SUMMARY

• Cyber Security Architect/Engineer/Analyst and Systems Engineer with over 23 years of experience who has:
• Designed, implemented, and managed an Enterprise Information Security Program
• Developed and implemented IT and Information Security Policies
• Performed IT Security Audits, Assessments, Remediation and Compliance activities
• Designed, proposed, and managed Vulnerability and Patch Management
• Designed, implemented, and managed Enterprise PKI
• Strong Project Management and Risk Analysis skills
• Designed, implemented, and managed Enterprise Backups and Disaster Recovery
• Designed, implemented, and managed Storage Area Networks
• Designed, managed, and deployed Datacenters
• Designed, implemented, and managed Microsoft Active Directory, Exchange, SQL Server, SharePoint
• Designed, implemented, and managed VMWare ESX / VirtualCenter
• Designed, implemented, and managed Mobile Device Management platforms
• Designed, implemented, and managed Enterprise Monitoring and SIEM
• Installed, configured, and managed firewalls, routers, switches, load balancers, and IDS/IPS
• Designed and implemented TCP/IP networks
• Managed IT

TECHNICAL SKILLS

• Microsoft Windows Server: 2012, 2008, 2003, 2000, NT
• Linux Server: CentOS, Red Hat, Ubuntu, Debian
• Microsoft Active Directory: 2012, 2008, 2003, 2000
• Microsoft Exchange Server: 2010, 2007, 2003, 2000, 5.5
• Microsoft SQL Server: 2012, 2008, 2005, 2000, 7.x
• Microsoft IIS 7.5/7.0/6.0/5.0 , Apache, Tomcat Web Servers
• VMware ESX/ESXi and VirtualCenter: 5.x, 4.x, 3.x
• PowerShell, Python, and Bash Shell Scripting
• Kali Linux, Security Onion, PTF, NMAP, Netcat, Metasploit
• Checkpoint, Palo Alto, and Fortinet security platforms
• FireEye NX, EX, HX, CM and ETP
• Tipping Point IPS, Snort, Gemalto SAS
• Qualys, Nexpose, Nessus Security Center
• Airwatch Mobile Device Management, MobileIron
• Mcafee Endpoint Security/EPO, Trend Micro, Symantec AV 12.x/11.x/10.x/9.x/8.x, SMSME 6.x,5.x, Webroot, Cybereason, Sophos, Check Point Endpoint
• Splunk, HP OpenView, Accelops, Nagios, SiteScope, ForeScout
• Websense, SurfControl, McAfee SaaS Email/Web Filtering
• Avamar 5.x/4.x/3.x, Veritas NetBackup 4.5/7.5, Backup Exec 2101,9.x/8.x/7.x, eVault

PROFESSIONAL EXPERIENCE

Sr. Information Security Consultant

Confidential, Denver, CO

Responsibilities:

• Met with customers to assess their current security posture to include administrative controls, technical controls, compliance, and regulatory requirements
• Worked to architect and recommend security solutions for customers to include NGFW, SIEM, Endpoint, Advanced Threat Protection, Two - Factor Authentication, Privileged Access Management, IDS, and NAC
• Performed NIST 800-53 compliance assessment for national communications company
• Lead on ICS security assessment and resultant design (ISA99, NIST SP800-82) for new water reclamation plant
• Performed post-sales professional services for customers to implement and migrate solutions
• Created and maintained Information Security Policies

Security Solutions Architect/Engineer

Confidential, Denver, CO

Responsibilities:

• Met with customers to assess their current security posture to include administrative controls, technical controls, compliance, and regulatory requirements
• Worked to architect and recommend security solutions for customers to include NGFW, SIEM, Endpoint, Advanced Threat Protection, Two-Factor Authentication, Privileged Access Management, IDS, and NAC
• Performed incident response and post-IR mitigation services for customers
• Performed post-sales professional services for customers to implement and migrate solutions
• Created and maintained Information Security Policies
• Worked with BDM and Sales to develop a suite of Managed Security Services
• Acting CISO for customers
• Performed PCI DSS 3.2 assessments to include delivering gap analysis reports and compliance plans
• D esigned, managed, and maintained corporate security infrastructure across the global enterprise

Sr. Security Engineer

Confidential, Englewood, CO

Responsibilities:

• Created, reviewed, and revised corporate Information Security Policies
• Worked across business units to champion security and enable their initiatives/projects while reducing risk to the company; participated in overall design efforts to ensure security was properly addressed
• Respond to security alerts/incidents, performed general root-cause-analysis and managed remediation efforts; currently working to formalize incident response via policy/team/procedures/training
• Managed a project to standardize endpoint security across the enterprise to include product POC testing, solution/design proposals, deployment of the new solution and policy configuration; included AV/Anti-Malware, Application Control, HIPS, Host Firewall, Web Filtering, Behavioral Analysis and Full Disk Encryption controls
• Collaborated with the security team to develop corporate standards/requirements for controls such as dual-factor authentication, single sign-on, mobile device management and web/email filtering
• Performed vulnerability management tasks using Nessus Security Center for scans and managed remediation efforts
• Participated in change management review board to review proposed changes from a risk and overall security perspective
• Ensured security related logs from corporate system/devices were in Splunk and Symantec MSS systems; utilized these services/systems for incident response efforts and general correlation/research efforts
• Assisted with Check Point firewall deployment/configuration/upgrades and policy pushes
• Deployed and managed FireEye EX, NX, HX and CM appliances
• Managed Websense Web/Email Filtering
• Provided day-to-day administration of the Tipping Point IPS'

Sr. Systems/Security Engineer

Confidential, Denver, CO

Responsibilities:

• Designed security and infrastructure for new SCADA site - includes policies, procedures, and the deployment/configuration of all infrastructure
• Designed, managed, and maintained corporate and SCADA IT Infrastructure
• Created, reviewed, and revised corporate IT and Information Security Policies
• Created corporate Computer Forensics Policy and procedure/process
• Proposed a formal SCADA Information Security program and resultant design - ISA99, API 1164, NIST SP800-82
• Participated in SCADA and corporate security assessments and remediation; regularly applying OS and application security patches and updates to remediate new and known vulnerabilities
• Deployed internal PKI infrastructure for corporate and SCADA environments
• Deployed 802.1x certificate-based security for wired and wireless networks
• Deployed Nexpose for external/internal vulnerability assessment
• Deployed Accelops for SIEM and basic monitoring of the enterprise
• Performed routine auditing and remediation for corporate SOX compliance
• Implemented email retention policies as part of the corporate Records Information Management program
• Designed and implemented enterprise NTP and DNS solutions - improving security posture and reducing public service footprint
• Performed routine vulnerability assessment of publicly exposed infrastructure to include corporate website and portals, DNS, and remote access
• Worked with Application Developers to deploy and utilize Kerberos for improved authentication security in corporate apps
• Upgraded and standardized Active Directory infrastructure across all geographic locations - included common internal network services such as DHCP, DNS, and DFS
• Designed and deployed active/active multi-site Exchange 2010 - migrated organization from Exchange 2003
• Implemented and integrated a Mobile Device Management solution with Exchange 2010
• Implemented and integrated a SaaS Email Protection solution with Exchange 2010
• C ontract Information Security Audit Remediation Project for financial client