InmotionNow , Durham, North Carolina8/2015 – 10/2015

Independent Information Security Consultant

   Worked as a short-term freelance security consultant for InMotionNow. My responsibilities

   Included performing security audits and penetration tests of their AWS cloud based 

   infrastructure. I also wrote a full set of security policies and procedures that the company

  internally published, and they are used in production today. 

 

Key Achievements:

§    Found significant security issues with their main cloud application. Made appropriate recommendations to their developers to secure this primary revenue generating application.

§    I was able to fill a gap in their security program by writing key security policies and procedures that they were missing.

 

 

  Wake County Government Raleigh, North Carolina                                    9/2001 – 8/2015

Senior IT Security Architect, Chief Security Officer and PCI/HIPAA Security Officer

   As a “working manager”, and as the Wake County Security team initial member, I built a top

  Class security team and oversaw the creation and evolution of the corporate IT Security

  program.

   Designed the IT security infrastructure to protect over 7000 Windows workstations and over

  350 Windows and Linux servers. This network was tested by an independent security firm, and

  was given the highest possible score for Internet based security. I personally selected and 

   implemented a wide variety of security platforms and controls that were effective at protecting

  the integrity, confidentiality and availability of IT resources.

  Responsible for implementing and configuring tuned IPS signatures on Cisco, IBM, Fortinet

  and Symantec IPS platforms. This cross-platform expertise resulted in a much lower incident

  rate of Internet based attacks connecting to server and workstation endpoints. I reverse

  engineered attacks such as SQL injections and presented the attack techniques and the

  remediation steps that were taken to mitigate the risk to Information Services and to senior

  management. Personally led lessons learned meetings for all high level IT security incidents.

   Created and managed disaster recovery tests.

   Worked with several cloud vendors and personally managed hosted email encryption, IDaaS

   and external vulnerability scanning as a service. I selected OKTA IDaaS to stop sucessful

  spear-phishing campaigns. I am considered a subject matter expert for the Rapid7 vulnerability

  scanning platform known as Nexpose. Integrated Metaslpoit with Nexpose so that discovered

  vulnerabilities could be exported into Metasploit to generate specific attack payloads for

  penetration tests. Fully documented the network infrastructure, and can provide redacted

  network infrastructure diagram samples upon request. I served on the committe that created

  policies and procedures for the County. Served as both the PCI and HIPAA Security Officer, and

  of course was the principal for all PCI and HIPAA security compliance issues.

  I created the incident response plans, policy and procedures. Wrote many other policies and

  procedures that related to security, and can present samples if needed. I managed the security

  team budget, and gave seven year budgetary forecasts. Directed the IT security program for

  over 14 years, and provided clear vision to ensure the County maintained a secure, reliable

  network and a great reputation.

 

Key Achievements:

§    Recommended, Designed and Implemented the following enterprise-class security solutions: Email Encryption, Load Balancing and Application Delivery, Consolidated SSL Termination Services, Advanced Authentication Services, Three-Vendor Hybrid IPS Platform, Email DLP, Secure FTP, Vulnerability Management, Effective Penetration Testing, much more.

§    Efficient Handling of High Risk Vulnerabilities such as Shellshock and Heartbleed.

§    Security Subject Matter Expert for PCI compliance.

§    Served as Head HIPAA Security Officer for 14 years, led all HIPAA Risk Assessments.

§    Personally managed all Information Security Incidents, and kept accurate records.

§    Personally cracked the administrator password on a Private Exchange Server for Law Enforcement to help with Email Retrieval in a Fraud investigation.

§    Achieved Third-Party Verification of Effective IT Security Design and Control Implementation.

 

    Penn Life Insurance Company Raleigh, North Carolina             9/1999 – 5/2001

  Information Security Consultant, Network Manager

    My responsibilities included managing a small technical team and a 400 node network

      consisting of 3Com switches, Cisco 2600 Routers, ATM backbone, Windows and Netware

      servers.

     Maintained Cisco Routers in Raleigh and Canada and managed all International frame-relay

     trouble tickets. Was responsible for Wan security, network management, design, antivirus

     software, disaster recovery procedures and tape backup rotations.

     Documented the network topology and held project meetings. Worked with the webmaster and

     DBA to achieve all desired technical goals. I served effectively in a team-oriented working

     environment, and was highly regarded by all other employees and senior management. Penn

     Life was purchased by Universal America, and the Raleigh site was eventually disbanded.

 

    Key Achievements:

§    As a contractor, I replaced two full-time IT employees. Was informed by senior management that I was more effective than the two employees combined.

 

 

 

 

BB&T Bank Wilson, North Carolina 9/1998 – 6/1999

Systems Engineer/Y2K Project Manager

 My reponsibilities included managing the BB&T Y2K project and designing software distribution servers to facilitate Y2K fixes to servers and workstations. I also solved several problems with NT servers and NT SNA gateways. I worked at BB&T locations in Charlotte, Whiteville, and Wilson. I managed several other contractors. Developed solutions which included using servers to mass-distribute Y2K software and designed disaster recovery solutions for departments that previously had not implemented DR.

 

 

 

 

Nationsbank Charlotte, North Carolina2/1998 – 9/1998

Network Lab Manager

Contracted at Nationsbank as a Project Manager and Network Administrator. My responsibilites included designing and managing the buildout of a large test lab for the Nationsbank Global Finance department. Responsible for the setup and maintenance of Windows and Netware servers.

Designed software images and disaster recovery plans for workstations and managed the backup/recovery of the servers. In charge of certifying Y2K compliance on all equipment in the lab by running Y2K test programs and upgrading non-compliant hardware and software. Made sure all network operating systems wereY2K ready. Wrote an Access database to track service tickets. I saved the bank over $40k by pointing out over charges in a bid for the lab’s network wiring job. I introduced disaster recovery software and other software solution packages to the bank. I fully documented the network and the laboratory disaster recovery plan.