| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate
Candidate's Name
Street Address Cell: PHONE NUMBER AVAILABLE EMAIL AVAILABLE
Over 20 years of experience with security strategy and policies, information security operations and management, computer forensics, expert testimony and compliance. Possess excellent presentation and communications skills with extensive experience developing and managing Enterprise Network Design, Network Security, Migration and full lifecycle implementation of information security programs.
Information Security Operations Management and Program Development: Established new information security programs where information security management did not exist. Established leadership, risk based management as well as trained staff for Bank of America, RR Donnelley,The Warranty Group, Falkor Group LLC and for clients of Project Leadership Associates.
Information Security Forensics and Remediation: Consulted with numerous firms and companies by performing data forensics relating to hacking, industrial espionage, trade secrets and data theft through Project Leadership Associates. This support included efforts up to and including prosecution and criminal charges. Lead to many favorable decisions for his team. Has even advised on case strategy.
Leadership: Consistently trusted with high profile projects involving stake holders at C level, President or Partner level for Bank of America, RR DonnelleyThe Warranty Group, Falkor Group LLC and for clients of Project Leadership Associates, ranging from a very public project involving Microsoft up to boardroom presentations.
EDUCATION
BA, Communications
Western Illinois University Macomb, IL, 1985
Electronics Technology
DeVry Institute of Technology Chicago, IL, 1991
CERTIFICATIONS:
Certified Information Security Systems Professional (CISSP)
Tripwire Enterprise 5.2, 2006
Microsoft Certified Systems Engineer (NT 4.0)
Microsoft Certified Professional + Internet Technologies
Certified in Adult Instructional Techniques
Qualysguard
CLE Accredited Speaker 2005
PROFESSIONAL EXPERIENCE:
Bank of America September 2012- Present
Bank of America Corporation (Nadaq BAC) through its subsidiaries, provides various banking and financial products and services to individual consumers, small-and middle-market businesses, institutional investors, corporations, and governments in the United States and internationally. The company s Deposits segment provides traditional savings accounts, money market savings accounts, CDs and IRAs, and noninterest-and interest-bearing checking accounts, as well as investment accounts and products. Over 272,600 employees worldwide
VP Information Security Specialist Threat Management Program Lead: May 2016 - Present
AVP Information Security Specialist, Control Gap Remediation Team: October 2015 - May 2016
AVP Information Security Specialist, Control Gap Remediation Team: March 2014 - October 2015
Contractor: September 2012-March 2014
Responsible for North America, Latin America, Asia and Europe .Reports to Senior Vice President of Global Information Security.
As a Vice President Information Security Specialist
, duties included:
Targeted Threat Assessment
Risk and Vulnerability Management
Root Cause Analysis
Policy compliance audits
Develop Policies and Procedures
Policy and Standard review
Developed training process of new hires
Develop and onboard new remediation efforts
Application reviews
Work with line of businesses to insure identified security issues are remediated
Access Control remediation
Red Team remediation
Managed 6 direct reports
Hunt Program
R.R. Donnelley Corporation January 2012- September 2012
RR Donnelley (Nasdaq:RRD) is a global provider of integrated communications. The company works collaboratively with more than 60,000 customers worldwide to develop custom communications solutions that reduce costs, drive top line growth, enhance ROI and ensure compliance. Drawing on a range of proprietary and commercially available digital and conventional technologies deployed across four continents, the company employs a suite of leading Internet based capabilities and other resources to provide premedia, printing, logistics and business process outsourcing services to clients in virtually every private and public sector. Over 58,000 employees worldwide.
Information Security Investigations Manager
Responsible for North America, Latin America, Asia and Europe .Reports to Director of Information Security with a dotted line report to the CISO. As part of IT Governance has created company cloud standards and controls. Represents IT governance in acquisition integrations. Security reviewer for change management committee.
As Information Security Investigations Manager, duties include:
PCI and Sox Compliance
Risk and Vulnerability Management
Acquisition Integration audits
Document classification and labeling
Encryption Planning and procedures
Policy compliance audits
Vendor Assessments
Cloud Compliance controls
Develop Policies and Procedures based on NIST framework
Policy and Standard review
Intrusion Prevention
Incident Response planning
Access Control planning
Computer Forensics
Internal Investigations
The Warranty Group June 2008 January 2012
A wholly-owned business of ONEX Corporation (a $36 Billion [USD] Canadian firm), the Warranty Group is the world s premier provider of extended service plans and related benefits, with operations in 33 countries and 2300 employees. By providing underwriting, claims administration, compliance and marketing expertise, The Warranty Group is a 40 year-old single-source solution for manufacturers.
Global Information Security Operations Manager
Responsible for North America, Latin America, Asia and Europe Worked with CIO and CRO to design and implement processes and procedures that were lacking for Sox compliance. Designed data classification plan, policies and procedures with data leakage prevention, obtained CRO sign off and the plan is moving forward. Formed and chair Policies and Standards committee which consists of bimonthly meetings with Legal, HR, Infrastructure, CRO and CIO. Review and approve all network and application roll outs, leading PCI compliance project working with both IT and the business units.
As Global Information Security Operations Manager, duties included:
PCI and Sox Compliance
Risk and Vulnerability Management
Development of Security Program
Work with line of business to insure security issues are remediated
Encryption Planning and procedures
Policy compliance audits
Budget Planning
Develop Policies and Procedures
Policy and Standard review
Intrusion Prevention
Data Leak Prevention
Incident Response planning
Access Control planning
Computer Forensics
Internal Investigations
Manage 2 direct reports
CONSULTING EXPERIENCE May 2007 February 2008
Falkor Group LLC
The Falkor Group was founded in 2002 to provide the businesses of Chicago with robust affordable options to solve their Information Technology Challenge. Acting as the customer's Technology Pathfinder, Falkor Group offers a complete suite of services that includes Infrastructure, Applications Development and Security Consulting Services to provide valuable solutions to any technology challenge they may encounter.
Reason for leaving: Separated as the business model changed resulting in rifs.
Security Practice Manager
Championed and created new Information Security and E-discovery services practices for the Falkor Group. Designed brochures and samples for each service; prepared detailed SOW documents for all prospective engagements. Wrote up analyses of client RFPs; determined scope, man hours, etc.; developed all proposals reports for prospective client RFPs/deliverables and as well as was the security SME/technical resource during client presentations them. Went out on sales calls to assure clients would have good understanding of our firm s range of security offerings. Clients we engaged ranged from Fortune 1000 and 500 clients.
As a Security Practice Manager, duties included responding to client RFPs for solutions with roadmaps and documentation for the following issues and requests:
Develop Services and Deliverables
Risk and Vulnerability Assessments
Penetration testing
Document classification and labeling
Encryption Planning and procedures
Profit and Loss
Policy compliance audits
BCP Planning
Network Vulnerability Scanner as well as Set Scanning guidelines
Intrusion Prevention
Data Leak Prevention
Incident Response planning
Access Control planning
Computer Forensics
Expert Testimony
Speaking engagements
Project Leadership Associates, Chicago, IL January 2004 May 2007
Project Leadership Associates (Project Leadership) is a business and technology consulting firm that empowers small, middle market and enterprise organizations with services across four core solution groups: 1) Strategy & Execution, 2) Business Operations, 3) Applications, and 4) Infrastructure. Consistently ranked among Crain's Chicago Businesses' Fast 50 and Everything Channel's CRN Fast Growth 100 List as an annual recognition of our growth, performance, and for maintaining profitability since its' founding in 1998.
Reason for leaving: Recruited to create a new Information Security Consulting Practice.
Employee: Senior Security Consultant
Engaged with either C-level or Partner-level client management on high level projects; consistently increased revenues by building client confidence with reliable and honest service. Created new computer forensics practice and assisted in building it up. Served an expert security witness for all the top law firms in the city; his testimony was presented for some very high profile intellectual property theft cases. Entrusted to conduct investigations on board member, judicial and even government owned computers. Spoke at the Bar association and many of the top law firms on the subject of computer forensics.
As a Senior Security Consultant, duties include:
Risk and Vulnerability Assessments
Penetration testing
Document classification and labeling
Encryption procedures
Policy compliance audits
Set guidelines for Physical as well as Application Security
Network Vulnerability Scanner as well as Set Scanning guidelines
Secure centralized logging for all servers
Patch management system for all servers
Incident Response planning
Access Control planning
Computer Forensics
Expert Testimony
ARC (July 2003 January 2004)
Client: ComEd an Exelon Corporation
Information Security Management Consultant
Worked with upper management to ensure that new third party product implementation met compliance standards. Designed processes and procedures for NERC standards and met with the power plants managers to insure proper security was used during implementation.
As a Information Security Management Consultant, duties include:
Risk and Vulnerability Assessments
Document classification and labeling
Encryption procedures
Active Directory security policies
Set guidelines for Physical as well as Application Security
Network Vulnerability Scanner as well as Set Scanning guidelines
Secure centralized logging for all servers
Patch management system for all servers
Logging Audit levels for Windows 2000 and Tru64 servers
Access Control planning
Ciber Inc (June 2002 May 2003)
Client: Wisconsin Dept. of Corrections
Information Security Management Consultant
Reported to the DOC s equivalent of a CIO; and selected to lead this year long project to design and implement an effective security program with existing staff and a small budget to purchase needed technology. Trained the staff to follow the proper processes and procedures to be compliant with the state-mandated audits and the project was measured as a success due to improved security stature and audit results. Most of the processes that were put into place are still currently being used. As an Information Security Management Consultant, duties include:
Performed Risk and Vulnerability Assessments
Designed new security architecture
Created Stronger Password Policies
Created High level Security Policies
Evaluated and Deployed Intrusion Detection System
Set Server Hardening guidelines
Set guidelines for Physical as well as Application Security
Implemented Network Vulnerability Scanner as well as Set Scanning guidelines
Established secure centralized logging for all 300 servers
Implemented Patch management system for 10000 users
Setup Security for DMZ
Deployed SMS 2.0
Deployed multilayered Antivirus protection
Trained Security Personal in Network Forensics
Conducted Forensic Investigations
Conducted Security Audits
PC Help Services (December 2001 April 2002)
Client: Laidlaw Educational Services
Technical Analyst
As a Technical Analyst, duties include:
Lead Network Project in Deployment of the new Microsoft SharePoint Portal Server, Content Management Server and .net server
Created solution offerings including Security Analysis & Remediation, Network Analysis & Design, Network Administration & Support, and Implementation Services
Responsible for client engagement coordination, technical quality assurance of all project deliverables, solution design review, pre-sales engineering and support, vendor management, and hardware and software procurement
Developed Network Security Guidelines adopted by corporate as standard operating procedures for 14000 user environment.
Developed internal technical resources, standards and procedure to facilitate communication between resources and clients
Reviewed security procedures ensuring knowledge of updates and support for current vulnerabilities, implementing patches as required and approved.
Upgrade server from Encompass resolution server to Microsoft CMS
Responsible for training help desk and Network Administrators
Write up all install and training documents
Ecreativesearch.com (January 2001 August 2001)
Permanent Employee
As a Network Director, duties included:
Managed all facets of a 50 user LAN/WAN Windows 2000 network, software installation, TCP/IP configuration, hardware upgrade, and troubleshooting
Created Security Policies
Secured Web Servers
Audited Security logs
Setup file integrity checking for web servers using tripwire
Scanned Network for Vulnerabilities
Implemented Checkpoint Firewall 1
Managed PIX Firewall
Acted as liaison for corporate technical project teams and operators
Monitored network resources
Designed and implemented Active Directory
Configured new devices
Enabled LAN/WAN interconnectivity
Deployed anti-virus software
Loaded client applications
Built user groups
Established network permissions
Created logins and scripts and user support as well as phone support for remote users, P&L responsibility
Designed Architecture for new Website
Setup and designed NAS for media dept. video storage
Managed and maintained Exchange 5.5 server
Technium Inc. April 1998 January 2001
Senior Technical Analyst/Practice Manager
Primarily
As a Senior Technical Analyst/Practice Manager, duties included:
Acted as Windows 2000 Practice Manager
Conducted Security Seminars and Training
Gave technical briefings to clients and consultants
Setup Intrusion Detection Systems
Created service offerings and technical mentoring for NOS team members
Conducted training classes and workshops for consultants and sales staff
Provided consulting services to clients, which ranged from Network Migrations to Web Site Architecture
Managed a 180+ user multi-protocol Windows and Novell operating systems
Established and configured Windows NT 4.0 and 2000 with TCP/IP and DNS
Installed, configured, and managed all software and hardware across the multi-file server LAN
Migrated network to Windows 2000
Implemented Active Directory
Project lead for Windows 2000 Pre-deployment Planning
Assessed entire hardware and software inventories and total cost of migration
Planned out redesign of WAN with Network engineering for upgrade
Set up test lab duplicating Workstation and server environment
Planned Active Directory structure
Designed Infrastructure for new web site
Exampled as a case study model of a textbook MSF deployment by Microsoft
Designed an unattended install compatible to 10 different types of workstations
Wrote FDA IQOQ docs that would test setup for FDA compliance
Project lead on a NT 4.0 desktop and Server migration
Customized applications to work on multiple platforms
Managed network engineers to successfully deploy the applications
Provided 3rd level support for network engineers in the field
Created and maintained extensive documentation used in the project
Supported and troubleshot software profiles
Scheduled deployments and migrations
Tested software and production environment
Institutional Capital April, 1997 April 1998
Network Manager,
Planned and implemented migration from Novell 3.11 to Windows NT 4.0
Server based network.
Upgraded Mail System from MS Mail to Microsoft Exchange 5.0.Implemented T1 with Bay networks Instant Internet.
Established tape backups using Cheyenne ARCserv.
Planned cabling for office build out.
Implemented Lucent Technologies Message Manager.
Successfully trained office in the use of all new applications.
Managed Budget and handled Vendor bids
RHI Consulting February 1995 April 1997
Client: Help Desk Technician/Project Leader
As a Help Desk Technician/Project Manager, duties included:
Worked on a Netware 3.12 to NT 4.0 migration
Performed software and hardware upgrades
Tested Network Vulnerabilities
Performed Security Audits
Monitored Security Logs
Wrote Security Policies
Implemented new help desk package
Redesigned Network to NT 4.0 environment
Wrote install script
Built and setup test lab
Trained deployment team
Kanga Inc. October 1992 February 1996
Technical Analyst
As a Technical Analyst, duties included:
Converted workstations from Macs to PC
Installed applications
Set up peer-to-peer network
Assisted with IIS 4.0 implementation
Set up Antivirus software
Earlier Employment 1985 - 1992
SOFTWARE:
BackOffice Suite
Backup Exec
Cheyenne Arcserve
Citrix/Metaframe
Fastlane Migration Suite
Ghost
LAN Escort
Norton Antivirus Corporate Edition
Octopus
Picture Taker
SMS 2.0
SQL 6.5/7.0/2000
Office XP
OPERATING SYSTEMS:
IIS
Linux Netware 3.x/4.x/5
Unix
Mac OSX Windows NT 4.0/2000/2008 Server/Advanced Server
XP/2003/2008/7
SECURITY SOFTWARE/HARDWARE
Lan Guard
Arcsite
ISS
Guardian
Retina
IRIS
Cisco IDS
Nessus
Superscan
Websense
Splunk
Juniper IPS Cisco Pix
Checkpoint Firewall 1
PKI
PGP
Enterasys Dragon
Trip Wire
Metasploit
Nikto
Nitro Security
HP Webinspect
Tennable Security Center
Symantec Endpoint Protection
Bright Mail Encase Forensics Edition/Enterprise
The @ stake Sleuth kit.
Snort
L0pht Crack
Paraben
FTK
Languard
Safend
Core Impact
Appdetective Pro
Qualysguard
McAfee EPO, Hercules, Policy Auditor, Safeboot
|
