Security Bio / Resume / CV

• IT Risk Management
• Information Security Governance
• Enterprise Incident Response Management
• Security Awareness and Training
• Information Security Policy Management
• Contract Reviews

Responsible for Security Services involving:

• Demand Management
• Service Coordination
• Project Risk Analysis
• Internal RFP Response Review
• External Audit Request / Surveys / RFPs
• Business Liaison

• Within 7 months of employment, promoted to manage two service areas, including related consultants, in addition to performing Engagement Management / Principal Consultant responsibilities across the company
• Successfully managed / directly delivered 34 projects during a 6 month period for a total of $1.2 Million ranging in size from small one week engagements up to multiple month/multiple consultants
• Participated in or advised on all Data Restoration, Forensics, Incident Response and payment card fraud investigations, including acting as Lead technical investigator on the largest payment card breach in history
• Spent 30 months acting as trusted advisor and subject matter expert to Chief Information Security Officer (and his direct reports) of a Fortune 50 merchant. Worked as principal security representative on several strategic initiatives including a multi-million dollar corporate outsourcing initiative involving all areas of IT. In the process, generated over $3,000,000 for Neohapsis.
• Principal Consultant on a 3000 hour Information Risk Assessment and Management engagement for one of the largest hedge funds in the world involving over 20 consultants and 15 different work streams from risk assessments to penetration testing to physical security and technical counter-measures assessment
• Principal Consultant on a 3 month firewall ruleset evaluation and re-architecture involving more than 30,000 ACL’s that enabled a major credit card brand to become PCI compliant on schedule and under budget for a project deemed by most, including the customer, to be impossible

• Worked with new CISO to build an Enterprise IT Security program from the ground up. Encompassed 25 subsidiary business units and 7,000 employees
• Participated in or wrote all IT Security Policies / Standards / Guidelines
• Successfully built a Security Operations program including the hiring and training of six engineers
• Responsible for all internal IT Security consulting to projects
• Architected, designed and built the companies first enterprise LDAP system that was quickly adopted, integrated and rolled out as a reduced sign-on initiative
• Successfully managed the IT response to a multi-million dollar year long NY Attorney General Elliott Spitzer investigation
• Responsible for all HR and Investigative forensic analysis work

• Provided incident response, resolution and prevention for entire Center (5000+ computers ranging from desktop to Super Computers)
• Lead Engineer for NASA Center of Excellence in Information Security
• Designed, built and maintained all center IT security systems
• Trained junior staff on process, procedures and ongoing maintenance
• Responsible for all internal IT Security consulting to center projects
• Co-Creator of the ‘NASA Top 50′ security initiative which was later adopted by SANS as the ‘SANS Top 20′ vulnerability list. Considered by many to be the most successful computer security initiative in the history of the Federal Government, to date
• Federal Computer Week
• GCN – Government Computer News
• SANS/NASA Case Study

• Assist in the final stages of design, construction, and implementation of a SCIF/FIPS 140-1 Level 3 compliant secure computing facility
• Oversee the deployment and operations of a Bio-metric physical access system using hand geometry recognition and iris scanning technology
• Design, deploy and operate a multi-customer, multi-site network intrusion detection system
• Oversee and manage all security engineers in the project while directly reporting to the Security Manager
• Act as the engineering primary point of contact for customers of the security related services

• Expert in effective team management (2-10 directs)
• Expert in enterprise project management
• Expert in security organization design and talent assessment/acquisition
• Expert in contract negotiations (IT risk perspective)
• Experienced in vendor management
• Experienced in executive level presentations/communication

Security/IT

• Expert in information security program development & assessment
• Expert in PCI-DSS
• Expert in incident response / crisis management
• Expert in forensics methodology
• Expert in network architecture and design, including network based security controls
• Expert in the use of firearms as personal protection
• Experienced in identity and access management
• Experienced in training personal protection and the use of firearms
• Experienced in physical security design and assessments
• Experienced in linux systems administration
• Experienced in application programming with PHP and Perl
• Experienced in database design, administration and development with MySQL
• Experienced in bio-metric access control implementations