I'm a well rounded security professional with over 20 years of experience in information security. I have experience in incident response, forensics, penetration testing, security architecture, and security leadership as a CISO for a financial institution.
I teach security leadership classes for the SANS institute (www.sans.org):
MGT514: Security Strategic Planning, Policy, and Leadership
MGT512: Security Leadership Essentials for Managers
I'm also a faculty grader for a masters level course for the SANS Technical Institute.
My activities in the information security community include presenting at conferences, InfraGard Board Member, and a chapter leader for the Oklahoma City OWASP Chapter.
I enjoy all aspects of building information security programs and teams. I adapt easily to the context of security requirements within organizations and understand how to align security with the business objectives.
The reason I'm applying at Zions Bancorporation is that we are planning on moving to Utah in the next four years and I'm not opposed to traveling to Salt Lake City.
Building effective and cohesive security teams
Information Security Metrics
Connecting information security to business objectives
Technical and administrative controls
Proposing and maintaining security program budgets
Incident Response and forensics
I lead a team of 12 penetration testers on a long term engagement for a multi-national client.
The technical side of this engagement has me performing web application penetration testing for some of the top financial institutions in the nation as well as the Fortune 500.
The leadership side of my role at Rural Sourcing has me building cohesive teams, strategies growth of team skills and competencies, managing work life balance for the team, and strategies to grow the security practice for the organization.
Network and infrastructure security
• Vulnerability scanning with Nessus, Nexpose and Metasploit
• Penetration testing to ensure patches and fixes secure the vulnerability
• Patch and update management
• Log analysis with HIDS and NIDS using Snort and OSSEC
• Making sure web servers and web site are PCI compliant
• Firewall and VPN configuration and support
• PKI and authentication
• RADIUS and wireless authentication support
• End user education and security awareness training
• Data encryption and decryption
• Network switching and routing
Managing the hardware and infrastructure team who provide end user support, workstation break fix and server configuration tasks.
• Support ticket priority
• End user satisfaction and SLA's
• Root cause determination
• QC verification
• Ensuring issues are tracked and fixes are documented
• Recurring issue trending and elimination
System and Server Administration –Including everyday tasks, troubleshooting and configuration.
• IBM AIX 5.3
• Windows Server 200x
• Linux (includes Red Hat, CentOS, Fedora, and Ubuntu)
• Windows XP through Windows 8 / Mac OS X
• Email server configuration and support
• Google Apps support
• Network services support
• Ensure change impact is properly assessed
• Ensure changes are scheduled to minimize impact
• Ensure changes can be rolled back if needed
• Ensure changes are relayed to the company and expectations are managed
• Document and track all changes in the event future related issues occur
Business Continuity and Disaster Planning
• Ensure back ups are available and functional
• Ensure servers have fail-overs and test quarterly
• Assess and maintain redundant power in NOC
• Offsite backup storage and management
• Maintain on call rotation
• Assess and maintain recovery time objectives and recovery point objectives
Job Titles Held: