Skills Summary

Self-motivated senior-level IT security professional with relevant years developing application security solutions within businesses that contain 3000 – 130,000 endpoints. Organized and detail oriented individual who exemplifies professionalism, and an ability to manage multiple projects and tasks at any given moment. Demonstrated history of enterprise application risk management, while providing high-quality security guidance and timely issue resolution. Highlighted leadership qualities and the ability to work with and manage people from varying backgrounds, while promoting team values. Experienced Senior Application Security Architect with desire for professional growth, increased responsibility, and significant senior-level challenges that leverage focused network security education and significant operational successes.

Certifications ACHIEVED

• CCIE Security (Written Exam)
• CCSP: Cisco Certified Security Professional
• CCNA: Cisco Certified Network Associate
• CCDA: Cisco Certified Design Associate
• Securing Hosts with Cisco Security Agent
• Cisco Firewall Specialist
• Cisco IDS Specialist
• Cisco VPN Specialist
• CCSA: Checkpoint Certified Security Administrator
• JNCIA-FWV: Juniper Networks Certified Internet Associate Firewalls
• NSTISSI-4013: National Assurance Training Standard for System Administrators (SAs)
• MCSE: Microsoft Certified Systems Engineer 2000
• A+: Computer Hardware and Software
• CISSP: Certified Information Systems Security Professional

Networking Technologies

Networking Technologies: LAN/WAN, TCP/IP, WINS, DNS, DHCP, SMTP, Sendmail, NDS, ASDI, ISDN, ATM, Frame Relay, T1/T3, DSL, IPSec, GRE, VLAN, VTP, 802.1x, AAA, RADIUS, TACACS+, CA, HSRP, EtherChannel, Spanning-Tree, OSPF, EIGRP, RIP
Security: 802.1x Port Authentication, Cisco Pix Firewalls Ver. 5.0/6.0, Cisco ASA Firewalls Ver. 7.0/8.0, Cisco Firewall Switch Module v2.x/3.3, Juniper Netscreen Firewalls v5.3, Nessus Security Scanner Ver. 3.2, Retina Security Scanner 5.8.3.1657, Cisco CSA Agent 5.2, Cisco MARS v4.2, Cisco ACS Server Ver. 3.2/4.1/4.2, IBM Site Protector v6.1, IBM ADS v 2.3, netForensics 3.4
Cisco Hardware: 7200, 3800, 3600, 2800, 2600, 1800, 1700 Series Routers; 6500, 4500, 4000, 3500, 3600, 2960, 2950, 500 Series Switches; 535, 525, 520, 515, 506, 501 Pix Firewalls; 5505, 5510, 5520, 5540 ASA Firewalls; Firewall Services Module v3/4; 3000 Series VPN Concentrators; 4200 Series IPS Sensors; CSS 11500 Series Load Balancers; Cisco ACE XML Gateway
Server Hardware: Dell, HP, Compaq, IBM, Cisco UCS
Operating Systems: VMware 4/5, MS-DOS, Windows 95, 98, NT 3.5 and 4.0, Novell Netware 5 and 6, Windows 2000, Windows XP, Windows 2003/2008 Server, Unix, Linux
Datacenters Involvement: Nap of the Americas, Terramark, The Miami Herald, New York City Health and Hospital Corporation, Time Warner Cable, MD Anderson Cancer Center, AirTran

Experience Confidential,Saint Louis, MO

6/12-Current

Senior Cisco Firewall Consultant (Contractor)

Responsible for creating a hardened firewall security template for use on over 100 Cisco firewalls
Deployed and configured Cisco Security Manager enabling the university to centrally manage over 100 firewalls and reduce total rules by 70%
Integrated Cisco Security Manager with Cisco ACS Server 4.1
Created a AAA configuration template for over 100 Cisco ASA firewalls
Redesigned the Cisco ASA firewall application inspection policies to ensure use of Layer 7 deep protocol inspection and validation in addition to Layer 2 – Layer 4 firewall rules

Confidential,Atlanta, GA

3/12-5/12

IT Security Consultant (Contractor)

Served as a mediator between the application and network security department and the development teams
Preformed security reviews of web facing applications by teaming up with the blessing of application owners and managers
Work on migration strategies for the application firewall security solutions including Imperva, Layer 7, and Forum Systems
Research emerging threads by log analysis and correlations to publically know information sources

Confidential, Atlanta, GA

5/11-5/12

XML Gateway Firewall Consultant (Contractor)

Engage in initial requirements definitions for each new FISERV SOA application intergraded into ETG datacenters
Determine the security risk associated with each new client and apply the appropriate controls
Provide the VP of FISERV Web Security with weekly reports that simulate exposures via known or unknown threat vectors
Support multiple project and interact with application developers, network engineers, server engineer, and project managers as web applications are cycled through FISERV Risk and Controls deployment process
Provide detailed analysis on SOA PKI infrastructure ensuring FISERV partners use SSL 2048 with mutual-authentication
Ensure business partners updated authentication models as hacking tools release exploit modules which target weak authentication protocols

Confidential,Atlanta, GA

1/11-05/11

Firewall Security Engineer (Contractor)

Hired as a dedicated resource to manage over 5000 Cisco firewalls as the team lead
Preformed firewall configuration primarily through the command line interface
Configured Cisco ASA firewall to use multiple security levels and interfaces
Experience working with the Cisco IPS module which allows IDS or IPS inspection of all traffic passing through the firewall
Configuring RADIUS or TACACS+ authentication on Cisco ASA firewalls
Configured ASA NAT with for outbound PAT or static NAT
Responsible for configuring Cisco ASA secured routing templates allowing IBMs client to encrypt routing protocol updates on the firewall, if enabled
Spent hours troubleshooting Cisco VPNs both Site-to-Site and Remote Access
Helped the deployment group with templates related to the configuration of Active/Standby failover enabling rapid deployment of failover configurations for IBM’s clients
Document each firewall change for audit requirements by contacting the SOC before and after each change and also providing successful of failed status

Confidential,Atlanta, GA

11/10 – 05/11

PCI Application Security Consultant (Contractor)

Preform a gap assessment of network and application environment and gather initial requirements definition prior to spending IT Security capital
Responsible for analysis of threats and risks as they related to applications within scope of PCI DSS
Utilized Rapid 7 vulnerability scanner to provide a baseline on application and network threats
Closed gaps on internet facing web server configurations by applying a standard IIS and Windows hardening template
Quickly developed relationships with application owners to preform penetration testing on all PCI DSS applications
Responsible for the resolution of vulnerabilities discovered by automated or manually tools
Member of the application security incident response team and on call 24/7

Confidential,Houston, TX

10/09-11/10

Endpoint Security Engineer (Contractor)

Develop a technical design, associated procedures, and security policy migration strategies for implementing & operating an endpoint security solution on 100,000+ endpoints
Ensure endpoint security solution includes hard drive encryption, desktop imaging, endpoint firewall, endpoint antivirus, 802.1x with client certificates
Used strong knowledge of Active Directory to implement GPO policies for desktop hardening
Provide extensive documentation during all five project gates ensuring a smooth transition to EMIT operations
Provide a whitelisting framework for the certification of 3500+ critical business applications

Confidential,Houston, TX

2/09-10/09

PCI Security Architect (Contractor)

Met with business units to determine the scope of the PCI DSS application portfolio including web and
Created an inventory of PCI DSS applications and preformed a vulnerability assessment against the applications
Developed and implemented an application security technology solution including Cisco ACE XML gateways (SOA application firewall)
Ensure an internal and external vulnerability scanner was integrated into the PCI DSS operations processes
Present red team scenarios to upper management to ensure controls are in place within the PCI DSS standards

Confidential,Miami, FL

5/08-2/09

Firewall Security Engineer (Contractor)

• Preform a gap assessment on the perimeter network with the goal of remediating any high risk items

Due to PCI DSS requirements I created a Cisco ACS server hardening document which provided configuration templates for replication, 802.1x, and device management Applied Cisco security concepts such as router protocol update encryption, 802.1x, and port-security Confidential,New York City, NY

12/07-5/08

Network Security Engineer (Contractor)

Successfully lead/closed projects including the Legacy Firewall Migration Project, the Digital TV (DTV) Firewall Expansion Project, and the VPN Concentrator Migration Project

Configure Cisco ADSM for entry level network engineers to use for firewall configuration Configure Cisco VPN 3060 concentrators’ clients to use Cisco ACS with group mapping to the external Active Directory database Integrated 10 Cisco ASA firewall with Cisco ACS server to provide authentication, authorization, and accounting with the TACACS+ protocol

Configure the new distribution layer Cisco ASA firewall to protect all traffic from servers within PCI compliance including syslog, SNMP, and application inspection features
Audit Checkpoint and Cisco network devices against configuration standards ensuring each device contains SNMP v2/v3 and Syslog configurations

Confidential,New York City, NY

6/07-12/07

Network Security Engineer (Contractor)

Serve as the IT Security Team lead, Responsible for analysis and maintenance of security technologies and controls within an enterprise containing over 40,000 nodes
Maintain over 90 Cisco IDS/IPS appliances, 20 Cisco IDS/IPS modules integrated into Cisco 6500 switches, and firewall rules associated with Cisco FWSM
Provide weekly reports on the threats and vulnerabilities present within the network infrastructure based on triggered IPS signatures
Maintain an additional 10 McAfee IDS/IPS appliances

Confidential,Sunrise, FL

12/06-6/07

PCI Security Consultant (Contractor)

Developed a thread model for the internet facing SOA infrastructure
Responsible for designing an enterprise network and application infrastructure which can passed a Level 1 PCI DSS audit
Preformed internal and external penetration testing against application infrastructure to validate hardening standards

Confidential,Lauderdale, FL

6/06-1/07

Technical Instructor (Contractor) Tailors classroom to meet training objectives for delivery of Microsoft, Cisco, CompTIA, and (ICS)2 courses Determine best method of delivery for curriculum Deliver material effectively and on time Confidential,Miami, FL

4/06-10/06

Network Security Engineer (Contractor) Manage the Cisco routers, switches, firewalls, and VPN gateways within an enterprise network with over 10,000 nodes Script modifications for the migration of clustered PIX 525 firewall configurations in preparation for an ISP migration Configure the PIX 525 firewalls as a VPN backup in case the primary WAN links failed

• Ensure Cisco devices authenticate to approved AAA servers such as Cisco ACS server by configuring the devise a AAA clients to the ACS server

Confidential,FL

5/05-4/06

Security Engineer

• Work on an engineering team responsible for troubleshooting issues on CyberGuard firewall products
• Investigate, diagnose, and analyze highly technical firewall and VPN issues in mission critical 24x7 military and civilian network infrastructures

Escalate software issues and client feedback to development ensuring future software release address client issues Create problem reports, after recreating software issues in a lab environment, enabling the development team to resolve complex coding issues Confidential,Atlanta, GA

6/04-5/05

Security Engineer Work on a dynamic team for the largest Managed Security Service Provider in the US market Architect, deploy, and maintain network security technologies on hundreds of firewalls, especially Cisco PIX/ASA firewalls

Configure a Cisco ASA Site-to-Site VPN (IPSec Tunnel) for every customer in order to securely ship syslog and SNMP messages to a central management system (SIEM)

Troubleshoot VPN, firewall policy, and routing issues on Cisco PIX/ASA hardware

• Perform approved firewall configuration changes via Cisco Works V3

Confidential,Lakes, FL

5/00-6/04

Application Security Engineer Configure active directory domains and forests to manage LDAP objects tied into application authentication Ensure appropriate controls exist within Managed Security Portfolio to properly protect Infosight’s critical infrastructure from exposure Assist with documenting application controls associated with annual SAS II audit

Education Networking Services Engineer