Summary

and the SOA Security Course on a global basis which is used to deliver security services around the world in a consistent manner. Responsible for providing access and maintaining IBM's IT Security Intellectual Capital Management systems which supports the Security Methodology and the world-wide Security Privacy Services Consulting Practices.

Associate Partner and a Senior Managing Consultant Focus on security and privacy assessments, enterprise architecture the planning and design, and secure solution design for applications. Promoted business value through team collaboration, high quality service to clients, and improved efficiencies through technology. Project experience includes project management, requirements definition, and business processes definition, conceptual, functional and technical design. Other responsibility includes developing proposals in repose to RFP/RFI from clients and accountable for the financial success of engagements directly managed, and responsible for the success of other mentored engagements. Define the scope, risk and profitability of engagements as expected by their area of practice, as well as the viability of entering new marketplaces and geographies. Responsible for both closing of new business and follow-on business with existing clients. Technical responsibility for the success, the solution construction, implementation and system integration in a technology, industry or business specialty. Key Points: Awarded the one hundred percent club for sales. Exceeded utilization and revenue goals for last four years. Achieved Security Consultant certification in less than one year at IBM Typically two-three year process and nominated to the IBM Consultant Certification board after one year at IBM.

Confidential

Vice President Technology Responsibly for establishing, planning, and administering the overall policies and goals, and budgets for the Information Technology department. Responsible for pre-sales/post-sales support, setting budgets for IT department, which includes QA, Development and Help Desk functions. Plan and direct full life cycle development, including design, development, coding, testing, and implementation. Provide subject matter expertise for all security issues Internet security through crypto solutions within company and security resource for internal marketing department and act as a consultant/SME for our external clients during engagements. Key Points: Developed and managed the release of version 1 of our commercial product, which involved a staff of 15 personnel and 4MM budget.

• Operational and Functional Knowledge
• Services based Sales Revenue Generation
• Development of Sales Marketing Collateral
• Development and closure with RFP/SOW's
• Services based Practice Program Development
• Project Management
• Security Management Practices, Architecture and Models
• Risk Management
• Payment Card Industry- Data Security Standards PCI-DSS
• Compliance Requirement SOX, GLBA, HIPAA and others.
• Best practices ISO 17799, CobiT, ISF, GASP, ISO 27001, PCI-DSS, NIST SP 800 Series, BS 7799-3
• Services Oriented Architect SOA Security Concepts
• Intellectual Capital Management Systems
• Identify Management concepts Tivoli security products
• Wireless Security
• Data Security and Security Concepts
• Application Development Security
• Operations Physical Security, Cryptography
• Business Continuity Planning Disaster Recovery Planning
• Development of Security Methodologies Training
• Consulting Certification development and selection process
• Recruiting- Interviewing selection and on-boarding process
• Trainer for numerous security related courses
• Memberships
• Project Management Institute PMI
• Computer Security Institute CSI
• Information Systems Security Association ISSA
• Information Systems Audit and Control Association ISACA
• Committee/Working Group: Privacy Security for Health Care WEDi
• OASIS Security Services SAML
• Technical Committee and Web Services Security WSS
• IBM Committees: RFID, Wireless and SOA/Web Services Committees
• Larry Byrns, CISSP, CISA, CISM, ISO/IEC 27001 Lead Auditor, MCP

Additional Employment History

Confidential

Program Director Built project management practice, establishing methodology, created standard tool sets, mentored and trained project managers and teams. Responsible for pre/post-sales support for Sprint's solutions/services IT Project Management, Security and E-Commerce Solutions wrote RFP/RFIs, proposals and statements of work. I was also accountable for scoping projects for level of effort and cost and tracking resource utilization P L and overall successful completion/client satisfaction. Develop deliverables and make presentations to highest levels of management in client companies. Key Points: Completed 14 projects in 23 months, all projects under budget and on time and all had high customer sat levels. Successfully managed multi-division international project with a staff of 73 consultants.

Confidential

LAN/Security Manager Managed eight LANs running Windows NT and Banyan Vines, including 11 servers and 326 client workstations. Managed two mail systems Beyond Mail/Exchange . Also, managed a Sybase database server, as well as setting up the front end. Installed and configured network adapters, clients, protocols and file and print services. Established network administration and security policies, and awareness training. Managed the company's web site. Provided procedural and regulatory guidance, recommended policy changes or development, as appropriate. Responsible for IT department budget 1.2M. Key Point: Set up technical support shop that saved over 10,000 in 4 months and rebuilt 72 PC's.

Confidential

Brigade Staff Sergeant Major Senior advisor on daily operations, training and tactical employment of a brigade 1,900 soldiers 650 vehicles . Retried from active duty in Sep 97.

Confidential

Commandant of Cadets/Senior Instructor Responsible for the training and welfare of a ninety member student battalion hosted thru three Colleges/Universities campuses Lehigh University, Kutztown University, and Lafayette College .

Confidential

Project Manager/Security Architecture: Large Retailer -Project Manager Security Architecture for SOX PCI Remediation project, staffing was 16 consultants with requirements changing weekly, very tight deadlines. Also helped sell and then develop the Enterprise Risk Management Framework and a Change Management System.

Lead Security Architecture: Large Retail/ Confidential - Lead Security Architect for a large retail chain addressing Enterprise Security Standards and Security for their SOA project.

Confidential

Team Lead/Chief Assessor: Large Managed Security Provider Team Lead and Chief Assessor for a Managed Server Provider that provide incident management services. Reviewed their security program and compared it against ISO 27001 and developed a final report on what they must do to be ready for the ISO 27001 Audit. Post Project -worked with them thru fist portion of their certification process.

Team Lead/PCI SME: Confidential - PCI Subject Matter Expert SME for a large telecommunications company that was just notify by their acquiring bank that they are now a Merchant Level 1 and must adhere to the PCI Data Security Standards. Developed a PCI checklist and helped do a gap assessment of where they were today and what was left to do before the PCI Auditors arrived. I also worked with the IBM managed account team and the GSD process to help IBM with any requirements that would impact the account.

Associate Partner/Engagement Manager: Confidential - Worked with and developed the plan on how we were going to do the security assessment using ISO 17799 as one of the baselines and ethical hack for three of their locations. Lead the overall project thru completion. For the last three years the company has asked me to come back and help update the gap assessment findings and assist with briefing the Sr. Mgt/Board.

Associate Partner/Engagement Manager: Confidential- Worked with client and developed the plan on how we were going to correct all significant SAS/70 findings. Also lead the development of the process to clean up 20,000 user ID's in 14 different systems and seven databases worldwide.

Team Lead/ Engagement Manager: Healthcare Company - Developed the plan for SAS/70 cleanup of major findings from their last audit and also developed our team IBM Client solution to prepare for SOX compliance later that year. Assisted with the development of policy's and standards and a new ID Mgt solution.

Team Lead/ Engagement Manager: Confidentialr - Did a security assessment/gap assessment using ISO17799, CobiT and NIST SP-800 series, and made recommendations for their controls and policy's.

Team Lead/ Chief Security Architecture: Confidential - Did a security assessment against a classified process and helped develop the solution to strengthen the overall process, also brief Sr. Mgt and board.

Team Lead/ Chief Security Architecture: Confidential Lead and provided architecture skills in developing enterprise wide security architecture and developed 12 technology based Security baselines. Also involved in the developed of the incident management program and developed the outsourced security best practices guide.

Team Lead/Engagement Manager Confidential- Lead eight consultants on the development and release of the macro design of the authorization authentication control component that was used as a security service to support the enterprise-computing environment.

Security Consultant: Large Police Department aConfidential- Developed HIPAA Complaint Security Policy's and assisted with a HIPAA Assessment of the Jail.