PRINCIPAL SECURITY CONSULTANT January 2010 to February 2016PCI QSA QSA - P2PE Verizon
working as a year round trusted agent to clients providing advanced security consulting expertise to three of the largest United States banks, in addition to multiple regional banks, a worldwide Energy company, one of the world's largest hotel chains and a Fortune 20 retailer.
Consulting includes but not limited to secure enterprise architectures, firewall and router configurations, operating systems configurations, wireless architectures, databases, specialized security appliances and information security policies and procedures for designing, implementing and maintaining security architectures for enterprise corporations Lead QSA consultant with enterprise accounts as well as a mentor for other consultants.
I use a blend of technical depth and people/project management skills to drive out standards of quality, consistency, and predictability in delivery Provides PCI Point to Point Encryption (QSA - P2PE) consulting and assessment services for several large retailers to increase the security of their cardholder data processing environment and reduce overall PCI DSS scope Conduct Level-1 Payment Card Industry (PCI) assessments, PCI gap assessments, remediation consulting, and security architecture consulting in most verticals i.e.
Large Banking, Energy, Large Retail organizations, Hospitality, Healthcare and multiple Level 1 Service Providers.
Also perform Payment Application Data Security Standard (PA-DSS) assessments for payment applications for e-commerce, Point of Sale (POS) and mobile payment applications.
Performed an in-depth technical assessment project (200 hours) with Cisco on products ranging from firewalls, routers, UCS-SRE blades, Nexus switches, datacenter firewall, router and switches, EMC products, HyTrust and RSA products (Data Protection Manager, Authentication Manager and Envision) Reviewed large, medium and small enterprises architectures to assess technical security controls and related operational procedures identifying security gaps, to include but not limited to, firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized security appliances and information security policies and procedures Deep forensics skills using standard tools contained on the Helix 3 Professional tool kit distributions during payment application testing.
Worked with numerous Fortune 500 companies to develop their short and long term security strategies and assist with implementation of the defined strategies.
Deep technical background in secure system architecture and deployment of network architectures Provided consulting to Fortune 25 Senior Executives on their Information Security control strengths and weaknesses and assisted in developing effective solutions.
SENIOR SECURITY CONSULTANT Trustwave January 2007 to January 2010
Provided enterprise clients, large international banks, service providers and merchants consultative expertise related to the Payment Card Industry Data Security Standard (PCI DSS) requirements Performs Payment Application Data Security Standard (PA-DSS) application testing and certification Program manager providing expertise while managing technical remediation and implementation of solutions ensuring several large retail and financial environments being compliant with the PCI DSS.
Project management experience - applied understanding of business processes and technical skills to successful completion of projects Strong familiarity with emerging developments in technologies such as Identity Access Management, Patch Management, Encryption solutions, Firewall technologies, Host and Network based Intrusion Detection/Prevention Systems and policy management solutions Extensive knowledge of security assessment techniques, authorization methodologies, and authentication technologies and security attack vectors Responsible for the creation and/or review of client Information Security Policy and Procedures and other documentation as a basis for identifying potential areas of improvement and increased effectiveness with respect to client administrative controls Continually monitored advancements and trends specific to Information Security in order to best serve the client base.
SENIOR MANAGER TECHNOLOGY/SECURITY OVERSIGHT January 2005 to January 2007Charles Schwab Co
Evaluated the firms Privacy program against Generally Accepted Privacy Practices (GAPP) and the Gramm-Leach-Bliley Act (GLBA) specific expertise in information security for privacy objectives and the Privacy program critical success factors Performed web application vulnerability scanning using Watchfire's Appscan Audit software interpreted vulnerabilities and communicated to development group senior management and business owners on required actions to resolve the exposed vulnerabilities Evaluated the firms information security risk assessment process against the OCTAVE risk assessment model - ensuring risk assessment strategies are aligned to mitigate and control risk Point of contact to communicate the firm's risk assessment status to the regional Federal Reserve Boards (San Francisco and New York), ensuring Schwab meets Federal regulations to continually protect client assets Evaluated information security policies, standards and procedures using the following frameworks: ISO 17799:2005, National Institute of Science and Technology (NIST), and Generally Accepted Information Security Practices (GAISP) Performs architecture audits on IT system security, Active Directory security, Oracle and SQL database security architecture, hardware, communications infrastructure, operations, application development, intranet, network engineering and other technology areas.
Enterprise Security Administrator January 2004 to January 2005ENTERPRISE SECURITY ADMINISTRATOR US Foodservice
for over 600 Microsoft servers, 40 UNIX servers, 40 NT 4.0 domains, IBM,.
Tandem mainframes and the security of a new company wide Active Directory domain and VMware ESX Server.
infrastructure implementation Maintains overall security architecture for the enterprise network -- Drives enterprise security program strategies and implementation of appropriate safeguards and controls using the COBiT framework Authored and implemented information security policies, standards, guidelines and procedures across all computing platforms (Windows, UNIX, IBM, Tandem, Oracle, Cisco) Designed and implemented nation-wide company VMware ESX Server security project ensured the success of this five million dollar project roll out IT Project Manager for the remediation of IT design and operational gaps ensuring compliance with the Sarbanes-Oxley Act and HIPAA requirements Authored company's IT Sarbanes-Oxley compliance project plan and performed SoX IT controls testing Participates on project teams in the role of an IT Security architect reviewing projects and processes for compliance with corporate/industry security practices and policies.
Develops, designed, implements, and monitors corporate-wide security awareness programs to assist the education and training of employees regarding information security issues, policies, standards and guidelines Performs product evaluations of security technologies (e.g.
Application Firewalls, Vulnerability scanners, etc) evaluates, procures and maintains hardware and software security tools Leads the Incident Response Team responsible for conducting forensic analysis on exploited systems Responsible for continuous monitoring of vulnerabilities, threats, and exploits through the use of intrusion detection (IDS) and vulnerability assessment tools.
Monitors the status of malware (viruses, worms) and approves appropriate patch management processes.
Education and Training
MS : Management of Information SystemsSecurity Colorado Technical UniversityManagement of Information Systems
BSProfessional Aeronautics Embry Riddle Aeronautical UniversityPME Professional Military Education United States Air Force
Qualified Security Assessor - QSA (P2PE) Payment Application Qualified Security Assessor - PA-QSA (P2PE) Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) Global Information Assurance Certification (GIAC) (GSEC) Microsoft Certified Systems Engineer (MCSE) in Windows NT 4.0 and Windows 2000) Microsoft Certified Trainer (MCT) (1999-2007) Cisco Certified Network Associate (CCNA) (2003-2006) A+ Certified
Secure network architecture design, Security strategy, security assessments, policies and procedures, Sarbanes-
Oxley, HIPAA, GLBA, FISMA, PCI (CISP), web application security, database security, networking, scripting and
Secret security clearance updated March 2000 Top Secret clearance -- updated July 1997 SPECIALTIES Secure network architecture design, Security strategy, security assessments, policies and procedures, Sarbanes- Oxley, HIPAA, GLBA, FISMA, PCI (CISP), web application security, database security, networking, scripting and disaster recovery
A+ Certified, Active Directory, administrative, Air Force, application development, architect, Banking, business processes, CCNA, Cisco Certified Network Associate, CISA, Cisco, hardware, consultant, Consulting, Encryption, client, clients, data processing, databases, database, delivery, designing, documentation, e-commerce, senior management, financial, Firewalls, Firewall, IBM, IDS, Information Security, Information Security, Information Systems, ISO, mainframes, managing, mentor, Access, Microsoft Certified Systems Engineer, MCSE, MCT, Microsoft Certified Trainer, Windows, Windows 2000, Windows NT 4.0, NT 4.0, Monitors, enterprise, network engineering, Network, operating systems, Oracle, Oracle and SQL, PCI, policies, POS, processes, Project management, quality, Retail, risk assessment, router, routers, San, Sarbanes-Oxley, scanners, scanning, servers, switches, system architecture, Tandem, UNIX, UNIX servers