SUMMARY:

• Trained more than 1000 professionals in all aspects of security (Information, Cyber,Physical, Crime Prevention, Investigations, operations, etc,) information Assurance, Risk, Threat, and Statistical analysis, Policy Development, Compliance management, network operations, Policy Development, and Satellite Communications
• 24 years, experience as an Intelligence, Security and threat Analyst serving in multiple arenas and capacities
• 20 years, experience in all areas of security, ISSM, Information Assurance, Risk and Threat analysis, Strategic and long term analysis, statistical analysis, vulnerability and security management
• Lead nine teams of security professionals and eight teams of Intelligence professionals, was in charge of programs in sums of over 500 million dollars
• Experience working with DIA, DISA, NSA, FBI, and other government agencies and entities on systems, intelligence analysis, all areas of Security, and Threat/Risk Management
• Expert working knowledge in OWASP Top 10 threats and vulnerabilities analysis/management for over 15 years.
• Expert data analyst, ability to take raw data from multiple sources and compile it into presentable formats
• Expert in MICROSOFT Office Suite products (EXCEL, MS WORD, Power Point, ACCESS, VISIO, and MS Project etc.)
• Hands on experience working with SQL Server, IIS, IDS/IPS, Windows Servers, Advanced Server 2000, ORACLE, PeopleSoft, Qualys, FIREEYE, Active Directory, UNIX, SOLARIS, Linux, IOS, IBM Servers/Mainframes, AGILE, SUNOS, and RSA Archer Full Suite.
• Expert working knowledge of MILSATCOM, INMARSAT, and Defense SATCOM systems and their components
• Expert working knowledge of database analysis, infrastructure analysis, information protection, incident response, and business analysis for over 15 years.
• Exert utilizing multiple databases and spreadsheets such as MS EXCEL and MS SQL, to conduct data mining, statistical analysis, and metrics for over 18 years
• Expert Risk Manager, working within the Risk Management arena for over 22 years to include impact analysis, strategic risk forecasting, risk vs rewards, and return on investment, etc.
• Conducted risk, mitigation strategies, and data flow analysis for over 22 years.
• Expert working knowledge of COMSEC, KIVs, KRGs, routers, firewalls, and network scanners
• Expert researching and working with emerging technologies, hardening security posturing, the latest and greatest threats and security awareness for any industry and organization.
• Expert in USARC, National Institute of Standards and Technology(NIST), DOD and DA regulations, FIPS 140 - 2, Director of Central Intelligence Directives (DCID) 6/3 policies, DITSCAP/DIACAP/NERC/CIP procedures etc.
• Excellent knowledge of network and systems architecture and systems security on multiple levels.
• Expert with NISPOM, INFOSEC, TEMPEST, FISMA Reporting Requirements and DoD 5200.1
• PERL, C++, C Shell, bash, javascript, HTML, SGML, and VB Scripting experience
• Expert working knowledge of endpoint security, remote access security, best practices, security awareness and third party vulnerabilities, risks and threats.
• Expert working knowledge of wireless device security management, and browser vulnerabilities,
• Expert conducting audits of all types to include ISO,SOX, PCI and briefing findings to all audiences concerned
• Expert in combating risks and threats, the evolution of threats and risk forecasting and global threats that impact any industry and organization.
• Expert in pattern, trend, statistical, fusion, and forecasting analysis in multiple capacities for over 20 years.
• Expert in developing metrics and various other dashboard like reporting procedure for statistical accountability
• Expert in writing procedures, business plans, standards, policies, executive briefings, processes, gap analysis, program flow charts, plans, and proposals for over 20 years
• Experience working with AFCERT, ACERT and Navy Affiliated Computer Emergency Response Team in a computer network response/incident response capacity
• Expert Program or Project manager expertise working with budgets, requirements, change management, time and personnel management, and processes
• Worked as an Information Assurance Analyst/CND/CNA/CNE for 13 years dealing with IAVAs, IAVM, Information Assurance Work Force (IAWF), and any computer vulnerability assessment report or malicious logic entity (MALWARE)
• Conducted Risk assessments, Threat Assessments, vulnerability assessments, Risk analysis, root cause analysis, acceptable risk, disaster recovery operations, business continuity planning in many capacities for over 18 years.
• Expert research of malware, threats, and risks using SANS, Bug Traq, CERT, F-Secure, Symantec, etc
• Business and competitive intelligence experience for over 14 years.
• Expert working knowledge of malware analysis and intrusion detection/firewall management for over 10 years
• Expert working knowledge of Security Incident and Event Management for over 15 years
• Attended over 30 security conferences and trade shows as the main representative for the entity I represented.
• Expert technical writing, briefings both verbal and in writing, and expert communicator
• Exert working knowledge conducting investigations against all threats to include, internal and external threats, criminal, cyber, insider, terrorist, counter drug, fire safety, counter corruption, and threat finance.
• Expert research and analysis capabilities and strong knowledge into many cyber organizations, tactics and processes as well as targets and the targeting process
• Expert working knowledge with Sarbanes Oxley (SOX), PCI, GRC, GLBA, COBIT, ITIL, HIPAA standards, and ISO standards and practices. Regulatory Compliance Auditing expert level
• Expert working knowledge of the software development life cycle (SDLC and SSDLC), CWE top 25 expert knowledge, secure coding and secure coding guidelines, and securing the web applications from start to finish
• Expert knowledge of Wireless networks, access point security, and rogue access points detection, 802.11 and custom network setups and vulnerability assessments.
• Expert INFOSEC, Information Management, and Knowledge Management
• Extensive knowledge in TCP/IP, VMWARE, UDP, Exchange Server, Apache Servers, SMTP, SNMP, POP3, TACLANE, RIP, Ethernet, TELNET, VPN, DNS, SAN, Rational Rose, DOORS, ENCASE, and Voice Over IP (VOIP)

PROFESSIONAL EXPERIENCE:

SME Risk, RSA Archer

Confidential

Responsibilities:

• Developed a risk program for the organization and drove the risk train for Sally Beauty to aid in there way ahead and future operations in all areas of risk. Developed a step by step program for Sally Beauty per there status and maturity level.
• Developed over 70 documents and products in the areas of Risk, RSA Archer, and Cloud computing to include policy documents, questionnaires, project plans, frameworks, and standard operating procedures.
• Conducted the archer install and configuration for Sally Beauty as well as trained all relevant personnel in using the Risk, Enterprise, Compliance, and Policy modules inside of RSA Archer.
• Trained 18 Sally Beauty personnel in the areas of Risk, RSA Archer and Cloud computing.
• Presented over 20 executive level briefings in the areas of Risk RSA Archer and Cloud Computing.

Senior Malware and Reverse Engineering Analyst

Confidential, Richardson, TX

Responsibilities:

• Utilizing FIREEYE, Palo Alto, and Qualys, conducted daily malware analysis against the multiple networks within Confidential America and communicated the findings across Confidential to prevent the threats.
• Conducted deep dive analysis and developed threat profiles and a threat library against malware considered to be more damaging with an ease to spread for all personnel in Confidential to .
• Developed Malware analysis policy document and flow chart, developed FIREEYE and Qualys policy documents and flow charts, secure coding policy documents and guidelines, firewall management and FAR policy documents, Incident response policy docs, and aided Risk Department in the development of the Risk Architecture and Policy documents
• Developed a threat library and developed best security practices and disseminated the information FAI Wide to avoid similar malware infestation on the network
• Worked with the infrastructure team to design the best possible secure network, as well as advise what tools would best serve the overall mission and where to place them
• Conducted investigations and forensic analysis of any malware and APTs that seriously breached the network
• Advised all FAI employees on any malware and APT entities that were discovered within the FAI network and worked in conjunction with the distant end teams to remediate the threat with the least possible damage achieved
• Conducted pattern, trend, and statistical analysis for weekly and monthly statistics for best resource allocation against the threats.
• Worked in conjunction with the Risk and Architecture team to aid their development of a Risk Management program for FAI

Subject Matter Expert Information Security/Risk Management Analyst

Confidential, Plano Texas

Responsibilities:

• Utilizing Archer, created, administered, and maintained risks and threats for all Confidential assets and affiliates .
• Served as the information security special projects manager creating over 10 major products for SR Management personnel.
• Served as the go to analyst for PCI, personal accounts, auto and mortgage analysis for the risk management department
• Developed over 100 MS Visio products for risk and threat analysis to aid the team in seeing different approaches to conduct their long term analysis and focus on the most recent attack methodologies
• Conducted workflows, risk management, GRC Compliance, vendor management and 3rd party analysis, and database analysis on a day to day basis utilizing the RSA Archer Database suite.
• Worked as the risk manager for card services, auto finance, and home mortgages and reported the findings to the Director of Risk Management, Confidential in an executive level briefing
• Worked GRC,PCI, COBIT and ITIL compliance projects, controls, and analysis
• Labeled as the go to expert conducting reporting analysis and report pulls throughout the RSA Archer GRC Database.
• Created multiple databases to track various risks profiles for the DISC Department.
• Worked with multiple teams, as the liaison and subject matter expert, for best information sharing across Confidential and its affiliates to get the latest and greatest updated information per the appropriate risks and threats.
• Served as the go to professional for all large statistical and data analysis projects on over 10 teams within Confidential
• Conducted policy management and documented the gaps in the procedures and processes to enhance security across the Confidential Domain

Senior Risk and Threat Analyst

Confidential

Responsibilities:

• Conduct security, risk, threat and vulnerability assessments in physical and information security, for VIP security teams and DoD personnel involved in reconstruction and infrastructure missions in one of the most active parts of Afghanistan
• Conducted log analysis, malware analysis, and information security analysis to prevent data loss and breaches of any traffic coming out of the USACE Operations Center.
• Developed information assurance policy document, network management, incident response policy documents as well as SOP for Risk Management and Force Protection
• Conducted physical and information security enhancements for USACE networks and reporting the changes to the command and ensured they were well documented
• Performed metrics, statistical and data analysis for reporting weekly network incidents to higher HQ
• Aided in the construction of the Physical and Information security SOP for operations and for USACE.
• Established the systems architecture plan, and analyzed any gaps that would relate to it.
• Performed risk and threat intelligence analysis against any threats via physical and virtual against personnel and assets from USACE and responded accordingly
• Conducted over 100 briefings to SR Management personnel in multiple areas to include Security management, Intelligence Analysis, Threat and Risk management, and incident management.

SME Intelligence Analyst

Confidential, Reston, VA

Responsibilities:

• Identifyand defeat IEDnetworks in support of the warfighter. Work closely with the IMINT/GEOSPATIAL analysts
• Utilized the RSA Archer database suite to pull threat reports and conduct queries for long term projects
• Developed many different Visio charts to conduct brainstorming and flow analysis that were presentable to the leadership team
• Utilized MS Project for the monthly newsletter about the latest and greatest IED threats and TTP
• Worked as the lead analyst for all product development, security and threat analysis, and briefings, as well as forecasting the risks to personnel, assets and affliates.
• Worked with the latest and greatest intelligence programs and link analysis tools to givetimely intelligencereports and support to the leadership down to the warfighter
• Conducted and completed 8 Request for support products that the COIC uses as their main tool to show agraphicdepiction of the battles pace and network analysis ofIEDs, Foreign Fighters, and Smuggling routes

Senior Intelligence Analyst/Information Assurance Analyst L3

Confidential

Responsibilities:

• Developed metrics for CI HUMINT reporting for the MNFI C2 throughout Iraq to aid in the identification of viable and actionable intelligence messages
• Worked in aid of the information assurance section for high level crisis, exploits and loading of encrypted devices
• Conduct counter IED analysis and researched new IED methodologies
• While serving as the Lead analyst in charge of the Generals Briefing, performed statistical and data analysis on all aspects of reporting for the weekly briefings to be accurate for SR Leadership personnel
• Served as the go to analyst for any CI HUMINT and Iraq/Sunni/Iran/Shia questions referring to reports, sources, and operations.
• Aided FTI with all Technical Proposals as the subject matter expert, whether it was information technology, Information assurance or Satellite communications.
• Aided the systems personnel in establishing the systems architecture for the three networks, and conducted penetration tests to establish good networking procedures and best practices
• Support the threat finance group conducting research and analysis for their final output and products

Senior Threat and Risk Management Analyst

Confidential, Dallas, TX

Responsibilities:

• Assumed duties and lead a team of 6 Threat analysts as the Threat Analyst Team Leader and was responsible for over 50% of the finished work products for the Threat Analysis Team
• Researched and developed written profiles of all risks and threats against the world, Bank of America specific, and the banking industry and utilized predictive analysis and forecasting to paint a picture of the severity and impacts
• Provided information assurance expertise and security awareness to the bank personnel as well as their customers
• Developed over 500 MS Visio charts for various risk and threat analysis and distributed to the team, and users within Bank of America.
• Utilizing MS Project built a weekly newspaper on global threats and their impacts against banking and the stock market.
• Utilizing the RSA Archer database suite, conducted threat, risk analysis, and GRC compliance on a daily basis.
• Utilized the Archer Database suite to conduct reporting data matrixes across the domain for proper risk management
• Worked with the systems and security team to propose the best systems architecture for the Bank of America network.
• Conducted risk assessments against threats that have attack vectors and payloads and conducted business impact analysis and risk cost analysis.
• Provided security posture and planning on different levels of the banks infrastructures and conducted analysis for operational risk to conduct network and vulnerability assessments and incident response analysis
• Conducted research and analysis for risk mitigation and risk controls as well as a methodology for figuring residual and operational risk after the controls and threats were figured in and the effects on the Business Units
• Worked with the peripheral teams to conduct data analysis and recommendations of the firewalls and IDS/IPS utilized for the best possible rules and settings for best safeguarding of the information and assets for Bank of America.
• Utilized long term analysis and predictions to forecast the political, legal, economic, socio-cultural, and technology ramifications and impacts against threats, global crisis’, and major disruptors for the banking industry
• Recognized as enterprise expert in threat and risk analysisto include, developinginnovative scoring mechanism for ranking threats globally,researching and populatedcomprehensive Threat Libraryand strategic forecasting for non-technical threats

Senior All Source Intelligence Analyst

Responsibilities:

• Served as the lead intelligence analyst in charge of 17 intelligence and security personnel
• Conducted risk and threat assessments against different networks through the MNFI as well as provided systems integration and security awareness for identified vulnerabilities and risks
• Assisted Multi-National Forces Iraq (MNF-I) units and agencies with long term, trend, all-source, and fusion intelligence analysis during Operation Iraqi Freedom
• Conducted long term research and investigations in areas such as computer forensics analysis, risk analysis, source analysis, and insider threats
• Presented weekly presentations / briefings to senior personnel (COL and above) concerning source status, case management and SCID investigation status, threat management (HVI, HVT)

Marketing and Sales Specialist, Business Development Manager

Confidential, Austin TX

Responsibilities:

• Helped research, author, and publish the product brochures utilizing MS Project
• Worked with the latest and greatest new technologies and intelligence software either testing it or personally briefing it to potential customers and demonstrating the capabilities for the possibilities of sales and partnerships
• Worked with the systems integration team and systems engineers to manage risks and vulnerabilities as well as test the application during the software systems development lifecycle
• Worked with the systems development team to identify and mitigate vulnerabilities and risks to AIS networks, applications and software products
• Attended over 10 tradeshows as the BD Manager and brought in over 11 million dollars in business to AIS.
• Lead a team of nine personnel in areas such as, intelligence analysis, business development and marketing
• Provide situational awareness and situational understanding presentations to current and potential customers for specific intelligence software products

Senior Intelligence Analyst, Senior Counter Terrorist/Force Protection Analyst

Confidential

Responsibilities:

• Utilizing open source, all source, HUMINT, and agency intelligence reporting to support the Interrogator Control Element mission
• Conduct long-term research and analysis to ensure detainees meet the requirements for continued investigations, briefed the findings up to the secretary of defense level.
• Conducted risk and threat analysis in a cyber and physical capacity. Analyzed in great detail extremist groups capabilities in Computer Network Attack/Exploitation
• Lead 27 personnel in all areas of cyber and intelligence investigations,, risk and threat analysis, and the interrogation process
• Conducted computer security investigations and worked with multiple entities performing the analysis of computer systems that the terrorist organizations might have exploited
• Greatly aided in any investigations that could arise from the intelligence garnered due to interrogation information

Task Lead Computer Network Operations Analyst

Confidential

Responsibilities:

• Worked with high level agencies and commands throughout the DOD to combat the latest threats and risks to US systems, network integrity and systems infrastructure
• Was the leader for 11 personnel in all areas such as intelligence analysis,, operations, information assurance, and systems and security management
• Conducted log analysis to include audit log and systems log and aided the auditors with the ISO compliance inspections
• Performed weekly statistical analysis for reporting to the leadership and ensured the report/briefing was current and accurate
• Aided the systems personnel to help establish a strong security architecture and conduct port and gap analysis.
• Developed and established a plan for USNORTHCOM TCCC, subjects for were network security, identifying and fighting malicious logic, intelligence operations, and information assurance
• Provide support within USNORTHCOM DWC in Intelligence, security, computer network defense/attack/exploitation, information assurance, and operations
• Developed and presented over 1000 briefings to 0-6’s and above in all CNO, satellite communications, and information assurance related incidents
• Performed systems integration and vulnerability analysis/management across the Global Infrastructure Grid
• Performed risk assessments and systems and security analysis to respond to all incidents within the GIG
• Assisted in the computer forensics analysis on systems and servers after being exploited or corrupted
• Conducted penetration tests in exercises and real world situations against all three levels of networks
• Served as the go to analyst to conduct the serious incident reporting to leadership personnel and ensure the proper steps proceeded the briefing for best possible resolution
• Conducted incident response operations with the other service organizations for best security practices were always being conducted and pursued
• Identified security vulnerabilities and conducted risk assessments against new products proposed by the US Government agencies to be placed on their networks and any web applications deemed worthy
• Reported IAVAs, IAVBs, and SARs, to leadership personnel and maintained them in the IAVM database as well as the inner office data base for statistical analysis

Project Manager

Confidential, Colorado Springs, CO

Responsibilities:

• Conducted penetration tests against the TDMS network, and the networks it would be connected to.
• Served as the project manager for the TDMS in charge of 8 members and 300 million dollars
• Performed systems integration and design for the TDMS and Air Force Networks
• Conducted different audits against AF and Confidential networks for ISO compliance, HIPAA, and PCI Compliance
• Provided security engineering expertise for the systems and application developers throughout the systems lifecycle process
• Chaired the CCB as the Network and Security Expert providing technical and risk management briefings on security products and applications
• Perform all duties of the system administrator, network administrator, security administrator and the ISSO
• Conducted security accreditation and DITSCAP procedures for the TDMS
• Wrote and implemented the TDMS Security Policies and Implementation Document as well as the SOP for Confidential .
• Wrote and participated in several technical proposals in which there was a 80% win percentage

Master Analyst, Lead Analyst

Confidential

Responsibilities:

• Lead a team of 72 professionals in all aspects of security and security engineering, satellite communications, intelligence and operations, cyber, and investigations
• Trained over 250 personnel in all aspects of security, operations, and intelligence
• Developed and implemented the USARSO Standard Operating Procedures for Intelligence Operations, Systems (UNIX, ASAS, NT) Security, and Counter Narcotics/Terrorism Operations, physical/information/personnel security.
• Conducted data and statistical analysis for all systems, incidents, peripheral devices on a weekly basis
• Served as the database administrator to maintain all data for the USARSO Organization
• Performed all duties of the Information Systems Security Manager.
• Conducted penetration tests and security awareness and attempted to predict the risk and vulnerability status of the USSOUTHCOM and USARSO networks
• Responded to all network related incidents and security related incidents and briefed the findings to the senior leadership of USSOUTHCOM and USARSO
• Conducted network security operations on all three networks for all of USARSO and responded immediately to any incidents specifically malicious logic infections
• Managed the firewalls on all three levels of the network establishing the settings per the level of information and wrote the policies and rules to follow for best security practices.
• Worked as the Satellite Communications Lead along with the JMICS established communications for the USARSO section to operate in PR, responded to any issues or incidents that occurred on multiple different SATCOM system.
• Conducted Security Investigations, crime prevention inspections, and physical security inspections for the USSOUTHCOM and USARSO
• Tested the satellite communications equipment for the purpose of providing communications to the USARSO operations center on Fort Buchanan
• Erected and maintained the satellite communications equipment from start to finish to get an established connection and maintain communications for the USARSO J2.