Objective – Information Security Consultant

To lead information technology team within a dynamic organization that will challenge me and help to develop my leadership, maturity, management, and business skills to implement secure information architectures and frameworks.

 

State of California - Department of Health Care Services: 2015 - present Senior Information Security Consultant.

Provided contract oversight of Xerox’s information security for Medi-Cal. Represented Security Operations Group at PCG governance committee.

Responsible for information security and privacy review and approval of all changes in the production, development, and test environments. This includes release management, configuration management, SDLC promotion, risk mitigation, and governance. Required technical knowledge and engineering for midrange Windows, UNIX, Linux, Solaris, and AIX Servers; mainframe environments and partitions, TSO, CICS, and FTF transfers; databases Oracle, db2, MySQL, and MSSQL; customer and provider facing MCWeb (Medi-Cal Web) servers, applications, and application servers; virtualized servers, network, storage, and security devices.

Prepared and delivered presentations for executive management on information security, risk management, threat and vulnerability management, privacy, and compliance. Worked with the PMO and Xerox to create a secure IT infrastructure including creating and editing Corrective Action Plans (CAPs), Change Requests (CR), problem statements and Plans of Action Milestones (POAM) items. Wrote formal correspondence to the Fiscal Intermediary (FI) and subcontractors for the State. Created IT security project roadmaps to manage projects from a master schedule of security, compliance, oversight and privacy projects.

Reviewed audit reports, security assessments, and performed internal reviews created findings, plans of action, gap analysis and projects to address information security or privacy challenges and issues. Reviewed vulnerability assessment reports, SIEM results, IDS/IDP threats, physical security reports, and the output of other systems monitoring for compliance and system threats.

Provided security consulting on numerous projects and initiatives including problem statements, security architecture, risk management, and maturity models. Performed security assessments, reviews, and analysis of current practices, policies, procedures, and documentation.

Evaluated Security and Confidentiality Plans (SCPs) for applications, facilities and the information system SCP against federal standards (NIST and FIPS), State Administrative Manuals (SAM), Healthcare Administrative Manuals (HAM) and other applicable regulations and standards.

Implemented NIST Cyber Security Frameworks, SP800-53, 18, 30, 128, 37, 39 and FIPS 200/199 standards. Working with information security and privacy standards, HIPAA, PCI, SOC, ISO and ISA. Monitored outages, incidents, and reviewed Root Cause Analysis as part of continuous improvement environment.

Hudson Business Networks, Inc. 2001 – present Principal Consultant

Provided leadership and management to information security consultants and client representatives.  Responsible for governance, risk management, and compliance. Created proposals, Statements / Scope of Work (SOW), project plans, dashboards, Deliverable Expectation Document (DED), management plans, Roadmaps, and final deliverables. Developed with clients engagement goals and objectives. Created and negotiated security solutions within the agreed upon timeframe and budget.  Managed project deliverables and client expectations from the initial scope to the final deliverable. Worked with contractors and subcontractors to implement risk management frameworks. Defined strategic and tactical information security goals and objectives with executive management based on acceptable risk.  Developed information security policies aligned with the organization’s risk management policies. Created governance committee charters and founding documents. Investigated and documented cybercrime, security breaches, and privacy exposures. Performed vulnerability assessments for clients. Created information security policies, procedures and processes to manage the organization’s security programs based on NIST SP 800-53, HIPAA, ITIL, PCI, and SOX standards and organizational goals. Worked to assess and quantify risk, threats, mitigation measures, transfer of risk, and risk tolerance.

HBN web development and hosting, managed all aspects of VPS and Cloud hosting, website hosting, spam assassin, domain management, email configuration filtering, PKI with SSL certificates. Worked with multisite to develop shopping carts based on a single checkout process, developed custom OS Commerce, Zen cart modules, and Joomla CMS. Developed with HTML, CSS, JavaScript, heavy PHP and MySQL programming. Incorporated open SSL and cURL in custom shopping carts for secure data transmission, and managed PKI infrastructure for clients.

 

Direct Connect: 2004 – 2016: Outsourced IT at call center, performed URL Filtering, firewall configuration, workstations hardening, and network administration. Performed email marketing, WordPress website, managed web and email hosting and reputation services. Word Press website
The Millennium Group: 2002 – 2016: Installed Sonic Wall firewall, setup client site-to-site VPN tunnels, Backup Exec, Windows Server administration, medical billing application with HIPAA privacy requirements, SCO UNIX server, and network and infrastructure administration.

Aanko Technologies – 2003 – 2016: Designed and implemented Joomla website, managed web and email hosting and reputation services. Performed information security and risk assessments security and privacy projects for the State of California and for Federal clients.

Cost Plus World Market: 2015: Project to Secured PCI environment with Tripwire Enterprise File Integrity Monitor and Configuration Management.

UC Davis: 2015: Project to secure Mondavi Center, Coho, and Bookstore PCI credit card environment with Tripwire 8.3.7 as File Integrity Monitor / Configuration Management. Develop monitoring and procedures for managing the Tripwire environment.

Kelly’s Sports: 2004-2015: Developed in PHP, cURL, MySQL, HTML custom shopping cart applications that are PCI compliant, backend payment systems, and wireless inventory application and software. Implemented Sonic Wall firewalls and DMZ, worked on datacenter / cloud security, Windows Server implementation and administration, real time database sync, host hardening, and VPN

State of California - Department of Health Care Services: 2013 – 2014: IT Security and Governance Expert (GRC). Worked with NIST risk management framework and assessments (NIST SP 800-37, SP 800-39). Created first Enterprise Information Security Plan (SP 800-53 PM-1) detailing the common security controls for the enterprise. Founded Security and Privacy Governance Committee to address information security and HIPAA privacy. Managed 46 security and privacy projects as a part of a security roadmap including SEIM, PAN IPS, Contract updates, and DLP.

Covered California: 2013 – 2014: Wrote initial Business Continuity Plan for the state healthcare exchange program.

Barrier Systems (IT Outsourcing): 2007- 2009: Comprehensive IT function designed and implemented network and systems architecture using Cisco routers, Catalyst switches, Cisco VPN, and Prosafe firewall. Responsible for backup, telecommunications, Windows and Linux server administration, application support, information security, and SOX post / pre audit support and remediation.

Jelly Belly: 2002 – 2009: Checkpoint Next Gen HA Firewall maintenance. Worked on retail store support with Rapid Domains on Cisco and POS.

State of California - California State Lottery Audit Project: 2007: Performed annual security audit as subcontractor. Performed audit on database encryption, log monitoring, Tripwire for Servers security policy, & RACF. Reviewed security policy and procedures of stored data and data in transit. 

City of Vacaville: 2005 – 2007: Performed network & security assessment, network design, project management, and infrastructure projects

ePlus Technologies: 2002 - 2004: As Principal Security Architect - Information security assessments; designed and implemented information security and privacy controls. Performed forensic investigations, incident response and management, recovery planning, reporting, and regulatory compliance responses for clients. Implemented Tripwire for servers, Cisco, IDS, SAN, F-5 load balancers, and UNIXX and Windows servers.

State of California - Department of Alcohol & Drug Programs (ADP) - Operational Recovery Plan Project: 2004: Created an Operational Recovery Plan (ORP) for restoring critical IT applications and business functions for ADP’s mission in the event of a disaster.

State of California - Office of the Governor: 2003: Implemented Checkpoint Firewall-1 and Tripwire installed on hardened Solaris host

East Bay Municipal Utility District - Cyber Security Vulnerability Assessment: 2003: Performed the Cyber Security Vulnerability Assessment. The project included district’s business systems and industrial controls (SCADA and DCS). Performed a threat assessment, provided findings, recommendations, cost benefit analysis, and EPA report; provided security training on findings and countermeasure recommendations.

 

Primitive Logic 1998 –2001 Director of Network and Security Services: Responsible for the network and security projects at Primitive Logic. Provided direction and leadership to a team of consultants for support of UNIX, mainframe, Cisco, Tripwire, Checkpoint, ISS, network management, and security applications. Provided leadership, project management, infrastructure architecture, networks, and system management. Performed penetration testing, security assessments, computer forensics, and incident response for fortune 100 businesses and government agencies.

 

Pacific Bell Information Services / SBC (PBIS) 1996 –1998 WAN Engineer: Responsible for wide area network operations at PBIS; WAN/LAN design and architecture and management. Administered Security Dynamics / RSA ACE, TACACS+, and Radius authentication systems. Worked with Kerberos, BCS’s Command Center, HP OpenView, Cisco Works, Netsys, and VueMaster. Administered multiple class “B” TCP/IP network address spaces and DNS, and Integrated Digital Sound, Unisys, and Periphonics. Worked with Cisco routers, Solaris, and mainframes.

 

Mastech Information Systems, EDS / Pennsylvania Power and Light: 1995 – 1996 Netware Design Engineer: NetWare Architect / Project Manager - Responsible for designing, configuring, testing, and documenting network architectural changes to PPLNet. Worked with HP9000s HPUX, RS6000 AIX, Novell, Cabletron, and Well Fleet routers.

 

Bell South 1994 - 1995 Network Project Manager - Designed, installed, and configured Sunrise Datacenter: four Novell servers, OS2, and routers integrated with 15 HP9000. Provided interface with Bisync, SDLC, Outdial and AT&T Data Kit, and administered UNIX / Novell networks. Automated Business Repair Center, Sunrise and Ft. Lauderdale sites by creating applications in C and Visual Basic.

Tennessee Valley Authority 1993 - 1994 Network Certified Engineer - Designed, installed, maintained, and upgraded 12 Novell NetWare LANs, and developed the "ISHELP" application for the support center. Created IS LAN / WAN standards for cross-platform inter connectivity.

 

United States Navy, 1982 – 1992 Electronics Technician First Class Submarine Qualified: Lead two divisions of technicians in the installation, configuration, maintenance, programming, and repair of all electronic equipment. Responsible for computer security, administered, and maintained XENIX networks. Qualified Chief of the Watch, Duty Chief, and Battle Stations Navigation Supervisor. Participated in the first Gulf War. Awarded Battle “E” Ribbon, Sea Service Ribbon, Dolphins (Enlisted Submarine Breast insignia), SSBN Deterrent Patrol Pin (2 stars), Good Conduct Medal, Navy Unit Commendation, and Navy Expeditionary Medal. Top Secret SBI clearance, Honorable Discharge.

Education

Bachelor of Science in Information Technology, Kaplan University, 4.0 GPA, Summa Cum Laude, June 2015

Certifications

Certified Information Systems Security Professional (CISSP) 2006 & 2015

Checkpoint Certified Security Expert / Security Administrator (CCSE & CCSA), Tripwire Certified Professional, Sun Certified System Administrator, Microsoft Server (MCSE) Boot Camp - Microsoft Certified Professional, Certified Internet Security Systems, RealSecure, ISS, Database Scanner, various other certifications (CNE, HP OpenView, etc..)