SUMMARY:

Resourceful mentor with over 20 years of passionate s in IT research, engineering, architecture, management, security, audit, service delivery, implementation, and governance. Together, we can create trustworthy applications, systems, and networks.

PROFESSIONAL EXPERIENCE:

Trusted Security Founder

Confidential

Responsibilities:

• Created secure cloud platform and network devices. Served as lead for implementing & integrating Confidential solutions within most architectures.
• Give me a need, regulation, law, control, and/or IT risk and we’ll find a way to mitigate, coordinate, design, project plan, develop, integrate, install and operate it.

SugarCRM Information Security Manager

Confidential

Responsibilities:

• Combining all previous experience, I lead SugarCRM efforts to establish, improve, and maintain Information Security and Assurance.

Seidcon Senior Security Engineer/Architect

Confidential

Responsibilities:

• For several web services and infrastructure projects at Confidential to develop secure next generation capabilities over an eight year period, coordinated to ensure security was integrated into all efforts from pre - SDLC through to operation.
• Lead the effort to bring diverse communities and interests together to integrate security into existing enterprise processes (e.g. leadership/management, change management, development, testing, engineering, program risks/schedule/performance/cost, etc.).
• Provided solutions for Confidential at the speed of several highly aggressive agile development efforts.
• Served as lead security architect and matrixed into new & critical IT initiatives. First sought to understand business processes, missions, constraints, and operating/regulatory environment. Gathered security related concerns, opportunities, issues, risks, and goals from folks throughout the enterprise.
• Used past experience and researched newer and more complex topics to coordinate, craft, and present departure points and ways forward.
• Topics included; control development, risk mitigation, software development, integration, configuration, architecture (networking, OS, services, and applications- both custom developed in-house and off the shelf), fraud prevention/detection/prevention, privacy, and compliance.
• Drafted alternatives, architecture, and trust structure papers for several enterprise and internationally implemented turnkey, federated and consolidated solutions for web applications via REST, SOAP/XML and using LDAP/AD (metadata store), SPML/SCIM (provisioning, proofing, self-service), SAML/OpenID Connect (authentication, session management, single sign on (SSO), federation), and XACML/Oauth/UMA (authorization, consent, access control).

Confidential

Lead Security Engineer & Lead IT Auditor/Cert Auth Agent

Responsibilities:

• For several multi-billion dollar programs, planned, coordinated, liaised, and led the effort to ‘bake security in’.
• Discovered and prioritized information protection needs for ways forward and plans of action.
• Distilled technical requirements (i.e. feature testable criteria) to develop detailed designs for applications & systems and networking architectures.
• Interfaced at all levels to manage the development, implementation and assessment of security effectiveness.
• The end result was that we had a comfortable level of security assurance for satellite communications systems (ground and space networks), and subsequently, web applications/services.
• From pre-acquisition into operations, provided assurance that what we put into place for information security (i.e. information technology (IT), IT operations, policy, procedure); worked, worked well, worked all the time, as expected, met legal/policy requirements and fit within constraints (e.g. time, budget, capabilities).
• Provided leadership and coordination of several large integrated program teams (IPTs) and development activities.
• Developed solutions, plans, and coordinated for holistic operational practices (e.g. people, processes, policy, procedures, standards, plans, service delivery, and operations).
• Provided regulatory analysis and guidance for IT & National Security Systems ( Confidential ) acquisitions.
• Developed acquisition goals, strategy, and key performance parameters (metrics).
• Drafted contract verbiage and related technical & operational requirements.
• Helped maintain affordability through resource estimation and budget planning.
• Through clear understanding of problem set, definition of expectations, and negotiation, I helped save the taxpayers $20M.
• Provided analysis and critique for deliverables acceptance, service performance, and accordingly influenced program decisions.
• Established and operated information security and risk management programs based on a risk based decision making process that enabled upper management to quickly and effectively assess and assume the risk of IT operations.
• Served as mentor for information security professionals and helped guide their development and career performance. Provided and assessment of team member performance.
• Discover, analyze, quantify and document risks to ensure system & data integrity and continual protection of data. Researched and quantified threats coupled to vulnerabilities to quantify the resulting risks- both technical and operational. Authored test/validation/audit procedures, performed the tests/audits and directed & reviewed the test/audit results done by others. Developed solutions and coordinated to ensure that mitigations were implemented.
• Designed, implemented, and assessed security for; web servers & services (JBoss, SOA, ESB, HTTP, Java), operating systems (Windows, Solaris, Linux), applications, virtualization/cloud computing, databases (SQL & Oracle), encryption systems (VPN, NSA Type-1), networking devices, and controlled interfaces (guards that protected information at differing levels of sensitivity).
• Helped integrate security into the change and code review processes.
• Active participant and decision maker for code reviews, change management board, and program level risk/opportunity reviews.
• Ensured developmental security issues were addressed via manual code review and static/dynamic code analysis tools.

Confidential

Hands-on Technical & IT Audit Project Manager

Responsibilities:

• Project planning, team building &, tasking and evaluation. For successful project completion, I delegated work to (and relied upon) up to 11 team members to include both Crowe as well as client personnel.

Trusted Advisor

Confidential

Responsibilities:

• Temporarily served as IT Audit Manager, Information Security Officer, and PKI Project Manager.
• Interfaced with top management of numerous large companies for areas of information security/assurance, audit, business continuity, risk mitigation, technical implementation, computer incident response, HIPPA, GLBA, SOX, policy and procedure.
• Testing, attestation, quality assurance, security assessment and technical implementation.
• R&D for new products & services.
• Risk mitigation and incident response.
• Develop and perform HIPAA, GLBA, PCI DSS, SAS 70 & SOX implementations and audits.