SUMMARY:

• Having 18+ years of experience in various positions of Senior Security Architect, Security Architect, Senior Security Lead and Security Lead
• 18+ years of professional experience managing web security and website security, corporate security programs and projects successfully delivering IT and IT Security projects on - time. Driving the team to meet and exceed milestone delivery schedules and controlling project scope, budget, and timelines to ensure successful, on time go live delivery Increased revenues $9.8 million by wining 6 new contracts with government clients
• Reduced costs saved $11 million after infrastructure improvements, consolidation, virtualization and automation
• Strong experience with project initiation, planning, executing, monitoring, controlling and closing. Excellent at managing cybersecurity projects including resource management and staff allocations in support of budgets, dependencies and deliverables.
• Involved in SOX Audit activities in DS5 process, attended in external audit from DELOITE auditors
• Extensive knowledge in ISO 27001: 2017 auditing and compliance, Sarbanes Oxley compliance, certification and auditing (SOX)
• Worked on ISO/IEC 27002 specifies 35 control objectives (one per ’security control category’) concerning the need to protect the confidentiality, integrity and availability of information.
• Served as HIPAA Security Officer for North Carolina Hybrid Agencies - interpreted regulations, wrote policies, developed and facilitated security training and managed compliance process.
• Developed training documentation for GLBA, SOX, AML and HIPAA compliance processes.
• Developed FISMA, ISO and NIST crosswalks and mapping.
• Having PCI assessment knowledge/expertise and also worked on PII/PHI/NRS data categories.
• Identity and access management (IAM) is a framework for business processes that facilitates the management of electronic or digital identities.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration (props.conf, Transforms.conf, Output.confg) management.
• Extensive experience in deploying, configuring and administering Splunk clusters.
• Upgrade and Optimize Splunk setup with new discharges.
• Setup Splunk Forwarders for new application levels brought into environment.
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Created and Managed Splunk DB connects Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Worked on McAfee DLP version 11 for setting up POC and creating policies for blocking removable media storage controls
• Creating custom concepts in McAfee NDLP (9.2) using regex
• McAfee DLP RegEx setting up rules to prevent messages with specific terms from being sent out of their environment
• Senior Malware Analyst with good experience in the examination, identification and understanding of cyber threats such as viruses, worms, bots, rootkits and Trojan horses.
• Proactive in preventing and containing malware infestation to protect network software and hardware integrity as well as proprietary data.
• Proficient with interpreted and compiled programming languages with a keen understanding of both reverse engineering and software development to recover any potential damage.
• Malware analysis in all stages like Fully-automated analysis, Static properties analysis, Interactive behavior analysis, Manual code reversing,
• Worked on Okta, RSA Authentication Manager, RSA SecurID, SAML, SafeNet, SiteMinder, Kerberos, OpenId authentication systems
• Providing coordination for assessment metric submissions.
• Supporting the Assessment and Authorization (A&A) Risk Management Framework process for all managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation. Support remote sites when required.
• Working in coordination with both internal and external systems administrators, configuration management, and network engineers to ensure proper configuration and adherence to security standards in regard to deployment actions.
• Providing guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation.
• Secure Cloud Migration - Assess your preparedness for cloud computing adoption, define your security strategy, and implement secure data migration solutions
• Cloud Security Framework - An adaptable in-house security framework based on ISO 27001:2013 and CSA Cloud Control Matrix
• Cloud Security Audits - Benchmark your cloud deployments against best practices, undertake risk assessments of cloud services and infrastructure, conduct penetration tests and security configuration reviews
• Cloud IAM - Integrate on-premises IAM solutions for cloud services; enable single sign-on and identity information sharing across several entities and trust domains by using federation technologies like SAML, OAuth, and OpenID
• Managed Cloud Security Services - Security solutions and operational services to prevent, monitor, detect, and mitigate security incidents and vulnerabilities in cloud applications and infrastructure.
• Data Protection Solutions - Address your requirements relating to data privacy, protection and residency, and compliance by deploying solutions for data discovery, data encryption, data loss prevention, and data activity monitoring in the cloud.
• Hands-on Experience: Qualys Guard, SNORT, RSA SIEM, QUADRA, AlgoSec, HFNetChkPro, NetIQ Security Manager, and FoundStone, Wireshark, Retina, DISA Gold Disk, DISA STIGS and Splunk, AppDetective; Cisco IDS, IPS,ASA and CSM, Checkpoint, Symantec, and SonicWall firewalls
• Excellent experience with vendor management, multivendor contract management and working with multinational teams
• Experience with Cisco Switches, Nexus Switches, TACACS/Radius, and Routers, Cisco ASA Firewalls, Virtual Private Networks (VPNs), F5 Load balancers, Cisco VOIP, Riverbed WAN Accelerators, Wireless, SONET and Telecommunications devices.
• Centralized Nessus server to capture reports on non-compliance servers and devices and sharing reports to respective team to follow the mitigation process as part of the governance standards
• Involved in SOX Audit activities in DS5 process, attended in external audit from DELOITE auditors
• Cisco Security Manager 3.2 deployment, configurations and troubleshooting with bug fix.
• Worked on Nokia Clustered firewall environment with VRRP setup and involved in IPSO migrations
• Cisco IDS/IPS License, Engine and Signature update. Managing IPS Express Manager, Installing AIP SSM modules.
• RSA Envision SIEM tool evaluation, created presentation about the product and initiated with management, then successfully implemented and managing entire SIEM.
• RSA Secure ID REALM setup with replica and Issuing hard and soft tokens, Knowledge in troubleshooting real time issues
• Firewalls Used IPChains, IPTables in LINUX Environment & Net Screen, PIX/ASA & Nortel Connectivity

TECHNICAL SKILLS:

Databases: Oracle 7.3/8/8i/9i/10g, Oracle 11i, Oracle Express Server, SQL Server 7.0/2000/2005, Sybase 12.0, DB2, MS Access, Teradata.

Security Tools: Nessus, SailPoint, Wireshark, Nagios, Fiddler, OpenAuth, PingFederateFireEye, ProDiscover, Mandiant

WebSecurity Tools: Ironport, ScanSafe, WebInspect

Reporting Tools: Qualys Guard, AlgoSec, RSA Envision, RSA Archer, Splunk, QRadar, CyberArk

Operating Systems: Win NT 4.0, Windows 2012, UNIX, Sun Solaris and Win 10

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Senior Security Architect

Responsibilities:

• Selected to lead a cross-functional contractor team to implement system software and policies to upgrade network security. Finished project on budget and on time, ensuring compatibility with the fast-paced civilian sector.
• Developed a reputation for proactively researching high impact, emerging and complex malware threats to enact safeguards prior to possible infection.
• Performed computer forensics including detailed technical analysis and reverse engineering of malware, malicious code and media such as hard drives and USB drives of compromised systems.
• Analyzed over seventy pieces of malicious software utilized to attack and exfiltration data from systems operating.
• Implemented daily systems health checks as preliminary forensic evaluations of internal systems.
• Ensured the integrity and protection of networks, systems and applications by technical enforcement of organizational security and policies.
• Using enhanced connectors for Microsoft Azure, Office 365, Dropbox, Service Now and Duo Security to use of organizations address security across cloud applications
• Solution with the extension of IdentityIQ’s SAP integration to SAP GRC, delivering granular entitlement management and automatic validation of access changes for segregation of duty violations
• Full integration with SecurityIQ, SailPoint’s data access governance solution, allowing Lloyds users to manage and control access rights to the growing volumes of structured and unstructured data as a part of their IAM strategy.
• Rapidly detect attacks with analysis based on customized algorithms, eliminating the dependence on prior knowledge of attack signatures or sandboxing
• Adapting threat detection to a changing environment with self-learning algorithms that continuously adjust the baseline behavior profiles as the environment evolves
• Continuously monitor with zero footprint session recording on target machines for forensic insight into malicious, command-level activity
• Enabling security operations and incident response teams to accelerate remediation with immediate access to detailed information about the attack
• Enhancing effectiveness of SIEM systems by enabling incident response teams to identify anomalous privileged activities and prioritize incidents that involve critical accounts

Senior Security Architect

Responsibilities:

• Improved the Windows Devices Group risk management framework for identifying, mitigating, and controlling risks across the engineering group to promote consistency, efficiency, and effectiveness
• Maintained the risk register database to ensure accurate risk data and reporting
• Created a risk assessment primer to help groups outside of the Windows Devices Group to run their own risk management program and be ISO-27001 certified
• Developed and managed the Windows Devices Group PowerBI dashboard to create more advanced and accurate reporting of risks
• Established liability reporting process for risk management program, and created policies and procedure to support program.
• Administered the City's liability and property programs to ensure proper insurance levels are maintained
• Managed liability claims filed against the City. Tracked accident/incident trends and made recommendations to department heads and TPA on lessening liability exposure. Increased closure rates, and claimant response time.
• Developed countywide WAN topology with firewalls and intrusion detection systems.
• Perform security audits and recommend/approve WAN/LAN architectural changes.
• Coordinated Business Impact Analysis, Disaster Recovery, and Business Continuity plans, programs, and testing.
• Investigated, gathered and documented inappropriate use and internal security incidents.
• Teamed with law enforcement in the investigation of network compromises that led to arrests and convictions.

Security Architect

Responsibilities:

• Provide technical expertise in developing solutions to complex software engineering problems, which required frequent use of ingenuity and creativity. Provided work leadership to others. Interfaced with senior management to provide and obtain information and to build consensus regarding project direction .
• Write functional detailed design specs as well as responding to requirement documents and system level test plans
• Collaborate with other engineers and other engineering groups, voluntarily share information
• Offer proposed design changes/suggestions to processes and products, exert significant latitude in determining objectives of an assignment
• Exercise considerable latitude in determining technical objectives, without appreciable direction
• Understand and adhere to cost/delivery/quality targets established during the program design phase
• Work effectively with cross-functional and/or global teams, readily share information with others.
• Conducting malware analysis and reverse engineering on suspicious code, and producing a detailed report of the findings
• Automation of intelligence gathering, and malware analysis systems
• Regularly develop and produce written intelligence reports and white papers constructed from technical analysis results and collected threat information
• Conduct advanced computer and network tests relating to various forms of malware analysis, computer intrusion, theft of information, denial of service, multi-national organized criminal groups, and Advanced Persistent Threats (APT)
• Contribute cybersecurity perspective to discussions and decisions regarding infrastructure and technology deployments
• Work closely with the technology risk teams to assess risk and provide recommendations for improving our security posture
• Assist team in regular production and dissemination of intelligence reports Use Cases for MALWARE ANALYSIS at Target client,
• Computer security incident management: Malware entered into system, my response team will react to the situation. Next, they will want to perform malware analysis on any potentially malicious files that are discovered.
• Malware research: Team perform malware analysis. This creates the best understanding of how malware works and the newest methods used in its creation.
• Indicator of compromise (IOC) extraction: Team may conduct bulk malware analysis in order to determine potential new indicators of compromise which will in turn help the organizations to defend themselves against malware attacks.

Lead Security Architect

Responsibilities:

• Splunk Modules: Splunk, Splunk Enterprise, Splunk DB Connect, Splunk Cloud, Splunk Web Framework.
• Install, configure and administer Splunk Enterprise Server and Splunk Forwarder 4.x.x/5.x.x/6.x.x on Redhat Linux and Windows severs.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing applications.
• Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Developing templates for OS images for the employee workstations
• Migrating to a IaaS cloud based environment
• Configure Splunk for all the mission critical applications and using Splunk effectively for Application troubleshooting and monitoring post go lives
• Created Dashboards and Reports to show Login count of each application, to show which app resources being accessed more, Number of failed logins, statistics on High hitting applications.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Output configuration and Input configuration files.
• Configured Splunk forwarder to send unnecessary log events to "Null Queue" using props and transforms configurations to reduce license costs.
• Blocking USB stick and Mobile data transfer with charging feature using McAfee DLP 11.0.130
• Creating DLP Policy and groups based on AD User ID.
• Deployed test environment to test on McAfee DLP policies with pilot users testing.
• Based on successful pilot phase results and implementing block policy across JLR estate for 40000 users.
• Defining Remedy process for the approval and enabling block policy based on ticketing system.
• Creating daily automated reports to depict the list of block policy enforced in across Walgreens users

Lead Security Architect

Responsibilities:

• CA Component
• NDES Component
• CMS Software
• BYOD
• Wireless
• Windows 10
• NDES
• Design consideration with Enterprise AD.
• Design PKI Infrastructure with four issuing CAs
• Design certificate templates based on use cases
• Design workflow model with CMS
• Design consideration with ISE, MDM
• Design integration with ticketing system

Integrations with all IT assets

Responsibilities:

• Scope of IT assets where there are only a small number of accounts and where the accounts are more often shared/generic rather than belonging to individual business users include:
• Operating system images, typically running Windows or Linux. These are often just the runtime platform for databases or applications, where users may have accounts. Local accounts are administrator or service accounts, rather than personal user IDs.
• Hypervisors, hosting the above -- VMWare, Xen, Hyper-V, etc.
• Database servers -- Oracle, Microsoft SQL Server, IBM DB2/UDB, etc.
• Network devices -- routers, switches, load balancers, etc.
• While this is rarely an early priority, eventually some IAM systems grow to include integrations to all IT assets, including the above.
• Such integrations are first the responsibility of a privileged access management (PAM) system, whose function is not to create/delete accounts or assign/revoke entitlements, but rather to connect authorized users to pre-existing, shared, privileged accounts on these systems. Eventually, organizations may expand the PAM functionality to include:
• Lifecycle management for application or service accounts -- i.e., developers or application teams requesting the creation of database connection accounts, application service accounts, etc.
• Managing the lifecycle of the ownership of systems and service accounts.
• Since the number of integrations can be very large -- e.g., thousands of systems of each type -- infrastructure borrowed from privileged access management systems is required:
• Automatic discovery of systems, for example based on data in a configuration management database (CMDB) or directory.
• Automatic, policy-driven onboarding and removal of managed endpoints.

Lead Network Security Analyst

Responsibilities:

• Investigated identified security breaches in accordance with established procedures and recommended required actions needed for successful resolution. Recovered clients data after employees wiped the hard drives; conducted forensic analysis; participated in security investigation and implementation of corrective actions.
• Achieved 99.7% patch levels on a 3000+ node network. Established auditing and continuous monitoring; scanned & monitored clients' networks for vulnerabilities and suspicious activities.
• Infrastructure Upgrade Project Rebuilt a client’s network infrastructure after virus outbreak and hacker attack. Deployed Windows, Exchange, SQL and IIS servers as well as Symantec, Checkpoint firewall and Cisco routers and switches.
• Ensured that the deliverables address the customer's business requirements. Received recognition from the government clients for outstanding program management & project management performance.
• Successfully implement a physical security information management (PSIM) program, integrating CCTV, mobile phones, sensors, event management, incident response and automatic notification systems.
• Data Center Relocation Projects migrated a client’s data center from the west coast to the east coast of the U.S.
• CIO and CISO Programs Provided direction and oversight of operational activities of the IT and information security program portfolio, including prioritizing project workloads, providing project oversight, reviewing project status, taking corrective action, ensuring compliance with established processes, providing status and metrics to management and committees, and ensuring projects are delivered on-time, on-budget and within scope.
• Completed two major IT infrastructure programs. Consulted the CEO and senior executive management. Conducted strategic planning and ensured that effective program management governance, procedures, tools, and financial controls are established and maintained for the program's operations. Actively supported and contributed to internal SDLC methodologies and PMO.
• Provides reports to Security Operations Manager as required. Prepared presentation and presented the state of security to senior executives and client leadership teams.