SUMMARY:

Over twenty years of experience in the design, deployment, testing, and operations of large - scale integrated cyber security and enterprise management systems. Confidential has a diverse background that includes data center security operations, leadership, security architecture, and operations of global IT, security, compliance, and risk management solutions. Confidential has served as Security Lead, Security Tower Lead, Security Intelligence Analyst, Information Systems Security Officer (ISSO), Technical Team Lead, and Subject Matter Expert for service providers and consulting firms’ cyber security projects. Confidential has experience working with HP ArcSight, Confidential Q Radar, Tripwire, Nessus Tenable, Tenable Security Center and PVS, Solarwinds NCM, McAfee ePolicy Orchestrator, McAfee Sidewinder Firewalls, VM Ware ESXi, and Net IQ Security Manager. Presently, Confidential serves as an independent security consultant at the Confidential (DISA) as an ArcSight Design and Operations engineer.

OBJECTIVE:

To obtain a position in the area of cyber security that will afford me the opportunity to introduce creative energy and fully utilize my relevant education, training, certifications, and experience.

PROFESSIONAL EXPERIENCE:

Confidential, Ft. Meade, MD

Sr. HP ArcSight Design and Operations SME

Responsibilities:

• Responsible for designing, improving, and maintaining the hardware and software baseline of ArcSight ESM systems on HP DL 580 G9 servers with four Sandisk Fusion IO cards running Red Hat 6.8 and ArcSight ESM 6.9.1c Patch 2.
• Lead an ArcSight ESM upgrade from version 6.5.1 P2 to version 6.9.1 P2.
• Responsible for providing Tier 3 support of 7 ArcSight ESM servers.
• Developed and executed test plans to perform functionality and stress testing on an ArcSight 6.9.1 Patch 2 system.
• Created Installation Guides, Upgrade Guides, and Standard Operating Procedure (SOP) documentation.
• Utilized Linux shell scripts and Python and Red Hat Kickstart DVD to automate the installation of ArcSight ESM version 6.9.1 c Patch 2.
• Execute SCAP and Tenable Security Center security scans to identify vulnerabilities. Apply STIG fixes, update Red Hat packages, and apply patches to remediate vulnerabilities.

Confidential

Sr. HP ArcSight Security Architect

Responsibilities:

• Responsible for the design and operations and maintenance of an ArcSight system including ArcSight ESM 6.8c and Command Center, ArcSight Logger Appliances version 6.1, ArcSight Connector Appliances, SmartConnectors, and FlexConnectors.
• Performed content development of ArcSight ESM 6.8c resources, including but not limited to, reports, templates, query viewers, queries, filters, trends, active channels, field sets, rules, active lists, session lists, dashboards, data monitors, active channels, local variables, and users.
• Responsible for deploying an ArcSight asset model. Utilized Network Model Wizard to import assets, asset ranges, and zones.
• Developed an ArcSight test environment to mirror the operational environment.
• Defended proposed changes at the Discrepancy Review Board (DRB) and the Change Control Board (CCB).
• Proposed new changes to the Engineering Review Board (ERB).
• Developed ArcSight Design Document and ArcSight Sysconfigs describing how all ArcSight systems were built.
• Developed backup solution for ArcSight System utilizing EMC Avamar. Developed a Work Instruction (WI) describing how to implement this backup solution.
• Performed ArcSight daily health checks and developed daily health check reports.
• Trained NOC/SOC staff on ArcSight architecture, creating data monitors, dashboards, active channels, filters, user administration and performing daily health checks.
• Integrated Tenable Security Center, Sourcefire IDSs, Tripwire, McAfee ePO, Symantec Endpoint Protection, Microsoft WUCs, EMC VNXe, and Syslog Daemon SmartConnectors with ArcSight.
• Integrated Big IP F5 load balancer with ArcSight to increase the event volume the syslog connector could support.
• Utilized filtering and aggregation on SmartConnectors to reduce event volume received by the ArcSight ESM server.

Confidential, Philadelphia, PA

Sr. HP ArcSight Security Architect

Responsibilities:

• Responsible for the content development of ArcSight ESM 6.8c resources, including but not limited to, reports, templates, query viewers, queries, filters, trends, active channels, field sets, rules, active lists, session lists, dashboards, data monitors, active channels, local variables, and users.
• Responsible for installing, configuring, and troubleshooting performance issues on ArcSight ESM 6.8c servers.
• Responsible for migrating content from ArcSight ESM 5.2 servers to ArcSight ESM 6.8c servers.
• Responsible for deploying an ArcSight asset model. Utilized Network Model Wizard to import assets, asset ranges, and zones.
• Utilized content management feature in ArcSight Command Center to synchronize packages by pushing them from an ESM publisher to ESM peers activated as subscribers.
• Installed and configured HP ArcSight Management Center (Arc MC) to provide centralized management for Connector Appliances, Loggers, software connectors, and other ArcSight Management Centers.
• Integrated threat intelligence feeds with ArcSight to provide contextual relevance for security events.

Confidential, Chicago, IL

Security Intelligence Analyst/Managed Security Services Tower Lead

Responsibilities:

• Responsible for analyzing threats in the general threat landscape and specific threats targeting the client’s environment.
• Responsible for monitoring and researching information security threats and identifying indicators of compromise (IOCs).
• Responsible for assessing the client’s security data from Intrusion Detection System (IDS)/Intrusion Protection System (IPS), OS logs, firewall logs, anti-virus logs, and Confidential Q Radar Security Incident and Event Management (SIEM).
• Analyzed security data for repeating trends, attacks, malicious Internet Protocols (IP), and anomaly type events.
• Conduct scan reviews and provide recommendations to client with regards to SIEM rules, policy tuning, blocking recommendations, incident handling, and vulnerability remediation.
• Provided trend reporting to client on a weekly basis.

Confidential, Columbus, OH

Managed Services Security Lead

Responsibilities:

• Refined the overall security architecture and processes to improve the organization’s overall security posture for the Ohio Administrative Knowledge System (OAKS) PeopleSoft ERP system which provides Financial Management, Human Capital Management, and Enterprise Learning Management.
• Served as lead technical security expert in a client-facing role responsible for refining and maintaining security architecture and defining the security processes, policies, frameworks, and standards.
• Assessed security threats and implemented security controls. Tracked, coordinated, prioritized, and reported on all security related tasks to ensure defense in depth. Directed Application, Infrastructure, and SOC organizations.
• Reviewed firewall rule sets, IDS and web proxy configurations, ArcSight reports, and access control lists for accuracy.
• Created and presented weekly Security Operations and Operational Leadership briefings to the Client’s senior level executives. Explained complex security topics in a very simple business-oriented language that both subject matter experts and senior level leadership could easily understand.
• Developed and tested disaster recovery and business continuity plans.
• Coordinated all vulnerability remediation and patching efforts; Served as primary point of contact for security audits.
• Performed forensic security investigations using ArcSight Logger Appliance and Imperva SecureSphere.
• Formatted and analyzed Nessus Tenable credentialed scans; Utilized Tenable Security Center to report on vulnerabilities.
• Lead ArcSight ESM 6.0 internal working sessions to prioritize and track status of the development of use cases.
• Utilized BMC ADDM and Tenable PVS to monitor automated asset inventory discovery.
• Utilize Solarwinds Network Configuration Manager (NCM) to compare firewall, router, and switch configurations against standard secure configurations defined for each type of network device in the organization
• Lead Infrastructure, Application and SOC organizations to ensure that SANS 20 Critical Security Controls were effectively implemented.

Confidential, Pentagon City, VA

Cyber Security Lead Architect/ArcSight Design Engineer

Responsibilities:

• Installed, configured and provided Tier 3 operational support for HP ArcSight, Cisco NIDS, Sourcefire IPS, Confidential Site Protector IPS, Checkpoint and ASA firewalls, McAfee Web Gateway, Microsoft Forefront web gateway, Big IP F5 load balancers, Cisco TACACS, and Symantec Endpoint Protection (SEP) Manager.
• Provided Tier 3 operations and support, architectural oversight, and leadership in the planning and designing of an ArcSight SIEM system, including ArcSight ESM, ArcSight Logger Appliances, ArcSight Connector Appliances, ArcSight SmartConnectors, and ArcSight FlexConnectors
• Integrated Cisco ASA NIDs, Confidential Site Protector and Sourcefire IDSs, Microsoft ISA and McAfee Web Gateway web proxies, Symantec Endpoint Protection (SEP) Manager, Net IQ Security Manager, and Linux and Windows OS logs with ArcSight.
• Optimized security event data flow using aggregations and filters, map and categorization files, and Big IP F5 load balancers.
• Modified Logger architecture, including peering loggers and Connector and Logger Appliance filters’ to prevent caching.
• Logger and Connector Appliance system administration, license updates, storage configuration, SSL certificates, and user/group administration.
• Installed, configured, and upgraded Connector Appliances, Logger Appliances, SmartConnectors, and FlexConnectors
• Upgraded code on ArcSight Logger Appliances to version 5.3 Patch 1 and on ArcSight Connector Appliances to version 6.4
• Added/modified ArcSight forwarding filters using regular expressions (regex) and unified expressions to ensure all security events were delivered from Logger Appliances to ESM.
• Developed filters, rules, and customized reports for ArcSight Logger Appliances.
• Conducted daily checks of all ArcSight components to identify potential problems or outages.
• Utilized ArcSight dashboard to monitor hourly, daily, and weekly CPU utilization and EPS for all receivers and forwarders.
• Troubleshot Cisco VPN SmartConnector parsing, Confidential Site Protector IDS SmartConnector hanging, Logger caching, and Connector and Logger Appliance web-enabled management GUI issues.
• Developed Concept of Operations (CONOP) document and Standard Operating Procedures (SOPs).
• Evaluated Splunk Enterprise SIEM to determine its feasibility for implementation.
• Initiated Request for Changes (RFCs); Defended the proposed solutions’ impact to the TSA Configuration Control Board.

Confidential, Radford, VA

ArcSight Architect

Responsibilities:

• Provided Tier 3 operational support and day-to-day administration of an ArcSight SEIM system, including ArcSight ESM and SmartConnectors.
• Performed daily health checks of all ArcSight components to ensure proper throughput, CPU utilization, free database space, and free archived partition space.
• Monitored alerts and notifications
• Troubleshot connector parsing and caching issues
• Responsible for installation, upgrading, maintenance, and troubleshooting of SmartConnectors
• Maintained whitelist of all authorized ArcSight users
• Performed content development for use cases (business logic defining correlation, prioritization, and categorization of data from sensors) using filters, rules, queries, dashboards, active lists, session lists, data monitors, trends, and reports
• Applied the latest AUP categorization file to the ESM Manager
• Lead weekly calls with all ArcSight stakeholders to set priorities and to communicate the latest status on projects and issues

Confidential, Crystal City, VA

Senior Network Security Design Engineer

Responsibilities:

• Performed architecture, design, configuration, and Tier 3 and above operational support of ArcSight Enterprise Security Manager (ESM) 5.0, including the Manager, Database, Web, and Console components
• Configuration and deployment of ArcSight Connector Appliance and Logger Appliance v5
• Installed and configure ArcSight SmartConnectors on Confidential Real Secure/Proventia IDS and Red Hat 5 Linux Syslog Servers.
• Developed ArcSight filters and rules to perform weekly monitoring of important security events
• Lead upgrade of all ArcSight components from version 4.0 to version 5.0 throughout the MDA worldwide network.
• Maintenance of ArcSight ESM 11G Oracle database
• Performed analysis of new technologies to provide cost effective security solutions that met design requirements.
• Designed and documented Tripwire Manager and Tripwire for Servers (TFS) solution. Developed schedule, policy, and configuration files for Linux and Windows servers
• Designed McAfee ePolicy Orchestrator (ePO) and Tripwire Enterprise solution running in a VMWare ESXi /Blade Server environment
• Developed Syslog Server solution using syslog-ng application running on Linux Red Hat 5 Enterprise Server in virtualized VMWare ESXi Server environment.
• Served as Information Systems Security Officer (ISSO); Helped organization obtain a high commendable DSS security rating. Created Master System Security Plan (MSSP), Network Security Plan (NSP), and Information System Profile (ISP). Developed a Hardware and Software Security Baseline and issued User Brief forms to all users. Cultivated an office-wide culture of security awareness.
• Applied IA Fixes and Patches to Linux Red Hat and Windows servers; Deployed security template and latest virus definition files to lab servers; Utilized Acronis to image Windows and Linux servers.
• Configured KG-175 Type 1 encryptors; Utilized GEM to manage KG-175 encryptors.
• Performed technical evaluation of several security information and event management (SIEM) tools including HP ArcSight, RSA Envision, LogRhythm, Splunk, and Confidential /Q1 Labs Q Radar to determine which tool mapped best to design requirements.
• Utilized DISA Gold Disk, SAINT, and Tenable Nessus to perform server vulnerability scanning and to remediate findings.
• Utilized McAfee Sidewinder firewall and Confidential /ISS IDS to secure the network.

Confidential

Subject Matter Expert

Responsibilities:

• Compiled MIBs and configured trap definitions for each network device in the environment including Cisco and Juniper routers and switches, APC Power Distribution Units and Environmental Monitoring Units, Avocent KVM switches, McAfee Sidewinder Firewalls, Confidential Real Secure IDSs, Concord SytemEDGE agents, Tripwire, and Omnitron media converters
• Installed, configured, and upgraded HP Network Node Manager v 9.0 and CA eHealth on a Windows 2008 Advanced Server.
• Created a Design Specification Document to capture the network management design architecture and strategy
• Executed network management verification and validation testing; Created a Network Management Verification and Validation Test Report

Confidential

Project Manager

Responsibilities:

• Attended Software Control Board and Program Engineering Review Board meetings.
• Assigned tasks to responsible engineers in order to correct deficiencies in the network and follow-up with engineers to ensure task completion.
• Managed the Spiral Development Cycle baseline for the Network Integrated Product Team (IPT).
• Ensured deliverables are submitted in a timely manner and tracked project progress.
• Created Capabilities and Limitation documents for each spiral development release.
• Tracked software baseline for each Network server. Coordinated schedules, tasks, resources, and dependencies for network design projects.
• Created detailed installation procedure documents with expected results.

Confidential, Falls Church, VA

Tivoli Technical Team Lead

Responsibilities:

• Evaluated Net IQ AppManager and HP OpenView Operations Smart plug-In for Exchange to determine which E-mail monitoring tool mapped best to the established design requirements.
• Installation and configuration of production classified HP OpenView NNM system.
• Planned Network Management System (NMS) SNMP Version 3 migration.
• Visited Worldwide Unclassified DISANet sites to deploy Tivoli Endpoints and provide Tivoli training to site administrators.

Confidential, McLean, VA

Senior Network and Distributed Systems Engineer

Responsibilities:

• Installed and configured Tivoli Framework 3.7.1, Enterprise Console 3.7.1, NetView 7.1, Distributed Monitoring 3.7, Inventory 4.0, and Software Distribution 4.1 to mirror the IRS’ Enterprise Systems Management (ESM) Modernization environment.
• Architecture design, implementation, configuration, and 24x7 support for the DoD’s Joint Defense Information Infrastructure Control System Deployed (JDIICS-D) enterprise management system utilizing Microsoft Terminal Server OS, Cisco Works 2000, HP OpenView 6.1, Remedy Action Request 4.5.2, Remedy Web 4.1, HP/Agilent NetMetrix Performance Center 1.0.4, Netscape Enterprise Server 3.5.1 web server, and Microsoft SQL Server 7.0 database.
• Served as Project Lead and Subject Matter Expert (SME) supporting the FAA’s National Airspace System (NAS) Infrastructure Management System (NIMS) project. Installed, configured and maintained Tivoli Enterprise Console (TEC) 3.7.1, Framework 3.7.1, NetView 7.1.2, and Peregrine’ ServiceCenter 5.1. Integrated these Tivoli products with Peregrine ServiceCenter using the Peregrine SC Automate tool. Integrated SNMP Research tool with Tivoli NetView in order to make NetView SNMP v3 compliant.

Confidential, Edison, NJ

Senior Solutions Engineer (Consultant)

Responsibilities:

• Implemented and configured Micromuse NetCool Omnibus, Reporter, Visionary, Impact, ISM, Precision, and Firewall Probe.
• Implemented and configured development, staging, and production HP OpenView NNM network management system.
• Implemented and configured Infovista in order to monitor performance and report on Cisco routers, Cisco switches, Cisco IADs, Cisco Optical Cell devices, Network Appliance servers, and Sun servers.
• Implemented and configured InfoVista’s VistaMart including Gateway, Repository, Notifier, and Console.
• Lead product demonstrations to senior level management; Created Discovery, As-Built, Design, and Administration documents.