy.
• Worked with several network teams to assess different sources of network inventory data and provided a Federated Inventory Management system of record supporting all regions/divisions providing an end-to-end view of both Inside Plant ISP and Outside Plant OSP .
• Confidential, one of the top 5 service providers offering residential and commercial video, high-speed data and voice services needed help to standardize simplify service assurance across the enterprise.
• Deployed traffic shaping and bandwidth management solution Packeteer to prioritize the traffic, restrict excessive downloads for documents that city agency provided on their ACRIS Automated City Register Information System site and improve the performance.
• Performed Web Application System testing using Web Inspect to ensure that the input validation and the entire underlying infrastructure meet security best practices and in terms of functionality of handling financial records.
• Confidential needed help with web application security and traffic shaping.
• Developed Windows Server Security standards/guidelines and documented their Enterprise Wide Single Sign on Solution which involved the integration of the Active Directory with the Oracle Internet Directory.
• Confidential and documenting their Single Sign on Solution
• Deployed, configured redundant Sandvine reporting servers to generate reports such as network demographics by protocol, malicious traffic, P2P traffic etc.
• Managed end-to-end Sandvine appliance deployment Policy Traffic Switch - PTS 8K, 14K , policy configuration, core router, switch configuration for managing bandwidth intensive traffic such as peer-to-peer traffic and mitigating worm/DOS traffic for thousands of subscribers per region in several states. Conducted bandwidth analysis on each region to make a decision on the hardware required. Provided design, as-built and operational documents for each deployment.
• As a Security Lead, managed all aspects of project including deployment management, configuration, security, status.
• Deployed trial hardware and evaluated vendors Ellacoya Sandvine that provided bandwidth management solutions and security protection that client needed. Provided a final recommendation on the product that met client's requirements Sandvine .
• Confidential residential and commercial video, high-speed data and voice services needed help with managing bandwidth-intensive traffic and controlling malicious threats.
• Provided key findings, gap analysis and recommendations on remediating security issues, mitigating controls.
• Reviewed Outsourcing Process Controls including infrastructure security criteria for vendor selection, standard contract language on IT Network security, policies etc.
• Assessed their current IT strategy that included reviewing several existing projects that dealt with legacy application development and comparing with the industry best practices. Provided recommendations on various projects to improve efficiency and effectiveness of IT services.
• Researched, evaluated various vendors that offer Intellectual Property Protection aka Data Leak Prevention , including Vontu, Vericept, Oakley Networks etc. according to different criteria such as ability to meet the immediate needs, Content Detection Technology, Accuracy in Detection reduction of false positives , Ease of implementation, Product Maturity, Strength of Customer Base etc.

Internal BearingPoint

In addition to project delivery for various clients, worked on several proposals for large projects, worked on developing internal solutions for Risk, Compliance and Security.

• Managed different vendors, the client's Information Systems department and managed offshore operations, provided SLA reports for management review.
• Primary duties included network administration and security. Managed departmental systems, which were a mixed environment of Novell and Windows with email servers
• Confidential, one of the largest automotive suppliers outsourced their network administration/operations
• Administered and supported UNIX servers running custom automotive application
• Managed backup operations and patch management using Big Fix.
• Managed security of the network infrastructure, created security policies and system security plans.

Confidential

• Responsible for the network upgrades for a leading auto parts retail chain. Experienced with point-of-sale software, hardware peripherals and supporting clients' project management activities. Responsible for defining the overall network architecture and high-level design.
• Lead Network Engineer for a health care organization responsible for upgrading the network infrastructure.
• Configured and installed 4500, 6500 series switches throughout their enterprise wide network ensuring a minimal down time during the upgrade process. Developed As-Is and As-Built documentation for the client.
• Worked with the client to understand their architectural needs and gathered technical requirements. Assisted project team management with technical project planning, including overseeing system design, development, and quality assurance.
• Worked on migration of UNIX based environment to Win 2000, and also worked on Wireless infrastructure setup for sales and retail employees. Prepared deliverables such as User documentation and Operating Procedures. Setup standards for ensuring quality of service while performing the overnight upgrades without the disruption of business.

• Provided hardware and software technical support for the bulk mailing office network dealing with customer database management and commercial printers.
• Involved in the planning of an Active Directory deployment strategy for the network. Patched and reinstalled operating systems and network services as necessary. Diagnosed and corrected security vulnerabilities in multiple servers of varying platforms.

• Acted as technical team lead on OS migration projects in various departments.
• Installed, configured and administered servers, workstations that are used by the students, faculty and staff of the college. Supported staff, faculty and users by providing training, maintaining user accounts and computer resources, and providing general instruction to provide network support to users.
• Responsibilities included troubleshooting access and networking issues concerning the university wide network. Active participant in the campus network upgrade
• Deployed Windows 2000 Active Directory and created various user-group policies over the campus-wide network. Functioned as a team lead during the campus wide rapid deployment of Windows XP at the desktop level using disk imaging and unattended setup files. Back up of relevant data using Norton Ghost imaging software.
• Utilized network management and analysis software including Sniffers to monitor and troubleshoot the network performance for traffic patterns and bandwidth usage with in different subnets. Conducted audits for all offices on campus to ensure server, work station have current up to date with OS and applications patches and Anti-virus software