Experienced cybersecurity professional with 12+ years of experience designing security monitoring and incident response solutions for large enterprises: 1M+ sensitive records, $8B+ financial transaction systems, 100K+ endpoints and users. Standardized SOC operations for PCI/SOX/FINRA/FFIEC requirements for documented incident response process. Current knowledge of cyber security threat hunting techniques, processes and forensics investigations.
Previous SOC and monitoring experience include Morgan Stanley (2006-2007), Federal Reserve National Incident Response team (2010-2011), Rodale (2014-2015) and Brown Brothers (2015-2017) where I used Arcsight, Splunk, Alienvault and utilized threat intelligence feeds such as FFIEC/Anomali and Web threat hunting using Blue Coat/Mcafee malware gateway and Symantec/Proofpoint Email gateway for phishing/APT investigations.
Cyber Security Consultant05/2017 to CurrentInfosec Professionals LLCSecaucus, NJ
Bank of NY (consultant for Apex Systems): Evaluate cloud security risks across Iaas/PaaS/SaaS solutions and mapped controls, dependencies and security solutions such as CASB and encryption.
Performed a deep-dive analysis for worst-case scenarios and evaluated appropriate controls using adversarial model of threat and impact analysis.
Client: City of NY: .
Review external threat vectors and optimize solutions such as Tanium, Splunk, Anomali, Cyphort. Conduct red teaming exercises using Safebreach and Cisco Cyber Range.
Investigate data breach issues related to credential theft and Active Directory. Deploy Crowdstrike and LastLine.
Standardize security escalations for security issues, implement user behavior detection tool (Bay Dynamics Risk Fabric), Akamai DDoS/early threat detection and develop strategy for prompt restoration from ransomware, social engineering attacks.
AVP, Cyber Security- Monitoring, Forensics & Investigations03/2015 to 04/2017Brown Brothers Harriman & CoJersey City, NJ
Designed Cyber Security Operations Center for the firm.
Support centralized security incident response functions including follow up, evaluation and analysis of security events related to internal and external threats.
IT Security Manager02/2014 to 03/2015Rodale IncNew York, NY
Developed an enterprise risk register to identify key issues for PCI compliance; perform critical control reviews using SANS Top 20 model, and provide guidance to onsite and offshore network/systems team to standardize technical security operations, including incident/threat detection, patch management, endpoint security.
Manage Risk Assessment Process, perform security control gap analysis using ISO 27000 standards.
This process includes having regular meetings with business owners for data and application classification, understanding business risk, and translating IT risk to business risks for both customers and third-party providers.
Develop, communicate and explain risk mitigation techniques and methods to business users, to resolve existing PCI audit issues.
VP/Corporate Information Security Officer06/2013 to 01/2014Rabobank InternationalNew York, NY
Perform security controls review for new project requests from various teams.
Manage projects and make purchasing decisions relevant to audit areas, including Enterprise Single-Sign-On, Encryption and Data Loss Prevention (DLP) and develop and mature Security Incident Response Team (SIRT) process.
Established a comprehensive Information Security Awareness program for regulatory compliance.
Develop and update security policies and procedures/ standards.
Information Security Audit Consultant09/2012 to 05/2013BNP ParibasJersey City, NJ
As a Subject-matter expert (SME) for Internal IT Audit team, responsible for identifying IT and procedural risks, measure and report on effectiveness of existing controls.
Lead and perform audit of Information Technology functions and services including schedule development, project planning, documenting existing controls.
Senior Cybersecurity Consultant11/2010 to 09/2012IALOGIX CORPORATIONNew York, NY
Developed improved Incident Reporting and Escalation Metrics for Federal Reserve- NY.
Defined the operating model for APT threat hunting.
Implemented Symantec DLP and Secure Kiosks for NYCHA.
Performed annual security policy review and implemented security awareness program for Dexia Credit Local New York branch, to comply with NYDFS and Fed requirements.
Managed AML Due Diligence/SEC compliance for Banca Intesa.
Tools Implemented: HP ArcSight, Archer GRC, Splunk, QRadar, DBProtect, Guardium, Varonis Data Advantage, Quest ChangeAuditor, IBM AppScan, HP Web Inspect/ Fortify, Websense/McAfee/Symantec DLP.
Information Security Engineer08/2009 to 11/2010Moody's CorporationNew York, NY
Act as primary point of contact for application development projects, and software and system change reviews on various stages of SDLC.
Standardize application and systems controls using COBIT/COSO frameworks.
Implemented vendor risk assessment and application/systems security review process, including endpoint configuration, web application, web 2.0/mobile and cloud.
Integrated security review into standard SDLC process, including architecture and code reviews.
Define and develop the firm's cybersecurity framework, secure coding, DDoS prevention, identity & access management, and vendor risk assessment process.
Security Engineer08/2007 to 08/2009City of New York
Implemented Network Security for of NYCServ Online Transaction Systems; Security requirements of NYC-wide Mobile Wireless (3G) Network implementation.
Managed citywide secuirty infrastructure including security monitoring, reporting, firewall/proxy configuration, vulnerability identification and management.
Consultant/ Security Engineer01/2006 to 08/2007Morgan StanleyNew York, NY
Managed technical escalations of Security Operations team, and maintain managed service provider relationship, including operational, service-level, and performance metrics to identify and mitigate any issues affecting services or SLA.
As a member of Global IT Security Operations, responsible for approving security access changes, perimeter access control maintenance; DNS/ Email/Proxy Security.
Operating Systems: Windows 7, 10/2012 server family, Linux, Solaris
Technologies: TCP/IP, IPSec, VPN, SSH, PGP, PKI, Encryption, Web