Summary

• In a leadership role, my experience has been assisting organizations achieve business objectives through information security initiatives, solving complex problems and as a visionary, taking a concept from business needs and translating it into technology, consistently with successful results.
• As a Team Leader, I have worked with many Fortune 1,000 companies, including CSC, General Dynamics, Raytheon, Sylvania, New Balance as well as medium size institutions in banking and healthcare over the past 20 years. We address complex business problems and concepts using very large scale integration VLSI design principles to formulate information security initiatives and translate them into technology solutions with consistent, successful results. Clients achieve their business objectives with the help of our proprietary solutions approach to protecting their corporate infrastructure and information assets.
• I have managed over 25m in recent projects, with a team of highly skilled CISSP/CCIE/CCNA/MSP systems engineers, project managers, technical and forensic analysts, technicians, and compliance and business process analysts. Through a life cycle approach, beginning with a vision, my staff creates a systems architecture/ design, and integrates and supports the network and security infrastructure systems.
• Each project begins with a process of analysis of requirements ISO/IEEE standard . The requirements and risk assessment are documented and then translated into a design architecture and implementation in our own proprietary templates. This methodology ensures that management objectives and expectations are achieved within information security frameworks, guidelines and standards such as NIST, ISO, FFIEC, PCI, GLBA, etc. By consistently using this approach, organizations are able to deploy fully scalable, cost effective and reliable solutions and reduce their security vulnerabilities and overall risk exposure. As a byproduct the post implementation support and compliant audit process is more efficient.
• Using my proprietary assessment process major risk areas within an organization's network and security are addressed to ensure that information system-related security risks is consistent with the organization's mission/business objectives and overall risk strategy. With input by the senior leadership the information security requirements, including necessary security controls, are integrated into the organization's enterprise architecture, business and system development life cycle processes.

Network System Architects

A leading systems integrator and professional services company delivered scalable and integrated security hardware and software systems deployed worldwide to over 300 customers. A sample projects below:

confidential

• My role has been in an advisory capacity to re-engineer a remote secure access system on a global scale from the design concept, proof of concept testing and through implementation and support. This project re-engineered the system my team specified and implemented in 2004 for mobile computing. This system integrated into the enterprise infrastructure and across multiple data centers in an
• enterprise wide implementation. Using a systems integration approach this entailed configuration and specification of hardware-software modules build out to various size platforms and assessment of options including clustering/failover, blade selection and performance of encryption under session loads. As interface to the manufacturer my involvement included an assessment of options for enterprise license and deployment, clustering and failover, and Java RDP and monitoring bulletins of potential vulnerabilities, revision level control and upgrades plans, and to support technicians.

confidential

Provided a design and implementation for a security and network infrastructure system to operate mission critical applications in a the critical care environment for health care information and patient health monitor devices , including a VPN network to remote clinics and physician practices. We performed a network performance study, audits and reviews in preparation of compliance with Joint Commissions Accreditation, delivering license and support contract management, software up-grades, technical support and case escalation.

confidential

Designed and implemented, from the ground up, a network and security infrastructure system, including load balancers for multiple content servers in high availability data center environment. This is a global payment processing and a VPN network in Latin America, South America and Europe.

confidential

• As the team leader I worked with a staff of engineers to plan, design and implement network and security projects as an adjunct member of the MSB IT team. The first system in 1999 was a multi-zone Checkpoint 4.11 Server firewall for online banking applications and the first for this institution. Many other projects included a radius server authentication system, enterprise version desktop and server AV, IDS and event/log aggregation radius system integrated with Dell threat monitoring service. In 2008/2009 re-engineered an enterprise network and security system in a large data center build out. This design was fully redundant - high availability network and security system with load balancing and data center failover in a DR implementation, including test planning and testing procedures.
• Performed a risk assessment to identify critical assets, vulnerabilities, threat levels, and with applicable noted regulations and assisting in development of risk mitigation strategies, formulation and implementation controls and in preparation of annual FDIC audits and post audit remediation.

Software:

• MS Office, MS Project, Visio Professional, Adobe Professional, Financials
• MS Server and AD
• ISO 27001 Tool Kit, SIM and SEM

Technology and Hardware:

• Firewall: Palo Alto, Cisco, Juniper, Checkpoint, SSL/VPN: Juniper
• Load Balancing, Global Failover, WAN and Data Center Optimization: Juniper, F-5 Switching VLANS Routing: Cisco, Juniper
• Host and End Point AV: Trend Micro, MS Sybari , GFI
• Gateway SMTP/HTTP Filtering and DLP: WebSense, Trend IDS/IDP: Juniper, Dell Secure Works Services Authentication: Secure Computing, ACE, MS Active Directory
• Packet Capture sniffing, protocol analysis, bandwidth performance engineering Client Server: HP UX, HP Server, MS Server, HP Array Storage Systems

Areas of Concentration

• Network and security systems integration: Providing a our own systems integration process to help organizations, analyze, design and integrate new services, applications, and components as well as support and educational training programs throughout a networking environment to create a truly secure and trusted infrastructure. Using our proprietary continuous life cycle process from analysis, documentation of requirements, design, and implementation created a resilient, scalable and secure architecture. These systems support mission critical applications that cannot comprises risk, quality and availability.
• Corporate security compliance / policy development enforcement: Assisting management in analysis, development, and documentation of corporate policies, corporate compliance, and control, escalation remediation processes. These compliance assessments in my proprietary template identify critical assets, vulnerabilities, threat levels, and applicable noted regulations for PCI/GLBA/FDIC/PCI/HIPPA/JACO.
• Perimeter firewall security: Conducting a review and analysis of firewall rule/policy to identify and address the risk of firewall breaches and loss of critical information. This provides a both external and internal best practice review of the firewall, including system configuration, architecture, authentication and access control policies as well as penetration testing and forensics to ensure the integrity of perimeter security.
• Server and host security: Evaluating the overall environment, individual servers and the ability to enforce confidentiality, integrity of the server/host network, and the availability of systems for both external and internal usage. Enterprise-wide malware protection strategies defending against virus, trojan, worm, spam, spyware and malicious code and end point/host checking are performed under this analysis.

Technical Knowledge

Network switching, routing, IP schemas, firewall, IDS/IPS, VPNs, authentication and including roles and AD integration, HTTP/SMTP content filtering and AV, SSL remote access, NAC, DNS, wireless, sys logging and aggregation, WAN compression, load balancing caching, HA clustering, and DRP. Host computing and disk array storage systems, SANS, applications, back up, Unix, MS Windows, NT, IBM MVS, DEC VMS environments. Some C editing.