SUMMARY

• Senior level information security leader with 20+ years of experience architecting, consulting, deploying and leading teams on network, application and infrastructure security for protecting highly sensitive information.
• Extensive experience architecting, consulting and leading teams to deploy information security infrastructures in compliance of; PCI, SOX, GLBA, FFIEC, GDPR adhering to NIST and ISO Cybersecurity Frameworks (CSF).
• Seven plus years of experience in architecting designing and deploying secure cloud solutions in public (Azure, AWS) and private cloud (VMWare, OpenStack) platforms.
• Extensive experience architecting secure cloud patterns and writing security standards to meet regulatory (FFIEC, SOX, GDPR, FISMA, etc.), and PCI/DSS compliance.
• Five years of experience in architecting global secure CI/CD environments for automating cloud workload deployments.
• Architected and deployed secure Dev/Sec operations in Buenos Aires, Frankfurt, London, New Delhi, Pune, Kochi, Trivandrum, Singapore, Beijing and Sydney.
• Developed secure IoT deployment patterns, security standards and deployed a large IoT workloads using Azure and AWS IoT using IoT Hub, IoT Device Provisioning, IoT Stream Analytics and IoT M2M (many to many) networking.
• Analyzed and wrote IoT security standards for IoT deployments consisting of IoT edge, network, analytics, AI, Machine Learning and storage.
• Wrote requirements, managed development and deployed a centrally managed symmetric cryptographic key management system infrastructure, including Tokenization for the largest third - party credit card processor and automated key managements operations worldwide resulting in a savings of $13 million in CAPEX and OPEX.
• Developed security frameworks security patterns and settings, for Machine Learning (ML), Artificial Intelligence, Docker, Kubernetes, containerization and many other cloud service deployments in Azure and AWS public cloud.
• Developed architecture and wrote security standards, risk assessment framework and CO/CD security architectures and implementation guidelines in the AWS cloud.
• Developed architectures, security configuration requirements and implementation guidelines for a large global industrial IoT implementation using AWS cloud, self-developed edge Kubernetes/Docker platform for containerizing industrial IoT applications,s

TECHNICAL SKILLS

• UNIX/LINUX
• PKI Design and deployments
• PKI z/OS
• Cryptographic Key Management
• PCI/DSS
• Secure Coding
• Application Security
• Agile
• SDLC
• GLBA/SOX/FFIEC
• Network Security
• Veracode
• APPSCAN
• Nessus
• Azure Security
• AWS Security
• Container service
• Analytics
• Cognitive Services
• Machine Learning (ML)
• IoT
• Chat Bot
• Artificial Intelligence (AI)
• DevSec Ops
• Azure Security
• AWS Security

PROFESSIONAL EXPERIENCE

Confidential

Responsibilities:

• Security architect for a very large industrial IoT implementation consisting of over 40,000 remote locations globally using AWS IoT services.
• Responsible for architecting AWS cloud security consisting of AWS IoT Core, AWS IoT Device Management, AWS IoT Analytics, AWS IoT Green Grass, AWS IoT Site Wise, AWS IoT Events, AWS IoT Things Graph, Amazon SNS, AWS Lambada, AWS Dynamo DB, AWS S3, AWS EC2, AWS EKS, AWS ECR, etc.
• Remote locations have Kubernetes/Docker platform has a containerized platform for connecting numerous cyber physical systems consisting of sensors, actuators, cameras, natural language processing and robotic controls.
• Analyzed and developed security architectures and wrote detailed security control configuration standards aligning with enterprise security policies and standards.
• Consulted, advised and guided developers for implementing controls in edge devices on the physical cyber connected systems.
• Architected and deployed a large-scale PKI Certificate management platform for supporting certificate management, and code signing to ensure accurate cryptographic implementation for securing the industrial IoT ecosystem.
• Consulted and guided risk management and test teams in developing IoT risk analysis framework and application testing, pen testing and to secure the CI/CD environments.

Confidential, Atlanta, GA

Cryptographic & Key Management Security Architect

Responsibilities:

• Analyzed and documented existing Cryptographic and key management processes and develop key management processes to meet regulatory compliance and to meet organizational information protection standards.
• Developed PKI architecture, requirements for implementing PKI for centrally managing SunTrust and its subsidiaries by automating Certificate management functions using IETF X.509, Cryptographic Key Management Syntax (CMS) and Simple Certificate Enrollment Protocols. Developed a plan to discover transition existing ad-hoc keys and certificates to integrate with the new PKI Infrastructure.
• Analyzed and developed requirements for implementing symmetric encryption key management system for encrypting 1 Peta byte of unencrypted data stored in Oracle, Informix, MS SQL, MY SQL, DB2 databases.

Confidential, Atlanta, GA

Security Consultant/Architect

Responsibilities:

• Responsible for executing POC’s of variety of technologies (listed below), writing security standards and working with the application development teams throughout the development and EY certification lifecycle and for getting the application certified for production deployments in an Agile environment.
• The certification lifecycle consists of static and dynamic code analysis using Veracode, penetration testing using Burpe suite of pen test tools and working with development and certification teams to mitigate vulnerabilities.
• Moved approximately 104 applications for fraud detection, audit services, taxation services, mergers and acquisition and regulatory compliance as Azure workloads.
• Analyzed various technology platforms and determined security configuration requirements and wrote security configuration standards and worked with project teams to automate CI/CD pipelines.
• Architected and deployed secure Dev/Sec operations. Developed security architecture, use cases, frameworks, security settings, certification and client presentations for the following Azure services:

Confidential, Atlanta, GA

Security Architect

Responsibilities:

• Support Verizon Information Security Professional Service team by developing architecture, scoping work effort for Penetration Testing, Vulnerability Analysis, Software Security Testing, PCI-DSS compliance, QSA and developed mitigation procedures.
• Support Verizon Information Security Professional Service team to develop architecture, RFP responses (proposal), and pricing.
• Provide Cybersecurity sales and marketing support to the North American sales team to develop and sell Cyber security solutions.
• Provide architecture, design documentations for responding to RFP’s Tech Mahindra sales team.
• Develop cybersecurity solution architectures, design for implementing infrastructure security, software security, data protection solutions, cryptography and PKI, etc., and communicate the technical solutions to customers in support of Tech Mahindra Sales Team.
• Develop PCI and HIPPA data protection solutions and architectures and lead on-site deployment teams and communicate deployment status to customers.
• Provide cyber security architectures for enterprise clients such manufacturing, finance, health care and, mobile carriers.
• Develop NIST Critical Infrastructure Security Assessment programs and managed on-site team for successfully executing the mobile core network assessment for large mobile service provider.
• Identify, develop and manage OEM vendor relationships for enhance cybersecurity solution offerings.

Confidential, Marietta, GA

Consultant, PKI and Cryptography Architectures & Engineering

Responsibilities:

• Developed architectures and solutions for migrating financial applications to a private cloud.
• Interfaced with various business and technical teams to analyze current security architectures, procedures and processes to ensure seamless workload migrations.
• Developed solution designs to implement and automate enterprise PKI key management infrastructure.
• Designed architectures for integrating appliances such as F5, Cisco, Data Power, Web Seal, etc., and application platforms such as Tomcat, Apache, J Boss running on Linux and Windows OS.
• Architected and implemented DLP, data at rest and tokenization solutions.
• Responsible for managing platform vendor implementations such as Venafi, Tanium, Symantec and Vormetric.
• Responsible for architecting and deploying secure Dev/Sec operations.
• Managed Proof-of-concepts for various vendor technology platforms.

Confidential, Alpharetta, GA

Consultant, Information Security and Cryptography Architect

Responsibilities:

• As a consultant, primary responsibility is to work with eight plus project teams inclusive of developers, operations, and cyber security team to advise and ensure the information security is enhanced to meet FFIEC, PCI, SOX, and GLBA and provide advice on revising technical security standards to meet financial industry regulations and mandates.
• Interfaced with Synchrony suppliers and partners to develop interface and PKI certificate management and technical standards to ensure the seamless migration. Since the primary credit business of Synchrony is granting credit to consumers on deferred payment plans, there are thousands of retail entities, which interface with Synchrony information systems.
• Responsibilities also included secure software reviews (Code Analysis), review vulnerability scans and penetration test results and recommended fixes for high and medium vulnerabilities before migrating applications. Managed Plan of Action and Milestone (POAM) for identified vulnerabilities that required extensive code rewriting, time-consuming and could not accomplish within the migration timeframes.
• Developed Virtual Machine security standards for maintaining security lifecycle management.

Confidential, Washington, DC

Consultant, Cryptography and Cloud Transformation Center of Excellence

Responsibilities:

• Consulted advanced security architectures with Confidential business units for migrating and securing CRM, transaction processing, loan application intake, loan processing, into SaaS, IaaS, and PaaS cloud infrastructures. Designed and developed architecture patterns for implementing encryption above the Hypervisor/VM layer to protect sensitive Personally Identifiable Information and Financial information collected from consumers and to protect sensitive enterprise data using field level encryption.
• Designed and developed architecture and designs for encryption key management to ensure encryption key ownership remained within Confidential management control.
• Provided leadership to the in-house security management and CISO for effectively managing enterprise information security policy and governance programs in the cloud computing environment. Developed encryption gap analysis on the services provided by cloud providers such Microsoft Azure, Microsoft Dynamics CRM, Amazon Web Services and IBM SoftLayer. Analyzed and determined application layer cryptography requirements and Confidential data encryption needs for SaaS, PaaS and IaaS cloud services platforms utilizing JCA/JCE and MCAPI Cryptographic Services Frameworks.
• Analyzed the feasibility and architected a solution for using existing z/OS mainframe, ICSF, TKE and DKMS for using Z/OS and IBM Crypto Express cards as cryptographic engine and to centralize remote key management operations.