Summary

Innovative, passionate IT Security Professional with a track record of utilizing emerging technologies and subject matter expertise to architect enterprise-wide information security solutions. Masterful team leader experienced collaborating with executives, business leaders, and industry experts to implement processes, policies and procedures that effectively meet organizational needs, meet all compliance standards, and align with technology initiatives. Recognized throughout the industry for consistently providing solutions that align business processes with IT infrastructure resulting in an increase in operational efficiencies, reduction in costs, and overall increase in information security. Mentor and contributor to several Info-Sec and ethical hacking groups sharing knowledge between the best minds in the industry to develop new technologies and strategies to continuously improve information security.

Areas of Excellence

• Solution Architecture
• Performance Optimization
• Software Program Manager
• Project Management
• Data Protection Security
• Process Improvement
• Ethical Hacking
• CRM
• Security Policies/Standards
• Change Management
• IT Risk Management
• Mentoring
• Data Classification
• IT Strategy
• Disaster Recovery
• IT Process Re-engineering
• Infrastructure Development
• Hardware
• Security Workshops
• Team Leadership

Professional Experience

Confidential

• International Global Information Security Organization providing Expertise and Guidance to Fortune 500 and Global 200 Organizations
• President and CISO of information security consultation organization specializing in providing security expertise and guidance to Fortune 500 global organizations and government agencies. Provide innovative security solutions that align the technology, processes, organizational framework, and regulatory standards of an organization to effectively secure their data and network. Responsible for all aspects of practice development, quality development, and providing subject matter expertise as well as mentoring and leading multiple project teams. History of providing progressive information security and risk management solutions by utilizing a hands on approach to mitigate risk, re-engineer security and business processes, and improving overall security posture. The experience outlined below was performed on client contracts who will attest to our stellar industry reputation.

Confidential

Principal Information Security Analyst SME

• Collaborate with leading industry professionals as well as the CISO and CTO define and implement a global security practice for QVC worldwide that aligns complex, global business drivers with comprehensive data security and organization infrastructure. Architected custom international security solution that defined information event management architectures and standards and implemented logging services for all IT infrastructure. Utilized an innovative approach and effective team leadership to deliver an ambitious, global information security solution that far exceeded client expectations.
• Implemented new custom logging solutions that greatly improved systems and applications with ineffective logging functions.
• Drastically improved Information Security Threat Intelligence through customized and tune security logging.

Confidential

Regional Security Executive

Provided expert technical leadership and management acting as a virtual CISO for clients in the North East region. Brought in a team of the best minds in the field of information security in order to find and utilize new and emerging technologies and practices to drive the growth of the regional security practice as well as improving national security practices. Successful in improving not only the overall IT security and organizational security processes, but the entire ePlus company culture and reputation with their clients. Developed Enterprise security solution that combined key technologies and processes to mitigate risk including copyright infringement prevention, data leakage protection, mobile device management identity and access management.

Key Achievements:

• Drove a 30 improvement in security sales year over year.
• Created a new security practice within the North East region by strategically engaging clients to improve their security stance and lower their enterprise risk profile.
• Implemented security processes and standards that enabled ePlus to move towards adopting ISO 27000 standards and SANS top 20 controls.
• Created virtual CISO executive service offering to act as CISO for ePlus in the North East region
• Delivered award winning presentation at CCRI, NJSBA Rochester Security Summit 2013 that gained security industry success within the industry.

Confidential

Principal Information Security Analyst SME

Acted as subject matter expert to assist Liberty Mutual by providing technical expertise and strategic planning on Juniper platforms and oversight of the enhancements, maintenance, testing, and implementation of GRC security modules, configurations, and workflow processes. Proficiently developed strategic technologies and processes to reduce risk in the JUNOS SRX environment including data leakage protection and standardization in zonings and security controls. Provided project management on Juniper Networks SRX/Zones and security initiatives, including maintaining daily activity for change request order, resulting in improvements for PCI-DSSv2 security requirements. Consulted with and managed the needs of client and development area management in the successful design and implementation for all new or modified GRC security processes.

Key Achievements:

Utilized emerging technology by working on a migration from Juniper SRX to JUNOS Space as well as re-configuring zones within the environment to meet corporate compliance and security requirements.

Confidential

Managing Director/Security and Audit SME

Managing director and project manager for several complex, international data security projects interfacing with key client stakeholders and executives and providing leadership and mentorship to project team members. Directed project for classifying unstructured data for a sizable financial firm which resulted in an enterprise-wide roll-out of data classification policies procedures across all business units. Led a comprehensive security assessment for a large consulting organization based on ISO 17799 standards including developing a maturity model, giving the client a metric based system to effectively measure their security program, and developing a remediation plan that mitigated the vulnerabilities found during the assessment. Managed a data protection assessment project for a global consulting organization by overseeing an assessment to realize residual risks then develop a comprehensive blueprint for a Data Leakage Prevention Program. Go-to subject matter expert for global information security and effective project management.

Key Achievements:

• Conducted detailed product reviews, development lifecycle counsel, and marketing research document requirements to support successful product maturation for multiple key clients.
• Delivered a comprehensive roadmap outlining the implementation of the DLP program blueprint detailing both near and long-term initiatives.
• Provided effective international project management overseeing assessments and implementations overseas.

Confidential

Managing Director/Security and Audit SME

• T-Mobile USA is a national provider of wireless voice, messaging, and data services
• Worked with and managed an innovative team of industry professionals to manage the enterprise HP web inspect code analyzer by utilizing innovative techniques such as ethical hacking, auditing, and e-forensics to identify potential vulnerabilities and develop infrastructure to eliminate them. Designed and architected T-Mobile's disaster recovery data warehouse security along with threat models along with performing overall network, application, and systems penetration testing. Supported all aspects of information security, processes, policies and procedures while coordinating with the CISO, CTO, and manager of the Vulnerability Management and Advisory Services team to implement an aligned enterprise information protection strategy.

Key Achievements:

• Collaborated with small group of professionals on new T-Mobile Android Tablet to discover vulnerabilities, flaws, and bugs in tablet code and applications and ensure the tablet could be safely utilized in an enterprise environment.
• Utilized black hat, grey hat, and white hat ethical hacking techniques to shape the security architecture of an innovative new technology.

Confidential

Senior Information Security Analyst

Effectively provided consultant services to develop and implement security architecture that both protected sensitive information from outside attack and optimized organizational information security. Created innovative new security architecture that isolated and compartmentalized massive amounts of information allowing researchers and faculty fast, easy access and increasing the difficulty of access for potential threats. Worked with senior management to research and develop strategic IT security plans while coordinating technical personnel in desktop, networking, and server areas.

Key Achievements:

Provided team leadership and mentorship for faculty and staff to ensure that the culture and processes aligned with the strategic IT initiatives.

Confidential

Principal Information Security Officer SME / vCISO

Directed Information Protection Services IPS internal and external security strategy and policy acting as virtual CISO. Identified vulnerabilities and authored process for security life-cycle that ensured compliance with all IBM processes as well as incorporating client needs and related security practices. Proficiently maintained NSM Juniper environment as well as making recommendations to business leaders regarding SSL VPN tunneling over site to site routing.

Key Achievements:

Architected large-scale, complex projects that met IBM requirements and several compliance standards including ITIL, FFIEC, SOX, PCI, SOC, NIST, DHS, and WASCv3.

Confidential

Sr. Network Systems Security Engineer

Oversaw the maintenance and improvement of the systems, network, and security infrastructure of the entire organization consisting of 48 servers, 4,000 users, and 126 sister sites. Efficiently managed and trained staff to implement security policies and procedures.

Confidential

Information Security Consultant SME

Utilized hands on team leadership approach and effective communication with business leaders to manage E-Security application including vulnerability management. Effectively provided PGP key management, FTP user management, URL blocking, and support for the Nokia/Checkpoint firewall and ISSM10 firewall. Provided recommendations and support for a multitude of various other security applications.