Information Security Consultant
Recognized Expert in Risk Analysis, Cyber Security Policy, Engineering and Operations
Providing a broad perspective on today’s global security challenges, tomorrow’s threats and a proven track record of innovative, effective solutions to government and private sector entities.
Areas of Expertise
|• Business Continuity and Disaster Recovery||• Security Risk Assessment & Management|
|• Privacy||• Security Architecture & Engineering|
|• Policy Management and Compliance||• Security Program Management|
|• Security Operations|
|• (ISC)2 CISSP||• SANS GIAC Web Application Penetration Tester (GWAPT)|
|• Certified Ethical Hacker (C|EH)||• Cisco CCNA Security|
|• Computer Hacking Forensics Investigator (C|HFI)||• GIAC GWAPT|
|• Security+||• MCSE|
Snapshot of Recent Projects
Complete list available at www.hiswebsite.com
Business Continuity and Disaster Recovery:
A South Florida retailer lost more than $30 million in e-commerce transactions and data following a tropical storm.
- Recommended the installation of an intelligent provisioning and storage virtualization tool.
- Deployed full set of application-aware data protection services, including real-time synchronous mirroring, volume snapshots and WAN-optimized replication across multiple platforms.
- Moved the company away from failure-prone once-a-day tape backup.
- Ensured component redundancy upgrade.
- Slashed replication costs by 90% while shrinking backup repository by 95%.
- Enabled seamless operational failover between sites and fast, cost-effective physical-to-virtual (P2V) disaster recovery by installing components that integrate with VMware and Microsoft virtualization environments.
Security Architecture and Engineering:
Hackers were penetrating the online and email accounts of this global transportation provider
- Initiated the installation of a Websense Email Security Gateway Anywhere solution to manage/secure SMTP traffic.
- Recommended Websense Internet proxy and Web Security Gateway Anywhere to manage corporate Internet proxy traffic and supporting infrastructure.
- Helped the cyber forensics manager create extensive documentation and procedures related to email security monitoring, Internet proxy management and content filtering
- Reduced security breaches by 99 percent.
- Taught staff to study the proliferation of viruses and proactively prevent hacker intrusions by conducting active penetration tests to discover vulnerabilities in information systems.
Risk Assessment and Management:
An aerospace parts manufacturer failed to comply with the protection and detection capabilities mandated by the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP).
- Conducted risk assessments of the information assets of the organization and recommended a series of controls that complied with Information Assurance (IA) capabilities and services as defined in the DoD Instruction 8500.2.
- Collaborated with system admins, network engineers as well as site, asset and project managers to establish and implement mechanisms for identifying and addressing security vulnerabilities.
- Company received DOD certification and has been awarded two large contracts.
Security Program Management:
A workers comp insurer was unable to evaluate third party risk and manage vendors.
- Developed a risk profile of prospective vendors using questionnaires, fidelity standards/ policies and experience.
- Assessed vendor controls to ensure that they met or exceeded company’s risk tolerance.
- Prepared written reports to help business leaders understand the risks and recommended mitigation strategies including the collection of vendor performance data in a centralized database, the development of scorecards, SLAs and the execution of weekly performance reviews.
- Reduced IT operating costs 15% by facilitating the outsourcing of data and operations to the cloud.
Education and Awards
Speaker: The 16th Annual New York State Cyber Security Conference
Presenter and Coach: 2013 Cyber Security Summit, Cyber Security Club at Virginia Tech
Certificates: Computer Forensics, University of Central Florida-National Center for Forensic Science and Fundamentals of Incident Handling and Information Security for Technical Staff: Carnegie Mellon University
MBA, College of Business, Florida State University
Bachelor’s Degree, Computer Science, College of Engineering-Virginia Polytechnic Institute and State University