SUMMARY:

• Energetic, visionary, hybrid security consultant qualified by a track record of compounding successes in information security/risk management and technology initiatives.
• Use of innovative strategies to add value to the business.
• My specialty is combining my hands - on technical expertise with highly developed project management/functional skills, enabling me to function in multiple capacities to provide maximum return to my clients.
• Secure Network/Enterprise Architecture, Secure Cloud Risk Assessment and Compliance
• ISO 27001/27002 , SSAE16/ ISAE 3409, PCI DSS, HIPAA, FEDRAMP
• Penetration/Vulnerability Testing, Ethical Hacking, Custom Scripting (Python, VBScript, SQL Query)
• Secure Coding review and analysis
• Identity Access Management
• Project Management
• Mobile Application security review
• Compliance auditing
• Presentation of technical initiatives to non-technical executive audience
• Risk Assessment and Management
• Metrics analysis and reporting

TECHNICAL TOOLS/SKILLS:

Metasploit, QualysGuard, Hardware Configuration/OS Hardening, Ethical Hacking (white/ black box, red/blue team), NMAP, Kali Linux/Backtrack, Core IMPACT/Insight, Nessus, Retina, Cisco networking suite, Virtual Computing, Secure Enterprise Solutions, Secure Cloud applications, Unix/Windows administration, public/private key encryption solutions.

PROFESSIONAL EXPERIENCE:

Confidential, Denver, CO

Program/Project Manager, Auditor

Responsibilities:

• Identification of staffing requirements, leveraging and management of project team resources
• Development of Statement of Work (SOWs), Cost Proposals for risk assessment/mitigation, vulnerability analysis, gap analysis and penetration testing activities.
• Identify, mitigate, and prioritize, manage and resolve project issues, constraints, dependencies and risks, develop and monitor project budgets.
• Communicate status, issues, and proposed solutions to C-level internal (Chief Information Officer) and external project stakeholders.
• Cross-organizational team collaboration.
• Facilitate decision making with project stakeholders, balancing the needs of different constituencies and facilitating consensus.
• Plan, distribute, coordinate and monitor work assignments; evaluation and feedback on work performance; identification and retention of top notch talent. Proponent of staff empowerment to foster individual development and increased job satisfaction to drive achievement of strategic goals and realization of enhanced process and decision-making efficiency.
• Performed web application and network penetration testing, password hash cracking, and vulnerability analysis for a variety of external clients.
• Performed functional risk analysis and audit, determining level of compliance with Confidential 800-53 revision 4 controls, documenting deficiencies, and preparing executive level reports to detail results and next steps to drive remediation efforts.

Confidential, Richmond, VA

Senior Vulnerability Management/Penetration Testing/ Risk Consultant

Responsibilities:

• Oversight of security & risk management activities, working with (executive) leadership and auditors to determine acceptable levels of risk for the organization.
• Development of policy, security architecture and implementation practices that met the regulatory and compliance requirements of the organization.
• Management of the governance, oversight, and support of enterprise information security, PCI compliance and critical infrastructure protections.
• Leadership of security teams responsible for information security policy, architecture, operations, administration, compliance and audit support.
• Management of day-to-day operations of security functions, development of security initiatives and standards, definition of work practices and relevant metrics for tracking performance.
• Engagement with cross-functional teams to implement practices that met defined policies and standards for information security, and development of organizational communication campaigns to foster a culture of security awareness.

Confidential, Richmond, Virginia

Senior Information Assurance Consultant/Project Manager

Responsibilities:

• Management and support of systems security certification, accreditation, and risk management activities.
• Provided strategic leadership and insight to facilitate security architecture gap analysis and subsequent implementation of enhanced defense in depth capabilities (addition of web application firewalls, proxy servers and host intrusion detection/prevention) to strengthen and improve the overall risk level of the enterprise wide area network.
• Identified, drove and managed continuous monitoring and mobile application vulnerability analysis/scanning projects and remediation efforts.
• Leveraged lessons learned to support future security improvements/recommendations.
• Managed infrastructure/application risk assessment and compliance auditing.
• Managed a team of 3 direct reports whose responsibilities included routine firewall maintenance, monitoring, security log auditing, and IDS/IPS watch standing.
• Redesigned and managed the incident response team in all aspects of response, forensic containment, analysis, remediation, and lessons learned.
• Fostered cross-collaboration between multiple support teams by introducing Agile Scrum methodology.
• Pioneered ongoing improvements to enterprise security posture. Evaluated the defense in depth posture of the existing network infrastructure, proposed and obtained critical infrastructure upgrades and the placement of new web application firewalls to protect critical, externally facing end points.
• Managed multiple certification and accreditation activities in a fast-paced, high-visibility/availability business environment.
• Performed threat vectoring and analysis

Confidential, Washington, DC

Senior Information Systems Security Consultant/Project Manager

Responsibilities:

• Spearheaded and managed the implementation of the Confidential 800.37 Continuous Monitoring Management Framework.
• Provided insight and recommendations to optimize the incident response process, including conducting process gap analysis and delivering expert training to junior staff to guide adoption of new processes.
• Oversaw full-lifecycle identity access management as applicable for personnel, systems, and applications.
• Introduced enhanced continuous monitoring capabilities to proactively reduce threats and vulnerabilities affecting the client network.

Confidential, Richmond, Virginia

Information Security Program Manager

Responsibilities:

• Led planning and execution of multiple information assurance and risk assessment projects.
• Conducted planning, budgeting, and execution of continuous monitoring efforts to proactively manage and increase the effective remediation of identified risks and vulnerabilities.
• Remediated deficiencies in the continuous monitoring program by performing gap analysis, preparing executive level reports and presentations to illustrate the need for augmented security monitoring tools and a better defined continuous monitoring program. Secured executive approval and subsequent funding to secure new monitoring tools and begin the implementation of a long-term, sustainable continuous monitoring strategy.
• Engineered dramatic improvements to vulnerability remediation efforts by implementing a continuous monitoring program to strengthen vulnerability analysis and remediation efforts.
• Supervised 4 direct reports, reviewed timesheets and completed midyear and end of year performance evaluations for each member of my team. Participated in hiring and interview processes to identify and retain new security talent.

Confidential, Washington, DC

Senior Information Systems Security Consultant/Project Manager

Responsibilities:

• Supervised and directed multiple certification, accreditation, and security improvement measures for a variety of local and cloud- hosted client systems, all performed in accordance with Confidential SP 800.53 revision 3 standards.
• Expanded competitive offerings by proposing and leveraging existing cloud initiatives to provide hosted services for other Federal agencies.

Confidential, Washington, DC

Senior Information Assurance/Technical Consultant

Responsibilities:

• Conducted risk-based and vulnerability analysis. Managed accreditation and certification activities for client systems and networks.
• Provided technical expertise and support to the Senior Program Manager on the subject of information security awareness, delivering in-depth recommendations, performing sanctioned social engineering and utilizing a variety of visual training tools to improve user security awareness.
• Recommended and documented a needs based analysis to justify the purchase of additional end user security awareness education.
• Decreased successful hack attempts on the corporate network by 95% through a complete overhaul of the information security architecture and monitoring activities.
• Addressed a lack of project, program, and change documentation by developing the organization’s first change management program, allowing improved visibility on all changes and new program additions.
• Reduced incident response time while raising quality of response by deploying a newly architected Incident Response Program.