Documente Academic
Documente Profesional
Documente Cultură
WORK EXPERIENCE:
Verizon Communications, Senior Member / Management
5/2007 - Present
Enterprise/LOB level primary authority for advice, consultation, and direction i
n all areas related to INFOSEC. Consult, plan and conduct security consultations
for internal and external accreditation projects. Recommend new revised securit
y measures and countermeasures. Provide technical guidance and advisement to tec
hnical specialists and engineers in areas such as security engineering lifecycle
, network communication, and systems development, and documentation. Specialize
d experience in analyzing, planning, designing, implementing, documenting, asses
sing, and managing the enterprise security structural framework; overseeing and
enforcing data security standards for protection of information systems; and rec
ommending appropriate security safeguards.
Accomplishments: - Established baseline system architecture against industry sta
ndards and best practices for audit and governance purposes. PCI DSS. - Introduc
e, oversee the security assessments for external third party applications, vendo
rs, and service providers. B2B. - Orchestrated major change and streamlined secu
rity practices and processes for B2C. Streamline and improve the security accred
itation review process.
Bank of America [CFC], Senior Security Architect/Engineer/Consultant
8/2006 - 5/2007
Subject matter expert concerning hacking technologies and team leader for the Ex
ploit Management Team [EMT]. Primary authority for advice and assistance in the
areas of security architecture, systems auditing, security tools, and all areas
related to INFOSEC. Conduct risk and vulnerability assessments. Responsibilities
focused on establishing and maintaining a successful information security compl
iance program;
Accomplishments: - Conducted gap analysis and inventory of system compliance and
implemented cross functional advisory committee. - Successfully proposed, imple
mented, and maintained 20+ security risk reduction programs with 100% mitigation
and resolution.
Computer Associates, Senior Consultant
8/2003 - 8/2006
Subject Matter Expert concerning network forensics investigations. Architected a
nd implemented forensic investigation practices. Conduct risk and vulnerability
assessments. Recommend new revised security measures and countermeasures to C-le
vel and senior management.
Accomplishments: - Performed investigations into network intrusions and access c
ontrol violations improving the investigative process. - Provided consulting, gu
idance and coordination to business units and departments on information securit
y. - Member and trainer for Rapid Response Investigation Team - Expert knowledg
e and of use of SILENTRUNNER, former NSA forensics toolkit.
VeriSign, Inc Information Security Practice Consulting Manager
5/2000 - 8/2002
Responsible for the overall strategic direction, growth and management of the Se
curity Assessment, Penetration Testing, and Virus Incident Protection Eradicatio
n & Response (VIPER) practices within VeriSign.
Accomplishments: - Architected, developed, and implemented multiple regulatory c
ompliance practices to include NIST, SOX, GLBA, HIPAA, and PCI practices for Aud
its against known standards and compliances. - Creator and Team Leader for VIPER
, a self managed rapid response team dealing with computer intrusions and forens
ics formed of the most talented security experts at VeriSign.