Executive Summary

Information Security Leader with 15 years experience delivering strong leadership and decision-making expertise, along with unsurpassed technical analysis and design skills to organizations seeking a self-motivated, team oriented security professional. As Security Team Manager and Technical Lead, applied problem solving, technical and people skills to improve team and organizational performance. Achieved cost savings while implementing security solutions to meet customer requirements. Successfully transformed programs for large enterprise organizations to provide top performance and security-in-depth. Designed and implemented quality perimeter security, vulnerability assessment and penetration testing programs.

Confidential

Areas of Expertise

Professional Experience

Confidential

Support the Assessment and Accreditation of GSS and Major Applications for US Government agencies according to the NIST Risk Management Framework.

Confidential

ProvenSoftwareSolutions

Provide proposal advice in assisting with new contract proposal submissions.

Senior Information Assurance Officer

ProvenSoftwareSolutions

• Responsible for reviewing security architecture designs to provide technical guidance to developers and engineers and to identify any concerns that may impact the risk level of the JSF enterprise network.
• Provide guidance and direction to other Information Assurance Officers.
• Review systems controls and provide recommendation for authorization to operate.
• Client: DoD Joint Strike Fighter

Sr. Information Security Consultant

Confidential

• Achieved process improvement for baseline and PCI compliance auditing Systems Implementation Processes.
• Used SANS Top 20 and NIST guidelines to provide configuration baseline enhancements for best practice and PCI compliance for network security infrastructure devices, such as Cisco Firewalls and F5 Load Balancers.
• Provided technical expertise in implementing solutions to mitigate compliance issues.
• Supported Verizon customers with their Information Security infrastructure, including Cisco and Juniper firewalls, SSL VPN, F5 Load Balancers, Policy Auditing and Security Program reviews.
• Mentored Junior Security Engineers in implementing security solutions and configuration changes.
• Provided guidance to the security team in architecting new solutions for various customers.
• Scripting of detailed implementation plans for F5 LTM Load Balancer Bluecoat Proxy.
• Clients: Verizon Telecom, Capital One Financial

Risk Management Team Manager

Confidential

• Led the Risk Management team providing leadership and direction to IA engineers and analysts.
• Managed implementation projects and acted as Information Security SME across the IA Division.
• Mapped team roles and responsibilities to contract requirements to ensure contract compliance.
• Achieved process improvement through cross-functional team meetings and process documentation.
• Provided metrics to upper management to demonstrate contract compliance and team member recognition for top performance.
• Resolved workflow issues with the Firewall Request, Ports, Protocols and Services Management and Vulnerability Management processes.
• Provided guidance and direction across all Risk Management team functions, which included Vulnerability Management, System IV V process, Account verification audit process, monthly vulnerability compliance scanning process, Anti-Virus and HBSS auditing process, DISA DMZ Whitelist requests, McAfee Web Gateway/Content Filtering, Ports, Protocols and Services exception process and firewall request process.
• Client: Office of the Secretary of Defense

Sr. Information Security Consultant

Confidential

Accomplishments:

• Project Manager in developing the Vulnerability Assessment Penetration Testing Program
• Achieved process improvement through the Development of the Vulnerability Assessment and Penetration Testing Program, including documenting policies, processes and procedures following ITIL methodologies.
• Provided technical and general guidance for a team of 8 IT Security Analysts.
• Created and updated Python scripts used to help automate scanning and penetration testing process.
• Provided Security Infrastructure Administration, IDS Signature analysis and Level 4 Incident Handling.
• Developed security related articles for the JASIRC publication
• Clients: VerizonFNS, Inc., US Courts

Sr. Information Security Architect

Confidential

Accomplishments:

• Managed the design and implementation of the Vulnerability Assessment Compliance Program, the Information Secure Gateway, and the Enterprise Security Operations Center ESOC . Managed the operations of the Vulnerability Assessment and Compliance Program following SDLC methodology. Led the development of policies, processes and procedures for the operation of the ESOC, Security Engineering, CSIRC, and the Vulnerability and Compliance Program following ITIL methodology.
• Project Manager for all information security related projects. Provided subject matter expertise for Cisco and Juniper Netscreen firewall platforms, IPSec/SSL VPN, Bluecoat Content Filter/Web Gateway, Intellitactics SIEM, ISS SiteProtector, ISS Enterprise Scanner and Altiris SecurityExpressions Compliance Module. Acted as liaison and security approval POC to the network architecture team in designing the MPLS, Cable DOCSIS/CMTS , DSL and LAN solutions.
• Performed non-intrusive penetration testing using Core Impact, Nessus, ISS Enterprise Scanner, Nmap, Hydra and other tools to ensure proper security controls were in place and the systems were in compliance with NIST 800-53, FIPS 140-2, HIPAA and PCI Regulations.
• Developed and distributed security vulnerability notifications for the Information Security Officers and the technical teams in the agencies. Risk Assessment
• Client: Virginia Information Technology Agency

Confidential

Sr. Network Security Engineer

Confidential