John Hutton
98 North Street
Le Roy, NY 14482
Tel: (585) 322-5577
Email: JDhutton@Gmail.com
Currently I am an Information Security Manager, with 17 years of Information Security, Network and Server support experience. My
experience includes the standards of PCI, HIPAA, GLBA, FISMA/DIACAP, ISO27001, SOX, SAS70 and maturity model framework
like SEI-CMM, P-CMM. My background includes server administration, multi-casting, Windows server builds, Windows 2000/XP/7
user management and desktop support, Norton and McAfee Anti-Virus deployments and support. I have excellent analytical and process
oriented skills, and have had significant experience working on large software deployment and support teams. I have strong
communications skills and work well in a team environment.
SKILLS
SERVER OS:
DESKTOP OS:
PROTOCOLS:
TOOLS:
DEVELOPMENT:
TELCO:
INTERNET:
DATABASES:
Windows 2012r2/2008, HP-UX
Windows W10/W8/W7/XP
TCP/IP, NetBEUI, IPX
Remedy, Altiris, Accunetix, Tivoli PC Remote, & Novadigm, Nessus, Snort, Wireshark
Basic Visual Studio .NET
Nortel PBX and Nordix Digital Phone Setup
Microsoft FrontPage
Microsoft Access, Oracle
NETWORK HARDWARE: NIC's, Hubs, Switches (Cisco), Wireless 802.11x and equipment (AirWatch), PIX and Sonicwall
Firewalls, McAfee Appliances (MEG)
NETWORK SOFTWARE:
APC InfraStruXure Management Platform, CiscoWorks Appliance Manager Software, Enterasys
Appliance Software, Solarwinds, HP OpenCall, McAfee Secure Mail
DESKTOP HARDWARE: HP, Dell, Compaq, IBM, Dolch (desktops and laptops), CD-ROM/DVD-ROM drives, CDR/CDRW
and DVDRW drives, PDAs, IDE and SCSI hard drives, modems, HP printers and scanners, Canon
copiers, LTO tape drives, Zip and Jaz drives, APC InfraStruXure Appliances, SonicWall Pro Series
Firewalls, Dell 1750 and 2600 Power Edge Servers, Dell Power Vault Tape Drives, Cisco 3550XL and
4500 Switches, Cisco 350 and 1200 Access Points, Enterasys 1st and 2nd Generation Switches,
Hewlett Packard HP-9000 RISC Servers, Dell/IBM/Compaq/Panasonic workstations and laptops, HP
LaserJet printers, high speed impact printers, as well as Xerox and Lexmark color printers
DESKTOP SOFTWARE:
Microsoft Office 2003/XP/2000/98/, MacAfee Antivirus, ePoliy Orchestrator, Corel WordPerfect
Suite, Lotus SmartSuite, Microsoft Outlook, Outlook Express, Lotus Notes 5.x, cc:, Internet Explorer,
Netscape, Norton Antivirus, Symantec Ghost, Partition Magic, Imagecast, Track It, Remedy, HP Jet
direct, SMS, Dameware, PC Anywhere, Baan, PDA synchronization (Black Berry, Palm, Dell,
Samsung), Microsoft Mobile, Microsoft Pocket PC, Palm OS
Associate Vice President / Information Security Manager for Five Star Bank
Sep 2013 – present
As the Information Security Manager for Five Star Bank and its subsidiaries I designed and managed the Information Security of its 56 sites in
New York State, directing the Information / Cyber Security and Fraud Programs in regards to issues of security, and user adherence to policies,
processes and procedures.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Corporate Head for Information / Cyber Security adherence
Responsible for the redesign of the Information security program from being a IT managed and driven program to a
segregated , independent department
Conduct and review Vulnerability assessments of FSB Information Technology systems and applications in accordance
with standards like FFIEC, NIST, NYSDFS and PCI
Conduct and managed yearly Disaster Recovery and Tabletop exercises in accordance with the companies BCP / DR
policies
Create and Manage projects created as result of 3rd
Responsible for the security review of 3rd
corporate data processing.
party yearly penetration testing
Established and validated IT system controls revolving around System and Software Development Life Cycles
Headed multiple projects to install, upgrade and re-engineer key IT / InfoSec security systems and components to meet
industry standards
party vendors tools, websites and services as related to customer and
Responsible for a 67% reduction in Federal and State audit findings for 2014 / 2015 due to newly implemented security
validation processes
Assisted in the selection of new security based products and their use and safety on the network.
Compile weekly reports of security vulnerabilities and possible issues to be addressed by IT management and System
Administrators.
Conduct and review security audits and risk assessments in accordance with partner companies of the compliance of
the companies infrastructure.
Review logs and records of physical access to FSB properties and equipment.
Actively use Security tools: Acunetix, Nessus, Applied Watch, Wireshark, and other common tools used in the
compromising of networks to evaluate current state of readiness and vulnerability.
Information Security Director
Aug 2007 – Sep 2013
As the Information Security Director for Sutherland Global Services I managed the Information Security of its 18 sites in North and
South America, United Kingdom, United Arab Emirates, directing the site teams (2 individuals) in each location on the issues of
security, and user adherence to policies, processes and procedures.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Global Head for PCI (Payment Card Industry), HIPAA, GLBA, DIACAP, FISMA adherence
Conduct and review Vulnerability assessments of Sutherland Global Services devices in accordance with standards like
Safe Harbor, PCI, ISO27001 and maturity model framework like SEI-CMM, P-CMM.
Act as the liaison for Legal, Human Resources and the IT department on best practices and Statements of Work.
Lead internal auditor for SOX, SAS70 audits; interfacing with 3rd
party audit groups to collect and analyze data collected
Management and administration of the companies IDS and IPS systems which include Nagios, Applied Watch, and
Proofpoint.
Direct the NOC in the use of Proofpoint email detection servers directing them in the proper policies and Standard
Operating Procedures.
Oversee and mentor the Network Operation Center and Tech-Ops personnel in the identification of security violations and
the proper escalation and handling of sensitive information.
Directed the development and implemented the companies Information Security Policies and procedures as well as
security violation scripts that are used by the NOC and Tech Ops in its warnings of violations found.
Work with outside security vendors on intrusion detection and network segregation.
Work directly with the Business Development departments to assist perspective clients and partners with their
Information Security concerns.
Assist in the selection of new security based products and its use and safety on the network.
Compile weekly reports of security vulnerabilities and possible issues to be addressed by IT management and System
Administrators.
Conduct and review security audits and risk assessments in accordance with partner companies of the compliance of
SGS’s infrastructure.
Review logs and records of physical access to Sutherland Global Services properties and equipment.
Actively use Security tools: Acunetix, Nessus, Applied Watch, Wireshark, and other common tools used in the
compromising of networks to evaluate current state of readiness and vulnerability.
Network Operations Center Manager for Sutherland Global Services
May 2006 – Aug2007
Managed the day to day operations of Sutherland Global Services Network Operations Center comprised of 4 Network Operations
Center and 8 Tech Ops technicians residing over the company’s global network of 22 sites in 6 countries as well as the connection of
over 20 external client sites.
•
•
•
•
•
•
•
•
•
•
Monitored SGS core networks, performing device monitoring and troubleshooting for managed services such as routers,
switches, Internet and WAN bandwidth, firewall, VPN, and wireless access points
Provided device and network level security through analysis of log files, viewers and a suite of security tools.
Created and managed the training of SGS policies and procedures related to escalations, ticketing and change
management
Performed Network Operations duties which includes, Incremental Backups, SNMP trap monitoring, CiscoWorks
monitoring and data collection, all residing on a combination of Windows 2000 and 2003 servers.
Configured and upgraded Cisco 3500, 4000, 6000 series switches and routers via IOS and CATOS.
Performed daily Checks of security logs and accessibility of NOC specific servers.
Implemented and tested new and upcoming network monitoring tools for possible integration to the network.
Worked hand in hand with ISP’s trouble shooting T1,E1, DS3 connection creating loops and analyzing device logs.
Performed hands on maintenance of hardware replacement of HP, Dell Servers in the companies primary Data center.
Actively worked with Telephony teams on the resetting of line cards and troubleshooting of its CMS systems.
Wireless / Network Operations Center Technician for Ohio University
•
•
•
•
•
•
•
•
•
Oct 2004 – Mar 2006
I served as a network operations and wireless technician for Ohio University. This involved the management of over 500 Cisco
appliances and 600 Enterasys switches on a network that encompassed over 13,000 users.
Performed all aspects of a building network upgrades to include: Initial Site Survey, Ordering of Materials and
Equipment, Installation, And Closing Site Survey.
Conducted daily interactions with customers to fix network issues in a timely and courteous manner.
Managed the development of the Network Operations Centers Cisco and Enterasys Servers.
Performed Network Operations duties which includes, Incremental Backups, SNMP trap monitoring, CiscoWorks
monitoring and data collection, all residing on a combination of Windows 2000 and 2003 servers.
Developed Uninterrupted Power Supply Management system using APC InfraStruXure hardware and software to manage
the environmental capacities of over 300 Uninterrupted Power Supply’s.
Configured Citrix Meta-Frame on users workstations for use with 3270 Database access
Performed daily maintenance on Windows Servers keeping McAfee Antivirus and Security Patches up to Date.
Implemented and maintained Network Operation Centers SonicWall Firewall.
Actively tested new technologies for implementation to the universities network with little to no impedance to user
ability.
Helpdesk Support NMCI for Electronic Data Systems (EDS) (Position Acquired from SDS below) MAR 2003 – Mar 2004
Team Lead and Systems Administrator serving 170,000 national Navy/Marine Corps Intranet (NMCI) seats from initial deployment
through mature Windows 2000 user accounts. Nature of unique intranet involved troubleshooting, supporting, and migrating data for
legacy applications created, owned, and operated solely by the US Navy and US Marine Corps.
•
•
•
•
•
•
•
•
•
•
•
Managed the Development of the West Coast Marine Help-desk supporting over 80,000 Seats.
Head Lead for the West Coast NMCI Help-desk supervising a team of 23 Help-desk agents.
Team Lead and Subject Matter Expert for Defense Messaging System (DMS).
Developed a support structure for the NMCI Help-desk to efficiently assist Navy and Marine Corps with their DMS
issues.
Troubleshot issues with DMS and encryption issues with Fortezza cards and their associated hardware.
Developed help desk security procedures for the proper handling of DMS sensitive materials.
Supported and executed Radia software pushes using Novadigm enterprise software dissemination.
Terminal Service to File and Print Servers as an Administrator to service user accounts and clear and adjust network
printer configurations.
Remotely configured Citrix profiles in Active Directory as well as configuring printer mappings
Password resets and Active Directory maintenance of user profiles, Global Address Display properties and user profile
path mapping. Mapped users to network printers and shared drives.
Setup and creation of user Outlook e-mail accounts, MS Exchange server mapping, and resolution of user mailboxes to
the NMCI.
Help desk Support NMCI for Strategic Data Systems (SDS)
Sept 2002 – Mar 2003
As part of the Tier 3 help desk team for the Navy/Marine Corps Intranet (NMCI) government project, providing technical support via
telephone and performing desk-side desktop support. Used Remedy for a help desk ticketing system. SME Subject Matter Expert as a
Dolch Certified Trainer to instruct newly hired help desk agents with Certification of Dolch Embark-able computers.
•
•
•
•
•
•
Active liaison with Network Operations Center (NOC) to escalate user issues to Tier 3 and 4 LAN support, and to site
Base Operations for on site support.
Set-up advanced troubleshooting for Remote Access Server (RAS) accounts; resolving correct Virtual Private Network
(VPN) gateways, dial up configuration, creation and modification of WorldCom UUNET accounts, and appending NMCI
Domain Name Server (DNS) suffixes to ensure full access to all intranet services.
Full knowledge of Tivoli PC Remote to access user environment over the LAN and troubleshoot user problems with
administrative permission.
Used Ping, Trace Route, IPConfig, and other DOS based commands to check client and server connectivity over the
LAN, conduct forward and reverse IP address searches, and to release and renew IP addresses with administrative
account.
Creation, maintenance, and issuance of Remedy trouble tickets to track and resolve user issues, requests
(Moves/Adds/Changes), and other customer concerns.
Fully trained and certified to diagnose hardware and BIOS issues with Dell C600 and C610 Latitude portables, Dell
GX110 Optiplex desktops, Dolch Embarkable portable units, Lexmark and Xerox networked and local printers.
Technical Support Representative for the United States Marine Corps
Jul 1997 - Jul 2002
I managed the production of the Marine Aviation Logistics Squadron 39’s “Secure” computer/network technician department.
Responsible for the overall production as well as including keeping the workload to a minimum using Remedy, Heat, and Track-It
ticketing software, tracking parts on order and the inspection of items deemed ready for issue by technicians. I provided on the job
training for new and inexperienced technicians.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Drafted monthly reports on maintenance productivity and monthly expenditures.
Conducted and lead Information Security audits on unit workstations for compliance.
Supervised teams of 15 or more individuals on numerous complex IT projects
Prioritized and assigned tasks to crew’s daily and dispersed jobs upon the levels of the individual’s ability.
Trained numerous individuals on the issues of security, costumer relations and help desk procedures.
Managed over $2,753,000 Dollars of inventory necessary to site projects for the 2001 fiscal year.
Proficient with planning, installation, support, and troubleshooting all standard network topologies/cabling.
Performed a wide variety of duties, to include installing, configuring, and troubleshooting computer hardware,
peripherals, software, network communication devices, and handling help desk calls for over 2000 users.
Contributed ideas to create mobile systems that are being used to make networks mission capable in a matter of hours.
Performed forensic analysis on workstations and associated storage media for malicious and inappropriate content.
Shopped, procured, assembled, troubleshot, integrated, upgraded, and renovated the units servers, workstations, and
network devices.
Responsible for providing hardware, software, and network support to over 2000 users and over 1000
workstations/servers for 4 years.
Replaced analogue phone systems with Nordix Digital systems and creating power back-ups for Nordix systems in no
power emergencies.
Cross-trained in the areas of Helpdesk, Network Administration using Remedy, and Track-It customer tracking software.
Professional Certifications
A+ Certification
Network+ Certification
CCNA (Expired can be renewed as needed)
Security Clearance – SECRET (inactive)
Advanced Training Associates NACC - National Association of Communication Contractors) Cat-5 and Fiber Optics Certifications
Professional Training
Dolch Certified Trainer
Defense Messaging System Engineer
Scheduled Certifications:
CISSP and CISM