TECHNICAL SKILLS:

• Operating Systems: Windows 2003/2000/NT, Windows XP/2000/9x, Z/OS Mainframe Systems IBM RACF Resource Access Control Facility Security, BSD, Linux, Sun Solaris, AIX, HP - UX, Novell NetWare, Mac OS X, QNX
• Web Applications: Microsoft IIS, FrontPage, SharePoint, InfoPath, Visual Studio, .NET
• Networking Equipment: Cisco Routers series, Bay Network, Nortel Routers, Cisco PIX and CheckPoint
• Applications: Microsoft Office Enterprise Suite, Exchange
• Programming Languages: Ada, Assembler, Cobol, Pascal, C, Machine, Pascal, Fortran, VB, Access, Perl
• SQL/Oracle, Java, Visual Studio.NET, VB.Net, ASP.Net
• Database Management Systems: MSSQL Server 2005, 2000, Oracle, Access, Sybase
• Intrusion Detection/Prevention/Antivirus: Vericept Risk Management, ISS Real Secure / Site Protector/ Fusion, Snort, Routers, Intrusion Detection Assessment and Strategy, Firewall Assessment and Strategy, Attack and Penetration Assessment Policy Compliance, Configuresoft ECM, Shavlik NetChk, Microsoft Security Baseline Auditor, Symantec ESM, ISS System Scanner, ISS Database Scanner and Symantec Antivirus
• Research Tools: Backtrack, Nessus Tenable Network Security, Retina Network Security Scanner eEye Digital Security, Symantec BindView, NMAP, Open Source Security Information Management OSSIM, Vericept Risk Management, GFILANguard GFI Software, Tripwire, SMS 2003, SUS, WSUS, MOM Microsoft Operations Manager

PROFESSIONAL EXPERIENCE:

Confidential

Senior Professional Consultant

• Windows Server Administration for Disk Management Operating System versions Microsoft installed software versions Operating System service pack level versions Microsoft required patches.
• Remotely monitored 1000 Servers using Remote Desktop
• Remotely monitor and administer VMWare Servers
• Patch Management using EMC's Configuresoft ECM and Patch Assurance using the four phases of Patch Management: Assessment, Testing, Deployment and Auditing
• Patch Management using Shavlik Technologies' NetChk Protect for flexible and robust scanning options Support for custom patching Comprehensive reporting.

Confidential

Senior Professional Consultant

• Conducted Payment Card Industry Data Security Standard PCI-DSS assessments for major Card Processing Companies 12 requirements designed to ensure the confidentiality and integrity of customer's information.
• Conducted Health Insurance Portability and Accountability HIPAA assessments for Health Care Providers ISO 27799
• Conducted IT general control reviews for industry compliance audits. ie: PCI-DSS, SOX, GLBA, HIPAA for Large Enterprise Organization.
• Performed security policy reviews, network vulnerability assessment and penetration testing for Large Enterprise Organization. ISO 27001/2
• Conducted Application Security audits on the MS SQL Architecture.

Confidential

Senior Security Vulnerability Management Consultant

• Responsible for procedures and communication processes for assessing the potential threat to the AT T/BellSouth environment by various cyber threats Patch Tuesday, Zero-Day .
• Responsible for working with a large interdepartmental team to facilitate the risk management efforts for AT T/BellSouth.
• Patches pushed out with WSUS Windows Server Update Services for the enterprise environment
• Asset inventory performed by SMS 2003
• Security scanning for patch levels using Shavlik, MBSA, and Nessus
• Perform security discovery of current infrastructure and identify gaps between existing procedures, corporate policy, and industry standards/best practices.
• SharePoint Web Development on intranet site using Microsoft Visual Studio.NET, C, Webparts, Java, .Net, ASP.Net, VB.Net
• Proof of Concept-Field Test of the Vericept Risk Management Platform Compliance and Concept Protection Identifying Policy and Standard gaps

Confidential

Senior Security IT Auditor/Application Reviewer

Conducted IT control audits prep for SAS 70 and 404 by reviewing prior audits, working with Liaisons to identify business/technology personnel responsible for applications, gather preliminary information SLA, SAS70, Business Risk Impact Assessment, etc, Interview business/technology personnel, and finally review Control Objectives- verifying Application Controls, Vendor Controls,:

Confidential

Information System Security Consultant

• Conducted IT control audits/reviews verifying compliance to Gramm-Leach-Bliley Act GLBA, Sarbanes-Oxley 404, Statement on Auditing Standards SAS 70, Visa's Digital Dozen/ Cardholder Information Security Program CISP, and Health Insurance Portability Act HIPAA for Large Enterprise Government and Corporate Engagements.
• Conducted risk assessment, vulnerability scanning, asset inventory and system hardening using industry practices and Microsoft Operational Framework, for Large Enterprise Corporations
• Performed vulnerability assessment penetration to verify O/S and Network Devices were hardened from security vulnerabilities, for Large Enterprise Corporations.

Confidential

Information System Security Lead Analyst/Engineer

• Conducted IT control reviews and campus wide audits verifying compliance to Gramm-Leach-Bliley Act GLBA, Visa's Digital Dozen/ Cardholder Information Security Program CISP, Health Insurance Portability Act HIPAA and Family Educational Rights and Privacy Act FERPA .
• Conducted Desktop Audits, Software verification audits, patch management audit, including penetration Testing for campus wide assets to determine which applications, systems and departments have weaknesses and vulnerabilities
• Security Engineer administrating campus-wide service of ISS's Real Secure Site Protector using SQL 2000 Database, Fusion, Internet Scanner and Database Scanner to include patch management of servers, policy management and SQL 2000 backups.
• Developed and deployed a Hardening System and Server checklist for new deployment images enterprise-wide for Microsoft's Clients and Servers.
• Security Engineer administrating campus-wide service of Symantec's Antivirus Server 9.0, Clients and Quarantine Server to include patch management of servers, policy management Server and Client configuration and new client rollout.
• Conducted risk assessment, vulnerability scanning, asset inventory and system hardening using industry practices and Microsoft Operational Framework.
• Initiated a desktop standard solution enterprise wide due to many misconfigurations and missing security updates using Microsoft's Strategic Technology Protection Program Standards - Baseline Security Analyzer MBSA .
• Maintained enterprise wide Windows Desktop and Server patch levels with Shavlik.
• Asset inventory performed by SMS
• Security Engineer maintaining Zone Alarm solution for desktop firewall protection.
• Security Engineer performing forensic examination criminal and non-criminal on compromised systems campus wide.
• Lead the formation of GSU's CSiRT Computer Security Incident Response Team to include policies and procedures for campus wide support.
• Conducted Access Control Reviews to verify implemented control standards.

Confidential

Lead Security Engineer

• Responsible for the network security standards and policies for all AT T customers to include perimeter, physical and intrusion detection systems Cisco Secure IDS for known vulnerabilities Solaris, NT . Additionally, high available systems were maintained on the routers and firewalls.
• Performed vulnerability assessment penetration to verify UNIX Servers were hardened from security vulnerabilities.
• Project Security Lead on Asia Pacific Region Hong Kong, Australia, Singapore, Tokyo and China Change Control Patches, Version and Schedule Updates implementation, to include Network Diagram update, changes, or new implementations. Additionally, created an excel spreadsheet Crystal Report detailing all change control implementation with notes of know discrepancies and additional non-standards
• Deployment of SUS Software Update Services to manage window patch levels in the enterprise environments
• Deployment of SMS System Management Server for asset inventory of the enterprise environments
• Developed a complete security assessment life cycle Template when adding additional sites to the Asia Pacific Region. This life cycle includes Risk Assessment, Vulnerability Assessment and Remediation
• Security lead on the implementation, configuration and maintenance of Checkpoint Firewall-1 solution Sun Solaris/ Nokia platform . Additional responsibilities included maintenance/updates/creation and review of Firewall-1 rulebases. If any challenges were detected, quick remediation would be exercised Audit Assessment .
• Configuration and establishment of VPN tunnels using varies appliances Nortel's Conductivity, Checkpoint's VPN and Cisco IPSec .
• Created and maintained User's accounts on the RADIUS and TACACS databases for remote access to client networks.
• Reviewed all Intrusion Detection and security monitoring using Checkpoint Firewall-1 logs, Cisco Secure logs and Nortel Conductivity logs and Tripwire, etc.
• Maintain multiple customers' tunnels on the Automotive Network eXchange ANX system
• Locked down several Sun Solaris and Windows NT Servers from know hacker vulnerabilities
• Load balancing using the Alteon Layer 4 switches and Stonebeat software.

Confidential

Information Security Officer ISO

• Created a detailed plan mapping out how to enhance the quality, efficiency and effectiveness of the IT Organization A written SOP of Goals and Objectives
• Audit Assessment of every IT Organization to better understand their needs
• Performed the initial Vulnerability Assessment penetration pen testing of the network
• Responsible for the network security standards and policies for Steadfast.net to include perimeter physical and intrusion detection systems for known vulnerabilities Unix, NT
• Team Security Lead on the Implementation, Configuration and Maintenance of Checkpoint Firewall-1 Linux Firewall for Steadfast.net Additionally, Maintain/Update/Modify/Create Firewall rule base
• Responsible for all Intrusion Detection Real Secure and Security Monitoring using Checkpoint Firewall-1 logs, Tripwire, etc.
• Implemented quick remediation on system challenges
• Integral team member on the VOATM, VOIP, PKI and VPN Projects giving the security information and beta testing needed in selecting a vendor QA Testing
• Upgraded Cisco Routers to the latest IOS releases/update
• Maintained all UNIX machines to the latest revisions/patches
• Provider of High Speed Data Solutions using DSL Technology ADSL, IDSL, SDSL
• Order Management Administration for MetaSolv, BillPlex and eShare NetAgent
• Documented work flow processes
• Trained Help Desk and Customer Service Personnel
• QA entire network for completeness to include work flow, provisioning and usage profiles
• Network Monitoring Tools
• HP OpenView
• CiscoWorks
• IronView Foundry Network
• DiamondView TMN EMS Element Management System
• DiamondCraft
• Redback's SMS Subscriber Management System
• Network Components
• DiamondLane/Nokia D50 Speedlink DSLAM
• Foundry Network 500, 1000
• Cisco 12000 Gigabit Switch Router GSR Architecture
• 7513, 7204
• 2000/3000 Series Routers
• Terminal Server Edition / Citrix MetaFrame
• Exceed HummingBird
• NT 4.0 Server / Workstation
• Sun Solaris / HP Unix

Confidential

QA Security Engineer Lead

• Quality Assurance Engineer for Security Database Product Oracle 8x,7x, Sybase 11x, and SQL 7x,6x Multiple platform supported Unix: Sun, HP, Windows NT
• Documented Product Life Cycle for Multiple Product Releases to include ERDs, Flowcharts, User Case and Test Case
• Constant updates of product vulnerabilities due to aggressive hacker inroads
• Enhanced the documented processes by implementing an Access Database for new change management for the present build current product being tested or updated
• Tested Windows 2000 for integration with existing ISS Security Solutions

Confidential

Senior Network Engineer

• Migrated NOC Network Operation Center from Cleveland to Atlanta
• Audited the entire network for security vulnerabilities, Patch/Version status, etc..
• Implemented quick remediation on system challenges
• Assisted in the development of the work processes needed for a successful migration
• Migrated NMS Network Management System HP Open View from Cleveland to Atlanta
• Lead Field Engineers in the Y2k upgrade of all network equipment
• Performed QA functions for Migration using Sniffers
• Developed a MS Access Database to keep track of network upgrades and process changes
• Wrote several SQL scripts for Batch Jobs
• Optimized LAN/WAN's with network management software HP Open View, Sun Solaris, SCO UNIX and QNX, performance and fault monitoring to minimize downtime of network 40,000 Nodes, 330 Routers Administrate and troubleshoot over 300 Centigram, Configured Centigrams, NIB's, Routers and CSU's for Network
• Connected globally to networks via Frame Relay and TCP/IP
• Monitored 300 NIB's 15 Hub's using HP Open View
• Remedy was the Work Queues Software

Confidential

Senior System Administrator Network Operation Engineer

• Implemented, Reviewed and Monitored the security policies and account structure
• Change Control Lead to include Service Packs, O/S Version and System Upgrades
• Audited System configuration for security vulnerabilities
• Implemented quick remediation on system challenges
• MS Exchange Administration / Backup Exec Administration
• Administrate and troubleshoot over 100 MS Exchange Post Offices
• Migration Lead on several MS Mail, CC:Mail Migrations to MS Exchange/Outlook
• Lead on MS Exchange Server Installation/Configuration/Upgrades at sites worldwide
• Created several MS Access Databases to keep track of MS Exchange Migrations/Upgrades-HD/SW
• Citrix WinFrame/MetaFrame Administration
• 300 Servers Supported Worldwide
• Optimized LAN/WAN's with network management software, performance and fault monitoring to minimize downtime of network 60,000 Nodes 630 Routers
• Connected globally to networks via ISDN, Frame Relay, ATM, Point-to-Point
• Monitored 600 Routers using HP Open View
• Remedy was the Work Queues Software
• Assisted Unix Engineer in Setting up Network Management Tools / HP Open View
• Manage varies NT, System and Networking Queues using Remedy.

Confidential

Project Manager / Senior System Engineer Analyst

• Through audits verify that site s were not being used as a trampoline to other mail servers
• Security Admin. in charge of setting up policies and account structures
• MS Mail / MS Exchange Administration Migration Lead
• Documented the entire process to include expected timelines, scheduling departments to migrate and written procedures for field technicians to migrated desktops to Outlook 98
• Perform QA testing on entire migration process
• Migrated 700 Client and Multiple MS Mail PO Boxes / Servers
• Multiphase Migration were performed using the Migration Wizard and Directory Import and Export Approximately 10 20 MS Mail PO Boxes were migrated
• Y2K Consultant for the IS Infrastructure
• Created Project Plans, Statements of Work SOW and Decision Papers for the Y2K and MS Mail / MS Exchange Migration Processes
• Monitored and maintained multiple Novell 4.x / NT4.0 Servers

Confidential

Senior System Engineer Februar

• Implement InputAccel 1.3 Imaging Software 10,000 images a day
• Production Support
• System life cycle planning and management
• Wrote several scripts in Windows Interface Language WIL for Clockman 95 Product
• Coded in PCF Language / Data Modeling / Entity Relationship Diagram ERDs / QA Testing of System Integrity
• Maintained Network Machines 50
• Digital Consultant and Software Services, New Orleans, Louisiana
• Computer Consultant Texaco Oil Company / Shell NORCO Refinery December 1994 February 1997
• Security Audits performed bi-weekly
• LAN Administrator / Migration Lead at Shell NORCO Refinery for an OS/2 Network to Windows NT 3.51
• MS Exchange Administrator for local and remote Users
• Citrix WinFrame Administration at Shell NORCO Refinery Oil Company
• Developed, coordinated, implemented a PC-Based applications for Project Retirement Savings Program 401K that replaced the existing VAX/VMS application MSAccess/Visual Basic
• Queue Manager at Texaco Oil Company
• Help Desk administering to 2000 PC Users at Texaco Oil Company
• HP-Unix Admin / Lotus Notes Admin / Banyan Vines System Admin Duties for 2000 PC Users at Texaco Oil Company
• Developed, coordinated, implemented a data base for tracking Mentoring Program
• Updated quarter performance results on a VAX/VMS
• Performed cost analysis on potential vendors, software and training programs

Confidential

Nuclear/Non-Nuclear Engineer

• Administered an improved training program by orchestrating computer automated database management in addition to performing specific tasks assigned by the Department Comptroller Cobol, FoxPro, C, Ada
• Established a new training mission statement, to include training requirements, document requirements and supervisors responsibilities
• Designed numerous PC - programs, which eased and organized work load in the area of Quality Control, Total Quality Management and Accountability of Control Work Package Cobol, Fortran, Pascal, Ada