SUMMARY:

• Information Security Leader with twenty - eight years of demonstrated success in the delivery of technology solutions to meet challenging business needs while ensuring compliance with relevant regulations, standards, and organizational policies.
• Hands-on technical expertise as a forward-thinking security expert, providing strategic guidance in the development and deployment of appropriate controls based on comprehensive risk management in alignment with enterprise goals.

EXPERTISE AREA:

• Enterprise Security Architecture
• Regulatory Compliance
• Information Security Risk Management
• Secure SDLC
• Vulnerability Management
• Policy and Standards Development
• Disaster Recovery
• Incident Response

TECHNICAL SKILLS:

Hardware: Cisco switches, routers, PIX/ASA, MARS, Aventail, Reconnix iGuard, Forescout Counteract, Qualys, nCircle 360, Akonix L7, Bluecoat ProxySG, Ironmail, Nokia & Crossbeam firewalls, NetScaler, F5 LTM & GTM, Juniper Netscreen firewalls, SSLVPN, NSM, IDP, Entrust tokens, QRadar, Tripwire, TriGeo, TriCipher, Imperva WAF, McAfee IPS, Websense, Axway Mailgate

Software: Active Directory, ADFS, AlienVault OSSIM, Apache, AppScan, Citrix, Checkpoint FW-1, Courion, EnCase, Entrust IdentityGuard, Epic EMR, Exchange, Firemon, IIS, Informatica ILM, Nessus, Nmap, PGP Universal Server & WDE, Provider-1, RSA SecureID, SCCM, SCOM, SharePoint, Shibboleth, Snort, Solarwinds, Symantec/Trend Micro/McAfee Antivirus, Tomcat, VPN-1, Wireshark

Operating Systems: Windows 3.1 - 8.1/Server 2012R2, Mac OSX, AIX, OS/400, Cisco IOS, Linux (Debian, Ubuntu, Red Hat, BSD), VMWare ESX, Microsoft Hyper-V

Languages: Perl, PHP, Python, HTML/CSS, .NET (VB, C#), Powershell, UNIX shell scripting

PROFESSIONAL EXPERIENCE:

Information Security Manager

Confidential, Winston-Salem, NC

Responsibilities:

• Led cross functional team to successfully mitigate all critical and high level vulnerabilities reported during annual third party security assessment
• Developed risk management program to determine risk and document coding practice improvements as a step in the SDLC processes
• Managed identity access platform based on ADFS to provide federation for customer access to company hosted SaaS applications
• As the leader of the Computer Security Incident Response Team, refreshed and expanded incident response policy and process to include information privacy reporting procedures
• Created vulnerability management program to detect, track, and appropriately mitigate vulnerabilities and risks in the enterprise
• Managed BYOD strategy and oversaw the rollout of new policies and controls to provide the user community with options to securely access and utilize company information on personally owned devices
• Served as liaison between internal IT and external auditing firm to oversee the collection of evidence and document proof of control compliance for SOC1 and SOC2 annual audits in five environments
• Developed and delivered application security training based on OWASP best practices in application development
• Determined and periodically verified compliance with security controls standards for cloud based resources including infrastructure hosted within Amazon Web Services.

Manager, Security Engineering

Confidential, Portland, OR

Responsibilities:

• Led data protection project which focused on deploying network access control (NAC) and mobile device management (MDM) technologies to ensure enterprise owned and BYOD assets are fully encrypted before gaining access to restricted information including ePHI
• Managed enterprise disk encryption project, overseeing the management and automated deployment of PGP whole disk encryption software and policy for 14,000 desktops and laptops
• Implemented unified security information event management system (SIEM) to notify staff and assist in the response to active network attacks, computer infections and violations of University security policies
• Coordinated internal and external security testing, documentation, and mitigation strategies to ensure compliance with HIPAA, PCI-DSS, FERPA, GLBA, and FISMA
• Created disaster recovery templates, procedures, and testing methodology to ensure proper response for disruptions in service of critical systems and infrastructure
• Developed and deployed access request management system based on Courion to provision user accounts for new employees and incoming students and realizing $180K in savings over purchasing additional modules
• Introduced certification and accreditation program to eliminate non-compliance with security policy and regulations in the acquisition and implementation of computer systems and medical equipment
• Oversee identity and access management tasks including provisioning appropriate access for active directory / LDAP authenticated applications and file systems as well as Epic EHR security
• Implemented vulnerability management program to detect vulnerabilities and track and regularly report their mitigation progress to senior management
• Deployed Shibboleth federated identity management solution to provide authentication and single sign on to cloud-based applications for internal users
• Developed and utilized incident response team (ISIRT) processes to manage approach, evidence gathering, documentation, response and information dissemination for information security incidents

Security Engineer / ISO

Confidential, Kansas City, KS

Responsibilities:

• Managed certification and accreditation program against Confidential 800-53 standards for applicable client environments
• Developed, reviewed, and updated corporate security policies and procedures, focusing on user responsibilities and information technology management practices
• Replaced managed IDS system with Cisco IDS solution saving the organization approximately $94,000 in the first year and $117,000 for each successive year
• Deployed WebSense content monitoring solution to review Internet usage and ensure compliance with acceptable use policies
• Evaluated, recommended and implemented log aggregation and security event management solutions
• Prepared and delivered security reports for internal and external customers detailing risks, vulnerabilities, and mitigation task tracking
• Managed FISMA environments including auditing security controls based on Confidential 800-53 and the oversight of Tripwire to monitor and alert on compliance

VP Information Assurance

Confidential, Jacksonville, FL

Responsibilities:

• Managed the development, documentation, and testing of the disaster recovery program, focused on protecting 66 critical applications and infrastructure components
• Reduced incoming spam and phishing attempts by 85% through the implementation of Ironmail appliances to filter email and provide a secure messaging platform to securely exchange confidential information
• Brought managed intrusion prevention service in-house by utilizing Juniper IDP devices which resulted in an operating expense savings of $21,000 per year
• Oversaw the development and implementation of organizational information security policies and procedures based on the ISO 27001 framework
• Developed curricula and conducted security awareness and controls training programs for all Confidential Corporate management and staff
• Recommended project to save $85,000 over 4 years by replacing TriCipher multifactor authentication system with an Entrust solution
• Replaced aging firewall infrastructure to improve performance and reliability which resulted in annual savings of $24,000 from the elimination of redundant data circuits and infrastructure
• Compiled and presented security metrics and controls effectiveness reports to executive leadership as a member of the information security committee

AVP / Information Security Officer

Confidential, Olathe, KS

Responsibilities:

• Managed annual reviews from Internal Audit, OTS, and third-party auditing agencies, providing documentation, technical overview, and management responses for findings against the IT department
• Configured and deployed security event management and alerting system with minimal resources by utilizing security open source tools including OSSIM, Nagios, Snort, Nessus, and NMap
• Developed and managed disaster recovery planning, testing, and documentation for each critical system to ensure compliance with business requirements and expectations
• Recommended and replaced existing ISA proxy with Bluecoat ProxySG appliances and content management software
• Published monthly security column describing emerging risks and best practices for enterprise and personal computing
• Implemented secure Cisco wireless networking solution utilizing WPA2 and 802.1x with Active Directory user and system based certificate authentication to ensure encrypted communication with banking applications

Sr. Security & Compliance Engineer

Confidential, Kansas City, MO

Responsibilities:

• Deployed, administered, and maintained Nokia firewalls with Checkpoint software to provide network security to public facing hosts, business partners, and remote office systems
• Partnered with external audit staff to create and execute Sarbanes-Oxley 404 controls tests and mitigating solutions
• Project manager responsible for planning and implementing Microsoft SMS, deploying the client software, packaged applications, and monthly OS patches to 12,000 servers and workstations
• Programmed web-based enterprise security dashboard detailing live vulnerability and mitigation state for IT management and product owners