Information Security professional with over 15 years of experience with developing and implementing a broad range of IT security and risk management initiatives to support business objectives
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Security Controls (CRISC)
Strong collaborative skills
Strong analytical skills
Developed and implemented security program for large Federal IT organization
Senior Information Security Analyst April 2011 to CurrentMedImmune, LLC － Gaithersburg, MD
Develop and implement the IS risk management program to move the organizational level of risk to meet the risk appetite of the CIO
Collaborate with IT functional managers to identify risks, develop treatment pans and monitor progress towards plan implementation
Lead the implementation of the vulnerability management program
Assist stream leads with successfully fulfilling their requirements for proper patch management
Manage the process of soliciting and selecting vendor for the 2011 third party enterprise wide vulnerability assessment
Supervise vulnerability assessment contract staff and all activities related to the assessment
Collaborate with MedImmune technical teams to develop and implement remediation strategies to address identified vulnerabilities
Create and implement the MedImmune Incident Response process
Create and maintain security compliance modules in Qualys to ensure IT resources comply with MedImmune policies and industry best practice Provide security representation on projects.
Alternate Information Systems Security Officer July 2009 to April 2011National Institutes of Health － Bethesda, MD
Member of multiple NIH wide security committees that are responsible for security policy, engineering and implementation of security initiatives throughout NIH Co-chair NIH Information Technology Management Committee Infrastructure and Operations Subcommittee Mobile Device Management Working Group charged with refining requirements, evaluating products and recommending an NIH-wide mobile device management solution Member of the NIH Security Engineering Working Group's ArcSight Standards Committee charged with developing the network model, naming conventions, access groups, permissions and other standards in preparation for the NIH wide deployment of ArcSight Certification and Accreditation (C&A) Program Manager responsible for developing and implementing a security compliance program that meets the needs of the Clinical Center and complies with NIST, HHS and NIH requirements Created compliance matrices, performed gap analyses and conducted resource planning to identify C&A program requirements and develop.
Vice President March 2005 to July 2009PatchAdvisor, Inc － Alexandria, VA
Co-Owner and member of the Executive Team charged with managing and growing a small IT security product and professional services company Provided overall guidance and direction for all PatchAdvisor operational activities Provided consulting services to clients in all areas of IT security including security audits, risk assessments, security architecture review and design, security program review and design and security policy, process and procedure review and design Assisted with developing the Measures of Effectiveness program that provides Federal clients with security audit data to both meet Federal regulatory requirements and identify the effectiveness of their existing security programs Provided project management for professional services engagements including coordination of all activities from kick-off through close out, managing client expectations, scheduling and logistics, management of on-site staff, quality assurance of all deliverables and ensuring client satisfaction throughout the engagem.
Information Systems Security Officer March 2002 to March 2005Sytel, Inc Office of Research Services － Bethesda, MD
National Institutes of Health Member of the IT Management team charged with developing and managing a comprehensive security program for the Office of Research Services that provide central service support to the entire NIH community Advised and collaborated with ORS CIO, Information Technology Branch Chief and ORS IT Architect to develop a technical security architecture based on a defense in depth strategy Advised and collaborated with business leaders and IT personnel from Divisions within ORS to devise appropriate mitigation strategies based on industry best practices, level of risk and cost-benefit analysis Developed, implemented and monitored compliance with security policies, processes and procedures Developed and implemented a Certification and Accreditation (C&A) program to ensure compliance with Federal IT security requirements Developed and implemented perimeter protection, vulnerability management, incident response, configuration management, security patch and secure storage programs Wrot.
Security Engineer January 2001 to March 2002Network Associates, Inc － Rockville, MD
Provided Tier 3 support for the NAI world-wide organization for all of the PGP product lines: Gauntlet, Cyber Cop and PGP Team lead for all projects and issues involving VPN, PKI and the PGP suite of products Trained and educated lower tier support engineers in all facets of technology and security necessary to support the PGP product lines Created and reviewed Technotes available to lower support tiers to provide detailed technical discussions about particularly difficult support cases Created and reviewed Primus Documents available to clients and lower support tiers to assist with resolving common problems, increase call deflection and speed call resolution Performed periodic reviews and updates of all escalation requirements Created and led internal training on all PGP products Co-author of the Who We Are document describing the distinct roles, responsibilities and individuals that make up the Backline Support team Co-drafted the Backline Staffing Methodology that enumerates and qualifies the uni.
Managed Data Network Services Security Engineer May 2000 to January 2001Qwest Communications － Arlington, VA
Project Manager for implementation of corporate monitoring of all firewalls Engineering lead in partnership development with ISS to bring Managed IDS offering to Qwest Constructed, installed and provided support for Checkpoint VPN-1/Firewall-1 systems Provided network analysis and assessment for implementation of client firewalls in Qwest Cyber Centers and on client networks Assisted Qwest Network Engineers in secure network design Designed firewall rule bases to conform to client requirements and offered recommendations for rule base improvement Troubleshooting of networks and firewalls during remote installation and to assist with client escalations Managed 150+ firewalls using Checkpoint's Provider 1 software Provided assistance to clients and Qwest Network Engineers 24x7 in emergency situations.
Information Systems Coordinator May 1998 to May 2000George Washington University
Evaluated and implemented commercial and free security tools across the enterprise Performed internal network and OS vulnerability assessments using commercial and free assessment tools Monitored network utilization and security across backbone network and through multiple entrance and egress points Monitored white hat and black hat sites for news, exploits, vulnerabilities and tools Provided training for other IS Coordinators and GWU Staff in network and system security, troubleshooting, support and administration Provided escalation support for departmental administrators and the university helpdesk on all manner of problems from network troubleshooting to desktop support Assisted in the growth and support of a 10,000 node, 25,000 user university network built with a heterogeneous ATM backbone with both Ethernet and ATM attached clients.
Bachelor of Arts : Political Science, 1993The American University － Washington D.C.
Certifications and Professional Awards Featured industry speaker at SC Magazine Health Care Roundtable December 2, 2010 Author of 2 articles for SC Magazine for their From the CSO's Desk series in 2011 2010 NIH Office of the Director Honor Award recipient as member of the NCAT Team Certified Information Systems Security Professional (CISSP), (ISC)2 GIAC Security Essentials Certification (GSEC), SANS Institute Certification and Accreditation Professional (CAP), (ISC)2 Clearance Level Top Secret Vi