SUMMARY

• Director - level Information Security Professional specialized in enterprise architecture, risk management, design, auditing, testing and compliance support of clients using a wide-range of technologies aimed at providing administrative and technical security controls.
• Creative and innovative approach to implementing security solutions.
• Understanding business requirements in light of security needs.
• Proficient with the development of risk assessment techniques, security policies and procedures.
• Team leadership abilities and project management skills.

TECHNICAL SKILLS

CORE COMPETENCIES: Comprehensive experience in architecture, design and management of Enterprise Information Security programs and implementation of compliance frameworks in an enterprise; Expertise in HIPAA and PCI; Wide and Local Area Network security expertise; Infrastructure penetration testing, auditing, reporting and analysis; Network Access Control implementation and maintenance; Virtual Private Networks engineering and maintenance

PLATFORMS: Microsoft Windows, Linux, OS X.

NETWORKING: Ethernet, and IP, routing protocols like RIP, OSPF, IGRP, EIGRP, BGP; Cisco switching and wireless technologies; SMTP security, anti-SPAM and anti-Virus messaging solutions; Amazon Web Services (AWS) private cloud management.

CRYPTOGRAPHY/SECURITY: IPSec, RADIUS, Kerberos, Pretty Good Privacy (PGP), PGP Key Management, PGP Disk, PGP Messaging, Microsoft’s PKI implementation, TrueCrypt, Secure Shell, RSA SecurID, VPN, Checkpoint Firewalls, Cisco NAC (Network Access Control), Q1 Labs QRadar.

PHYSICAL: Video surveillance; Forensic processing and data recovery; Physical posturing and assessment of layered protection and defense; Understanding of fire and other environmental controls; Electric generators installation and management.

LANGUAGES: UNIX Shell Scripting, Python, PHP, Perl, Network Automation (Automate).

TOOLS: Forensic Toolkit® (FTK), Kali Linux, Snort, Websense, Ethereal, Nmap, Nessus, IBM App Scan, Rapid 7 NeXpose, Rapid 7 Metasploit, McAfee VirusScan Enterprise, RSA SecurID and Authentication Manager, RSA Security Center and Smartcard management, Symantec Endpoint Protection.

PROFESSIONAL EXPERIENCE

Confidential, Boulder, Colorado

Director of Information Security and Compliance

Responsibilities:

• Managed the enterprise's security/compliance program, consisting of direct reports and indirect reports including hiring, training, staff development, performance management and annual performance reviews.
• Developed and maintained a full-fledged Information Security program centered around HIPAA compliance, PHI protection and the overlapping of cloud-hosting with business operations and functional
• Worked with external auditors in facilitating IT audits and risk assessments; facilitated discourse with external legal counsel in analyzing compliance needs, contract negotiations, security incidents and other compliance-related activities.
• Developed and managed the budgets for security and compliance resources, IT and Infrastructure, and monitored them for variances and forecasted shifts in demand.
• Worked with the business units to create and facilitate IT, Compliance and Security risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk; monitored for deficiencies and opportunities for improvement and aid in the overall organizational maturity in regards to proper compliance and security practices.

Confidential, Columbus, Ohio

Director of Information Security and Compliance

Responsibilities:

• Risk assessment and risk management for the Managed Services Division, projects within the MSD and managing the financial success of projects.
• Engaging audit partners and stakeholders like the PCI Council, FDIC, Cloud Security Alliance and other customers, vendors and partners focused on compliance initiatives.
• Assessment of cloud service architecture, cloud security, technologies involved in the makeup of cloud offerings; assessment and development of the long term strategic approach to Information Security, Compliance and Risk.
• Initiating a metric and risk-driven approach to decision making; interfacing with executive management to drive Information Security from a strategic perspective.
• Developing new security offerings; improving current offerings and expanding the current security program for the entire organization.

Confidential, Columbus, Ohio

Senior Security Architect

Responsibilities:

• Cyber security architectural development within the regulatory requirements of SOX and NERC.
• Interfacing with the corporate Project Management Office (PMO) to provide risk assessment feedback on internal software development projects, application development and techniques.
• Software development/OWASP risk assessments provided to developers.
• Developed internal frameworks, standards and methodologies to facilitate and improve cyber security processes.

Confidential, Columbus, Ohio

Enterprise Information Security Architect

Responsibilities:

• Creation of corporate policies, procedures and documentation of existing processes.
• Created a security program and worked with executive management to facilitate the general direction of the program.
• Worked with auditors to satisfy compliance requirements, understand and mitigate risk and implement best practices throughout the organization.
• Reviewed contractual obligations and worked with legal department attorneys to advise organization on risk and mitigation strategies.
• Creation and management of Incident Response procedures, firewall rule sets, IDS and IPS systems and internal risk assessment processes.
• Deployment of log management and event correlation infrastructure and review of high-level alerts and offenses.
• Developed an extensive formal security awareness-training program required yearly for all employees.
• Advised development managers and development teams on secure coding practices, OWASP requirements and general sound practices for secure software development and SDLC processes.
• Improved the QA process by advising development teams of secure practices and promoting risk management techniques within the team.
• Maintained all corporate VPN infrastructure to customers, service providers and partners, created documentation and maintenance plans for the VPN end-point cluster.
• Developed a vulnerability management plan.
• Deployed and extensive used security tools like Metasploit, NeXpose, RSA SecurID, Q1 Labs QRadar, PGP/GPG, Checkpoint firewall clustering, Cisco ASAs, OSSEC and Good Technologies wireless management suite.

Confidential, Dayton, Ohio

Senior Information Security Architect

Responsibilities:

• Developing the corporate security policies and general security posture for the organization.
• Briefing corporate management and executives on current threats, risks and mitigation strategies.
• Providing guidance to management for security strategy in relationship with business requirements and direction.
• Established relationships and channels of communication which maintain and support the security governance activities throughout the organization.
• Involvement in the development of the Information Technology Disaster Recovery plan.
• Designed and deployed a large-scale Virtual Private Network solution to serve the $2.7 billion WinWholesale organization and its remote users.
• Designed and implemented Cisco’s Network Access Control solution (NAC) for WinWholesale Inc.
• Implemented Q1 Labs' Q1 Radar product to provide detailed monitoring, logs and event analysis.
• Responsible for the monitoring and auditing of logs and alarms from Intrusion Detection and other technical controls
• Responsible for the architecture, implementation and maintenance of messaging security using the McAfee Iron Mail appliances; providing spam, anti-virus, intrusion detection and web protection.
• Responsible for architecture, design, implementation and maintenance of strong/multi-factor authentication using RSA’s SecurID and RSA Authentication Manager solution.
• Experience with Access Data Forensic Toolkit (FTK), forensic evidence acquisition, processing and reporting.

Confidential, Ohio

Security Consultant

Responsibilities:

• Implementation of the entire network infrastructure; RADIUS, Linux servers, Apache, IIS, Lucent Remote Access Servers, PRI, T1 and ISDN deployment.
• Collected forensic data for the Dayton FBI office and assisted in the investigation of customer security breaches.
• Served as liaison and sub-contractor for Dayton-area Newave customers to fulfill security needs and requirements.
• Assisted with the business development of Newave.Net and the subsequent sale of the company to Donet, another Dayton-based Internet Service Provider.
• Development of corporate security policy and IT disaster recovery plan.
• Worked closely with corporate management to develop the Dayton data center as the central hub for corporate data processing and disaster recovery; responsible for the physical configuration of the data center, electrical supply and installation and management of a 100kW electrical generator.
• Responsible for the creation and management of Checkpoint firewalls rules and policies.
• Frame-relay management, routing, deployment of new sites, monitoring of utilization, traffic shaping, resource utilization and security of the entire network.
• Responsible for weekly management reports regarding traffic utilization, up/down status of remote sites and intrusion detection events.
• Intrusion detection, monitoring of protocols and utilization, end-user Internet utilization.
• Implemented multi-provider and multi-route Internet connectivity using Border Gateway Protocol (BGP).
• Developed close relationships with data and software vendors.

Confidential, Dayton, Ohio

Messaging Specialist

Responsibilities:

• Helped develop and maintain what was according to Novell, “the largest GroupWise installation in the world.”
• Designed an SMTP messaging infrastructure to support the exchange of millions of e-mail messages per month for customers across the world.
• Designed and developed software and utilities to provide anti-virus and anti-spam solutions for customers.
• Maintained relationships with vendors such as Novell, Microsoft, and IBM.
• Responsible for the re-wiring of the two corporate Systran buildings.
• Management of Novell Netware, Silicon Graphics and Solaris servers.
• Installation and management of Internet connectivity.
• Responsible for the internal physical departmental security in accordance with U.S. Air Forceregulations and requirements.
• Management and planning of backup solutions for all network data.