SUMMARY:

• Lead agency - wide information security programs
• Automate and improve efficiency
• Develop capabilities, procedures, policies
• Engage stakeholders
• Manage operations, engineering, policy and risk
• Lower costs and solve problems
• Effective communicator, attention to detail
• Dedication to customer service

• Designed and implemented SECs first 24x7x365 Security Operations Center
• Manage over 14 million dollars in budget for Security services, licenses and equipment
• Redesigned model for security infrastructure for the EDGAR Application, lowering costs
• Developed and led implementations of Security teams, policies, procedures and tools
• Limited data risk while supporting 430 critical Confidential bank closures during the Great Recession
• Procured and deployed 7 million dollars in services while avoiding 2 million dollars of costs
• Directly led significant Confidential activities including interagency coordination

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Branch Chief

Responsibilities:

• Lead information technology security operations and engineering services for the Commission
• Directly Manage a team of five Federal employees and twenty-two contractors
• Deliver expertise in security operations, engineering, architecture, policy, privacy and risk management
• Conduct outreach and provide consultative services to enhance Commission information security
• Manage budget of 10 million dollars in steady state funds and 5 million in development funds, amounting to 60 percent of Information Security’s total budget
• Provide 24x7x365 monitoring for events of interest, incident handling, and security toolset operations
• Deliver briefings to executives, leadership and government partners on security initiatives
• Direct Commission-wide responses to incidents, risks and vulnerabilities
• Deliver Commission-wide communications on security policy, procedure, threats, and process changes
• Foster internal collaboration with all internal offices and divisions including the Chairman’s Office, OIG, Public Affairs, General Counsel, Legislative Affairs, Human Resources, and Enforcement
• Lead audit interactions and response to findings from Confidential and Confidential
• Develop compliance policies and procedures for Presidential Directives and OMB Memoranda
• Primary Contracting Officers Representative for over 6 million dollars in services and equipment
• Represent OIT Security on governance boards for IT architecture, policy, financial and technical compliance
• Apply standards including NIST, FISMA, and ITIL to Commission projects and procedures
• Implemented changes to the Public Dissemination System (PDS) in under 6 weeks, ensuring the public received EDGAR filings prior to PDS subscribers, minimizing reputational risk of the Commission
• Led procurement for the Security Operations Center (SOC), avoiding 500,000 dollars in costs
• Designed and implemented SECs SOC, transitioning to a new contract in 6 weeks without disruption, delivering 24x7x365 security monitoring, analysis, incident handling and operational support
• Procured and deployed intrusion detection system 1.2 million dollars under budget
• Acquired 1.2 million dollars of equipment at licensing cost, saving over 1 million dollars
• Oversaw upgrade of enterprise log management system, saving 150,000 dollars in licensing costs
• Identified and eliminated duplicative support contracts, saving the commission 250,000 dollars annually
• Standardized security equipment and applications, mapping technology to services, eliminating unnecessary redundancy and lowering operational overhead costs
• Re-architected EDGAR security infrastructure
• In a single year, procured and deployed 7 million dollars of services and tools, enhancing security
• Developed strategic plan for Security program and project ownership
• Established policies for service, enhancing predictability of security support and infrastructure changes
• Established charters, project management support and oversight for all OIT Security operations projects
• Led assessment of information systems including the DMZ, EDGAR and various red team scenarios
• Designed implemented and conducted information security training including but not limited to incident handling, role-based access, and acceptable use

Confidential

Information Technology Specialist

Responsibilities:

• Led a team of federal and contractor security analysts and engineers monitoring for events of interest, providing incident handling services and maintaining security toolsets
• Collaborated with external teams on engineering major infrastructure integration efforts
• Represented Information Security on infrastructure governance boards
• Recognized for leadership of assuming ownership of EDGAR Security appliances into OIT Security
• Coordinated major Confidential efforts internally and externally with public and private entities

Confidential, Fairfax, VA

Program Task Area Manager

Responsibilities:

• Led teams delivering IT security engineering, operations, policy, architecture and risk management
• Led technology and service requirements development, acquisition, testing, and implementation
• Minimized risk and managed problems through configuration and architecture changes
• Managed 24x7x365 Confidential team preventing cyber threats across the Corporation
• Delivered briefings to executives and leadership on security initiatives
• Designed and deployed endpoint security team, improving tool management and effectiveness
• Collaborate across Corporation ensuring mission fulfillment through aligned processes and procedures
• Facilitated information sharing and collaboration with other federal agencies
• Represented information security on infrastructure governance boards
• Supported service, equipment and subcontract procurement, ensuring statement of work fulfillment
• Led security training staff and directly deliver security training

Confidential

Operations Lead

Responsibilities:

• Managed a team of security analysts providing 24x7x365 Confidential service Corporate-wide
• Provided critical recommendations on significant infrastructure defense measures
• Led successful deployment of incident management solution
• Led collaboration with IT leads ensuring mission fulfillment through aligned processes and procedures
• Delivered briefings to senior executives and leadership
• Supported audit response, policy design and implementation and post-incident recommendations
• Operated security tools, detected, tracked, documented and neutralized security threats
• Provided patch management and evaluated vulnerabilities for criticality
• Provided expertise on security product selection, development and implementation

Confidential, Fort Meade, MD

Privacy and Security Architect

Responsibilities:

• Evaluated privacy controls for the program, performed gap analysis on system requirements
• Evaluated CONOPS, SORN, PIA, NPRM and other documents for privacy compliance
• Represented Privacy and Security on governing boards assuring the confidentiality, integrity and availability of PII data through program and project lifecycles

Confidential, New Carrolton, MD

Senior Information Security Analyst

Responsibilities:

• Supported 24x7x365 Confidential team, operated security tools, processed over 180 incidents, performed malware analysis and proactively prevented cyber threats while enforcing policies
• Acted as Operations Lead, reporting daily to executives, evaluated job candidates, conducted training
• Engineered and deployed 50 network intrusion detection sensors and led Host based IPS engineering

Confidential, Baltimore, MD

Intrusion Detection Analyst

Responsibilities:

• Performed Confidential, operated security tools, detected and neutralized security threats
• Led testing and evaluation of candidate systems for security toolset upgrades