Summary

An Information Technology Professional with 28 years of experience. Primary expertise in: Information Security, Information Privacy and IT Audit, in verticals which include the Technology, Consumer, Government, Healthcare, Financial, Telecommunications, Manufacturing, Industrial and Consulting markets.

Professional experience

Director of Technology

Confidential

• As the Director of Technology for both Missing Link Security and PHYLEO, oversee all technical issues. That includes IT Design, Engineering and Support as well as supporting Business Development both in the proposal process but also in the delivery process.
• As a key member of the Quick Response Team QRT , conduct independent assessments of clients infrastructure and security controls. Perform federal security test and evaluations efforts related to FISMA, DHS 4300A, and/or NIST 800-53. This includes Vulnerability Scanning/Analysis, Penetration Testing and Remediation.
• Perform as the companies Computer Forensics Investigator, using Encase v7. Conducts examinations of all digital media, develops Investigative Plan to perform the investigation and analysis, responsible for recovering deleted, hidden and encrypted data. Thorough understanding of hardware and data recovery, evidence handling, chain of custody, evidence storage, use of sterile media, forensic imaging techniques, cracking system and file passwords, detecting steganography with signature analysis.

Cyber Security Technical Lead

Confidential

• As the Technical Lead for the Cyber Security Division at Department of Commerce, US Patent and Trademark Office, applies and oversees a large and complex portfolio of continuous monitoring processes for the federal client. Facilitates Risk Assessments, Security Test and Evaluation ST E , Contingency Plan Testing, and remediates POA Ms.
• Perform as the companies Computer Forensics Investigator, using Encase v7. Conducts examinations of all digital media, develops Investigative Plan to perform the investigation and analysis, responsible for recovering deleted, hidden and encrypted data. Thorough understanding of hardware and data recovery, evidence handling, chain of custody, evidence storage, use of sterile media, forensic imaging techniques, cracking system and file passwords, detecting steganography with signature analysis.
• Provides leadership and mentoring to a team of 35 Cyber Security Analysts.

Information Assurance Subject Matter Expert

Confidential

• As an Information Assurance Subject Matter Expert at the Department of Treasury, Bureau of Engraving and Printing was responsible for leading a group of nine Cyber Security Analysts ranging from Junior to Senior. Am responsible for reviewing/revising project developed FIPS 199 categorizations, system security plans, security impact assessments and privacy impact assessments. Am also responsible for developing and reviewing system hardening guides. Performs as a technical resource/mentor for the project team.
• Perform Security Risk Assessments, Gap Analysis, Documentation, and Vulnerability Assessments. Produce written reviews and recommendations and deliver in the form of an Audit Report.

Senior Technical Business Analyst

Confidential

As a member of an 8 person team, performed as the Senior Technical Business Analyst for the Wal-Mart Pharmacy/Vision HIPAA Security Remediation Program. Tasked with the supervision of 2 Technical Business Analysts, designed and implemented solutions to the failure to detect alterations and deletions of ePHI data at rest, lack of encryption of ePHI data in transit and unauthorized/undetected access to systems.

Senior IT Auditor/Information Security Consultant

Confidential

• Senior IT Auditor with SOX and HIPAA compliance experience with clients such as Dun Bradstreet, TIAA-CREF, MVC Capital, MARCOR, Confidential, Seedco, ,. Projects range from assessing IT controls according to GAGAS and ISACA frameworks to assisting the client with documentation of policies and procedures narratives and process flows for 4 main areas: a security b software development life cycle c change and problem management and d backup and recovery. Additionally, assisted in security administration remediation of gaps and weaknesses.
• Performed Data Security Audits, Security Risk Assessments, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Produced written reviews and recommendations and delivered in the form of an Audit Report.
• Performed Business Process Improvement and PII Data Privacy Audit for SEEDCO. The objective of this engagement was to review the procedures and controls over the current operation, to identify opportunities for improvement and deficiencies, and prepare implementable recommendations.

Independent Consultant

Confidential

HIPAA Security Project Manager

Confidential

Performed Project Management tasks to ensure compliance with the Final HIPAA Security Rule.

Security Architect

Confidential

Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools. Provided HIPAA Compliance, Networking and Security consultation.

Senior Information Security Analyst

Confidential

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools.
• Evaluated the organizations security and risk management program to determine the security of a networks design and also evaluated Disaster Recovery Plans.

Senior Information Security Analyst

Confidential

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools.
• Conducted FISMA Certification Accreditation evaluation for the Information Assurance section of the network infrastructure.
• Determined whether the computer systems and network infrastructure are in compliance with the NIACAP, NIST or industry best practice security policies and standards.
• Conducted training sessions on topics such as Networking and Security Awareness.

Senior Information Security Analyst

Confidential

• Performed Audits, Security Design, Gap Analysis, Documentation, Penetration Tests and Vulnerability Assessments. Audits included the use of Reconnaissance and Footprinting, Vulnerability Scanners, Sniffers, Spoofing Tools, Brute Force and other Password Cracking tools.
• Conducted FISMA Certification Accreditation evaluation for the Information Assurance section of the network infrastructure.
• Determined whether the computer systems and network infrastructure are in compliance with the NIACAP, NIST or industry best practice security policies and standards.
• Conducted training sessions on topics such as Networking and Security Awareness.

Senior Security Specialist

Confidential

• Provided support for Verizon Enterprise Solutions sales force of 50 Corporate Account Managers and 60 Sales Engineers regarding Security and Internet related topics. Regional coverage area encompasses the entire State of New Jersey covering all verticals. Accomplished task of selling 3.1 Million Dollars' worth of security solutions and products.
• Provided HIPAA and CIPA consultation.
• Performed Verizon standardized evaluations to include Penetration Testing, Risk Analysis, Policy Review, VPN and IPS/IDS.
• Conducted In-House training seminars for Sales Engineers and Executive Security Briefings for CIO/CTO level Clients.

Senior Network Engineer

Confidential

Hired as consultant to perform the following:

• Network comprised of Cisco Equipment to include: 70 Routers, 170 Switches and 10 ATM Switches with a variety of Hubs. Network is a fully redundant EIGRP and IP/IPX environment with multiple Campuses and Remote Sites.
• Assigned supervisory role of Lead Engineer supported by 5 Engineers and a 24x7 Help Desk. Primary duties were comprised of managing infrastructure projects between the Cornell and Columbia Medical School networks to include providing LAN/WAN support.
• Completed the design, configuration, and implementation of a Remote Access VPN solution.
• Project managed a network wide IOS upgrade on all routers and switches to conform with contractual SLA and documentation of the LAN/WAN infrastructure.
• Configured, Installed and Monitored the Cisco IDS sensors and responded to security breaches.
• Converted the once Public Class B network to a more secure network using Checkpoint/Nokia Firewalls and NAT.

Internetwork Solutions Engineer

Confidential

Morgan Stanley

• Configured and implemented 100MB Fast Ethernet and Full Duplex links, HSRP redundancy and IGRP routing protocol with RIP redistribution.
• Handling configuration and deployment of the Market Data Branch Sites Firewall Infrastructure and implementing LAN upgrades.
• Upgrade of the Cisco PIX Firewall. Configured and implemented EDMZ and IDMZ Cisco routers and switches. Also upgraded the LAN infrastructure to include moving all ethernet segments from WAN router and shared hubs onto dual Cisco 5509's with RSM's.

Cisco Systems

Worked as part of an 11-member team of Internetworking Solution Engineers TAC to develop a troubleshooting tool Output Interpreter . Tool can be found on the Cisco Web Site under CCO. Tool was developed through use of Cisco's proprietary scripting language Maven , and enables troubleshooting for a wide range of networking problems based on analyzing show command output. Created the first analysis ever of a Show Running Configuration command.

Network Design Engineer

Confidential

Hired as consultant to perform the following:

• Responsible for providing Network Designs and Integration Documentation for Client locations Worldwide. Wan Designs comprised a variety of technologies including OSPF, Frame Relay, Dedicated T1, T3 and
• ISDN, Created Out Of Band Management via terminal servers over POTS lines. Implemented High Speed Encryption with Cylink Encryptors.
• Provided full detailed packages to include: Cabling Diagrams, Cisco Router Configurations, Misc. equipment, cable order lists, and step by step site installation procedures.
• Most recent designs included Citicorp's Backbone Infrastructure for North America and the integration of several Core Hub and Feeder sites for domestic Internetwork.

Internetwork Consultant

Confidential

• Responsible for a wide range of consulting assignments dealing with LAN/WAN solutions, including evaluation, LAN/WAN design, router configuration and implementation.
• Provided 3rd level support for remote access issues regarding the SecurID network. Included were Ascend and Cisco routers, Ascend ISDN Pipeline, Shiva Lanrovers and Radius server.
• Configured, Implemented and Project Managed token ring to ethernet conversion followed by a 4,000 workstation Windows NT rollout while working on the Woolworth project.
• Completed survey of cabling and PBX installations at various schools as part of the Contract with the NYC Board of Education.
• Conducted a walk thru inspection of several NYC Dept. of Finance facilities and Evaluated the needs and requirements for future installation of imaging system.

Senior Telecommunications Analyst

Confidential

Hired as consultant to perform the following:

• Responsibilities included troubleshooting connectivity issues related to the 500 node LAN/WAN and evaluating capacity problems.
• Using tools such as NV/6000, PROCOM and U.S. Robotics Total Control Manager
• I monitored and configured routers and modem chassis's at remote sites.

Network Engineer

Confidential

Hired as consultant to perform the following:

• Responsibilities included monitoring and troubleshooting 1,000 nodes LAN/WANs for Campbell Soup Company and Rhone Poulenc, Inc.
• Using network tools such as NetView/6000 for AIX and Intel Landesk I remotely managed the networks consisting of Cisco, Cabletron, Novell, and Windows NT.
• Handled such duties as configuring Cisco routers, assigning TCP/IP addresses, assisting users and logging trouble tickets using DP Umbrella.

Network Administrator

Confidential

Hired as consultant to perform the following:

• Monitored a 476 node WAN consisting of Cisco, Welfleet routers and Synoptics hubs via SNMP on a UNIX SunSparc Station.
• Created new user accounts and login scripts on a Novell network. Created trouble tickets using Paradigm.

Senior Computer Operator

Confidential

Hired as consultant to perform the following:

• Managed console of IBM 3090 including running batch jobs and starting CICS sessions.
• Duties also included training new operators to run the console and various peripherals.

Systems Engineer

Confidential

• Monitored performance of IMS, CICS and network in an IBM ES/9000 MVS/JES3 environment.
• Performed DB loads and backups using CA-7.

Senior Network Operator

Confidential

• As a senior member of the Banks first Disaster Recovery Site I performed Contingency Tests in accordance with the Disaster Recovery Plan.
• Managed system and network activity to ensure integrity and availability.
• Performed IPL's, complete power up/down, stand-alone dumps, spool offloads and IML's.

Senior Computer Operator

Confidential

• Monitored CICS and ran batch jobs on an IBM 3081 JES/2 mainframe.
• Duties also included training new operators in the tape library and print room.

Air Defense Artillery

Confidential

• As a Short Range Missile Crewman I was the Driver of a Chapparel Missile Launcher.
• Discharged under Honorable Conditions.