SUMMARY:

• As a certified and practicing advisor with a background in cybersecurity and network engineering I assist companies in optimizing the benefits of information security management, as a senior security manager and consultant I have established, implemented or audited information security in over one hundred and fifty institutions.
• I have an in depth understanding of enterprise - wide, multi-platform, operating systems security, network security, application security, database security, governance and regulatory compliance, and incident and risk management.
• By using my unique technical talents and background in network engineering, my input has resulted in the dramatic reduction of the loss of intellectual property due to accidental leakage or malicious intent and a significant reduction to regulatory risk.
• Working with Defense contractors in DoD environments I have supported information assurance activities in both an ISSO and ISSM role.
• In addition, I have prepared product for DoD delivery to include final hardened configurations. I work closely within the guidance’s provided NISPOM, DIACAP, FISMA, FIPS etc... to ensure that network components comply with mission level goals.
• As a network engineer I have used my knowledge and hands on capabilities to resolve the many issues that limit functionality due to audit or regulatory requirements.
• For high tech and commercial firms, I am conversant in GDPR, SOX, GLBA, PCI, FFIEC, ISO2700x, FedFRAMP, NIST, HIPAA, COBIT, and other security and compliance frameworks
• As a chief information security officer or senior business leader for information security or I can bring a wealth of knowledge and skill sets to any organization that uses information assets.
• I specialize in securing normal business practices and leading or chartering GRC or information security programs.

SKILLS:

• Corporate Information Security Specialist, including CISO and DPO roles
• Information security risk assessments
• Security systems implementation and design (I am technical)
• Policies and procedures specialist including written information security programs
• Firewall expertise including rules set analysis (All firewalls including Juno/Cisco IOS based)
• IDS/IPS installation and reporting expertise
• Network and Security Architect
• Budgeting for an information security program
• Ability to liaison with other departments
• Incident Response including the new GDPR 72 hour requirements
• SQL and systems hardening expertise
• Well written management reports including 'C' level documents
• Ability to translate business strategic plans into IT goals
• Ability to translate IT priorities to business objectives
• Windows/Linux Network Administrator managing thousands of users
• Security awareness training, HIPAA policies
• Proficient in the analysis, design, implementation and maintenance of networked systems
• Competent PowerPoint presenter for small and large groups.

PRODUCTS AND TOOLS KEYWORDS:

A10 ADC, Vectra, Cyphort, Nessus; Nmap; Cisco Routers; Snort; TCPdump; Fortinet Intrusion Detection Systems; Juniper Portals; AirDefense Wireless Probes; Secure Works IDS; GFI LANguard; Aelita InTrust; Nokia Checkpoint Firewalls; Ettercap; Metasploit; and other security related hardware and software used to secure environments.

CAREER HISTORY:

Confidential

Responsibilities:

• Acting in the role of a consulting information security officer enabling companies to achieve their security goals.
• These Rent A CISO engagements include facilitating an understanding with executive and senior management of their responsibilities in their new regulatory environments.
• Chartering information security programs including budgeting and team building.
• Privacy and information technology regulatory environments like GDPR, NISPOM, SOX, FFIEC, FedRAMP, PCI and HIPAA are a specialty.
• Also fully engaged in firewall rules development, FAS 86 software feasibility studies, independent security reviews including SOX and SSAE 16 audits and penetration testing.
• Working with existing security and IT departments providing deliverables like written information security programs and policies, business impact analysis and information security risk assessments, measurable improvements to their parent organizations have been made.
• And further, by employing the expertise to help these organizations understand the technologies and governance that will let them thrive as they comply with their regulations and standards, a deeper understanding of having security support the business is achieved.
• Compliance does not mean security, and engagements have resulted in increased security as well as more manageable compliance programs for client organizations.
• Recent engagements have been guiding an eclectic set of companies going public, universities and high-tech firms looking to leverage information security as a competitive advantage.

Confidential

Responsibilities:

• Work with existing customers to establish compliance with regulatory and contract obligations surrounding cyber security risk.
• Prepare organizations for their SOC2.
• Establish Incident Response Plans and exercises, business impact analysis (BIA), risk assessments, Board of Director reports and consultations with Legal departments.

Confidential

Responsibilities:

• Utilizing new measurement techniques for cyber security, establish likelihood and impact for risk register events.
• Identify critical projects and create a Board level report to present to the Board of Directors.
• Establish COBIT5 process capability levels on various business functions and establish metrics for improvement.

Confidential, Mountain View

InfoSec Risk Consultant

Responsibilities:

• Prepare the cybersecurity risk assessment for Confidential pre-market entry of Confidential cloud based medical device software.
• Work with development team to analyze vectors of potential attacks and enumeration of the controls necessary to mitigate risk.
• Work with compliance to develop the documentation necessary to submit a successful package.
• Identify the HIPAA Security and Privacy rule gaps and perform an analysis on the efforts needed to close them.

Confidential

Practice Manager

Responsibilities:

• As a trusted advisor work with various State and Confidential 500 organizations to provide Board reports, establish GRC functions, perform security assessments, act on behalf of the organizations in the CISO or DPO role, prepare organizations for HIPAA and GDPR compliance, establish risk management frameworks (RMF), create Secure Software Development Lifecycles (SSDLC) and integrate cybersecurity into normal business functions.
• Provide direction on incident response, risk assessment, legal obligations for international regulations and information security consulting.

Confidential, San Francisco

Penetration tester

Responsibilities:

• External and Internal Penetration Test.
• Perform tests, write deliverable reports and present to the CIO and his team.

Confidential, Mountain View

Project Manager

Responsibilities:

• Short term project to build out the task list for special projects concerning GRC and FedRAMP Authority to Operate (ATO).

Confidential, San Jose

Information Security Architect

Responsibilities:

• Working with a newly public company, building an information security program, risk assessments and business impact analysis/business continuity plans.
• Addressing security concerns, selecting controls and programs utilizing NIST, ISO and COBIT5 to prioritize security risk.
• Acting as security advisor including developing budgets and training personnel.

Confidential, Pleasanton

Cloud Security Architect

Responsibilities:

• Working with the cloud engineering department at State Compensation Insurance Fund, hardening the cloud architecture for compliance with FedRAMP and other security programs.
• Providing direction to release engineers concerning security products and controls to integrate into the cloud framework.
• Evaluation of information assets, risk assessments, knowledge transfer and project management as well as security design are some of the deliverables for this project. (contract)

Confidential, Santa Clara

Subject matter expert

Responsibilities:

• Utilizing Big 4 experience and Confidential tools like e-audit, audited a San Jose based company for it’s 2013 SOX audit.
• Interviewed staff, collected and organized evidence and provided direction for appropriate remediation of IT related security controls. (contract)

Confidential, Campbell

Responsibilities:

• Working with the Platinum Security team to develop an effective information security program including log management, incident response, risk assessment and preparing for audits.
• Also acting as a product owner for a network security solution, writing Agile stories, and prioritizing features. Interviewed experts for feature sets and usability functions for a product that was under development and assessing the potential products strengths and weaknesses.
• Worked with the internal IT team for this small start-up to provide direction so that they could secure their complex development environment. (full time)