EXPERIENCE:

11/2009 - Present

Industry: Financial Services

Security Operations Center Manager

• Manager and creator of the Security Event Center (EVC) for TD Ameritrade. The Security Event Center is responsible for enterprise wide security services and the ongoing Information Assurance of high dollar transaction and trading web services. The EVC was operational within 6 Months of my starting date for TDA (fully staffed, procedures, and charter).• Primarily responsible for leading a group of highly technical individuals for all aspects of incident response investigations, monitoring, forensics, and recommendations of appropriate corrective actions (Risk Mitigation) for data security incidents.• Partner with numerous TD Ameritrade business units in reducing Financial Risk (Monetary Loss) by developing technical controls for Fraud Investigators, Anti-Money Laundering, and Compliance• The first Manager for the Security Event Center and primary leadership of building the Security Event Center capabilities. This includes staffing compliment, SIEM content, and processes.• Primary TD Ameritrade Leadership in the cyber Exercise FS-ISAC Cyber Attack against Payment Processes (CAPP).• Key Author of numerous documents, processes, and presentations to support a successful litigation for TD Ameritrade in the Mathew Elvy lawsuit.• Creater of the Security Event Center Metrics program, Presentation/Road Show, and Sr. Management reporting criteria. This includes Key Performance Indicators (KPIs), and Key Risk Inidcators (KRIs) for Daily, Quarterly and Annual benchmarks for EVC.• Assist TD Ameritrade business units with internal and external audit engagements by providing data, reports, and evidence derived from the centralized Security Incident case management system.• Primary authority on the requirements for the future Security Event Center design in the new TD Ameritrade Building. This includes overall layout, Audio Visual, and Access Control requirements for the SOC area.• Provide continuous improvement guidance for new initiatives to monitor and respond to security risks/incidents, Compliance, and fraudulent transactions and activity.

10/2000 - 11/2009

Industry: Government and Military

Director

* Director for the National Incident Response Team (NIRT) for the Federal Reserve System. NIRT is responsible for enterprise wide security services and the ongoing Information Assurance of high dollar transfer devices between the Federal Reserve System (FRS) and other external financial entities.  The NIRT reports to the most Senior Level Stakeholders within the FRS on Enterprise wide security matters and FRS security posture. * Primarily responsible for leading a group of highly technical individuals for all aspects of NIRT incident response investigations, forensics, and recommendations of appropriate corrective actions (Risk Mitigation) for data security incidents. * NIRT Information Assurance Services1) Incident Response (including forensics)2) Intrusion Detection System (IDS) Operations (maintenance and monitoring)3) Security Configuration Reviews and consultation4) Vulnerability Assessment5) Penetration Testing6) Security Alerting and Intelligence Gathering * Integral contributor of the Federal Reserve Bank of New York (FRBNY) proposal for the National Incident Response Team (NIRT) to executive Federal Reserve System (FRS) management.* The first Director and proposal author of a 2003 Treasury Service Level Agreement (SLA) for security services that started with a team of 7 personnel and is currently grown to a team of 26 which brings revenue of 8.2 Million dollars annually.* Provided key oversight of the centralization efforts for critical security devices NIDS and HIDS to a consolidated management and reporting networks.* Designed and executed a strategic security initiative projects for the enterprise Intrusion Detection Systems for the Federal Reserve System.  This initiative provided common criteria for all IDS devices placement, policy, and reporting.  An additional focus of this effort was to reduce redundant devices that were covering same logical network space. * Provided Sr. FRS stakeholders a technical correlation vehicle for Security information for provisioning an automated holistic enterprise security posture dashboard. * Represented the NIRT at the Enterprise Avian Flu exercise, ensure contingency planning, crisis management documentation, and provide management reactions for inserted exercise scenario activities. * The primary NIRT leadership for the U.S. Department of Homeland Security's (DHS) National Cyber Security Division (NCSD)  Cyber Storm exercise, this was the first national cyber exercise that was successfully executed Feb. 6 through Feb. 10, 2006.* Lead Investigator and author of numerous enterprise forensic investigation reports that provided FRS key stakeholders root cause analysis and  strategic security project initiatives in response to systemic IT incidents.

12/1999 - 8/2000

Information Systems Security Officer (ISSO)

·Responsible for the security and ongoing required DOD reporting for JSIMS. Security realms included, Incident Response, Certification and Accreditation (CNA), Risk Management Program, TEMPEST, Personnel, and implementation of DOD COMPUSEC requirements into daily operations to ensure Information Systems (IS) security.·Integration Lab Security Manager-Duties include all of the above and Encryption Key Management,Encryption Device Configuration, Support Administrator (NT & UNIX), control physical personnel access, review of daily open close procedures, and program security external connection management.· Responsible for gathering data on JSIMS computer virus events and incidents response event data. Inserting the data into a enterprise database for the assembly monthly virus reports and researching information on countermeasures for the cleaning of Information Systems.· Retrieve technical data and information for the answering of IAVA requests from Department of Navy Head Quarters.

1/1998 - 12/1999

Electronics Support

· Includes troubleshooting of Windows NT/95/98, medical software, Network Configurations, modem communications programs, printers and modems. · Installing modems into off the shelf communications software. Strong skills in modem troubleshooting, software and hardware problem identification and resolution, end user training· Assist end user clients with dial-up networking connections via modem to insurance companies.

3/1993 - 3/1997

Electronic Security Journeyman

Computer Security Assessor· Performed operations for internal and external network penetration on· COMPUSEC missions nation wide.· Evaluated the current Local Area Network (LAN), personal computer systems, communications, and TEMPEST security posture of DOD facilities.· Disseminated knowledge on today's computer system vulnerabilities, and recommended security practices and techniques to counter these vulnerabilities.· Analyzed operational parameters of cellular, microwave and satellite telephone systems, including HF, VHF and UHF radios, to identify and report sensitive or classified information for inclusion in product reports.· Assembled information for preparing reports through the use of database programs.

EDUCATION:

11/2001

Certification

11/2000

Certification

10/2000

Vocational

6/2000

High School or equivalent

The Fastlane training course gave a technical background in installing, configuring and maintaining Fastlane devices in an operational environment. This five day course was a combination of classroom presentations, hands-on workshop exercises, troubleshooting and fault isolation exercises.

1/2000

Certification

Information Security

1/2000

Certification

Information Warfare (INFOWAR)

1/2000

High School or equivalent

FORTEZA Installation and Configuration

9/1999

Associate Degree

Computer Networking Administration

4/1998

Certification

USAF Computer Security Course

6/1993

Certification

Command Control Communications and Countermeasures, and Intelligence (C4I)

SKILLS:

Skill Name

Skill Level

REFERENCES:

Reference Name:

Phone:

Type:

Reference Name:

Reference Company:

Phone:

Type:

Reference Name:

Phone:

Type: