Summary




Seasoned information security professional with over 20 years of diversified industry and corporate experience. Consulting, project management and technical and awareness training in the information security and networking arenas. Large enterprise experience, Estee Lauder Companies, Accenture, Microsoft, NCR, Verizon, Time Warner, Department of Defense, Network Warfare Command and Walt Disney World. Well versed in risk management, security awareness, vulnerability assessments, security policies/standards, governance HIPAA, GLBA, Sarbanes-Oxley, Visa/CISP/PCI, DITSCAP/DIACAP, NIST and ISO . Designed and delivered CISSP Boot camps, SCNP, CCNA, MCSE and Security + training classes in the corporate environment and academia. experience in security management practices, auditing, access control, cryptography, database encryption, network security, operations security, physical security, business continuity, disaster recovery, legal/compliance and applications security.


Achievements

Member of Information Systems Audit and Control Association
Member of the Institute of Internal Auditors
Member of the Information Systems Security Association
Member of the BDPA Information Technology Thought Leaders
Served as Education Chair for the Charlotte Chapter of the ISSA .
Served as Subject Matter Expert SME for the creation , design and review of the Comptia Security+ Certification exam .
Designed and architected n-tier eInfrastructure for Accenture.com and internal company portal .
Served as the President of the BDPA-Information Thought Leaders for over 2 years . A not-for-profit agency , the BDPA s mission is to provide targeted youth with access to specialized computer programming technologies .
Delivered Networking and Information Security Seminars and Workshops to various organizations , the North Carolina Computer Instructors Association , BDPA-Information Thought Leaders and ITC Conference
Technical editor for the several network and info security publications/Textbooks
Designed online Network Security Training for the State of North Carolina .
Selected by peers of over 20 instructors as the Program Chairperson of the Network Administration at Central Piedmont Community College .
Member of Information Systems Security Association ISSA , Computer Security Institute CSI , Microsoft Alumni Association , Accenture Alumni , Charlotte Chamber of Commerce , Independent Computer Consultants Association , BDPA-Information Thought Leaders , North Carolina Computer Instructors Association
During 9 years in the United States Air Force was promoted through every rank up to Technical Sergeant . Specialized in Administrative Systems . Held top secret security clearance .
Achieved Bachelor of Science in Management Information Systems from the University of Tampa while enlisted in the USAF .
rEFERENCES AVAILABLE UPON REQUEST
Seasoned Information security professional


Employment

November, 2007 -  November, 2008
Program Manager

Worked directly for the Chief Compliance Officer/Global Vice President of Risk Management to plan, design and implement a Global Security Awareness program for over 28000 employees, contractors and vendors. The program spans the US and over 135 countries and multiple languages.

Achieved regulatory compliance by implementing the corporate security awareness program
Developed comprehensive security awareness strategy
Designed and conducted executive and employee awareness needs assessment
Composed several security awareness articles

Designed computer based training for Employee orientation and an annual refresher training
Implemented laptop security program company-wide

Designed and delivered Security Policy/Standards training
Implemented information security awareness intranet site
Worked closely with HR, CSIRT, PCI compliance, SOX and application security to improve security awareness for targeted groups

Arranged security awareness activities for company events
Composed articles and whitepapers to help inform employees about various awareness topics
Planned, implemented and orchestrated corporate security awareness campaigns and security awareness day

July, 2007 -  July, 2007
Consultant

Delivered intense training to prepare for the Certified Information Systems Security Professional CISSP exam.

Training consisted of a 5 day intense boot camp covering all information security domains, : Security Management Practices, Access Control, Security Models and Architecture, Physical Security, Telecommunications and Network Security, Cryptography, Disaster Recovery and Business Continuity, Law, Investigation and Ethics, Applications and Systems Development, Operations Security.
To support theory, practical examples are given, the use of security tools for intrusion detection, password cracking, cryptography, assessment, auditing, forensics, exploiting and wired and wireless penetration testing.
Provided network security consulting services to small and mid-sized businesses
Provided thought leadership and mentoring to aspiring information security professionals

October, 2006 -  October, 2007
Project Coordinator

Designed information Security Awareness Program for IT personnel and executive management. Various delivery methods is used, classroom, online CBT, PowerPoint and video.
Worked with project teams to ensure security was built and architected in application early in the life cycle.
Designed, tested and implemented secure communications for internal point of sale systems to comply with PCI regulations. Architected secure tunneling solution for legacy systems that were not SSL enabled.
Created virtual test lab environment using vmware to architect and test information security solutions.
Provided information security consulting to application project teams to ensure projects were in compliance with applicable policies and regulations.
Collaborated with internal team to design risk management processes for the enterprise. This included risk assessment, application security questionnaire, business impact analysis, security policy exceptions and periodic monitoring requirements.
Ensured credit card systems were built and operated in compliance with Information Security Policies and Payment Card Industry PCI regulations.
Architected enterprise multiplatform secure file transfer solution
Outlined the information security controls, testing and evaluation requirements for the Systems Security Development Life Cycle. SSLDC

February, 2006 -  February, 2006
support

Capability to analyze complex IA problems and issues and recommend solutions that impact the enterprise communicate with senior management, both orally and in writing.
Responsible for oversight of DOD IA policy and regulations.
Provide Information Assurance support in accordance with current DOD policies for IA and IA related matters and with appropriate public law, National Institute of Standards and Technology NIST, industry best practices and Defense Information Systems Agency DISA guidance. Additionally, perform the following : Assist and conduct compliance reviews and IA audits.
Perform IA risk assessments and make risk mitigation recommendations.

Identify residual risks and risk profiles
Prepare and maintain policy guidance and handbooks.

Develop and maintain IA training plans.
Assist in DeCA and DOD reporting requirements.
Assist in obtaining accreditations.
Perform Security test and evaluations in accordance with DITSCAP/DIACAP/FIPS/DISA

Prepare DITSCAP certification and accreditation documents.

Perform certification official duties.

March, 2005 -  March, 2006
Information Security Team Lead

Composed Information Security framework, policies, standards and procedures
Created Computer Security Incident Response Team CSIRT, standards and procedures
Designed Security System Development Life Cycle SSDLC, risk assessment, vulnerability analysis, security questionnaire and security review
Ensured compliance to VISA/PCI, SOX and ISO
Managed Payment Card Industry PCI compliance audit
Report directly to the Director of Enterprise Security
Instructed and prepared colleagues for CISSP exam

Accepted position as Director of Education for the local ISSA Chapter
Lead team to create the network security section of the Generally Accepted Information Security Principles GAISP through the ISSA

June, 2004 -  June, 2005
Information Security Officer

Functions through the Chief Information Officer Infrastructure and Dedicated Teams to provide security resources to the business units.

Acts as a dedicated security resource to help educate and support the business units on security controls and standards ; establish security checkpoints in business unit processes ; facilitate ongoing compliance monitoring and security oversight ; and provide security consulting to projects using the Information Security methodology : Risk Assessment, Security Analysis and Reviews, Physical Site Surveys, Disaster Recovery Planning, Access Controls, Compliance Monitoring and Vulnerability Analysis. Delivered Network Security Awareness Training to Wachovia employees.

January, 1999 -  January, 2004
Technical Trainer/Chief Architect

Provide consulting and training on all aspects of today s computing environment, Network Security design and implementation, security audits, intrusion detection and prevention, installation and maintenance of high-speed Internet access, corporate servers and software applications, on-site and remote support. Projects completed on time, in budget and with the expected results and benefits.

Employ skills obtained over 16 years in computer industry to clients like Microsoft, Accenture, NCR, Blue Cross/Blue Shield, Compuserve, MCI, World Bank, Gannett, Northrop Grumman, XLconnect, Smith-Klein-Becheem, Cigna, Regions Bank, JC Penny, Kmart, Walmart, AT and T, Alex Brown and Sons, Fidelity, Techtrain, New Horizons, GTE/Verizon, Sears, Phillip Morris, Belk s

Provide training for clients, CISSP, CCNA Boot camps, MCSE training, Security+ and SCNP.

CISSP
Fast-Track Boot camp, CCNA Boot camp, Cisco Systems CCNA Networking Academy, SCNP Hardening the Infrastructure, SCNP Network Defense and Countermeasures, Microsoft Windows 2000 Pro/Server, Microsoft Windows XP, Microsoft Windows Network administration/Infrastructure, Comptia Security+, Comptia Network+

Recent CISSP Fast Track Training delivered to : Navy Network Warfare Command, no Creek Naval Base, Va. Harrisburg Area Community College, Harrisburg, Pa ; System Computer Training, Carlsbad, Ca ; New Horizons, Tucson, Az ;, CESC-Hartford, Ct ; ESI, Virginia Beach, Va. Knowledgy Computer Training, Falls Church, Va

January, 2002 -  January, 2003

Advised Director of Information Technology of critical issues facing the IT Department and worked closely with the Faculty on instructional and personnel matters.
Responsible for overseeing general operation of the Network Administration Program and the Cisco Networking Academy through staffing faculty, creating class schedules, maintaining networking labs, designing/updating curriculum and designing/selecting up-to-date courseware for the program.
Developed and implemented job performance review and goal-setting process.
Reviewed Networking and Information Security Textbooks and Lab manuals.

Acted as Subject Matter Expert for Comptia s Security+ Certification exam and took part in the creation of the exam questions. http://www.comptia.org/certification/Security/sme.asp)
Took a leadership role in getting instructors developed and certified in new technologies.
Main Contact for the Cisco Networking Academy with Instructor Steering Committee and Instructor Development Network.

August,  -  August, 2001
Technical Instructor

October,  -  October, 2001
Project Manager/Network Security Consultant

Worked closely with and supervised Information Technology organization to build secure infrastructure and Operation architecture for Accenture.com. This included Microsoft Windows 2000 Advanced Server, Active Directory and Clustering, Load Balancing, Application Center Server 2000, Storage Area Networks SAN, N-tier architecture, Fiber Channel, SQL, Exchange, CISCO routers and Information Security and Acceleration Server ISA Server etc.

Acted as Project Manager over Technical Infrastructure and Operations Architecture team in the overall design of an n-tier, Microsoft .NET network and security architecture for the Accenture Corporate Portal. Effectively managed projects, budgeting, deadlines, deliverables, staff, training, risk management, change management, project reporting
Managed and owned Operations Architecture and Technical Infrastructure efforts and drove to meet milestones.
Managed Development and Execution Architecture teams to build secure infrastructure designs and sizing information to be used for building and testing production environments

Organized work efforts of the Infrastructure and Operations project team and ensure designs are in accordance with Accenture Net centric guidelines, scalability, security, etc.

Led Infrastructure and Operations team members by example in thoroughness and timeliness of work efforts
Ensure each architecture component is designed with overall project success in mind.
Designed infrastructure, security and built scalability lab using Microsoft. NET server architecture and Compaq hardware to allow client system security and application testing.

Drafted Windows 2000/Active Directory proposal and initial design work for Phillip Morris

September, 1999 -  September, 
Technical Trainer

September, 1997 -  September, 1999
Senior Consultant

Acted as project manager for the planning, installation and configuration of Internet capability in condominiums, apartment complexes and hotels using existing Telco lines. Managed cabling and wiring vendors to lay cable according to specs. Interfaced with property management personnel to achieve established goals.
documented NT network by creating design, domain, TCP/IP-DHCP and top level drawings with Visio 5.0 Professional
Installed configured Internet Information server, Proxy server, SQL, Exchange and CISCO routers.
Composed Year 2000 scripts, test plans and tested corporate applications for Y2K compliance, assessed equipment in need of Y2K remediation
Designed workstation images and rolled-out over 600 desktop and laptop machines with new, Y2K compliant Hardware, BIOS and Applications
Designed fault tolerant or fail-over systems using NCR 4300 series servers and Lifekeeper for large retail customers guaranteeing 97.5% uptime
Configured Symbios RAID and Disk Mirroring systems, Designed and developed network implementations using Windows NT 4.0. Experienced in Windows NT Server, Windows NT Workstation, SQL and MS Clustering server.

Acted as project manager for large account pre-sales/post-sales activities

November, 1995 -  November, 1997
Premier Enterprise Support

Architect large-scale BackOffice client/server solutions and acted as project manager for implementations and roll-outs at strategic enterprise accounts
Managed projects for Fortune 500 clients to implement Microsoft large-scale network solutions
Provided account and escalation management for Microsoft premier support issues. Conducted research and provided consulting support for Premier customers.
Acted as Project Manager. for Premier customers to interface with various Microsoft groups, BackOffice Support, Enterprise Support Systems, SMS, SQL, Desktop Systems, Application groups, Microsoft Consulting Services and Product Development.
Major accounts included : World Bank, Gannett Corp., Smith-Klein Beecham, Xlconnect Solutions, Independence Blue Cross, Northrop Grumman, Alex Brown and Sons and Cigna

Enterprise Network Support Engineer or NT - Enterprise Support Systems
Provided telephone support for Fortune 500 MS Premier Customers using Windows NT Workstation, Server and LAN Manager. This included all facets of Networking, routing, bridging, protocols, replication, name resolution, Unix interoperability, NetWare interoperability, MAC interoperability, Fault Tolerance, Exchange, Setup and Installation, Printing, H/W compatibility, software compatibility, registry editing, performance monitoring, capacity planning.
This support was provided in Business as Usual and Server down Hot Site situations.
Dispatched to customer hot sites to solve critical problems that could not be accomplished over the phone.
Designed and maintained intranet website for team

Technical Trainer - New Horizons Charlotte NC, 1/96 or 96
Instructed Microsoft Word, Powerpoint, Publisher and Access office

September, 1992 -  September, 1993
Technical Trainer

June, 1988 -  June, 1995
Senior Systems Analyst

Senior Systems Analyst Training and Documentation - Systems Training and Documentation

Acted as project manager/leader on several medium to large scale projects, : Client/Server system integration team, Budget System Implementation, Computer-based Training CBT development team, internal applications implementation Team, Corporate network printer deployment, software testing, systems development, LAN software standardization and administration
Managed cross-functional groups to implement and support systems nationally
HP-UX, AIX, IBM RISC 6000, installation, system administration, networking, operating systems, middleware, RAID 1 and 5, fault tolerance, logical volume management, Informix, ARPA services, kernel configuration, TCP/IP protocol suite, Print spool management, NCD Terminals, modem pools

Designed and delivered implementation training to GTE Budget Administrators nationwide.
Developed on-line CBT applications using Authorware ? and IconAuthor Object Oriented CBT development environment.

June, 1988 -  June, 1990
Technical Trainer

August, 1987 -  August, 1988
Technical Trainer

Instructed DOS, dBase, Lotus, Data Communications and Word Processing courses to GTE staff and management employees.

January, 1988 -  January, 1988
Technical Trainer

May, 1987 -  May, 1987
Manager

Managed large-scale IT projects for the college administration.
Acted as liaison between Data Processing and college administration users

Education

Training

Certified Information Systems Security Professional CISSP ; Microsoft Certified Systems Engineer MCSE , CompTIA Security+ Certified , Cisco Certified Network Associate CCNA and Cisco Certified Academy Instructor CCAI


Course Work

Administrative Supervisor - USAF International , 7/78 4/8
Operating Systems : Windows 2000/2003 Server Administration , Active Directory , Windows XP , Windows NT , Linux , Windows 98
Cryptography : IPSec , Kerberos , SSL , SSH , Digital Certificates , PKI , PGP , Symmetric and Asymmetric Encryption , Smart Cards , Biometrics , VPNs , PPTP , Digital Signatures , Message Digest , Secure Signed Format , Hashing
Security Tools : BlackWidow , Snort , Cisco Configmaker , Crack , Dumpel , DumpSec , Ethereal , Forensic Toolkit , Fport , Ghost , IIS Lockdown , John the Ripper , Legion , Logcheck , L0pht Crack , Nessus , Netbus , Nmap , PGP , S-tools , Subseven , Superscan , TCPdump , ZoneAlarm , Blackice , Whisker , Snort , Windump , Winnuke , Snifferpro , Keylogger , Pestpatrol , VMware , dumpacl , dumpreg , vision , foundstone tools , Ad-aware , Sysinternals Tools , Etherpeek , Cisco Configurator , Netstumbler , Retina , Iris
Internet Servers : Microsoft Internet Information Server IIS , Microsoft Site Server , Microsoft Site Server Commerce Edition , Microsoft Application Server , Microsoft Operations Manager , Applications Center Server , Microsoft Operations Manager
Network Architecture : Microsoft Active Directory , IPSec , Virtual Private Networks , LDAP , DNS , DHCP , WINS , SAMBA , L2TP , IPX/SPX , Token Ring , HTTP , SMTP , NNTP , SendMail , NFS , PPP , IMAP , POP , SMTP , Frame Relay , ISDN
Network Hardware : Servers , Switches , Modems , Cisco Routers , CSU/DSU , Hubs , Compaq Servers , HP Servers
Network Software : Check Point Firewall-1 , SNORT , Microsoft ISA Server , Microsoft Proxy Server , numerous firewall packages , intrusion detection systems , vulnerability scanners , network sniffers and port monitors , Clustering , Fault Tolerance
Development Tools : Microsoft Front Page , Macromedia Dreamweaver , Macromedia Fireworks
Databases : Microsoft Access , SQL Administration
UNIX/Linux utilities : VI , TCP/IP , FTP , Telnet , SMTP , SNMP , IP Chains , System Administration , X Windows
Office Applications : Microsoft Office XP/2003 suite , Word , Excel , PowerPoint and Outlook
Enterprise Applications : Norton Ghost , SQL , Drive Image , Arcronis , Exchange , Virus Scanning , Port Scanning , Unattended Installation , Active Directory ,