More than 25 years' experience as an Information Technology (IT) professional with strong expertise in IT management, IT security management, and IT enterprise architecture. Demonstrated expertise in establishing and implementing large information security programs. Designed and implemented automated tool-based vulnerability management framework that continuously monitors and detects Cybersecurity threats and vulnerabilities. Performed evaluations and selections of IT security tools and successfully implemented IT security systems to protect the availability, integrity, and confidentiality of critical business information and information systems. Highly skilled, dedicated and enthusiastic team player with excellent leadership and communication skills.
Qualifications/Skills
Certified Information Systems Security Professional (CISSP) - 2002
Certified Information Security Manager (CISM) - 2005
Information Systems Security Management Professional (ISSMP) - 2005
Certified Federal Enterprise Architect - 2010
Governance, risk & compliance (GRC)
Project management
Information protection and analysis
Security information and event management (SIEM)
Risk assessment & compliance
Intrusion detection/prevention systems (IDS/IPS)
Application white listing
Data loss prevention (DLP)
Disaster recovery planning
Vulnerability management
Education and Training
George Washington UniversityWashington, DCExpected in ā āMaster's Degree:Engineering Administration - GPA:
Morehouse CollegeAtlanta, GAExpected in ā āBS:Mathematics/Physics - GPA:
Accomplishments
Leadership
Developed and implemented enterprise security strategy and framework that consists of strategically integrated elements of NIST risk management and Cybersecurity frameworks, SANS Critical Controls, ISO/IEC 27001/27002 and COBIT 5 for Information Security.
Strategy and Planning
Developed and communicated Acceptable Use policy, Mobile Device Management (MDM) and Bring Your Own Device (BYOD) policy, and many other security policies and standards to all users.
Established policies and procedures for system administrators to perform operating system and application patching.
Team Collaboration
Collaborated with large departments to establish enterprise security framework to accomplish common IT security objectives and leverage common tools to reduce costs.
Coordinated the activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.
Project Management
Managed the implementation of Enterprise IT Security Framework āQuick Winsā Road Map based on SANS Critical Controls āFirst Fiveā controls.
Managed IT Certification & Accreditation (C&A) program implementing automated tools to realize efficiencies and significant cost savings for C&A process, including developing IT security plans and processes.
Managed IT asset management and configuration management project implementing VmWare vCenter Configuration Manager (VCM) tool, defining enterprise IT inventory processes (using ITIL), automating system patching capability and significantly improving IT configuration management.
Managed Pooled Workstations project implementing a virtual pooled engineering workstation environment (blade workstations in the Engineering Data Center) that enables remote connectivity from standard computers to perform processor and graphic intensive engineering analysis (i.e., ProE, MathCad, MathLabā¦). Realized cost savings due to the reduction of high-performance engineering workstations from 500 to 200.
Work Experience
Bechtel - Chief Information Security Officer (CISO) Las Vegas, NV, 09/2012 - 01/2014
Developed and implemented Enterprise Security Program that includes 22 departments and 22,000 employees.
Developed Executive Order 1-48, Information Technology Security, to provide consistent policies regarding information technology (IT) security and roles and responsibilities of personnel using and maintaining computer resources, electronic communications and Internet access in performance of job function.
Developed City of Houston administrative procedure for IT Security Program, to prescribe roles, responsibilities, and conditions that promote security throughout IT system life cycle and set ground rules under which City of Houston operates to safeguard information and information systems.
Developed administrative procedure for the Appropriate Use of Computing Devices and Other IT Resources to establish policy for appropriate and inappropriate use of computing devices (including employee owned devices) that connect to IT resources.
Developed IT security handbooks to provide detailed information and guidance regarding the processes to meet IT security program requirements.
Developed and implemented web-based Cybersecurity Awareness Training Program for all employees.
Developed and implemented automated tool-based vulnerability management framework.
Led effort to conduct IT security risk assessments and develop security plans for departments.
Led evaluation, selection and implementation of the following tools: governance, risk & compliance (GRC), security information and event management (SIEM), automated vulnerability management, automated penetration testing, application whitelisting, data loss prevention (DLP), intrusion detection system/intrusion prevention system (IDS/IPS), web filtering, malware defense systems for endpoints and network perimeter, and mobile device management.
Salinas Valley Memorial Healthcare System - Computer Security Officer / IT Manager Salinas, CA, 11/1987 - 09/2012
Management of IT Program, including IT Security Program, for Engineering Directorate that includes 9 Divisions with 900 Civil Service employees and 2500 Contractor employees.
Established management control and communications processes to ensure IT Security Program is implemented consistent with current policies.
Managed and implemented Agency certification and accreditation process for all IT systems.
Ensured development and approval of IT security plans and procedures, continuity of operations plans and procedures, and information security baselines and controls.
Conducted IT security audits to ensure effective implementation of security controls.
Ensured development and implementation of risk analysis processes and procedures for IT systems.
Defined risk mitigation strategies and reported significant changes to senior management.
Promoted accountability of Division Chiefs in managing information security risks.
Ensured vulnerability and threat assessments were performed to evaluate the effectiveness of existing security controls.
Developed and implemented processes to enable detection, identification, and analysis of IT security threats and vulnerabilities.
Developed and implemented Information Security Training and Awareness Program.
Established and maintained effective Information Resource Management program, including the development of strategic IT plan.
Managed 10 million dollar IT budget that included commercial IT systems and services, IT security projects, and in-house IT systems.
Managed IT service functions, including end user services and devices (computer workstations and mobile computing devices).
Established management and communication processes to ensure effective IT program that enables the mission and fosters conflict resolution.
Managed and implemented IT requirements, standards, and business processes.
Managed Capital Planning and Investment Control (CPIC) Process
Analyzed Federal, Agency, and Center IT requirements to determine impacts and developed effective implementation strategies for compliance.
Developed service level agreements, including appropriate performance metrics.
NASA Constellation Program - Information Technology Security Manager City, STATE, 04/2006 - 05/2008
Established and implemented IT security program ensuring the security of all programmatic information residing on systems that were distributed across ten NASA Centers. These systems were an integral part of five major projects: Crew Exploration Vehicle, Crew Launch Vehicle, Mission Ops, Ground Ops, and Lunar Robotics
Developed program IT security governance document that includes effective approach to internal and external integration and communication to accomplish IT security objectives.
Established and validated security requirements that include physical, command and control, communications and information security requirements.
Coordinated activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.
Established IT security planning processes, including continuity of operations and disaster recovery planning, risk analysis methodologies, and test methodologies for contingency plans and security controls.
Interfaced with senior management on policy interpretation and presented recommendations for approval. Coordinated with other Mission Directorates, Programs, and Projects to ensure consistent application and implementation of standards.
Established a management control and communications process to ensure IT Security Program was implemented consistent with the NASA Centers, the Exploration Systems Mission Directorate (ESMD), and the Agency security strategies and policies.
Provided leadership to IT security team and contractor community for resolution of IT security issues and implementation of process improvements from lessons learned.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
