SUMMARY:

• Very experienced Cloud Security Architect technology leader and start - up innovator who has lead technology product road maps and infrastructure in start-ups and late stage companies.
• me am an AWS Certified Solutions Architect Associate and also Cloud Security Alliance - CCSK certified
• My latest focus has been Corporate Security Audits, IPS, IDS and Secure AWS Cloud infrastructure migration. In addition, hands on Checkpoint Firewall management, CISCO ASA VPN, Qualys Guard Vulnerability Management, Trend Micro Antimalware DLP Officescan, Deep Discovery, Deep Security.
• me am a market savvy technology visionary who built commercial grade SaaS based application and cloud infrastructure using teh latest leading edge Open Source technology.
• me am hands on and high level able to see teh big picture and map business requirements efficiently to technical requirement evaluating build vs buy and technology outsourcing.
• me am a mentor and team builder me has been promoting team collaboration and agile management tools to achieve TEMPeffectiveness and resourcefulness delivering products on time and wifin budget.
• me has built and managed from ground up Software Engineering teams, IT Infrastructure, Professional Service and QA teams.
• In addition, me has Pre-Sales Solution architecture and hands on technical consulting experience. me has managed professional services department delivering customized solution to private and public sectors. me am proficient in network infrastructure, SDLC and start-up innovation team building as well as managing engineering departments in a hosted data center and cloud SaaS environments. me am hands on wif latest Open Source development frame works. me operate both at teh hands on coding level and high level business requirements and architecture. me has experience wif network infrastructure and wif delivering Disaster Recovery Business Continuity solutions. me has registered software patents on - Systems and methods for executing application programs from a memory devise linked to a server, which subsequently evolved into Cloud Computing.

TECHNICAL SKILLS:

Technical: Security Vulnerability Management, Checkpoint Firewal IPS/IDS, URL Filtering, Web Reputation, Qualys Guard, Trend Micro Deep Discovery, Deep Security, OfficeScan, AWS Cloud, Azure Cloud, Google Cloud Platform (GCP), Data Center,Open Source technologies PHP, mySQL, LAMP, Ruby On Rails(ROR) CRM, wireframing, Axure, Cloud management AWS, EC2HIPAA,HI-TRUST PCI DSS, ISO, ITIL,TOGAF Linux, mySQL, NoSQL, Mongodb, Redis, PostgreSQL, Java, TOGAF, JSON, PHP, C, C++, Unix sh, SQL databases, SQL Server, Oracle, SOA, PaaS, SaaS, IaaS, Software and hardware installation plus upgrades, Virtualization, hypervisor, VMware, SunBox, Wireless AP, bridging, repeating, dd-wrt, MS exchange administration, VOIP, application virtualization.

Management: Team building, leadership, delegation, supervision, organization, assessment and analysis, maintain quality and standard, resource management - time, human and material, recruitment and, vision, strategy and execution.

Communication: Verbal and written English, documentation, reports, negotiation, public speaking, presentation, interpersonal skills.

Personal: Hardworking, attention to detail, punctual, creative, entrepreneur, self-motivated, friendly and approachable.

PROFESSIONAL EXPERIENCE:

Cloud Security Architect

Confidential, NY

Responsibilities:

• Defining Governance Risk & Compliance standards for cloud enabling technologies including:
• Secure Email Gateway,
• VPN Gateway, Perimeter Infrastructure Protection
• SIEM integration/IBM QRadar Deployment - Use Case and Rules Definition
• OS hardening (CIS standard)
• Security SME for SOC 2, HIPAA, PCI DSS, GPRD compliance.
• Providing security research analysis and presentation services to upper level management and approvals boards.
• Defining Proof of Concepts (POCs) for File Integrity Monitoring and Akamai’s Volumetric Prolexic Proxy DDoS protection
• Hands on FIM deployment and configuration
• SME for network security appliances configurations ie Barracuda Nextgen, WAF, AWS WAF, Azure Firewall
• Defined Architecture for IBM Qradar SIEM deployment on AWS and Azure public clouds
• Defined SIEM use cases in accordance wif corporate logging and monitoring standards
• Deployed AWS Qradar gateway on an AWS EC2 instance
• Deployed File Integrity Monitoring (FIM) on Azure
• Provided Barracuda WAF configuration guidelines on Azure
• Defined QRadar/QRock use cases in compliance wif WK logging and monitoring standards
• Defined QRadar deployment architecture for Azure using Eventhub and Wincollect Agent
• Configured AWS CloudTrail logsource
• Deployed Qradar Data Gateway on AWS EC2 instance
• Configure Qradar DSM for Barracuda WAF log source
• Worked on Governance Risk & Compliance domains to ensure on premise policies has been properly mapped to corresponding cloud security controls
• Performed Healthcare application audits for compliance to HI-TRUST framework for User, Asset and Data Protection
• Developed IAM policies for Group and Role assignment from AD to AWS. Utilized AWS IAM policy simulator and Cloudformation templates.
• Worked on mapping IAM security controls for other security frameworks using teh Cloud Security Alliance CCM matrix
• Remediated IAM issues of MFA authentication compliance on AWS
• Defined IAM controls on cloud architectures as it relates to IAM roles on instances
• Setup AD as an identity provider for IAM user and role mapping to implement SSO
• Implemented Least privileges for IAM policies. Understanding of IAM policy evaluation logic and implicit Deny
• Worked on Azure AD federation to AWS security Architecture
• Worked on defining security controls for a Data Lake proof of concept.

Cloud Security Architect

Confidential, Denver, CO

Responsibilities:

• Lead teh Optiv Cloud Security Initiative for Cloud Critical Controls and Cloud Security Architecture Program assessments.
• Defined a Cloud Security Alliance (CSA) compliant security controls assessment matrix and architecture.
• Worked supporting pre-sales activities attending pre-sales customer presentations, reviewing and editing SOWs and service offering marketing materials.
• Developed pre-sales security assessment questionnaire for AWS engagements. Developed service discover questionnaire for teh pre-SOW phase.
• Validated pre-engagement SOW wif internal cloud solutions architects and client stakeholders.
• Performed CIS security benchmarking, SOC 2, NIST 800-53, PCI, HIPAA, Fedramp based security assessments.
• Utilized teh Evident.io ESP, Dome9 platform for automated security controls evaluation and derived end result analysis reporting and deliverables. Knowledge of AWS Elastic Search ELK stack for log aggregation logging and monitoring. Has worked wif SIEM integration adapter connectivity issues and Splunk.
• Deployed client security solutions and defined security architectures based on real customer environments and security requirements.
• Performed client security assessment on AWS Kubernetes container deployment environment.
• Knowledge of Google Cloud Platform (GCP) security best practices
• Deployed Netskope CASB tool to create a SaaS Security assessment for a Biotech company.
• Wif Netskope parsed (custom parser creation) checkpoint firewall logs of teh perimeter infrastructure security and created Risk Assessment reports of cloud application consumption including detection of Web anonymizers, SaaS applications wif low Cloud Confident Index (CCI), applications whose vendor can legally claim data to ownership.
• Modified Netskope SQL query prebuilt reports to enhance reporting capabilities. Produced csv reports and refined charting in ms excel.
• Utilized Netskope DLP capabilities to build compliance rules and take informative or preventive actions upon rule triggering
• Used public private key rsa encryption pem keys to bulk upload log files to Netskope via ssh tools

Technology Director

Confidential . Waltham, MA

Responsibilities:

• Provide technology guidance, product requirements and team built-up.
• Manage IT department for efficient output and maximize ROI by improving IT process flows and streamlining software delivery to teh users.
• Define IT infrastructure for a start-up company focusing in teh areas of identity theft and prevention.
• Procure hardware software infrastructure and liaise wif external vendors and consultants.
• Research and evaluate new technologies to improve internal processes and increase productivity.
• Deploy Windows upgrades and setup wired wireless network infrastructure dd wrt firmware.
• Identify product requirements and report on analysis functionality to support product enhancements and data processing.
• Support networking infrastructure and report on automation.
• Successfully supported teh placement of teh initial hardware and software infrastructure.
• TEMPEffectively coordinated wif vendors and graphics designers for infrastructure acquisition and company branding and image. dis was achieved by establishing strategic vendor partnerships and enhancing company’s reach to other market segments.
• Improved network security through assessment; appropriate firewall protection; TEMPeffective firewall policies; and performance of network intrusion detection.
• Developed centralized asset management inventory using cloud computing, SaaS and samanage.
• Adopted Amazon web services cloud computing EC2 and S3 involving IT maintenance operations me.e. backups.
• Created disaster recovery and business continuity virtualization environment for Windows and Linux virtual hosts, using VMware and SunBox.
• Utilized Microsoft .Net 3.5 and C# development framework.

Chief Technology Officer

Confidential . Waltham, MA (Startup)

Responsibilities:

• As a cofounder, lead company technology operations by defining technology platform, company vision, and vendor selection.
• Design overall technology vision, commercial software product development for Confidential ., servicing teh telecommunication service providers sector.
• Lead all aspects of architecture and product development as well as manage teh IT and professional service department.
• Spearhead delivery of first release of product on a scalable platform to support high transaction ecommerce volumes wif many concurrent users. Product building blocks included SQL server database, site server and later J2EE compliant, Entity Enterprise java Bean application code.
• Lead client product integration and deployment efforts of teh company’s product wif teh service providers back office systems.
• Contributed in TeleGea's product cycle from conceptual design and implementation to deployment. Provided product requirements analysis and enhanced feature functionality.
• Managed risk management and business continuity issues by setting up a redundant email exchange system on a Dell cluster environment. Established a VPN client server environment wif a checkpoint firewall. Build a Fastpath load balancer hosting environment. Installed SSL web s. Managed network environment DNS, WINS and TCP/IP configurations.