SUMMARY:

• Over twenty years of Cyber Security experience including Security Architecture, managing and performing Authorization and Assessments (A&A) on cloud systems while leveraging the FedRAMP Authorization process.
• Experience and knowledge of cloud service models (SaaS, PaaS, and IaaS) and in implementing cloud access security broker (CASB) solutions to act as central control points to set policy, monitor behavior, and manage risk across all cloud services simultaneously.
• Experience in integrating Data Loss Prevention (DLP) policy between the CASB and network DLP to improve policy uniformity and consistency.
• Demonstrated experience building and managing Security Operations Centers (SOC), and designing and implementing complex B2B e - commerce network security solutions for commercial companies and federal agencies.
• I am deeply familiar with mapping security controls NIST 800-53, rev 4, NIST SP 800-57 rev 4, SSAE-16 to IT infrastructure and organizational policy to demonstrate compliance.
• Possess expert understanding of Public Key Infrastructure (PKI/SSL), the Verisign, RSA and Entrust family of products, Identity management and X.500 Directory services including LDAP.
• Experience in performing security posture and vulnerability assessments, and penetration testing, designing, and implementing IDS/IPS based security networks. Designed and implemented enterprise-wide Level 3 assurance PKI with Root CA operating at Level 4 assurance level involving: certificate-based authentication; private and public-key encryption, Certificate Authorities (Cas). Knowledgeable in OWASP, NIST 800-53, FISMA, FIPS -199 (200) guidelines, PCI, ISO, HITRUST, Privacy Shield (US-EU Safe Harbor) and HIPPA.
• I have experience with audit compliance and Sarbanes-Oxley/General Computing Control requirements. Possess strong Unix/Linux Security: Knowledge of security controls monitoring, tailoring and security hardening systems including Windows and UNIX operating system (OS) and database compliance hardening guidelines including PCI, USGCB, CIS etc. benchmarks and standards.
• Experienced in the design, deployment and monitoring of network and host-based security tools in heterogeneous environment e.g. FireEye EX, HX, HA, HIDS, FIM. Experienced in designing, deployment and monitoring Web-application security using tools such as HP Fortify (SCA), WebInspect, Acunetics AWS, Qualys, DB Protect, and open source tools e.g. Security onion
• Proven ability to work independently and dependently within a business/client area and foster collaboration at the enterprise level to influence the strategic and technical decisions during all phases of a project. Demonstrated leadership skills and communication skills including conducting formal presentations to key decision makers at the executive level and grasping key client issues.

Data Security: Public Key/Secret Key Cryptographic Algorithms and Protocols, ASN.1, PKCS Standards, Software Verisign, Entrust, and (RSA BSAFE) and Hardware Crypto Systems& Toolkits, Secure Sockets Layer (SSL), SKI, PKI Technologies including Key Management, Digital Certificates, Openssl, and Keytool code signing. HIPAA, FIPS-140, PCI, FedRAMP, RMF, SaaS, IaaS, PaaS,

VPN: IPSec, PPTP and L2TP, OCSP, SEP

Internet: HTTP/HTML/CGI, Online Payment protocols and systems

OOD: C/C++, Perl, JAVA on Unix/NT

Protocols: BGP, OSPF, IS-IS, TCP/IP, IPSec, DNS, MPLS, SNMP, Frame Relay, ATM, Ethernet, LDAP, GTP, GPRS, MobileIP, RADIUS, SSL, TLS and XML, X802.11a/b/g and WEP

Management: Budgeting, Scheduling, Pre-sales marketing and support, Hiring, and business development

DLP- Fidelis, FireEye:

Access Control: Counteract

IDM: - ArcSight

Firewalls: - FireEye, Fortigate and Checkpoint

IDS and IPS: Fortigate IDS and Analyzer, BroIDS, Suricata, Snort, Counteract, MX logic, Cisco ICE, Fidelis SSL Inspector, WebSense SSL Inspector

SIEM: -Splunk, Security Onion /ELSA

EPO: - MacFee

Forensic: -EnCASE

Scanners: - Tenable Security Center (5.3+), Acunetix (AWS), Kali OpenVAS, DBProtect, Qualys, HP Fortify (SCA), Nessus

Ticketing System: - OTRS

Unified Threat Management Devices: - Fortinet

Hypervisor: - VMware

Network Analyzers: - WireShark

PROFESSIONAL EXPERIENCE:

Confidential, Naugatuck, CT

Security Architect

• Mainline was VMware's first National Partner, and me architected the  s ecurity and validated the deployment to Universities, Banking and other verticals that extended past 1000 virtual appliances in some locations
• Architected the  security for the deployment and installation VMware 5.0 systems for two major hospital and medical practices, one in Virginia and one in Louisiana that had hundreds of physical servers with hundreds of virtual appliances all HA deployed and controlled back through VCenter Control environments. These deployments saved on Hospital over $2.5 millions of dollars in the first year
• Have also given classes to several companies on QRadar to include the sale classes for the Mainline Sales teams so they can position QRadar as an integral part of a SIEM solutions and log collection  security structure. 
• These QRadar systems were architected and deployed within Telecom, Energy and Healthcare provider verticals.
• Also had set up and deployed Syslog log aggregation systems within remote locations to have a single point of log feeds and to reduce the amount of actionable log data being feed to the QRadar Main Collector. 3 
• Have also troubleshot Tivoli SIEM solutions as well as TSIM within a couple of clients which were struggling to manage these systems.  
• Developed the  Security Practice into a Ten Million Four Hundred Thousand Dollar organization within a year utilizing with only four individual and becoming a cohesive portion of the sales teams using a "Solutions" based selling approach.
• Deploying and managing monitoring of data protection DLP, encryption, PKI, TLS, firewalls, IPS, IDS, VPN, using Fidelis 
• Application security: vulnerability scanning including secure code analysis using CheckMarx CSAS, HPFortify, Web application scanning using Kali, Web Inspect, Qualys, 
• Database scanning using AppDetective Dbprotect, and Nessus Tenable.
• Deploying and monitoring endpoint security -antivirus/anti-malware using tools e.g. FireEye EX, Fidelis, Symantec, Counteract, Cisco ISE
• Also managing application whitelisting, reviewing and approving secure configurations, scanning for patching effectiveness.
• Preparing and managing risk assessments to ensure compliance including input into security awareness training, preparing and presenting security posture reports including DAT files, Cyberscope, remediation analysis,

Confidential

Project Manager/Security Architect

• Assessments and Authorizations under 800-53 Rev 3. Scheduling and conducting assessments and preparing authorization packages using CSAM as the documentation tool.
• Assessing all systems on schedule and ensured that all systems were operating with valid ATOs.
• Implementing continuous monitoring by conducting monthly vulnerability assessments to replace the quarterly scanning which was in place before.
• Conducting vulnerability assessments and remediation management using automated tools.
• Preparing and managing POA&Ms.
• Conducting Incident Response Training and Testing.
• Participating in DOL DHS CDM tool deployment workgroups

Confidential

Senior Security Manager/Security Architect

• Part of a security vulnerability management team.
• Responsible for network security assessments and analysis of vulnerability scans from all network devices, to ensure compliance with DHS guidelines.
• Duties include: Configure user security profiles to comply with requirements for approvals and separation of duties restrictions.
• Process configuration management requests to promote programs from the development and test environments into the production environment, perform quality assurance audits, and follow-up with the completion of post implementation verification approvals.
• Coordinate the testing of applications with responsible managers, and report performance results. 

Confidential

Senior Functional Analyst

• Duties include participating in the certification and accreditation (C&A) process;preparing risk assessment reports; developing system security plans and risk mitigation plans;
• supporting security tests and evaluations (ST&Es); creating Plans of Action and Milestones (POA&Ms); conducting FISMA self-assessments; conducting system security assessments;
• conducting system security planning; developing security policies and procedures; and providing security documentation support based on NIST SP-800-53 and DHS 4300 guidelines. Work with Privacy Information and Personally Identifiable Information (PII) data.
• PKI deployment: Duties included monitoring and deployment of LDAP/Kerberos based authentication in heterogeneous environments, to implement federated authentication methods such as SAML, strong or multi-factor-SSO authentication technologies in the DHS environment.

Confidential

Senior Security Engineer/Security Architect

• Creating Certification and accreditation process, preparing risk assessment reports, developing system security plans, supporting security tests and evaluations (ST&Es).
• Duties include ensuring PKI security compliance with the DHS PKI CP and CPS.
• Researching and digital certificate based Identity management solutions for authentication and physical security access.
• Updated the PKI SDLC Functional Requirements document, the PKI CONOPS and the DHS PKI Interface Specification documents.
• Responsible for procuring the DHS document Management system for secure archiving of registration material.
• Performed a PKI ROI analysis for presentation to DHS executives.
• Preparing the DHS PKI Disaster Recovery Plan.

Confidential

Security Architect

• Responsible for analyzing the NCI network infrastructure and offering recommendations on improving network performance, security and reliability. Performing network mapping using automated discovery tools, analyzing wireless network and switch security for the NCI environment.
• Performed network and security posture assessments, risk analysis, ROI analysis and security reviews. Communicated findings and recommendations to IT management staff to ensure timely identification and remediation of vulnerabilities.Identify and manage information security risks to achieve business objectives and ensure compliance with ISO 17799 risk management framework using NIST 800-30 or other applicable risk management methodology. Perform risk assessments of policies, procedures, Business Continuity Planning, operational, physical, access control, asset classification, and compliance.
• Identify risks to data with security architecture review and risk analysis processes, and develop remediation plans to mitigate the risks. Assist in security awareness training program. Work with relevant personnel to evaluate new security technologies
• Responsible for analyzing security requirements and designing the security architecture for the Electronic Submissions Gateway (E-Submissions) utilizing digital signatures, certificate enrollment, revocation, and time stamping technologies. Designed e-gateway application security testing guidelines.
• Set up and performed NIST-based Certification and Accreditation (C&A) test plans. Enabled the FDA to comply with Federal and agency Enterprise Architecture requirements.
• Responsible for defining enterprise security requirements within the FDA environment. Reviewed and audited of security policies and practices to check compliance with Federal and agency security guidelines. Prepared security baseline of the FDA security posture.
• Performed vulnerability assessments to determine effectiveness of perimeter and internal security controls. Audited application security controls in respective to authentication and authorization schemes.
• Prepared assessment methodologies, test plans, schedules and performed all technical testing on the network to locate vulnerabilities and ensure compliance with security plans and the security aspects of the Clinger-Cohen Act of 1996. Recommend corrective and preventive actions.
• Designing an enterprise single sign-on LDAP based security architecture with VPN, PKI, smart cards and digital signature components.

Confidential

Contractor/Senior PKI Specialist

• Lead PKI architect. Co-wrote the FMS PKI CP and CPS to operate at FIPS Level 3 assurance.
• Designed and implemented FMS PKI pilot and Development network architectures based on Entrust 6.0 with FIPS 140-1 and 2 modules.
• Prepared the FMS PKI concept of operations document.
• Performed requirement analysis and identified applications to be PKI enabled.
• Designed FMS PKI to support the Largest PKI application in the US Treasury, SPS (Secure Payment System).
• Implemented Entrust PKI based code signing with Openssl, MS Authenticode and JAVA keytool.
• Implemented VPNs with Cisco 3030, root key generation using Chryalis LUNAR Key and NCiPHER nC4032W FIPS 140 device operating at level 3 assurance. I am knowledgeable in ISO17799, RACF and ACF2 standards, PKI, CAs, LDAP and x509 based directories.
• Designed enterprise information security architecture FMS PKI, including: strategy, technical architecture, industry security best practices, and conformance and audit programs.

Confidential

Security Architect

• Lead PKI implementer: performed requirements assessments to understand business drivers; duties involved interviewing management and technical staff, reading and analyzing documents, and gaining an understanding of the business processes. Planned applications migration to PKI.
• Determined impact on the user and network infrastructure, support and administration required to deploy the PKI infrastructure. Also selected the trust model to be used within the Cable & Wireless environment. Designed the PKI architecture including trust models, CA and RA architecture.
• Coordinated with the legal department and consultants on the development of Certificate Policy (CP) and Certificate Practice Statement (CPS). Planned and deployed a phased PKI infrastructure. Deployment involved setting up test lab to evaluate several leading vendor products, negotiating and coordinating with vendors to ensure conformance to design requirements, installation of equipment in the lab, performed a pilot deployment, then a limited deployment. Assessed the impact of the limited installation and then deployed the full PKI architecture. Set up and tested operation procedures. Manage vendor relations. Design performance and conformance testing procedures and methodologies.
• Designed and implemented RSA Keon and Baltimore Technologies based PKI e-security infrastructure, using Netscape LDAP directory Integrated S/MIME, and IPsec digital certificate management and issuance into Cable & Wireless network security model. Designed and implemented VPNs based on NetScreen series 500/1000 and Nortel Contivity Extranet VPN product lines.
• Performed tests to determine performance of different VPNs using Smartbits.
• Published several internal security white papers.
• Performed intrusion detection and vulnerability assessments using commercial and public tools including SNORT, ISS Scanner, NetSonar, Nessus, nmap, Sniffers (TCPDump, Snoop), password crackers (L0pht, crack, etc). Configured, installed and monitored PIX, and Nortel-Checkpoint firewalls. Put together and supervised a subject matter expert and incident response team.
• Analyzed configuration vulnerabilities in routing protocols including OSPF, BGP, and MPLS. Worked extensively with Cisco MARS, load balances, Juniper routers, and Cisco routers while maintaining the Confidential backbone and edge networks.

Confidential

Group Program Manager

• Responsible for designing and implementing Microsoft Extranet network for hosting .Net enterprises. Managed 4 program managers each with about 10 members. Responsible for budget forecasts and staffing, setting up project timelines and ensuring projects were delivered on time and budget. Interfaced with other groups in Microsoft including Security, ITG to provide a complete solution.
• Provided direction and guidance for technology security across all MS departments, to ensure the confidentiality, integrity and availability of information and the systems in the Extranet environment.
• Responsible for defining and implementing appropriate security measures and policies, procedures and audit systems that monitored and controlled access to Microsoft information resources.
• Implemented security using Active Directory and VPNS, strong authentication and single sign-on with digital certificates.

Confidential

Network Security Manager/SME

• Design of network security models and strategies.
• Duties included designing, implementing and maintaining enterprise wide security solutions for our clients’ global networks. Also served as the subject matter expert on network security. Research into digital certificates and electronic payment systems, and secure algorithms.
• Performed over 50 penetration testing and vulnerability assessments using NetRanger, NetSonar, Nessus, Stealth HTTP Security Scanner, SecureIIS on UNIX and NT platforms. Clients included Global Fortune 100 companies including: Financial institutions, Healthcare Providers, Telecommunications Energy/Oil company and Dot.com.
• Wrote white papers on VPNs, IPSec and digital certificates.
• Develop e-commerce network security solutions including VPNs, PKI and X.509 digital certificates based authentication systems.
• Set up security incident handling policies and procedures.
• Develop network security seminars and workshops for Professional Services staff and Cisco Support partners.
• Conduct network security product workshops including NetRanger, NetSonar, and PIX firewall. Perform recruiting activities including interviews.
• Provided subject matter expert support to field network engineers on security configuration issues including routing protocols, access lists, load balancing and network design.