Melis Jackob

CISSP (Certified Information Systems Security Professional)

San Diego California

melarbelena@yahoo.com

(619) 871-1449

     

 

Senior Information Security

 

Information security architect and business manager adept at translating business requirements into technology solutions, establishing strong client relationships, managing security projects and personnel and advising executive teams on security technology, policy, compliance and risk management issues.

 

 

AREAS OF EXPERTISE

 

·   Fusion of security, networking and IT operations expertise to solve business problems

·   Developing security policies, standards, procedures and content classification schemes

·   Designing and implementing appropriate and balanced security architectures and infrastructures

·   Defining information security strategy and technology roadmaps from a business perspective

·   Pragmatic, consensus building, collaborative approach to security strategy

·   Effective communicator at highly technical level and senior executive business level

·   Research, evaluation and technical due diligence on digital security technology

·   Advising application development teams on full life-cycle security design concepts

·   Risk management, risk analysis, risk mitigation

·   Compliance with legal, regulatory and cultural data privacy requirements

·   Educational training and corporate security awareness programs

·   Incident response, disaster recovery and business continuity planning

·   Cost analysis, budget preparation and business case justification

·   Contract negotiation, outsourcing, service level agreements in distributed environments

·   Organizational changes, process improvement and change management

·   Mentoring and managing senior security architects, engineers and operations staff

·   Business opportunity creation through the creative application of security technology

·   Business development, relationship management and professional services sales support

·   CISSP and other relevant industry certifications

 

 

TECHNICAL SKILLS AND EXPERIENCE

Security and Network Infrastructure Design, IT Strategy, ISO17799, COBIT, GLB, HIPAA, EU Data Protection directive, NIST 800-53A, FDA CFR 21 Part 11, NASD, CASB1386 and HIPAA compliance, SSO, Identity Management, RADIUS, Unix, Windows 20008, Active Directory 2K/3K, Project 2003, Novell CNE, Directory Services, LDAP, firewalls, VPNs, switching equipment and routers.  TCP/IP, DNS, BGP, EIGRP, OSPF, MPLS, Frame Relay, ATM and other routing protocols, network management tools, SMS, LAN/WAN protocols, protocol analyzers, network troubleshooting and Fiber Optic. Strengths and limitations of HIDS, NIDS, anti-virus software, security audit/monitoring products, access control systems, PKI, intellectual capital protection, messaging systems, user provisioning, security policy creation, authentication systems, encryption technology, digital rights management (DRM), ENCASE digital forensics, security evaluations and risk assessments.

 

 

 

 

RELEVANT SECURITY POLICY EXPERIENCE SUMMARY

 

Information security needs to be perceived as a business enabler not a business inhibitor.  The key to this is establishing executive team consensus through collaboration with all stakeholders and being sensitive to their individual drivers, requirements and objectives.  Security policies can only be effective through clearly demonstrated management support and cooperation.  Raising overall security awareness from the lowest level employee to CxO level is the fundamental reason for creating corporate security policies and the single most cost effective means to the end.  Policies should clearly communicate management’s guidance on protecting all information assets.

 

Information security policies, procedures, standards and guidelines must be developed through a top-down approach.  This ensures they are business focused, in-line with corporate risk tolerance, appropriate and financially justifiable for the industry and the relative sensitivity of the information being protected.  Every organization will have unique requirements due to varying regulatory, business and cultural reasons that must be considered in developing effective and enforceable intellectual capital and information asset policies.

 

With over 10 years of information security and network consulting experience working primarily for DOD and other global companies you will find my qualifications and achievements an excellent match for the project.  InfoSec policy development experience has included work with the US Navy, Northrop Grumman, Scripps Research Institute, Microsoft, EDS and many other international businesses.  Achievements in this area have included green field creation of corporate information security policy, extensions to existing policies to incorporate initial forays into interactive Internet connectivity, supply chain integration initiatives and global security infrastructure services programs.

 

This broad experience has afforded tremendous insight into the business, technical, risk management and mitigation, organizational, regulatory, privacy and cultural issues facing public companies in multiple industries.  The years of experience facilitating the definition of information security strategy, policies, procedures, and conflict resolution through education, careful negotiation, skillful consensus building and attentive listening would be a valuable addition to your security policy definition and creation team.

 

 

EDUCATION

 

§ Bachelor of Science in Mathematics Pacific University – California

§ Associate of Arts in Mathematics – California

§ Cisco IOS administration, network design and troubleshooting - multiple courses (1997)

§ IT Project Risk Management, ESI International-Project Management Professional Program (1999)

 

Certifications:

§ Certified Information Systems Security Professional – CISSP

§ Certified Cloud Security Professional -CCSP

§ SANS-GIAC (Global Incident Analysis Center)

§ Novell CNE

§ Cisco – CCNA

§ MCSE 2000/2003/2008

§ MCT (Microsoft Certified Trainer)

§ PMP

§ GIAC Certified Forensics Examiner (GCFE)

 

 

 

 

 

PROFESSIONAL EXPERIENCE

 

2012 – Present Senior Cyber Security Contract Consultant

 

·   Designed and implemented single sign-on using SiteMinder Identity and Access Management, Identity governance, Oracle Virtual Directory and Oracle Identity Federation for 20,000 users and 20 disparate directories encompassing several countries

·   Gathered requirements, performed evaluation of several IAM products, selected and implemented SSO and Microsoft FIM for the Boulder Valley School District in Colorado with a user base of 5000 employees

·   Implemented CyberArk Enterprise Password Vault, Privileged Identity Management and Application Identity Management

·   Designed and implemented new instance of SailPoint IIQ 7.0, developed Java based custom code to meet TCF Bank requirements, created 100 attestation applications and reports pulling data from heterogeneous databases including AD, Oracle, SQL and flat files and implemented RBAC top down framework

·   Conducted functional, regression, feasibility and stress testing vulnerability, risk assessment, gap analysis, in relation to the evaluation PKI related hardware products Wrote test reports and performance documents including evaluation procedures, product recommendations, and user instructions

·   Administered and configured simulated test lab networks (i.e., Active Directory, Exchange, Tumbleweed, IIS, Citrix, security policies, PKI certificates, baseline, and emerging operating systems for certificate based authentication (network clients and web), digital signature, email encryption and decryption

·   Helped the organization achieve the ISO 27001 Certification

·   Designed a Risk assessment program based on ISO 27001, NIST 800-171, SOC 1/2,NIST 800-53, PCI, SOX, and CoBiT frameworks and worked with the Governance to implement the program

·   Implemented RSA DLP (Data Loss Prevention) and designed data workflow documents

·   Designed and implemented a Disaster Recovery plan

·   Implemented Incident Response Plan

 

2005 – 2012 L-3 Communications Inc.

 Director of Security

 

·               Led a team of Information 10 Security professionals supporting a global enterprise security practice supporting internal divisional and external customers

·               Served as the corporation's FSO for all internal Information Security event management activities including Data collection, evidence handling and escalation management

·               Managed, directed, planned, researched and implemented test and evaluation for the Army's CAC/PKI HSPD-12/PIV program

·               Project managed all IT security related  projects

·               Maintained the certification and accreditation (C&A) of the unclassified and classified networks using the DoD Information Assurance Certification and Accreditation Process (DIACAP).

·               Architected a secure wireless solution for the Soldier Warrior project

·               Architected Single Sign-on and Identity Management based systems

·               Implemented Network Access Control and centralized logging using SYSLOG servers

·               Implemented 2 factor authentication using RSA server and Key Fobs.

·               Designed and implemented Alien Vault SIEM system

·               Developed defense in depth Security Policies and Procedures

·               Helped internal and external customers with Business Continuity Planning document

·               Performed penetration testing and vulnerability risk assessment

·               Managed verification of assigned IA Controls, conducted risk assessments , documents compliance status of the validation results in the DIACAP Scorecard for ATO's and planned Security Test and Evaluations (ST&E) for Site Assisted Visits (SAV).

 

 

 

 

 

2004 – 2005 Microsoft Corporation

Senior Technology Architect/TechNet Presenter

·               Delivered security TechNet Presentation for Windows 2003 OS, Active Directory, IIS, SQL, VPN, NAC and Perimeter security to large groups of network administrators, IT managers and network engineers.

·               Architect security solutions for Microsoft clients

·               Architect Identity Management/Work Flow solutions using ADAM/MIIS and Oblix

·               Architect Identity Management Solution using CA Netegrity and SiteMinder

·               Developed Security Policies and Procedures

·               Risk Assessment, SOX and HIPAA compliance

·               TechNet Presentation for Windows 2003 OS and Active Directory, IIS, SQL, VPN, NAC and Perimeter security to large groups of network administrators, IT managers and network engineers

·               Research and evaluate security technologies

2000- 2004 U.S Navy Coronado, CA.

Security Systems Director

·               Designed and Implemented Intrusion Detection and perimeter defenses using Symantec/Axent products (ESM, ITA , NETPROWLER, Cisco IDS, PIX firewall, load balancers and Raytheon Silent Runner).

·               Implement Tcpdump Analysis and Computer Forensics methodologies.

·               Design and implement compliance/ auditing procedures.

·               Developing Navy-Marines Corp intranet written security policies and risk assessment.

·               Design Network Security infrastructure including Windows 2000 Active Directory, Linux/Unix OS hardening, implementing NetScreen VPNs, load balancing, Raptor Firewall, PKI, SANS and disaster recovery.

·               DITSCAP, responsible for the infrastructure Certification standards and training in support of the annual review process. Worked with SPAWAR to implement DoD PKI standards.

·               Conduct formal classes in General Security Essential Course and Microsoft Security practices for SANS.

·               Implemented secure data transmission for F/A-18 Hornet using fiber optics technology.

1995–2000         RS-Research             San Diego, CA.

Lead for automation, security, network infrastructure, and IT operations.  Provided the broad technology understanding and identified opportunities and limitations where existing or emerging technologies could be used to solve business problems. 

 

·               Evaluate new IT services and define new products including competitive analysis, market feasibility, channel strategy and implementation plan

·               Identified requirement for a 6000+ employee company with 3 unique lines of business to reorganize their IT/IS organization (over 1000 employees) into three different IT business organizations, defined and documented custom performance metrics and high-level implementation plan resulting in IT operations cost savings in excess of $20 million per year including recommendations for updating InfoSec policy

·               Helped a leading VC firm evaluate multiple new business venture opportunities in financial services including a managed digital signature business and a global secure messaging infrastructure

·               Directed the creation and development of security methodology and policy for all technology offerings and the creation of a knowledge base of templates and tools to standardize and improve delivery of technical services

 

 

 

 

1990–1995              Scripps Institute of Research      La Jolla, CA.

Operations Manager for Mainframe and LAN Systems.

·               Established and managed security, networking and CTI practice across the Campus (7+ staff)

·               generation of proposals, statements of work and staffing for fixed time/fixed price projects

·               Hired, mentored and coached numerous senior technical architects and project managers

·               Created a data classification tool and security policy definition in support of application development efforts saving client $2 million/year in application development costs

·               Team lead on the design and implementation of a 3000+ node Windows NT and Lotus Notes migration Project and technical lead for a 10,000+ user global Directory Services/Intranet, VPN design project both included creation of applicable security policies, procedures and standards

·               Rescued numerous at risk projects by early identification of potential problems involving security, communication protocols, policies omissions and network performance issues or limitations

1987–1990              Fujitsu Corp.                   Del Mar, CA.

Senior Programmer/Network Analyst

·               Designed and installed 50 node Banyan network.

·               Connected the remote sites to the HP-9000 computer via TYMNET using X.25

·               Database programming using C and Dbase IV.

·               Maintained ASK/MRP package on the HP-9000 using FORTRAN and IMAGE DBMS.

·               Networked all the standalone PCs.

·               Automated manual operations in several departments.

1984–1987            EDS Corp.                                             Detroit, MI.

Systems Engineer

ASSEMBLER and COBOL languages programmer on the IBM 370 platform, writing AR and AP packages.

 

DoD Clearance: Secret

Membership: InfraGard member and Infrastructure Liaison Officer for San Diego Law enforcement coordination center

1