Summary:

• Experience with High-Profile, High-Risk International Enterprises
• IT Project Security Project Coordinator and Facilitator
• Security Architecture and Design, Threat and Vulnerability Management
• Network and End Point Security, Incident Management Response, Investigation and Mitigation
• Policy and Process Development, Risk and Gap Analysis, Risk Mitigation
• ITIL V3, ISO27001/27002, HIPPA, HiTECH, PCI DSS, SOX, FISMA, GLBA, NIST 800 Security Standards
• PCI DSS v.2 v.3 , PII, SOX, HITECH, HIPAA Governance, Responsibly and Compliance
• LDAP and Active Directory Management and Security
• Cryptographic Key Management System CKMS Architecture
• CA IdentityMinder, Open AM, Role Based Access Control and Identity Management
• Log Analysis, ArcSight, LogRhythm enVision, Netwitness and Splunk
• Database Monitoring Guardium, Imperva, Database Activity Monitoring
• Automated Compliance Testing, eDiscovery, DLP
• IDS IPS, Intrusion Detection and Prevention and Attack-Vector Discovery
• SaaS, IaaS, PaaS, WaaS Security 3rd Party and Hybrid
• Cloud-Based End-to-End Host Protection Zscaler, Websense and others
• User Security Awareness Training
• Virtualization Security
• Symantec, McAfee ePO Orchestrator, Trend Micro AV, DLP, HIPS
• VMWare and Hyper-V Hosting Security and Critical Update Monitoring
• SCADA, Industrial Control Systems, HM security analysis and Hardening

Current Position:

Confidential

Title: Sr. Technical Analyst

• am currently working a short-term contract with State Farm Insurance Corporate Center with their Technical Platform Operations. This involves using Splunk to investigate events and issues, user access management and security of LDAP, AD and Open AM, as well as helping to develop Policies and Procedures for FISMA, SOX and ISO compliance.
• Reason for Leaving: am looking for a permanent position.

Confidential

Title: Cyber Security Risk Management Security Architect

• In my position with the RISC Risk, Innovation, Security Consulting Security Group with American Airlines, was dividing my time between acting as a dedicated security resource to the Maintenance and Engineering MnE business unit based in Tulsa, OK, and conducting Security Architectural Design, Risk Management, Identity Management, Role-Based Access Controls, SOA, and User Governance and Mitigation and Security Policy Development NIST, PC DSS, SOX, GBLA for the enterprise at the Fort Worth, TX headquarters. reviewed network designs for the various projects SAP, WebSphere, Oracle, Server Desktop Cloud Virtualization, perform Risk Assessments and Analysis, Company and Regulatory Compliance, PC DSS meet and work with the business unit to find mitigating security solutions and controls prior, mostly, to implementation and entering my projects and finding into RSA Archer. My responsibilities also involved Policy Development, INFOSEC Patters and recommend Support Do Not Support decisions on Security Policy Exceptions. was also involved in developing and securing Mobile Device BYOD solutions, the various Cloud Services SaaS, PaaS, WaaS, IaaS , as well as PK Infrastructure and Cryptographic Key Management Framework. also built business cases on new technologies, research and examine 3rd party vendors and evaluate the security of their products and ensure they meet the AA GRC Guidelines.
• Currently, I leveraged my knowledge of SAP to develop a SAP Security Architecture document to cover the entire SAP environment GRC, SSO, Netweaver, Portal and assorted modules, and planning several concurrent DLP PoC's Symantec, RSA and McAfee .

Confidential

Remote

• worked as a contract consultant to Symantec working remotely and sometimes at client sites in Ohio and Illinois supporting Symantec installations, primarily DLP and Control Compliance Suite product line. My responsibilities included product support, configuration and troubleshooting, and well as assisting the client staff in assuming management of the product.
• Reason for Leaving: Symantec had a reorganization of the support group and chose to end the contract rather than move to Ohio.

Confidential

Title: Consulting Cyber Security Engineer

• Originally, was contracted to support this firm in its transition from Cisco Security Agent to Symantec Endpoint Protection 12 Enterprise and advised and assisted in the Roll-Out from Windows XP to Windows 7. In my time short time here, the scope of my duties have expanded broadly, to encompass all aspects of the Security Infrastructure, the Win7 and Virtualization Initiative, NIDS NIPS WAF Architecture, Application Vulnerabilities, Malware detection and mitigation and general Host Environment Architecture, current and projected. This was in addition to my primary objective of helping to translate the Cisco Security Agent rule sets and policies into a structure as close as could be re-created in SEP 12 SONAR, as well as assisting the various business units in understanding the differences between CSA and many moving parts of SEP 12. Besides SEP 12, also worked with and evaluated Bit9 as well as evaluating Win 8 as an Enterprise OS option.
• My duties included identification and alerting the company to attacks and malware, and engaged with the TVM team to identify and mitigate vulnerabilities by log analysis and event correlation using the host intrusion and anti-virus software.
• also assisted the Software Management in resolving application issues involving VMware ThinApp Application packaging, testing and recommending remediation solutions outside of the Security field, and assisted the Roll-Out team in determining the nature and cause of Roll-Out related issues due to software delivery, PXE boot imaging failures, TPM, and BIOS issues that were hindering the Migration generally, and Bit Locker in particular. This included resolve reimaging issues caused by conflicts between CSA and SEP 12 having a critical impact on the Roll-Out and finding a solution to the problem, as well as the root-cause. In my work with the TVM team, was able to discovery and elimination of literally hundreds of new Trojans, Key-Stroke loggers, information stealers and various Malware variants cataloged by Symantec as new and unknown threats, and identify widely-distributed vulnerable software versions being maliciously leveraged or directly exploited that had previously gone unnoticed.
• was successful in maintaining the highest level of security while correcting or avoiding HIPS-triggered disruptions to the numerous multi-million dollar Application and Web Development projects concurrently underway in conjunction with the Win7, Cloud and virtualization initiatives.
• Reason for Leaving: My contract with this company ended, and at the time, was not interested in a permanent position.

Confidential

Title: Host Intrusion Prevention Consultant, Desktop Roll-Out Project

• was responsible as part of a three person team working on the development and integration of CA HIPS Computer Associates Host Intrusion Prevention Software 8.1, a Non-Enterprise product, into an Enterprise-Wide HIPS solution for the roll-out of Windows 7, and Win 7 compatible applications. This eventually encompassed 130,000 host machines connecting to multiple CA HIPS servers spread around the globe. To achieve this goal, assisted in the architecture and design of the Event Reporting from servers in Asia, Africa, Europe and the Mid-East into a single, manageable reporting service server and design infrastructure. worked with Host Client development directly with the CA teams in Israel and India. advised on configuration issues, performed the daily tasks of writing Event Exceptions, Host distribution and connectivity issues and worked with the Application Readiness Team to have rules in place to avoid workflow disruptions for the 11,000 pilot users going into Rule Enforcement Full Blocking mode. distributed the updated HIPS policies to the various servers to maintain a correct and consistent rule set.
• As the project has matured, was primarily responsible for determining if application issues experienced by the user were HIPS related, the result of the native Windows 7 security, Active Directory GPO Restrictions or the company's Windows 7 OS hardening. Resolving these issues has ranged from writing a new exception, directing the local Roll-Out team to the correct responsible group, developing non-HIPS related work-arounds, to fixing the application problem myself, and worked with the SCCM team and on Bit Locker issues MBAM and SCOM also developed a Black-Listing, Grey-Listing and Monitoring HIPS rules and rule sets. While not included in my duties, identified and reported detected critical malware infections to my Team Lead, and alerted them to expected spikes in malware attacks based on the royal wedding as an example, newsworthy events.
• Also, trained and wrote simple How-To guides on the administration of the CA HIPS console, working with the offices in Buenos Aires, Argentina, who would be performing my responsibilities when my contract ended in late August. At that time, transitioned the management of CA HIPS to my BA colleagues.
• Reason for Leaving: My contract ended, and had an offer from United HealthCare.

Confidential

Title: HIPPA, Security, Vulnerability and Threat-Remediation Consultant

• After leaving the Northrop-Grumman project, worked under a grant from the Department of Health and Human Services, traveling around the U.S., working independently for non-profit Health Care organizations around the country that could not afford a staff Network Security Engineer. wrote Policies, performed Vulnerability testing, Security Architecture, Server and Workstation hardening, and HIPPA audit preparation. also taught basic security concepts regarding HIPAA Privacy Rules to end-users, and assisted in developing a manageable Security Infrastructure with the available local staff.
• Reason for Leaving: The program grant was not renewed.

Confidential

Title: Security Infrastructure Consultant

• In this position, served as the Security resource and Team Lead for the Northrop-Grumman VITA Network Transformation Project, a multi-billion dollar effort to modernize, standardize and unify the diverse governmental agencies of the Commonwealth of Virginia under a single managed network. Each team was comprised of a Security, Server and Network resource, all of which combined in a cross-area team. As the Team Lead, was the primary contact for the agencies we were engaged with, the Re-IP Project Managers, and NG/VITA.
• This position required me to survey the assigned agency for its existing security posture, perform security discovery on existing legacy hardware and software switches, routers, servers, , and organize the information and develop a plan for the migration of the agency to the NG VITA MPLS network. Planning involved determining the timing, potential relocation and conversion of the existing network resources, convert the current firewall rules for transfer to the NG network Cisco Firewall Service Module and Juniper Firewalls. This position required me to understand, support and configure a diverse collection of firewalls and security hardware and software, including Sidewinder, Raptor, Microsoft ISA and Cisco PIX and ASA v. 6.x-7.x , perform event analysis using enVision and Netwitness, and existing HIDS Cisco Security Agent, CA HIPS, Symantec and ISS as needed to achieve the Transformation objective at the Server Workstation level.
• This planning required determining which servers should be placed in the Shared, Secured of DMZ zones of the NG network, which servers required 3rd party support, and which fell under HIPPA and PC status, and directed changes that needed to be made for the agency to become PCI-DSS compliant Firewall placement, separation of Wireless networks, securing Web-Facing applications while coordinating the requirement to maintain the current VPN solution before moving the agency to the NG Transformed VPN solution.
• performed a Risk Analysis on each agency, reported my findings to the Project Managers and Security group, made recommendations on Risk Remediation prior to the move, and deal with any security-related incidents triggered by the change in state to the Network Transformation.
• Reason for Leaving: My contracted ended, and was presented with another opportunity.

Confidential

Title: Network Security, Host-Intrusion, Vulnerability and Threat-Remediation Consultant

• In this position, was part of the Corporate Network Security Team, Eyes-On-Glass IDS IPS Intrusion Detection, Cisco, enVision and PoC of Arcsight , Vulnerability Testing Nessus, Tripwire and Patch Management, Database Activity Monitoring Guardium , managed the Vontu DLP, POS Security and 3rd-Party vendor Security Audits. also worked with the SAP R/3 team to customize the SD templates and ADAP security.
• left Circuit City when my contract came up for renewal, due to the uncertainty with the company's future.

Confidential

Title: Cisco Security Agent Administrator Network Security Consultant

• This was a contract opportunity that presented me with a variety of challenges that revolved around the company's Risk Management and Security Architecture. During my time there, was involved in numerous projects and assumed primary responsibility in several areas:
• Interim Project Manager Consulting Technical Lead CSA Administrator primary responsibility for planning, implementation and management of Cisco Security Agent 5.x Host Intrusion Detection software to 13,000 workstations and 500 servers, including manufacturing interface machines. was responsible for planning and organizing the pilot project and in Project Plan development. performed configuration and tuning of agent rules, built Installation Kits, management of the CSA 5.0 console, monitoring events write rules and reported previously undiscovered threats and vulnerabilities to the CSIRT team.
• As part of this project, was responsible for promoting, presenting and explaining the scope and nature of the implementation, how CSA worked, and the benefits that would be derived from it.
• was responsible for the creation of Help Desk troubleshooting scripts for our 3rd party Service Desk, and well as develop training materials customized for this company.
• gathered the necessary information on machines and software, organized meetings and developed working groups from the diverse business units.
• also helped to create the processes that would be needed Change Control, Rule Exemption process, Software certification, etc., with the introduction of this product.
• developed the escalation process for CSA related events from the 1st level support to the CSA Administrators.
• Wired Wireless Guest Network Consultant worked with the Network and Security Architecture groups to assist in the introduction of a Wired and Wireless Guest network. researched Guest Network appliances and advised in the selection, developed a logical diagram of the proposed network, and helped write the Policies and Standards that will govern the network. consulted on Rogue Access Point detection, Network Security, encryption and management.
• Policy and Standards Development worked with members of the company to develop written security polices and standards for all aspects of Network Security.
• Reason for Leaving: My contract with is company ended October, 2007 due to company policy on how long a contractor was allowed to continuously work for the enterprise.

Confidential

Title: Network Security Engineer Network Administrator

• Alert, advise and respond to viruses, worms and Trojans, and all other security threats to the workstations and servers. Conduct security audits of server, switch and router logs and respond to suspicious activity. Monitored the Cisco MARS appliance, as well as monitored Snort IDS host for possible security compromise and intrusions. Educated users on threats and alert them to possible outbreaks and supported the architecture and implementation of Cisco PIX firewalls.
• Installed, configured and troubleshot the VCCS Central Office LAN/WAN. This was comprised of 6 3524 and 8 2900 Cisco switches, 2 3640 routers, 7 VG200 analog switches, 2 4908 Level 3 Gigabit switches, an ATM Lightstream 1010, 7204 and 4700 Cisco routers, Cisco 3000 VPN concentrator, and PIX firewalls.
• configured VLANs, port assignments, access lists and global configurations on the edge devices, installed and configured new switches and routers as needed RIP, BGP and performing changes to enhance security as needed.
• upgraded the System Office servers to Active Directory and Windows 2003.
• Supported the Unix based VCCS Library systems servers UNIX 5 and Red Hat Linux and a Solaris 8 machine.
• Added and deleted users, and resolved any NT related problems, DHCP, RAS, IIS, POP3 mail, SQL servers, Ghost and supported the system DNS servers, securing the servers, updating critical patches, intrusion detection and avoidance, and applying baseline security configurations
• Install, configure and support Cisco-based Secure Wireless WLAN 802.11b and g and configure and support Wireless Hand-held devices, such as Tablet PCs and PDAs.
• Install and support the migration from a Pop3 email system to Microsoft Exchange 2003 and Outlook 2003 client.
• Provided 2nd and 3rd level desktop, administrator, and network support for 160 users in the Richmond System Office, comprised of Win 98, NT4, 2000 and XP desktop units and various brands of laptops, as well as 20 NT4, Windows 2000 and 2003 servers and Active Directory.
• was responsible for system backups ArcServe , Veritas Backup Exec, new server configurations, physical security and make recommendations on equipment purchases.
• assisted in the development of the agency's Disaster Recovery Plan and the remote location Data Storage SAN planning and implementation.
• To assist the staff of the IT unit, installed and supported a wide variety of software, Office 2000, Office XP, McAfee Anti-virus, Outlook 2000, 2002 and 2003, numerous POP3 email clients, PeopleSoft 7.6x and Oracle 8 clients.
• took on the responsibility of Installing and configuring Cisco 3.2x-4.x VoIP Call Managers, routing and dialing patterns, configure remote gateway devices, troubleshoot voice over IP problems, and worked with our Cisco representatives to resolve outstanding issues, and integrated the Exchange 5.5-based Unity Voice Messaging into a unified messaging system, besides hardening them against possible compromise and DDoS attacks.
• also installed, configured and supported the VTEL and VCON H.323 videoconferencing system at the network level, and all audio/visual equipment used in the 3 conference rooms there.

Additional Technical Experience and Knowledge:

F-5, Automated Compliance testing, eDiscovery, Vulnerability Testing Tools Nessus, OpenVAS, others TCP/IP Deep Packet inspection, Penetration Testing, Log Analysis, ArcSight,, Fire Eye, nCircle, Forensic tools EnCase, Open Source tools, Wireless Security, Wireless Penetration Testing, and various Network Reconnaissance and Sniffing tools. Snort NIDS, Disaster Recovery and Business Continuity solutions. Symantec Endpoint Enterprise, Trend Deep 7, McAfee ePO.