To obtain a managerial position in Information Security in the Tampa Bay Area (or remote) Highly skilled Information Security Professional offering vast knowledge of network security at desktop, server and internet levels.
Qualys Vulnerability Management System
ISC2 Common Body of Knowledge
Information Security Vulnerability Management
Designed and implemented Information Security Programs at 4 different companies
IT Architect February 2011 to CurrentDaVita － Denver, CO.
Evaluate new and innovation security and IT technology for possible implementation within our network.
This includes end point security, biometrics, electronic signature, encryption, identity management and Mobile Device Management devices.
Develop security specific standards, patterns, policies, and procedures in accordance with ISO/NIST and other applicable regulatory standards Designed segmentation of network infrastructure in order to segregate sensitive data Developed security remediation effort to address serious Identity and Access Management (IAM) related issues Work with the IT Risk Team on the implementation of GRC tools such as Archer and Troux Implemented a cost-saving digital signature initiative Manage the Architecture Governance program, including chairing the Architectural Review Board Negotiate with vendors by narrowly defining scope of work estimates and obtaining competing bids Make metrics based technical presentations to C-Level Executives about proposed security implementations and EA governance initiatives Manage the IT Standards and Application Rationalization Programs Experiences with the implementation, configuration and administration of Troux 9.x and Troux Insight.
Information Protection Manager September 2007 to August 2010CIGNA － Bloomfield, CT
Worked with a diverse team of global sourcing, information technology and insurance business executives to implement cost effective and secure business process and software development outsourcing strategies.
Audited the security and information protection standards of vendors engaged in providing services to CIGNA.
Implemented an vulnerability scanning and remediation plan using Qualys Enterprise.
Reviewed the security of applications used in the company's business processes s in support of health care specific privacy regulations such as HIPAA, HITECH, PCI.
Director of Information Security November 2003 to May 2007HCC Insurance Holdings Inc － Houston, TX
IT Controls SOX Program Manager As such, developed and implemented procedures and standards to meet or exceed SOX Audit Requirements including development of application and network security controls, implementing system monitoring, investigation, end user awareness, physical controls, internal review and documenting procedures in support of COBIT based SOX Control Objectives Designed the network security infrastructure including the deployment of a Qualys vulnerability scanner and a Sourcefire IDS/IPS Monitored and audited approximately 30 Checkpoint Firewalls IAW SOX Compliance Presented information security awareness training to every employee in the company of 2000 employees, developed web enabled Information Security Awareness Training Installed, tested and employed vulnerability scanning tools such as QualysGuard, GFI, Retina, ISS(IBM) and Nessus Implemented security technology to automate IT controls, including the implementation of an automatic scanning solution and an intrusion prevention system (IPS) in support of SOX objectives Developed a Corporate Business Continuity Plan for an international company comprised of 18 global subsidiaries Served as the leader of a C Level Incident Response Coordinating Committee charges with the responsibility to respond to events the business.
Information Security Lead March 2002 to November 2003Airlines Reporting Corp － Louisville, KY
Information Security Lead for the main datacenter for all major U.S.
based airlines Successfully lead a part time Computer Security Incident Response Team in responding to one significant Denial of Service Attack, two major RPC worm attacks and investigations of numerous lesser incidents Implemented Tripwire Security Software for file integrity checking Installed, tested and employed vulnerability scanning tools such as Retina, ISS Security Scanner and Nessus Recommended remunerative strategies to strengthen the network structure against hacking attempts saving the company approximately $100,000 inoutside fees Developed four other security related company policies; Data Classification, Remote Access, Email Usage and Strategic Information Security Implemented a secure email gateway solution at the network perimeter to protect the email infrastructure.
Information Security Manager January 2001 to March 2002Lam Research － Fremont, CA
Installed an Intrusion Detection and Analysis System Wrote and implemented various information security policies Developed and implemented Information Security Awareness Training Implemented an encryption solution Developed requirements and drafted RFPs for a network security audit.
Education and Training
Masters of Business Administration : Technology Management, 2006University of PhoenixTechnology Management
Computer Systems Support, 1999Empire College － Santa Rosa, CA