SUMMARY

Lead and manage security programs and team to enable secure, responsible and sustainable business practices and advise business leaders in risk identification and management.

TECHNICAL SKILLS

Regulations and Standards: HIPAA, PII, SOX, SANS Critical Controls, NIST 800 - 53, ISO 27001/2, COBIT

Security Program Management: Audit and Audit Support, Security Awareness Training, Secure Software Engineering, Vulnerability Scanning, Penetration Testing, Business Continuity and Disaster Recovery Planning/Testing, BYOD, Policies, Standards Baselines and Procedures

Infrastructure and Platforms: AWS Cloud Infrastructure, Public/Private/Hybrid Cloud, High Availability and Resilient Architectures, Cryptography, Public Key Infrastructure (PKI), Active Directory, AD FS, Federated Identity Management, SSO, Checkpoint Firewall

Tools and Processes: Nessus, Burp Suite Pro, Metasploit, Agile, Scrum, Waterfall

Programming: C#, VB.NET, Python, JavaScript, Java, Android Developer Tools SDK, AIDE

PROFESSIONAL EXPERIENCE

Confidential, Winston-Salem, NC

Information Systems Security Engineer

Responsibilities:

• Create and revise policies, procedures and standards for information security practices.
• Lead a cross-departmental information security team to identify and address security concerns.
• Support 3rd party audit (Security, SOX, and HIPAA), remediation and questionnaire response.
• Perform security assessments of internally and externally sourced applications.
• Mentor and train security administrators in the operation of AD FS federated identity management, PKI, Gnu Public Key Cryptography, Mobile Iron BYOD Management, etc.
• Develop and deliver security awareness training to all associates and technical security awareness training to software engineering teams.
• Design and implement an enterprise identity management platform for SAML 2.0 federated authentication and single sign on.
• Design an enterprise PKI solution for internal use digital certificates and collaborate with Active Directory Administrators to implement.
• Collaborate with disaster recovery and business continuity (DR/BC) team in annual plan testing.
• Develop C# windows applications for AD FS server administration, and to allow help desk workers to verify a caller’s identity during password reset requests.
• Develop a WCF service API for password reset across multiple AD domains.
• Design a secure SSO solution for a web application mash-up collaboration project with a client.
• Advised senior management on the selection of a Security Information Event Management (SIEM) and Log Management solution, and a 'bring your own device' (BYOD) management solution.

Confidential, Winston-Salem, NC

Technical Architect

Responsibilities:

• Design, develop and deliver secure line of business web applications, including:
• A new retailer services portal web site.
• A high profile project to customize a secure web application for a reverse logistics solution for a key client in the retail and pharmaceutical space.
• Promote coding best practices and security awareness company-wide.
• Champion enterprise-wide adoption of Scrum with an Agile adoption taskforce.
• Initiate the Confidential IT Informer internal newsletter and acted as chief editor.
• Collaborate with business managers to propose industry standard XML file formats to the Joint Industry Coupon Consortium (JICC) for digital promotion and coupon redemption processing.

Confidential, Greensboro, NC

ADT .NET Architect and Subject Expert

Responsibilities:

• Work with the local and international Confidential .NET Subject Area teams to develop, recommend and maintain enterprise policies and standards for .NET and hybrid development projects.
• Early adopter of Scrum at Confidential in a key telematics project to combine product offerings with a recently acquired subsidiary in Europe.
• Consult on internal and B2B .NET and JAVA/WebSphere/JBoss/Message Broker projects.
• Develop and deliver training for Microsoft’s Team Foundation Server (TFS).
• Act as an editor for the Confidential .NET Newsletter.

Confidential, Dallas, TX

Chief Architect

Responsibilities:

• Report to and advise the Chief Technology Officer.
• Manage three engineering team leaders with a combined engineering team of 10.
• Design the system and application architecture and workflows to enable electronic trade of 2-4 million barrel (valued > $200M) oil shipments internationally.
• Act as Release and Operations Manager including overseeing the implementation and testing of operational systems hosted by an external web hosting provider.
• Lead business continuity / disaster recovery initiative through conception, planning and testing.
• Contribute to two patent applications for an electronic bill of lading and for electronic trade documents bearing multiple digital signatures.
• Collaborate with the senior product manager in the adoption of Scrum.
• Contribute to the development and implementation of technical support and QA strategies.

Confidential, Frankfort, KY

Technical Lead and Architect

Responsibilities:

• Report to and advise the Branch Managers and the Cabinet Chief Technology Officer.
• Technical lead for the Health Services Application Development and Reporting Branch - approximately 25 people including architects, PMs, developers, DBAs, BAs and report writers.
• Lead the formulation and implementation of key strategies including: security, business continuity and high availability, enterprise messaging, SDLC, interoperability, QA, and training.
• Champion branch and cabinet interests in state-wide identity management and single sign-on initiatives with relevant external state government and 3rd parties.
• Use code generation to enhance security and save >9 man-months of effort within 8 months.
• Use SSO to provide authentication and centralize user account management for cabinet web applications including KASPER (Kentucky All Schedule Prescription Electronic Reporting), HANDS (Health Access Nurturing Development Services) and KPC (Kentucky Physicians Care).