SUMMARY:

Seasoned Deep Generalist and Cyber Security professional. Offering a focus in Governance, Compliance, Enterprise Network Security Operations Advisory, Security Operations, Analytics and Reporting (SOAR), SIEM Design, Forensics Analysis, Mitigation, Security, Risk/Vulnerability Assessments, Data Loss Protection Management and more. Excellent verbal and written communication skills and personal interaction skills.

CAREER OBJECTIVE:

Composable Infrastructure focused

MANAGEMENT SKILLS SUMMARY:

• Passion for enabling business process while reducing business risk
• Practiced managing skilled employees, contractors and project teams across diverse locations
• Compliance and governance development through policy, standards, process, and control
• Incident and problem resolution, concentrating on SLA’s and transparent root - cause analysis
• Manage strategic Vendor and supplier relationships, including, cyber risk assessments, procurement and support contracts
• Change management with a focus on risk assessment, risk management, and communication

TECHNICAL SKILLS:

Tableau Software: Business Intelligence and Analytics

NetBrain Software: Network Automation

Nessus Software: Vulnerability Scanner

Qualys: Information Security and Compliance

OSSEC Software host: based intrusion detection, Trustwave

RSA Archer Vendor Risk Management: , Snort, Splunk, Kali Linux

PROFESSIONAL EXPERIENCE:

Confidential

Cyber Security and Compliance Project Manager

Responsibilities:

• Developed vulnerability metric methodologies to identify value gaps and insights for process enhancements and efficiencies for best practices metrics/reporting.
• Provided best practice recommendations to senior management and executive business stakeholders on how to integrate “centralized” requirements with current systems and business processes across regions or domains.
• Provided insight into design sessions with IT teams to help translate “centralized” requirements into workable business solutions across multiple Confidential ’s domains.
• Provided support for continuous process improvement by driving policy, standards and guidelines development. Engaged in the research, procurement and implementation, and maintenance of standardized tools, templates, and processes across multiple business domains.
• Developed recommendations for regional and national process improvements which aligned with sustainable best practices, and the strategic and tactical goals of Confidential ’s business model.
• Developed enhanced methodology for monitoring, metrics, reporting and publishing status of cybersecurity posture.

Confidential

Sr. Cyber Security Specialist

Responsibilities:

• Performed as a third party Sr. Cyber Security Consultant reporting directly to CISOs with duties in support of Confidential ’ private and public clients.
• Engaged business partners and technology teams to address enterprise-wide processes such as strategic security vulnerability management, system access, operational health assessment process, security incident management, and internet/mobile environment management.
• Designed meaningful operational metrics and analyzed risk beyond technical level. Lead and mentor, and a member of the global team supporting the network and cyber security infrastructure.
• Developed and established enterprise-wide information security related technical policies, standards, and guidelines associated with testing requirements for global security operations.
• Directed the alignment of business goals and objectives with diverse security architectures (e.g., people, processes, technology) for the client’s business environment.
• Provided guidance and consultation to C-level executives by designing IT strategic plans and roadmaps for Governance, Risk, and Compliance (GRC), with ISO 27001 ISMS project management. Third Party Oversight and RSA Professional Services Advisory.
• Analyzed extracts, processes, and interpreted the actual breach evidence to prove the attacker’s actions to the global security team.
• Provided assistance to the network security operation team with the capture of important threat information when their computer systems and networks were compromised.
• Provided operational support to track, manage, mitigate attacks, malware, and vulnerability events.
• Integrated systematic and structured risk management strategies, as well as properly aligned strategic security programs that met not only the demands of the entire organization but were perfectly postured to withstand even the most rigorous of rule, regulation, and guideline inspections/audit.
• Response time to security incidents decreased by 90%, increased root cause identification by 50% and greater mitigation resolution by 95%.
• Manage strategic vendor relationships, including procurement and support contracts and managed vendor partnerships, negotiating discounts and service support.
• Built maintained and managed security engineering tools platform.
• Conducted trend and predictive analytics for network security systems and other integrated critical information systems from SQL Queries.
• Designed decision-making logic and context and provided formalized workflows for informed remediation.
• Engage in partnerships with the client’s areas to maintain an understanding of their processes and the inter-relations with information security processes.
• Developed a variety of vulnerability management scanning processes using Nessus to include the identification of malware, patch management deficiencies, firewall and cloud infrastructure security gap reporting. Managed several projects from concept to completion while managing outside vendors.

Confidential

Cyber Security Solutions Architect (Consultant)

Responsibilities:

• As a third party external Cybersecurity solutions architect, designed and developed solutions for information systems for managing electronic threats and vulnerabilities, privacy issues, physical security, and operations continuity for the global enterprise.
• Conducted security reviews of critical applications and enterprise asset management program.
• Researched new trends and technologies related to cybersecurity, governance, risk, and compliance.
• Provided C-level management with reports/metrics on enterprise state of health.
• Worked as Project manager for numerous business initiatives from proof of concept, business case creation, planning, procurement, execution, and closure.
• Utilize solid business knowledge and expert technical experience of IT security to collaborate with other teams and leaders to provide a secure information environment and facilitate business enablement with a sound ROI.
• Diagnosed forensic security issues and established processes for monitoring enterprise network and systems management; documented security platforms with a authority, recommended and implemented state-of-the-art security management products, tools, and offerings in “total ownership cost” methodology. Increased intrusion detection by 100% of the enterprise network traffic in multiple disciplines (Windows, UNIX, Linux, DLP, endpoint controls, databases, wireless security and data networking).
• Developed and implemented architectural designs for file integrity monitoring process of PCI hardware and software assets. Developed processes for reducing the timeline for clients to meet compliance requirement deadlines. Created processes for escalation notification, detection management and alert management on unauthorized file system modifications involving malicious behavior embedded in the log files of COTS products as well as custom applications and SIEM tools. Specific PCI focus covered the sections of file integrity monitoring (PCI 11.5, 10.5), log inspection (PCI section 10) and policy enforcement/checking. Passed PCI 3.0 on time and budget.
• Developed automation process and streamlining ongoing oversight of third-party relationships. Redeveloped key business processes impacting vendor management vetting and provisioning vendors. Reduced vendor vetting process time by 50%.
• Formulated enterprise risk management and compliance monitoring solutions for clients. Provide a near real-time view of their compliance posture, showing when critical configuration standard guideline parameters haven fallen outside predefined threshold values. Deliver solutions that continuously monitored the landscape, identifies potential risks to enable proactive remediation, and delivers the reporting and associated artifacts necessary to address regulatory oversight - all while meeting compliance requirements such as FISMA, SOX, PCI-DSS, HIPPA, ISO27k, FedRAMP, and custom user-defined compliance frameworks.
• Developed trend analysis for malware detection, vulnerability management analysis, configuration and firewall auditing. Increased root-cause identification by 75%.
• Developed and implemented end-to-end discovery processes and vulnerability assessments of enterprise assets to ensure effective security audits of the system affected by regulations such as PCI, HIPAA, and NERC. Delivered security operations analytics and reporting technology results.

Confidential

IT Solution Architect Solution Architect

Responsibilities:

• Managed the design, development, and coordination of multiple video-on-demand architecture implementations for customers in the USA, Europe, and Latin America as part of the global professional services engineering organization at Confidential.

Confidential

Information Security Solutions Architect

Responsibilities:

• Design in areas to include enterprise infrastructure, security, operations, integration, execution and network, spanning multiple heterogeneous platforms, and particularly as these models apply to new business drivers such as e-commerce and other Web Technologies. Developed vulnerability testing and remediation practices.