Objective

Seeking new opportunities in network and organization security

Summary of Skills

• Security Consulting Trusted adviser patch management, configuration scanning to predefined standards such as CIS, DITSCAP for Windows, Linux and UNIX. Creating reports, tickets and remediation of security incidents policies and procedures, topology and configuration review, asset classification, enumeration and event categorization, advise client about trends, such as new vulnerabilities e.g. Heartbleed and how to lower their risk to such trends, event escalation
• Network Security - -Network perimeter security: including firewall configuration and monitoring Cisco ASA, SonicWALL, Barracuda NG Firewall, IPS/IDS Snort, embedded Barracuda/SonicWALL . Network internal security: including enterprise AV Symantec, Security Information and Event Monitoring SIEM, IPS/IDS Snort, ACLs Layer 3 and 4 devices
• Penetration Testing--vulnerability scanning, social engineering and logical vulnerability exploitation, IPS/IDS bypass, low level attacks such as ARP poisoning, create mitigation plans based on test results and business needs.
• Cisco routing and switching--Router configuration and troubleshooting, including fire walls and WAN links, PAT, NAT and ACL. Configure ASA,
• Other platforms--Barracuda NG firewall, and SonicWALL appliances for security and VPN

Employment History

Confidential

Senior Information Security Engineer

Experience:

• Trusted adviser to small, medium and large organizations, including risk assessments, asset allocation, and information security planning. Design of secure network topologies. Consult with senior management to allocate resources where needed, acquire hardware and software and otherwise optimize their security posture
• Train technical and non-technical personnel in security standards and practices
• Manage awareness training for small, medium and large organizations
• Work with external and internal organizations to remediate security issues and incidents
• Resolve incidents/events and log results into ticketing system for regulatory requirements
• Manage projects to implement security controls and topology changes
• Testing information assets for compliance with industry standards, such as CIS, DITSCAP, Best Practices
• Enumeration and remediation of security incidents via dashboard and SIEM
• Enumeration of vulnerabilities, creation of remediation planning
• Install and manage security controls such as firewalls, antivirus consoles, IDS/IPS, scanners
• Penetration testing of networks and applications to discover actual vulnerabilities within client's information infrastructure.
• TAG Solutions Projects:
• Implement network fail-over for a regional bank using Cisco ASA and 2800 series hardware. Also performed security assessment of critical servers and created a remediation plan.
• Implement policy routing system for AAA to facilitate passing only certain traffic through an internal traffic filtering device.
• Implement SIEM solution for a regional bank
• Implement Snort IPS for a regional bank, including integration of events with SIEM
• Redesign WAN topology for a major insurance agency to better segregate public traffic from private traffic. Beforehand traffic was only filtered through a VLAN configuration. Mitigated web filtering issue for public WiFi which the web filter would not pass.
• Penetration tests using sociological and logical means, including Metasploit framework and tools included in Linux.
• Security assessments and remediation.
• Large 500 Firewall installation for large international corporation
• Vulnerability management and patching
• Security consultant and outsourced CISO

Confidential

Network Security engineer: Information security management for NY Statewide Wireless Network.

Experience:

• Create policies and procedures which follow OFT information security standards
• Train technical and non-technical personnel in security standards and practices
• Manage awareness training for small, medium and large organizations
• Implement IPS/IDS SourceFire
• Implement controls such as Two Factor Authentication to secure sensitive information
• Create configuration standards and exceptions. Exceptions were based on business needs or limitations of hardware or software.
• Resolve trouble issues and security incidents
• Investigate breaches of policies and procedures
• Test hardware and software for security holes
• Work with high level New York State officials to resolve technical and policy issues
• Convergent Data projects:
• Planned, developed and implemented procedures and security plan for user account creation, risk assessment, incident handling, and external connections to secure network, and periodic risk assessment in accordance with DoD 8500.2 controls.
• Planned, developed and implemented logging infrastructure using LogLogic syslog concentrators.
• Planned, developed and implemented two factor authentication for UNIX/Linux using RSA SecurID client or RADIUS client
• Planned, developed and implemented CrossBeam X40, with Check Point firewall, SourceFire IDS and WebSense APMs blades
• Planned, developed and implemented IPS infrastructure
• Implemented AD security policies in accordance with Centre for Internet Security/, and tested with Nessus Compliance Scanner
• Hardened UNIX servers Solaris to stated security policy, including patching and permissions tightening

Confidential

Network Security Analyst: Part of information security management team for an 8000 node network including over 600 servers in a multi-domain Windows 2000/2003 environment.

Experience:

• Implement centrally managed antivirus solution
• Remediate security incidents
• Investigate security breaches and policy violations
• Review policies and procedures
• Maintain hardware and software of security controls

Confidential

• Planned, developed and implemented McAfee ePO antivirus system and removal of Norton Antivirus management console and client.
• Upgrade ePO from 3.5 to 3.6
• Planned, developed and implemented separate ePO on PTZ DMZ network segment
• Planned developed and implemented RSA SecurID token authentication for VPN access
• Implemented SideWinder proxy server
• Planned and implemented of security software NCR ATMs
• Developed and documented software and processes

Confidential

Network System Support Specialist in 200 node network for public education institution.

Experience:

• Plan, develop and implement HW/SW for user account management
• Email filtering
• Server hardening
• Remote access
• Develop security policies
• Evaluate and implement WAN topologies
• Migrate whole server infrastructure from Novell to Windows