SUMMARY:

Accomplished, seasoned certified Cyber Security Manager with over 27 years of experience executing high - level Enterprise Security and IT Governance projects. Excellent communicator who effectively interacts with peers, management teams and executives. Skilled in taking a business-driven approach to security by considering organizational objectives while analyzing security, privacy and regulatory concerns. Proficient in customizing controls that enable the business to operate at an acceptable level of risk while maximizing returns on investment.

HIGHLY SKILLED IN THE AREAS OF:

• Cyber Security Management Vendor Security Risk Management Vulnerability Management
• Process Development & Evolution InfoSec Policy Development Security in SDLC
• PCI/PII/CPNI/SOX BSIMM Findings Remediation/Mitigation

PROFESSIONAL EXPERIENCE:

Confidential, HERNDON, VA

CYBER SECURITY MANAGER

Responsibilities:

• Lastline AMP solution that utilizes AI security technology to learn both ‘East / West’ and ‘North / South’ traffic patterns to establish Next Gen malware protection across networks, hosts and email.
• Tenable Security Center - Established vulnerability management program across both corporate and product space.
• Established upstream/provider level DDOS protections utilizing a hybrid solution from Arbor Networks - APS (Availability Protection System) & Arbor Cloud.
• Established Splunk as corporate standard for logging, SIEM and alerting functions.
• Developed, staffed and managed SOC
• Developed and implemented IR program.
• Managed end point protections across Mac Windows and Linux platforms utilizing McAfee and PA Traps
• Championed compliance activities utilizing NIST CSF and control requirements
• Mapped contractual and regulatory requirements for DoD, DHS, DFARS, SOCOM, etc to NIST .
• Established Policy Steering committee to create, vet and ratify necessary Security Policies across technologies.

Confidential, WESTLAKE, TX

VENDOR SECURITY PROGRAM MANAGER

Responsibilities:

• Establish processes from a strategic and tactical security standpoint.
• Establishing a customized Vendor Security Risk Management Framework tailored to Confidential policies, standards and requirements.
• Developed a Logical Access Framework utilizing published data classification policies to enable security to quickly determine who has access to what, where, why, when & how; and ascertain the sensitivity of data processed, transmitted and/or stored.
• Vendor Self-Assessments - Created customized vendor self-assessments tailored to identify KRIs (Key Risk Indicators) posed to the business. Also, used with other data points to establish a vendor’s SRI (Security Risk Index) score.
• Confidential Sponsored Assessments - Enforce the contractual right within the Confidential Network Security Exhibit to perform 3rd party risk assessments and PEN tests of vendor’s products and services.
• Findings Remediation - Established and set expectations for timely remediation of findings discovered throughout the assessment processes.
• Vendor Attestation - Developed a process by which Vendors will periodically attest to their security posture, vulnerability management and risk management programs and the continued execution and improvement of same.
• Vendor On-Boarding - Provide scaled down assessments and requirements for new vendors onboarding through Confidential sourcing organization.
• Network Security Exhibits - Ensure vendors are contractually obligated to comply with our standards and policies and further require them to fund and perform external PEN testing of their solution utilizing a Confidential Certified PEN testing vendor. Integrate Confidential ‘network security exhibit’ into standard MSA/GSA contracts through Confidential sourcing organization.
• Centralized Vendor Information - A repository where we store, track and report on vendor’s current security posture and progress as well as import of historical information for existing products and solutions.
• Vendor Benchmarking and Reporting - The output of the program and processes are used to quickly determine a vendor’s SRI (Security Risk Index) score. This score allows Confidential to ascertain a vendor’s ability to comply with current requirements as well as used to demonstrate their historical performance regardless of stated abilities.
• Continuous Process Improvement - Automation and advancement of not only our vendors’ security programs, but this VSRM program as well utilizing a customized Vendor Security Risk Management Maturity Model (VSRMMM) type solution.

Confidential, LITTLE ROCK, AR

SENIOR ENTERPRISE SECURITY ANALYST

Responsibilities:

• Collected and analyzed business requirements to effectively develop technical solutions for over 80 company projects, and 150 diverse initiatives. Continuous multitasking with varying levels of involvement in a rolling 30+ project environment ensuring solutions are secure and delivered on time and in budget.
• Conceptualized and championed a security program for internal applications, and development organization consisting of security awareness, secure coding practices, and as well as evaluated tools for dynamic and static secure code scanning. Reviewed various technologies for managing security risk, PEN testing, and source code scanning.
• Created an ASP risk profile for Tier one service providers detailing ASPs security posture, compliance concerns
• Identify, characterize and communicate security risks to management to enable them to make a balanced decision based on risk vs. reward.
• Negotiate security specific contractual language with suppliers, vendors and service providers to ensure that they build security controls into their product lifecycle and provide us with an independent 3rd party review of their product or service at their expense. Thereby identifying risks needing remediation/mitigation prior to production acceptance. Developing and managing relationships with industry leading information security providers to augment security testing and program development.
• Developed and updated industry leading security standards.
• Serve as front line security representation for new internal and customer facing solutions. Engage appropriated stakeholders as necessary to ensure consistent compliance for published standards, privacy and regulatory requirements.
• Provide high level architectural review of proposed solution to identify and resolve/mitigate potential security vulnerabilities.
• Served as implementation consultant for a PCI logging remediation project, successfully closing all gaps identified by independent assessor. Project completed on time and within budget.

Confidential

INDEPENDENT CONSULTANT

Responsibilities:

• Architected and installed VoIP phone system for Peoria Park District.
• Upgraded and implemented Cisco’s VoIP technologies.
• Upgraded and maintained network equipment, including Cisco routers, PIX firewalls, and CISCO switches.
• Developed and documented all standard operating procedures and break/fix and maintenance processes.
• Directed vendor management process, including vendor negotiations, equipment procurement.
• Provided 24/7 technical support for a network of over 500 web servers.

Confidential, WALTHAM, MA

DIRECTOR OF INFORMATION TECHNOLOGY

Responsibilities:

• Built and managed information technology teams consisting of infrastructure, help desk, operations and telecommunications for this fast-paced internet startup.
• Supervised staff, oversaw computer operations and managed budgets.
• Built out two locations.
• Provided total oversight responsibility for IT functions, policies, vendor negotiations and equipment procurement and management.

Confidential

INDEPENDENT CONSULTANT / INTERIM IT MANAGER

Responsibilities:

• Performed comprehensive IT related functions, including project management, IT budget creation and management, systems administration, network architecture, designing, installing, upgrading, and maintaining computer networks. Responsible for staffing and managing help-desk staff and consultants.
• Utilized SMS technologies for deploying workstation patches and updates to 1000+ workstation environment.
• Setup WAN connectivity for various remote locations utilizing both Frame Relay connections and VPN technologies.
• Systems level administration of computing infrastructure including network components and servers.

Confidential, SHREVEPORT, LA

IT ENGINEER

Responsibilities:

• Technology consultant focusing on Built x86 workstations and servers.
• Designed/Installed/Configured and maintained Star and Ring topology LANs
• Performed customer setups and on systems.
• Systems level administrations for Novell LAN and Leased line WAN environments.
• Developed and documented IT processes SOPs and developed corporate standards and practices.