·   Secure Web Service

·   Vulnerability Analysis

·   Symmetric & Asymmetric Cryptography Key Management

·   IP Network Design and Implementation

·   PCI/DSS

·   In-depth knowledge of PCI/DSS

·   Federal, and state data protection laws (GLBA, SOX, FFIEC)

·   NMAP, NESSUS, IBM AppScan, and many other tools

·   Venafi Key Management System

·   IBM DKMS (Distributed Key Management Systems)

·   PrimeKey EJBCA PKI Key Manager

·   Alien Vault SIEM

·   IBM Tivoli

·   Data-at-Rest Encryption IBM DS 6000

Awards and Recognition

·   CDC: Outstanding Information Security Achievement Award, May 26, 2009

·   Kennesaw State University: Outstanding Achievement Award in the Executive MBA program.

·   AT&T Tridom: Systems Engineering and Deployment Achievement Award (three-times), for on-time product and project delivery and achieving 40% net margins consistently.

·   Plenary Member and Speaker: United Nations Telecom Development Conference in Jakarta, Indonesia, in 1995.

Professional Certifications

·   Certified Information Security Professional (CISSP# 121921)

·   Certified Secure Software Life Cycle Professional (CSSLP# 121921)

·   Venafi PKI Certification

Professional Experience

Tech Mahindra, Atlanta, GAMarch 2016 – Present

Principal Security Solutions, Architect

·   Provide Cybersecurity sales and marketing support to the North American sales team to develop and sell Cyber security solutions.

·   Provide architecture, design documentations for responding to RFP’s

·   Develop cybersecurity solution architectures, design for implementing infrastructure security, software security, data protection solutions, cryptography and PKI, etc., and communicate the technical solutions to customers.

·   Develop PCI and HIPPA data protection solutions and architectures and lead on-site deployment teams and communicate deployment status to customers

·   Provided cyber security architectures for enterprise clients such manufacturing, finance, health care and, mobile carriers.

·   Developed NIST Critical Infrastructure Security Assessment programs and managed on-site team for successfully executing the mobile core network assessment for large mobile service provider

·   Identify, develop and manage OEM vendor relationships for enhance cybersecurity solution offerings             

Voya Financial, Marietta, GA                                     October 2015 – March 2016

Consultant, PKI and Cryptography Architect & Engineering

·   Develop architectures and solutions for migrating financial applications to a private cloud

·   Interface with various business and technical teams to analyze current security architectures, procedures and processes to ensure seamless workload migrations

·   Develop solution designs to implement and automate enterprise PKI key management infrastructure 

·   Design architectures for integrating appliances such as F5, Cisco, Data Power, Web Seal, etc., and application platforms such as Tomcat, Apache, J Boss running on Linux and Windows OS

·   Architect and implement DLP, data at rest and tokenization solutions

·   Responsible for managing platform vendor implementations such as Venafi, Tanium, Symantec and Vormetric

·   Manage Proof-of-concepts for various vendor technology platforms

Synchrony Financial, Alpharetta, GA   October 2014 – September 2015

Consultant, Information Security Architect

·   GE Capital spun off its credit card, consumer credit and retail bank operations middle of last year, which became Synchrony Financial (SYF). SYF is currently migrating all of their applications into SYF owned private clouds in Carrolton, Texas with disaster recovery center in Meza, Arizona.

·   As a consultant, my primary responsibility is to work with eight plus project teams inclusive of developers, operations, and cyber security team to advise and ensure the information security is enhanced to meet FFIEC, PCI, SOX, GLBA and provide advice on revising technical security standards to meet financial industry regulations and mandates.

·   Interface e with Synchrony suppliers and partners to develop interface and PKI certificate management and technical standards to ensure the seamless migration. Since the primary credit business of Synchrony is granting credit to consumers on deferred payment plans, there are thousands of retail entities, which interfaces with Synchrony information systems.

·   My responsibilities also included secure software reviews (Code Analysis), review vulnerability scans and penetration test results and recommended fixes for high and medium vulnerabilities before migrating applications. Managed Plan of Action and Milestone (POAM) for identified vulnerabilities that required extensive code rewriting, time-consuming and could not accomplish within the migration timeframes.

·   Developed Virtual Machine security standards for maintaining security lifecycle management.

·   Synchrony Bank had a deadline for completing application and data migrations by the end of October to secure regulatory approval for separation from GE.

Fannie Mae, Washington, DCMay 2014 – Sept 2014

Consultant, Cryptography and Cloud Computing Center of Excellence

·   Consulted advanced security architectures with Fannie Mae business units for migrating and securing CRM, transaction processing, loan application intake, loan processing, into SaaS, IaaS, and PaaS cloud infrastructures. Designed and developed architecture patterns for implementing encryption above the Hypervisor/VM layer to protect sensitive Personally Identifiable Information and Financial information collected from consumers and to protect sensitive enterprise data using field level encryption.

·   Designed and developed architecture and designs for encryption key management to ensure encryption key ownership remained within Fannie Mae management control.

·   Provide leadership to the in-house security management and CISO for effectively managing enterprise information security policy and governance programs in the cloud computing environment. Developed encryption gap analysis on the services provided by cloud providers such Microsoft Azure, Microsoft Dynamics CRM, Amazon Web Services and IBM Softlayer.  Analyzed and determined application layer cryptography requirements and Fannie Mae data encryption needs for SaaS, PaaS and IaaS cloud services platforms utilizing JCA/JCE and MCAPI Cryptographic Services Frameworks.

·   Analyzed the feasibility and architected a solution for using existing z/OS mainframe, ICSF, TKE and DKMS for using Z/OS and IBM Crypto Express cards as cryptographic engine and to centralize remote key management operations.

State of Georgia, Atlanta, GA Sept. 2013 - March 2014

Senior Agency Information Security Officer/Director (contract), GA DHS

·   Georgia Department of Human Services is 9000, employee $ 2 billion state agency entrusted with administering Medicaid, Medicare, Elderly Care, PeachCare, and Temporary Assistance for Needy Families (TANF), Supplemental Nutrition Program (SNAP) and many other Federal State.

·   Developed and implemented security policies, processes, incident response, application and Identity and Access control programs to meet and exceed Federal, State and Homeland Security information security regulations and laws. Responsible for ensuring internally and externally developed applications and commercial software procurements meet federal and state regulations and making sure they are implemented and operated securely.

·   Manage outsourcing vendors such as IBM, and AT&T designs, deploys and operates state networks and data center operations complies applicable federal and state laws and regulations. Responsible for auditing IBM and AT&T audit logs operational logs to ensure security is not compromised. Consult and provide guidance network transformation projects, negotiate and implement third party (vendors, federal agencies, and neighboring state agencies) data exchange agreements and maintain by closely working with the legal counsel.  Negotiate secure data exchange interfaces with various federal agencies including IRS, Social Security Administration, Centers for Medicaid and Medicare Management and ACA. Ensure information security program complies with all federal and state laws and executive directives. Responsible for providing the State of Georgia, internal technology, security platforms, investment and financial audits are in compliance with State and Federal Laws. Respond to day-to-day operational events and incidents to provide leadership and guidance to a staff of 15 security professionals.

·   Architected and implemented an agency-wide cryptographic security program to comply with federal laws, directives and guidelines such as Federal Information Security Act (FISMA), Health Information Privacy Protection (HIPAA), and IRS 1796 data protection regulations.

TSYS, Columbus, GAJan. 2011 – July 2013

Associate Director, Information Security & Cryptography Solutions

·   Responsible for leading a team managing enterprise cryptographic security architecture, design, engineering and implementation focusing on cryptographic protection of data in use, at rest and in transit to ensure compliance with PCI-DSS, SOX, GLBA, HIPAA FFIEC, CFPB and other federal, state, EU and UK data protection laws regulations. Jointly architected with IBM Science and Technology group industry’s first immensely scalable Cryptographic Key Management system leveraging existing products and IBM Distributed Key Management System (DKMS) and IBM Crypto Co-processors and ICSF.

·   Worked with IBM to extend DKMS software for centralizing key management to support TSYS global operations and to meet TSYS business and operational needs for managing cryptographic keys. Led a cross-functional team consisting of various TSYS domestic and international business units, IT and IBM to develop a least intrusive migration strategy by leveraging existing software.

·   Developed requirement and specifications for developing an abstraction layer for non-intrusively replacing the existing middleware providing the cryptographic interface to applications to eliminate changes to numerous existing applications and processes.

·   Managed a team of 7 developers developing the abstraction layer replacing the current middleware interface to Thales HSM. Worked with the TSYS Encryption Key Management team to identify existing workflows and to develop an automated key management workflow interface complying with existing security policies, to automate key request, key generation, distribution, rotation, and destruction (full lifecycle management) of cryptographic keys. When fully implemented, the Cryptographic Key Management system will eliminate approximately 200+ Thales, SafeNet, and other Hardware Security Modules saving $13 million in hardware procurement, maintenance expenses.

Lockheed Martin, Atlanta, GA June 2008 – August 2010

Information Security Officer, CDC, Atlanta, GA

·   Managed a team architecting, designing, implementing cyber security programs for the Coordinating Center for Infectious Disease (CCID), which is the largest agency within CDC. CCID enterprise IT infrastructure has approximately 1800 platforms running UNIX (HP-UX, IBM z/OS), Linux, Windows, and VM Ware virtualized environments. These platforms run sophisticated research, CRM (SAP), applications and Oracle, SQL and DB2 databases and analytical metadata applications and host extremely sensitive research data. 

·   Managed a team Security Analysts, engineers, and vulnerability analysis team for implementing and managing enterprise information security program with intranet and extranet extended to global locations in Africa, Southeast Asia, and Central Asia and other CDC research areas. Managed information security programs and initiatives such as annual risk analysis, OS hardening, application security analysis, and install new internally developed and COTS software.

·   Managed development of Certification and Accreditation and obtain authorization to operate from the Office of the Chief Information Security Officer (OCISO) on behalf of the agency director. Provide secure software development requirements to meet FISMA and NIST security mandates. Consult and advise developers on the security requirements for a variety of medical research and other enterprise applications processing highly sensitive research data, Personally Identifiable Information (PII) and Personal Health Information (PHI) and interfaces to investigation and pharmaceutical partners. Evaluated and tested Identity and Access Control management products and developed an automated test tool internally using NIST-developed I&AM test software to ensure the IAM modules meet information access regulations for HIPAA and Personal Identifiable Information processing laws and regulations.

·   Managed teams Developing information security annual Certification and Accreditation (C&A) packages for CDC's Coordinating Center for Infectious Disease (CCID) agency and obtain authorization to operate on behalf of the Agency Director. Participate in development projects to ensure FISMA, HIPAA, SOX, GLBA, PHI; PII security is built into the software to ensure compliance with FISMA and Executive Directives are met within mandated time frames. Managed development projects, analyzed and approved software and hardware changes and provided oversight to the change management processes for the agency.

·   Conducted routine penetration testing, vulnerability scanning on regular schedules and remediated vulnerabilities Evaluated scan and vulnerability analysis reports and developed reports for division director and OCISO.

Amalan Networks, Suwanee, GA Jan. 2003 - March 2008

VP Engineering

·   Started Amalan Networks with two partners to develop and market next generation enterprise security software. The technology utilized Bayesian networks, statistical analysis, and entropy for detecting and preventing security breaches in real time. Invented and wrote algorithms for a high-speed real-time classification engine (10 GB/s), using Bayesian network theory, statistical analysis, and the entropy engines.

·   Obtained provisional patents from the US patent office for the above algorithms.

·   Successfully obtained capital from individual investors and a venture capital firm to get the company started. Developed technical requirements based on NIST Security Content Automation Protocol, for assessing security configurations of routers, switches, servers, operating systems security using Common Vulnerability Enumeration (CWE) and Common Vulnerability Scoring System (CVSS) metrics developed by NIST.

·   Developed and executed joint sales and marketing agreement with Foundry Networks, Extreme Networks, and Force 10 Networks.

Movaz Networks, Norcross, GAOct. 2000 – Dec. 2002

Director, Product Line Management

·   Manage DWDM hardware, software, and Network Management products for the DWDM product family. Conceptualized and wrote market requirements, software requirements and successfully managed the development of GMPLS and Micro Electronic Matrix Switch technologies based control plane software for wavelength switching and routing. Wavelength switching and routing allowed customers to utilize optical network capacity optimally and to generate additional revenue from the existing network infrastructures.

·   Managed development of Next Generation Network Management and OSS/BSS including walled garden web portal where customers can access their accounts, payment history order, and change service. Implemented a Role Based Access and View-Based Access Control mechanism and encryption for securing customer information using SNMPv3 standards. Provided sales support and delivered customer presentations on technology and product capabilities, contract negotiations, and RFP support as required by the global sales team. Meet with customers to gather Operational and Business support system needs, network deployment plans and developed requirements and development plans to align with customer's network upgrades, lab testing, and network deployment plans. 

·   Developed product pricing, budgets, revenue forecasts, and managed P&L for the product line.

·   Successfully executed and managed partnership agreement with Lucent Technologies for Network Management products.

Arris, Suwanee, GA March 1997- Sept. 2000

Senior Product Line Manager

·   Manage product lifecycle of Cable Modem, Cable Modem Termination software, and Network Management hardware and software products. Define product strategies and created development plans and budgets. Wrote requirements for various IP routing protocols such as; RIP v2, OSPF, MPLS, SIP and SNMPv3 network management software. Managed numerous product development projects including; secure software development projects across Nortel and partners. Provided sales support and made numerous technical presentations to customers as SME in the US and International markets to customers such as Telecom China, Jupiter Communications of Japan and I-Cable in Hong Kong, AT&T Broadband and successfully helped to secure multi-million dollar contracts.

·   Developed an OSS/BSS Algorithm for automatically provisioning IP triple-play service, (data, voice, and video) The Algorithm provisioned VoIP, the Internet, video-on-demand service and automatically and configured IP service components and server such as Call Server. Carrier customers were able to reduce customer premise installation cost from ~ $1200 to less than $500.  Nortel currently owns the Patent.

·   Managed the development of industry’s first walled garden web portal allowing customers to self-provision and activate voice, data and video service. The portal also provided access to account information, payment history order status and service change requests.

·   Managed development and implementation of Role Based Access and View-Based Access Control mechanisms and encryption for securing customer interaction with the Web Services portal.

·   Managed implementation of Base Line Security Interface (BSI) for cable modems and Cable Modem Termination Systems (CMTS) to ensure network security. BSI prevented customers from installing ad-hoc cable modems purchased from retail outlets and secured devices behind cable modems connecting to the network is known and certified by cable operators and to prevent service theft. Managed AT&T relationship to get Nortel products into the AT&T Broadband Lab to get products certified for field deployments. Coordinate cross-functional broadband product development and network deployment project teams across Nortel business units and other technology partners successfully deployed broadband networks in Chicago, Seattle, and Spokane, Washington. Developed product pricing, project and development budgets, revenue forecasts, Test Plans and managed P&L for the product line.

·   Participated in Cable Lab standards working group and wrote parts of CMTS, network management, operations and business support system specifications.

AT&T Tridom, Marietta, GAAugust 1984 - 1997             

Sr. Product Line Manager

·   Analyzed U.S and international markets, developed marketing and technology strategies, and presented to the senior management to secure funding to develop new products. Develop and maintain country-specific pricing for products and services.

·   Worked with Bell Labs, AT&T Wireless, and Data Communication Service (DCS) business units to develop and market a variety of networking products and service.

·   Managed international VSAT product line for South America, Europe, and Asia markets. 

·   Provide sales support in regions as required by the sales teams to secure business and to achieve revenue targets. Successful in securing multimillion dollar contracts in South America, Europe, and Asia.

·   Manage deployment of large VSAT and Frame Relay hybrid networks for Wall-Mart, Chevron, Amoco, Days Inn, Holiday Inn and Enterprise Rent- A-Car and many others.

·   Manage annual revenue and P&L of $150 million.

Sr. Manager, Systems Engineering