PROFESSIONAL SUMMARY:

My area of competence is managing multi - phased complex technologies with proven abilities to manage multiple tasks, and maintain interactions of Infrastructure devices, servers, applications and resources, (for scope/group definitions, specific project plans, resource needs, activity schedules, risk management, & TQM). I successfully manage award winning Network/Security infrastructure; Implementation projects from design stages to deployment of ISO based processes to enhance service transitions & operations. On my previous jobs I lead research to design Security provisioning including perimeter, Identity & Access management. Digital Rights Management strategy process/procedure for Internal/Regulatory compliance process enhancements have been on my recent assignments. I have been involved in review of current status and having to re-design all processes; thus enforcing new security solutions on production environment that finitely log network traffic, tasks and activities. I've been responsible for scheduling, coordinating, and providing status of technical directions.

TECHNICAL SUMMARY:

Hardware: Server build/Consolidation experience on various servers, HP/DELL/IBM Blade Assembly; Bluecoat Proxy SG, CISCO 20xx, 29xx, 38xx, 44xx, 59xx, 65xx, 72xx F5 load balancers, Raytheon Websense/Forcepoint, Juniper/Pulse, Checkpoint, Palo Alto, CISCO, routers, switches & firewall configuration on LAN/WAN & Cloud infrastructures, Network Security Infrastructure design, and VPN configurations with firewall & IDS/IPS devices.

Software: Network/Infrastructure Management Tools; Datacenter Wintel/Linux/Unix platforms admin of SDN/NFV, CiscoWorks, HP Node Manager, IBM Tivoli Network Manager, QRadar SIEM, Site NIDS, Tivoli Security Operations Manager, Tivoli, ITIM, TAM, Cisco NAC/MARS/VMS; RSA Archer, Azure, Security Analytics; VMWare/Citrix/Hypervisor, Windows 2003, 2008, 2012. Microsoft Systems Center; MS LDAP, Enterprise Active Directory Admins; DNS, Terminal services, RHEL, Linux, McAfee Enterprise SIEMs suite, Software Patching & Distribution Tools such as MS WSUS, SCCM, Altiris, Tripwire Enterprise Administration

PM Tools: Primavera, HPPM, Plainview, CA Clarity, SharePoint, TFS & Microsoft Project.

EXPERIENCE:

Confidential

PM/Security Architect

Responsibilities:

• Engaged in drafting/restructure of the Compliance Roadmaps, identify documentation materials, processes, vendors and internal resources to accomplish external regulatory compliance initiatives and goals
• Document servers vulnerabilities (i) report remediation strategies for management approvals; (ii) Perform remediation strategies on test servers, if successful; (iii) Create Change management requests and deployment on production servers
• Network Devices/Servers vulnerabilities assessments using MBSA, Nessus, Tripwire, AppScan and Nagios to analyze security gaps & software dependencies as well as compatibility and impacts for vulnerability remediation strategies
• Policy designs & Architectural standards to resolve external regulatory compliance programs (NERC, PCI, SOX)
• Oversee projects implementation of preventative, detective and corrective technical/administrative process/controls to support information security program objectives, including PCI Network segmentation, content filtering, logging/SIEM, IDS/IPS, access controls, stewardship definition, authorization for access. Controls include security processes metrics
• Lead Sarbanes Oxley Project (Access Management, Centralized Workflow) - Project Manager, Systems Analyst, SME.
• Experienced datacenters architecture/migration supporting different environments: Dev/Test/QA, staging and production
• Managed functional teams for smooth applications/operating systems upgrades (Wintel, Linux, VMWare servers); image prep & transition to production in IaaS or PaaS in Cloud computing (release, go-live cutover, post go-live stabilization)
• Expert Microsoft Active Directory Rights Management Services (RMS); MS Lightweight Directory Services (ADLDS), Identity Manager & Certificate services; Designs/Administration of Microsoft Azure security for apps/workloads
• Framework as defined in NIST SP 800-37. Responsible for reporting and security training; security baselines based on FISMA are maintained and validated Confidential least annually
• Lead the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan,
• Project Managed the implementation and migration to the Risk Management Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports
• SME establishing rules for program/project vulnerability scans, risk analyses and security assessments which includes addressing controls defined by OMB A130 Appendix III, FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP500-299 for both business operations and technical implementation throughout the eSDLC for USDA
• Status Assessments and created communication & Project Plan for stable infrastructure support/compliance based on ISO/IEC 27002 and NERC CIP 2-14 standards; from Establish Security policies/Assets inventory & management/Risks Assessment/Change & Release Management process/Access control/Physical Environmental Security/DR & BC etc.,
• Expert with SSO Design and deploy using LDAP, ADFS & integrating vendor cloud-apps to in-house enterprise apps
• Assessment of Cyber Security Programs for Nuclear Facilities based on 10 CFR 73.54, NEI 08-09 and NIST SP 800-**.
• Deployed/Configured/Administration of RSA Security Analytics server 10.4; setup environment analysis/investigations
• Administration of VPN accounts authentications using multi-platform solutions including Cisco/Juniper/Pulse Secure VPN hardware and software & applications access controls on information security/information assurance policies
• Lead audit, evaluation & costs comparison of Free/Open Source Software (FOSS) and commercial off-the-shelf (COTS)
• Designed/Managed SDN/NFV on Datacenters VM-Series devices e.g. Palo Alto/Cisco/Brocade for cloud infrastructures
• Architect Server consolidation, Environment Planning/Sizing using IBM CDAT, deployed server virtualization on HP/IBM/Dell blades running Microsoft Hypervisor, Citrix & VMware ESX solutions using Platespin/Xen/Vizioncore
• 5 years of hands-on and familiarity with web proxy appliances: Websense, Bluecoat Proxy SG, Fireeye wMPS/NX/VX
• Ability to deploy Web 2.0 proxies such as Bluecoat Proxy SG and Websense for advanced content filtering
• Administration of Bluecoat Proxy SG, Raytheon Forcepoint for Security Analytics and Forensics, and Radware Alteon
• Experience with day to day network support, URL Filtering services, incidents, problems and change management
• Enterprise Software Patching & Distribution Tools such as MS SCCM, Altiris, Norton/McAfee Enterprise SIEMs suite

Confidential

Network Security Consultant

Responsibilities:

• Eliminating security challenges caused by hard coded application credentials, using proven best practices for smooth policy/application deployments across your data center and application infrastructures
• Administration of VPN accounts authentication managers for users & applications access controls on information security/information assurance policies, principles, and practices are in the delivery of enterprise network services
• Document servers vulnerabilities (i) report remediation strategies for management approvals; (ii) Perform remediation strategies on test servers, if successful; (iii) Create Change management requests and deployment on production servers
• Network Devices/Servers vulnerabilities assessments using MBSA, Nessus, Tripwire, AppScan and Nikto2 to analyze security gaps & software dependencies as well as compatibility and impacts for vulnerability remediation strategies
• Deployed/Administration/Upgrades of RSA Security Analytics server 10.3; setup environment analysis/investigations
• Installed, configured and Support of CiscoPix; Cisco ASA firewall, Cisco IPS (Intrusion Prevention Solution)
• Deployed/Support IBM QRadar Security Intelligence Platforms; and Tivoli Network/Security Operations Manager
• Expert Microsoft Active Directory Rights Management Services (RMS); MS Lightweight Directory Services (ADLDS), Identity Manager & Certificate services; Designs/Administration of Microsoft Azure security for apps/workloads
• Expert with SSO Design and Configuration using ADFS & integrating vendor cloud-apps to in-house enterprise apps
• Administration of VPN accounts authentications using multi-platform solutions including Cisco/Juniper/Pulse Secure VPN hardware and software & applications access controls on information security/information assurance policies
• Architect Enterprise Server consolidation, Environment Planning/Sizing using IBM CDAT, deployed server virtualization on IBM blades using Microsoft Hypervisor & VMware ESX server virtualization solutions Platespin, Xen and Vizioncore
• Deployed/Support Tripwire integrity tool to monitor and alert on specific file change(s) on defined range of systems
• Enterprise Software Patching & Distribution Tools such as MS SCCM, Altiris, Norton/McAfee Enterprise SIEMs suite

Confidential

Security Architect/Project Manager

Responsibilities:

• Status Assessments and created communication & Project Plan for stable infrastructure support/compliance based on ISO/IEC 27002 and NERC CIP 2-11 standards; from Establish Security policies/Assets inventory & management/Risks Assessment/Change & Release Management process/Access control/Physical Environmental Security/DR & BC etc.,
• Assessment of Cyber Security Programs for Nuclear Facilities based on 10 CFR 73.54, NEI 08-09 and NIST SP 800-**.
• Establish current security assessment and document infrastructure security support policies and guidelines
• Network Devices/Servers vulnerabilities assessments using MBSA, Nessus, Tripwire, AppScan and Nikto2 to analyze security gaps & software dependencies as well as compatibility and impacts for vulnerability remediation strategies
• Cyber assets identification, critical assets classifications, security policy developments per business units and for vendors
• Designed, deployed, change management processes for security upgrades & patch maintenance plans for all appliances and system devices, and standardized security policies across the board.
• Security vulnerabilities identification audits & make remediation on Cisco Routers/Switches/firewalls and servers
• Deployed/Support IBM QRadar Security Intelligence Platforms; and Tivoli Network/Security Operations Manager
• Delivery of Statement of Work (SOW) and Project implementation plan for Identity Manager security Provisioning
• Configure ITIM Services, Provisioning polices, Password Policies, Identity Policies, Entitlements, Adapters, and Self Service. And also using Cyber-Ark's Application Identity Manager Suite for role based access to applications
• Lead audit, evaluation & costs comparison of Free/Open Source Software (FOSS) and commercial off-the-shelf (COTS) in use within Sothern California Edison and their suitability/impacts on external Regulatory compliance initiatives
• Development of evidence matrix to mirror external NERC/FERC security regulatory compliance self-certifications.

Confidential, California

Solutions Architect/Program Manager

Responsibilities:

• Requirements gathering SOW definition, testing, release of enterprise infrastructure solutions.
• Experience on datacenters build and migration supporting different environments: Dev/Test/QA, staging and production
• Managed functional teams to ensure smooth applications/operating systems upgrades (MS Wintel, Linux, VMWare servers); for image prep & transition to production operations (release, go-live cutover, post go-live stabilization)
• Network Devices/Servers vulnerabilities assessments using MBSA, Nessus, Tripwire, AppScan and Nikto2 to analyze security gaps & software dependencies as well as compatibility and impacts for vulnerability remediation strategies
• Enterprise Microsoft O/S administration using MOM, SCCM, MBSA, Windows updates & security patches via WSUS
• Enterprise Software Patching & Distribution Tools such as MS SCCM, Altiris, Norton/McAfee Enterprise SIEMs suite
• Architect Server consolidation, Environment Planning/Sizing using IBM CDAT, deployed server virtualization on HP/IBM/Dell blades running Microsoft Hypervisor, Citrix & VMware ESX solutions using Platespin/Xen/Vizioncore
• Expert with SSO Design, Deployment using ADFS & integrating vendor collocation-apps to in-house enterprise apps
• Architect/SME Lead IBM QRadar Security Intelligence Platforms; and Tivoli Network/Security Operations Manager
• Facilitate updates of PCI/SOX/HIPAA compliance documentation Metric Streams based on changes in process, personnel or Assets/application/systems.
• Coordinate the completion of SOX 404 scoping and planning documentation with Senior C-level Financial Management
• Wrote Business Requirements, System Requirements, RFI, RFP and all supporting documents leading to Vendor selection and management. Ran Proof of Concept. Planned and ran product implementation of Sun Java System Identity Manager (previously Waveset Lighthouse) in provisioning project as replacement (in some instances) and/or addition for BMC Control-SA for provisioning into Unix, Tandem Base24, RACF, Unisys & Oracle.
• Lead Sarbanes Oxley Project (Access Management, Centralized Workflow) - Program Manager, Systems Analyst, SME
• CA Governance/Identity/AuthMinder/SiteMinder - IdM Workforce Lifecycle Project - Solution Architect
• Status Assessments and created communication & Project Plan for stable infrastructure support/compliance based on ISO/IEC 27002 and NERC CIP 2-11 standards; from Establish Security policies/Assets inventory & management/Risks Assessment/Change & Release Management process/Access control/Physical Environmental Security/DR & BC etc.,
• Creation of Identity Management Roles/Rules processes, Use Cases, Workflow and Data Flow documentation. Documentation of existing (“As-Is”) process in order to develop process improvements (“Future State”) through Identity Management. Training of existing staff on Identity Management methodology and toolsets.
• Security vulnerability audits & remediation on Cisco Routers/Switches/firewalls/Load balancers Administration
• Administration of VPN accounts authentications using multi-platform solutions including Cisco/Juniper/Pulse Secure VPN hardware and software & applications access controls on information security/information assurance policies
• Installed, configured and Support of Cisco IPS/IDS Cisco Intrusion Detection and Prevention appliances for solutions
• Configure & support Cisco VPN concentrators, using Cisco VMS, Cisco MARS for network secure access controls
• Client implementation planning of Netegrity SiteMinder 5.5 w/ Netegrity IdentityMinder 5.6 (Web Edition) utilizing iPlanet (LDAP) and CA GovernanceMinder, CA SiteMinder - Process planning, solution Architecture and Deployment.
• Deployed/Support Tripwire integrity tool to monitor and alert on specific file change(s) on defined range of systems

Confidential, Raleigh, NC

Network Design/Operations Engineer

Responsibilities:

• LAN/WAN Network designs, support, & development in multiple environments Activities could include adds/changes/deletions of devices, application rollout, introduction of new technology to the area general traffic growth, etc.
• Assist in analyzing networks in terms of traffic patterns, protocols, to forecast growth and recommend solution via professionally prepared PM software & Technical Documentation feedback.
• Analyze network to ensure a secure infrastructure and implement to enforce all network security policies.
• I was involved in Projects budgeting & implementations to clients satisfaction, timing, coordination of various groups for network performance for balanced efficiency.
• More of the job involved increasingly network security solutions.
• Design, deploy configuration and support with CiscoWorks LMS and RWAN
• Designing and installing CiscoWorks on Solaris and Window server Platforms
• Network risks and security architecture development
• VPN, Frame Relay, & other WAN Configuration supervision
• Supported HP Openview for network monitoring & remote maintenance
• Implementation of trouble ticket tracking systems & feedback
• Network risks and security architecture development
• VPN/Frame relay configuration supervision
• Compiling Access lists & Creating Vlans & WAN Links
• Support of Cisco IPS Cisco Intrusion Prevention Solution
• Support network devices, load balancer & firewall related issues
• Monitor Trouble ticket tracking systems & provide feedback/reports