CAREER GOALS:

Director, CIO, CISO, CTO

SUMMARY:

• Confidential 's career has been characterized by both professional excellence and consistently reliable, high quality work performance.
• His technical background is both broad and deep, and has excellent skills, knowledge and experience in cybersecurity, Data Centers, infrastructure, software development and service management.
• He is an excellent leader and strategic thinker who will tactically engage and accomplish objectives on a timely basis.
• He adeptly communicates the business value of whatever he plans, and then executes on that plan.
• During his projects, he regularly reports the results to senior staff, stakeholders, and team members.
• He leads by example and is a results - driven, people-oriented technical manager who can effectively build, lead, and motivate high performance teams to meet and usually exceed customer expectations.
• Confidential has often been chosen to assume the leadership of complex projects that were in trouble and boldly done so, organizing and driving his Team to successful while rising to meet and usually exceed the expectations of his sponsors and stakeholders.
• He has a coaching-mentoring style of leadership with the innate ability to build and lead high-performance, diverse Teams using the Peter Senge Learning Team Model. Indeed, he has personally mentored 14 others to obtain their PMP certifications and is always coaching and inspiring his team members toward greater career accomplishments.
• Confidential has worked in some of the world’s most demanding IT environments.
• Each of these environments presented unique, high-pressure, high-visibility challenges that not only required intelligence, skills, experience and integrity, but they were demanding in ways that required creativity, adaptability and flexibility.
• Confidential possesses exceptional skills in leadership, communication, technical abilities, and time management, and is a highly reliable, well-rounded, seasoned IT professional that can quickly adapt to and add extraordinary value to any organization.
• Confidential is also an internationally recognized and published author, professor, and presenter on various cybersecurity topics such as risk management, compliance, cyberwarfare, and social engineering.

OBJECTIVE:

Experienced Senior IT Project Manager / Program Manager certified in PMP, CISSP, SSCP. CISA, ITIL, ISFS, MCSE, MCITP, and MCSD, available for technical project management work or a full-time position in positions related to projects associated with cybersecurity, Data Centers, other IT infrastructure, IT Security, compliance management (especially ISO 27001, FISMA, and COBIT), ITIL-based Service Transition and Service Management, and/or Application Development. Also seeking to eventually assume position as a director or a CIO, a CISO, or a CTO. I will be instrumental in helping my organization maintain a strategic, competitive edge by providing strong, positive leadership and driving excellent performance in the teams, projects, and services I manage in order to maximize the business value to the organization. This position should be challenging, provide project and/or program leadership opportunities, additional opportunities for growth, and be recognized as making a vital contribution to the organization.

SPECIALTIES:

Cloud Computing, IT Security, Information Security, Cybersecurity, Disaster Recovery, Business Continuity, Crisis Management, Business Resiliency, Business Analysis, System Analysis, IT Infrastructure Management, Technical Architecture, Data Center Operations, Data Center Development, Cyberforensics, Cyberwarfare, Social Engineering, Risk Management, Incident Management, Problem Management, IT Change Management, Application System Development, Database Administration, Data Architecture, Technical Service Development, Service Management and Service Transition, Technical Leadership, and Technical Training

INFORMATION TECHNOLOGY EXPERIENCE:

Service Management Methodologies / Frameworks: ISO 20000, ITIL v3, ITIL v2, COBIT

System Development Methodologies: Agile, SCRUM, RAD, RUP, SDLC, Waterfall.

Project Management Methodologies: PMI PMBOK, PMBOK Lite, BP, Customized Project Management Methodologies, MethodOne, U.S. Air Force.

Security and Compliance Frameworks: ISO 27001, Cloud Security Alliance Control Set, HIPAA, PCI DSS, FISMA, SAS 70 Type II, SSAE-16 Type II, Sarbanes-Oxley (SOX), and ISO 14001

Operating Systems: Windows Server 2008, Windows Server 2003, Windows 2000 Server, Windows 8, Windows 7, Windows Terminal Server 4.0, IOS, Citrix Metaframe 1.8,, RedHat Linux, Fedora Linux, UBUNTU Linux, SUSE Linux, AIX 5.4L, HP-UX, VAX/VMS.

Networks and Protocols: TCP/IP, IPv4, IPv6, BGP4, EIGRP, OSPF, RIP, RIP2, Ethernet, Fast Ethernet, Token Ring, HTTP, SNMP, SMTP, POP3, DNS, DHCP, NetBEUI, DLC, RAS, PPTP, PPP, IPSec, SSL, WPA, WPA2, L2TP, EAP, and RDP.

Hardware: Servers from these vendors IBM, HP, Dell Servers, Digital, RS/6000, Sun Cobalt Qube; Laptops, IBM-PC Compatibles from 8088 to Intel i7. Nokia Lumina 920, Dell Latitude 10 Tablet, and Microsoft Surface Pro. Small computers Raspberry Pi - Model B, Arduino. Also Wireless Routers, Wireless Access Points and other wireless networking devices 802.11a, 802.11b, 802.11g, and 802.11n. Other hardware includes Cisco VPN Concentrators, Cisco Routers, Cisco Catalyst Switches, HP-UX RISC Workstations, VAX, Network Applications NAS Storage Device (100 TB), RAID 0, 1, and RAID 5 disk arrays, network interface cards, modems, switches, hubs, SCSI, IBM 30XX, tape drives, etc.

Software and Utilities: MS Visio (certified), MS Project (certified), MS Word MS Excel, MS Access, MS PowerPoint, MS Outlook, Remedy, Microsoft Operations Manager, MS Project Server (certified), MS Sharepoint Server, Wireshark, Channelizer, Inssider, Ethereal, Splunk, Backtrack, NMAP, OWASP, BP Global Change Management System (GCMS), TCP/IP, SNORT, Nessus, PuTTY, Samba Server, DNS, DHCP, WINS, Active Directory, FTP Server, NMAP, MS Exchange Server, MS Internet Information Server, HP OpenView Network Node Manager, Network Associates Sniffer, MS FrontPage, Compaq Insight Manager, Citrix Metaframe, MS Internet Explorer, PaintShop Pro, Norton 360, Norton Anti-Virus, McAfee.

CRM Applications: Vault with SQL Server, Sales Force (Training)

Databases: SQL Server 2005, SQL Server 2000, Oracle, MS Access, Oracle Rdb.

Networking Devices: Switches (managed and unmanaged), Cisco ASA, PaloAlto Firewalls, Cisco Clean Assess Network Access Control Device, 802.11b/g/n routers and wireless access points, Riverbed Steelhead devices, CSU/DSU’s, DSL Modems, Cisco Routers, Cisco Switches, VPN Concentrators, Ethernet network interface cards, and 802.11a/b/g/n network interface cards.

Development Tools and Platforms: Visual Basic .NET (VB.NET), ASP, ASP.NET, IIS, Visual Studio 2003, 2005, and 2008, Visual Basic 6, PERL, Java, Java J2EE, C#, C++, Python, VBScript, JavaScript, KIXStart, UML, XML, HTML, SQL, C.

WORK EXPERIENCE:

Confidential, Hines, IL

Sr. IT Project Manager

Responsibilities:

• Working as a senior IT consultant on projects related to information security, compliance, security reviews, risk management, and auditing.
• Also providing consultations as a subject matter expert on projects with Data Center vendors and other local businesses.
• Also, directly involved with writing proposals and providing technical guidance to help staffing companies win multi-million dollar, five-year contracts to sell program management services in infrastructure security, software development and infrastructure deployment.
• Working on Cybersecurity projects, including Business Resiliency assessments, formal risk assessments (NIST, ISO 27001, HIPAA, PCI, and COBIT), creation and automation of risk management frameworks, security audits, and a fast-track ISO 27001 implementation project for a software company to achieve ISO 27001 certification in 2013.
• Designing and creating a database application that streamlines program management, security management, risk management and reporting activities, for management of teams of IT workers and developers in teleworking environments.
• It will first be a Windows application and then be ported to the web.
• Have developed and taught classes at the Illinois Institute of Technology in the areas of Cybersecurity, Data Center Operations, Data Center Architecture, Java programming, Information Technology hardware and software, Information Technology and Public Administration.
• Wrote a technical paper describing the use of Cloud Data Center Services, (IaaS, and SaaS) as a key strategy for Disaster Recovery and Business Continuity.
• This service, Disaster Recovery as a Service (DRaaS) allows a business to dramatically shorten its Recovery Time Objectives (RTO) and its Recovery Point Objectives (RPO).

Confidential, Chicago, IL

Program Manager

Responsibilities:

• Management of Application Development Project Managers
• Oversight of and direct participation in a Formal Risk Management Program
• Oversight of and participation in a Quality Management Program
• Oversight of Database Administrator Team
• Oversight of the Program Management Support Team
• Participation directly in Software Configuration Lifecycle Management (SCLM), Software Development Planning and Process Management as products were staged from development to Software Quality Assurance and then to preproduction for User Acceptance Testing
• Managed the transition of application software and databases from the Development environments into the Software Quality Assurance testing environments and the pre-production environments of the VA’s Data Centers in Austin, TX and Martinsburg, WV. Also, developed and distributed multi-purpose details checklists for application development teams and the database development team to ensure that every step in every phase on these transitions was done accurately and completely without error or omission. These checklists also ensured that the Data Center staff members and the SQA Team members were satisfied that processes and procedures were properly followed in the Data Centers.
• Created the Work Breakdown Structure using MS Visio. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials and Quality Management (CMMI) using MS Excel.
• Oversight of and participation in a Knowledge Management Program, including capturing Lessons Learned in a prototype system that I created for reporting and querying on lessons learned
• Worked on a special project to design and create a Cloud-based development environment for developers who had not yet received their clearances to directly access resources related to the Confidential
• This initiative allowed for quicker on-boarding of developers and maximized their effectiveness while meeting the security requirements of the Confidential .
• Developed a research paper and presentation for senior management on best practices in management of teleworkers.
• Communication and close coordination with Confidential Management and with VA Management to manage the program.

Confidential, Chicago, IL

Sr. IT Security Consultant / ISMS Architect

Responsibilities:

• ISMS Architect and Project Manager on project creating an ISO 27001-based Information Security Management System (ISMS).
• Initiated and planned this project and provided regular updates to senior level management including C-level executive management about the status, needs, and progress of this project.
• Using tools like MS SharePoint Server, Word, Access, PowerPoint, and Excel, I worked to create an Information Security Management System and Security Management framework with 133 controls and over 2000 policies to help manage risk and help drastically improve the information security posture of a multi-billion dollar, international data-intensive company.
• Worked directly with C-level executives, vice presidents, directors, and other stakeholders to demonstrate the business value of uniform security and compliance, and to make this happen.
• Also conducted an information security policy gap analysis, produced a risk analysis framework, created assessments, created the ISMS Scope, ISMS Policy, the Statement of Applicability, the Risk Treatment Plan, the Information Security Awareness Training Plan, Information Security Training materials, etc.
• I also produced the Security Management Framework, Security Management Plan, and produced almost 2000 information security-focused policies within the context of the company’s culture and the ISO 27001 framework. Created techniques and tools using MS Access to automate Asset Management and Risk Assessments using the Brewer Event Model, and also to automate the document management and records management that is required by ISO 27001.
• Designed a generic information model and methodology for metrics management, and the evaluation of metrics performance for each of the ISO 27001 controls, to facilitate the continual improvement processes required by the Plan-Do-Check-Act initiatives required by ISO 27001.
• Produced weekly status with charts and diagrams that reported and tracked the status of all the project deliverables as well as showing the gradually increasing improvements that were being made in ISO 27001 compliance maturity.
• Also performed risk and security evaluations under HIPAA, PCI DSS, and FISMA.

Confidential, Arlington, VA

Project Manager

Responsibilities:

• Developed over 400 security management-related performance reports and led the development of technical Standard Operating Procedure documents required by both the VA’s Performance Work Statement and ad hoc report requests that the VA initiated.
• Developed documented Quality Management procedures to ensure high-quality reports with meticulous attention to detail were submitted to VA Management.
• Led a Visual Basic 2008 application development effort to design and develop an automated time tracking system that helped track and report on the tasks and times associated with the over 30 job functions that comprise the day-to-day responsibilities of IT Security Analysts.
• Developed all the required Project Management documents for the second year of the contract including the Communications Plan, the Staffing Management Plan, the Process Improvement Plan, the Project Management Plan, Risk Management Plan, and Lessons Learned documentation. Enhanced the Quality Management Plan and developed the new Service Level Agreement metrics by which the Team’s performance would be measured and managed.
• Developed the Project Transition Plan for the Year 1 to Year 2 transition for this Tier III IT Security Support Team, which included 1) new staff management plan to staff up for dual site 24 x 7 coverage for Tier III IT security support; 2) Risk management for the entire transition; and 3) a detailed schedule / plan of future performance work statement deliverables.
• Used Remedy to manage and track the team’s technical work on security incidents, and generate regular reports weekly, bi-weekly, monthly, and quarterly to report on the team’s performance.
• Developed a Knowledgebase for managing and reporting on data related to security management on the VA’s infrastructure, and to increase the efficiency of teamwork on the Tier III Team. Data being tracked and managed includes false positives, incidents, incident categories, threats, threat tags, threat categories, and the analysts doing the work.
• Created the Work Breakdown Structure using MS Visio. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel.
• Developed a technical training plan and program and provided IT security training materials that I developed for (ISC)2 SSCP certification to the entire team to help ensure each team member’s optimal performance.
• Providing guidance and mentoring for several of the Team members and helping them attain their personal and professional career development goals in earning these certifications: Project+, CISSP, and Security+.
• Wrote several team policies related to workplace performance and behaviors, as well as compliance initiatives as required by the client and Human Resources.
• Produced weekly status with charts and diagrams that reported and tracked the status of all the project deliverables as well as showing the gradually increasing improvements that were being made.

Project Manager

Confidential

Responsibilities:

• Led and managed the development of the project plan for this ITIL v3 implementation.
• We also used Remedy 7.1 for ITIL v3 processes related to the Service Desk, Incident Management, Problem Management, Release Management, Asset Management, Configuration Management, Change Management, and Knowledge Management.
• This Remedy installation is the world’s largest occurrence of Remedy.
• Wrote several team policies related to workplace performance and behaviors, as well as compliance initiatives as required by the client and Human Resources.
• Created the Work Breakdown Structure using MS Visio. Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel.
• Provided ITIL v3 documentation and training resources to team members to ensure that all team members could perform optimally.
• Identified and hired the ITIL Expert who was the Subject Matter Expert for the Team and the Customer.

Confidential, Itasca, IL

Technical Project Manager

Responsibilities:

• Managed the construction of the new Data Center.
• Helped to restructure and provisioning of the WAN infrastructure, both primary and backup circuits for Internet and for MPLS circuits.
• Worked on the design of the Data Center LAN and physical Security Infrastructure.
• Helped select, qualify, and train the Team of Data Center Specialists who will permanently staff the Data Center, 24 x 7.
• Helped qualify and select a Managed Network Services Provider to monitor the network, 24 x 7.
• Managed the Project Management Plan, all Project Procurement Financials, and the Project Risk Management Plan and Risk Register.
• Assisted with planning and managing the virtualization and migration of Applications into the new Data Center.
• Server Virtualization and Refresh Efforts: Assisted with planning and managing the virtualization and migration of Applications into the new Data Center. We were required to migrate applications into new servers for the new Data Center because the old servers in the old Data Center were at the end of their useful life. Result: After the analysis effort, we created a design and plan for migrating 55 servers into 8 physical servers. We virtualized the old server images and placed multiple images on each of the new servers that were running ESX by VMware. The data for these servers was also migrated at the old Data Center site using a migration staging server. After the new virtualized servers were installed, there was an extensive testing effort to ensure that the newly virtualized servers performed as required to meet the customer's expectations and business needs.
• Designed and implemented an advanced WAN optimization architecture using Riverbed Steelhead devices.
• Led the development of the ITIL v3-based Service Catalog, Service Delivery Model and the Service Transition for the IT Organization. We also used Maximo for ITIL v3 processes related to the Service Desk, Incident Management, Problem Management, Release Management, Asset Management, Configuration Management, Change Management, and Knowledge Management.
• Participated in the qualification and selection of the Service Desk Solution and Service Desk Provider.
• Designed the Operating Model and the Operations Guides for two Data Centers based on ITIL Service Management.
• Led the effort to create viable Disaster Recovery Plan and get it updated for two primary operational Data Center sites.
• Created all standardized Data Center Reports for two Data Centers.
• Managed the launch, education and Control Monitoring Initiative to bring the two Data Centers into Compliance under ISO 27001, SAS 70 Type II, and SOX. Also utilized COBIT guidelines.
• Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel.
• Did a large share of the work in the CapEx and OPEx Budgets for the new Data Center.

Confidential, Redmond, WA

Data Center Manager / Sr. IT Operations Program Manager

Responsibilities:

• The Microsoft Chicago Cloud Data Center is also the world’s first location where Data Center Modules (think 40-foot shipping containers) were implemented and tested on a mass scale. I was directly involved in the selection of the manufacturing vendor, as well as the operational implementation of this new containerized computing technology, writing the procedures to install and integrate them into the Chicago Data Center.
• Managed and worked with contractors and subcontractors who provide cooling, electrical, telecommunications, security, cleaning, and cabling services for an operational area that is inside a construction zone, as well managing facilities people who are providing the cooling services, power, Building Management System, VESDA, EPMS, and data services to the Data Center Modules mentioned above. I also managed staff of 22 superstar Data Center professionals that help me manage this 24 x 7 operation. Two thirds of this staff was responsible for the cooling equipment, electrical equipment, fire protection, and automated facilities systems all of which provide the critical environment services at this Data Center. The other one third of my staff provided the technical services for IT equipment installation, configuration and data networking.
• Building this state-of-the-art facility generated approximately 3,000 construction-related jobs with a peak workforce of around 2,800 workers. More than 1.5 million man-hours of labor went into the project, and the total investment in the facility will exceed $1 Billion.
• For the first year, of the Microsoft Chicago Data Center, the operational budget exceeded $40 million, and in following years as the facility becomes filled with servers, this was expected to exceed $120 million.
• Implemented, tracked and enforced security management controls under SAS 70 and ISO 27001 and to ensure compliance for passing certification audits. The Microsoft Chicago Cloud Data Center achieved ISO 27001 certification in May 2010 as a result of these efforts.
• Worked on the Disaster Recovery Plan and kept it updated to reflect organizational and infrastructure changes.
• Managed the Project Plan and Schedule using MS Project. Managed manpower schedules, Risk Management Register, and also the Project Financials using MS Excel.
• Finally, using Visual Basic 2008, I designed and developed an automated time tracking system that helps track the times associated with the over 40 job functions that comprise the day-to-day responsibilities of a Microsoft Data Center Manager, in an environment that is constantly filled with intensity, non-stop multitasking with a sense of operational urgency.
• I was responsible for all personnel management issues for this team including interviewing, recommendations for hiring and firing, performance evaluations, schedule and resource management, team development and career planning, etc. I screened and hired 14 employees during the time I managed this Team.
• Managed the Project Plan and Schedule using MS Project. Managed manpower schedules, Risk Management Register, and also the Project Financials using MS Excel.
• I was also the technical lead project manager on the 2007 Data Center Migration and Consolidation Project in which more 200 production servers and an EMC SAN were planned for migration into a high-security Data Center.
• Upon voluntarily leaving this position to go work, I wrote an extremely detailed 65-page Program Manager Transition Guide on how to do my job, to ensure that the new Program Manager would be successful.

Confidential, Naperville, IL

Data Center Manager / Change Management Manager / Project Manager

Responsibilities:

• Managed a 2.5 year project that re-centralized that management of the Data Center, as well as three smaller satellite Data Centers.
• Enforced compliance requirements under ISO 14001 and SOX.
• Asset Management and Configuration Management: Developed and Managed an Asset Management Database and tracked all IT assets in four Data Centers in a full life-cycle, from installation to disposal, and created weekly, monthly, quarterly and yearly reports for BP management on the status and configuration of each of these assets. Also used this database to generate reports that quantitatively show the hottest areas of Data Center by reporting on the wattage per rack. This data was used to optimize the cooling efforts in the facility.
• Managed eight migration projects during which other remote Data Centers were shut down and had their assets migrated into this Data Center. Updated all the asset and configuration information into the asset management database.
• Managed a project where we migrated all the equipment associated with a 150 TB NetApp NAS from Houston, TX to the BP Naperville Data Center. We were successful, coming in ahead of schedule and under budget, and achieving success ahead of the worst part of the 2006 hurricane season. I was awarded a $1000 bonus for being successful on this project due to the high visibility and critical nature. Also managed this NAS device and handled drive failures after it was installed and operational in our Data Center.
• For 5.5 years, I managed and worked with contractors and subcontractors that provided cooling, electrical, fire protection, telecommunications, security, cleaning, and cabling services for each of these Data Centers.
• I also managed Teams of IT professionals that provided technical services for IT equipment installation, configuration and data networking.
• Server Refresh Efforts: During the 5.5 years I managed the BP Naperville Data Center, there were over 400 servers. Planned and supervised the replacement of more than 93% of the older servers in total. Oversaw major refresh initiatives: 1) modernization of operating systems from NT 4 Server to Windows Server 2000, which required some new servers also; 3) upgrades from Windows Server 2000 to Windows Server 2003; and 2) a large replacement project of about 100 old COMPAQ Servers with HP Servers during 2005.
• Also was responsible for the safety inspections, as well as all activities related to the facility and maintenance and upgrades that occasionally occur.
• This included all equipment related to power, security, fire protection, VESDA, UPS, and HVAC.
• In addition, also responsible for management and coordination of all vendors and contractors who performed work in these Data Centers.
• Worked on the Disaster Recovery Plan / Business Continuity Plan, and Risk Register, and kept them all updated to reflect organizational, IT asset, and infrastructure changes.
• Participated in semi-yearly testing of Disaster Recovery Plan / Business Continuity to verify the plans and ensure that everyone knew their roles in how to recover from one or more disasters.
• Managed the Project Plan and Schedule using MS Project, Schedules, and also managed the Project Financials using MS Excel.
• Wrote several policies related to workplace performance and behaviors, as well as compliance initiatives as required by the client.
• Trained personnel in processes for IT Service Transition, Service Management and Continuous Service Improvement related to performing technical project work in the Data Center.
• Change Management Manager for a nationwide region comprised of 67 sites, and scores of servers, routers, switches, scores of WAN Circuits, etc. As the Change Management Coordinator for the North Eastern Change Advisory Board which meets at 1:00 PM each Monday, I managed the coordination and approval of Change Requests to the BP infrastructure components for approximately 67 sites.
• I also routinely processed Emergency Change Requests and publishing of custom Change Notifications which in effect announced approved Changes and approved Outages to the BP Infrastructure throughout North America. Wrote the policies, processes and procedures for Data Center Management and Change Management, and kept them updated as part f the continuous process improvement initiative. Was certified in ITIL Foundation v2, and assisted co-workers and management in learning and adopting ITIL-related processes, including Change Management, Asset Management, and Configuration Management.
• Enforced SOX compliance requirements related to Change Management.