Simone M. Abel

**** **** **** ******

Brooklyn, New York 11236

Mobile: 1-917-***-****

acfug9@r.postjobfree.com

TECHNICAL QUALIFICATIONS

Certifications

CISSP

SCNP-Security Countermeasure Network Professional

CNA-Certified Novell Administrator

Network Engineering certificate

ITIL-Foundation Certificate in IT Management

Security +

MCP

Hardware installation, configuration and maintenance:

IBM, Compaq, Dell, Blade, Appliances

Software installation/configuration:

Windows 2003, 2008, 2012, SQL Server-2008, 2012, Linux RedHat 9.x &

Suse, Novell 6x, Lotus Notes for Domino Server, XP, Windows 7, Zenworks,

IIS, Symantec Endpoint Protection, Symantec Mail Security for Dominos,

Symantec Brightmail SMTP -Mail Security 8380 Gateways, Symantec DLP 12.x

Trend Micro HTTP Interscan Web Security Gateway Suites, Ziplip SMTP Secure

Mail Gateways, Wireshark, Qualys VM Scanner and GFI Languard

WORK EXPERIENCE

Weill Cornell Medical College, New, New York

03/2014- Present

Security Engineer/consultant

. Responsible for product evaluation, engineering, development,

implementation and support of Security solutions. Such as: Symantec

DLP, Identity Finder DLP, SEP and SIEM(ArcSight/Splunk) and incident

handling/triage. Additionally, responsible for defining, developing

and maintaining hardware installation, configuration, integration and

maintenance.

. Information security monitoring and responding to potential security

threats at WCMC.

. Ensures applicable information security design considerations

are appropriately inclusive within all new and existing computing

environments.

. Reviews/validates enterprise and departmental applications to

ensure HIPAA compliance.

. Provides engineering support to Security Operations.

. Performs other related duties as assigned.

North Shore Long Island Jewish, Melville, New York

05/2013- 3/2014

Lead Security Engineer

. Leads and guides the activities and staff engaged in

designing, integrating, implementing, validating and documenting the

enterprise information systems and applications. Such as: Symantec

DLP, SIEM, Forescout, Nessus, etc..

. Ensures applicable information security design considerations

are appropriately inclusive within all new and existing computing

environments.

. Leads the composition and document life-cycle maintenance

of application/system specific security hardening guidelines.

. Reviews/validates enterprise and departmental applications to

ensure HIPAA compliance.

. Provides regulatory and best practice framework for security

operational execution.

. Provides engineering support to Security Operations.

. Recommends and implements documentation standards, policies

and procedures for enterprise security environments.

. Prepares recommendations for security enhancements and upgrades.

. Maintains standards, risk assessments, documentation and procedures

related to security for the Information Services Production,

Business Continuity, and Disaster Recovery environments.

AIG, New York, New York

12/2012- 05/2013

Security Consultant

. McAfee Data leakage protection incident management support

. McAfee antivirus incident management

. Symantec Data Leakage Protection testing

. Security Risk Analysis for HRIT

o Manage ongoing high-level risk assessments of external vendors and

pr-existing systems

o Initiatives security risk assessment questionnaires, supporting

artifacts, review risk rating, and oversee Penetration testing

o Conduct IT assurance assessments over project implementations,

developing a gap analysis and providing security requirements to

mitigate identified risks using practical cost effective controls

o Schedule and execute periodic in-depth and risk-based assessments of

existing systems

o Track efforts to remediate vulnerabilities, implement compensating

controls, or document risk acceptances against identified

vulnerabilities and/or control risks

o Understanding of security risk exposures and how vulnerabilities can

be transfer into a business risk

o Work with PM in communicating flaws in systems, document and

communicate control deficiencies identified during assessment

Time Warner Corp, New York, New York

04/2011-12/2012

Senior IT Compliance Analyst

. Symantec Endpoint Protection implementation, configuration, monitoring

and remediation of virus/worms

. Symantec DLP implementation, support and incident management

. Qualys implementation, support and vulnerability remediation

. Managing of security incident response lifecycles that include alerting,

triaging, responding, reporting, coordinating, and communicating with

internal and external stakeholders

. Lead IT Security efforts to assess existing systems:

o Manage ongoing high-level risk assessments of existing systems

o Initiatives security risk assessment questionnaires, review

applications risk rating, and oversee Penetration testing

o Schedule and execute periodic in-depth and risk-based assessments of

existing systems

o Track efforts to remediate vulnerabilities, implement compensating

controls, or document risk acceptances against identified

vulnerabilities and/or control risks

o Understanding of security risk exposures and how vulnerabilities can

be transfer into a business risk

o Work with business administrators as well as IT professionals in

communicating flaws in systems, document and communicate control

deficiencies identified during assessment

. Understand and tactically execute information security and technology

compliance goals.

. Perform quarterly SOX self-assessment testing for IT General Computer

Controls to ensure compliance-related tasks and activities are completed

in a timely manner.

. Perform troubleshooting of information security incidents and information

security problem-solving

. Educate on information security and compliance policies and procedures,

and promote awareness

. Participate in project management processes (e.g., create project charter

and detailed project plans, support project budgeting, manage task

execution, prepare and distribute stakeholder communications, etc.)

. Support existing client, vendor, and IT relationships, and achieve

desirable project results

. Perform unit and integration testing of security components

. Participate in benchmarking, evaluation and selection of new information

security tools and practices by maintaining on-going understanding of

regulations impacting information security and compliance.

Symantec -Daimler, Montvale, NJ

03/2010- 04/2011

Senior Security Solution Consultant

. Incident management - provide direct support to the client in the day-to-

day management and response to security events, vulnerabilities,

and incidents detected within the environment.

. Risk assessment - support the client in risk assessment activities to

address emerging threats, new system deployment, and analysis of existing

systems as necessary with the overall objective of providing quantitative

improvement in the client security posture.

. Symantec Antivirus Protection 11.x configuration, monitoring and

remediation of virus/worms

. Vulnerability management via Qualys- support the client vulnerability

management program to provide insight to emergent vulnerabilities and

recommendations for mitigation appropriate to the client environment.

. Remediation strategies - assist the client in developing remediation

prioritization, strategies and solutions to mitigate identified security

issues.

. Strong knowledge of NIST 800-61 publication and Carnegie Mellon CERT

procedures.

. Strong understanding of multiple Operating Systems (Windows family,

UNIX/Linux, VMWare, etc.).

. Preparing and submitting turnover reports to the next shift.

The Bank of New York Mellon, New York, NY

07/1998- 03/2010

Information Security - Technical Security Consultant II

Information Security experience with evaluating, implementing

and supporting security solutions

through the product life cycle

Enterprise 24 * 7 SMTP and HTTP Web gateway engineered and

support

Trend Micro HTTP Interscan Web Security Suite engineer with

Microsoft SQL 2005 backend DB

Symantec SMTP Mail Security 8260/8380 Gateway engineer with

MySQL backend DB

Zip Lip SMTP Gateway engineer with Microsoft SQL 2005 backend

DB

Symantec Antivirus 11.x implementation, config, supporting,

monitoring, reporting & remediation of virus/worms

Symantec Security Information Manager(SSIM) aka SESA

Administrator

ArcSight - central incident management

Forescout- endpoint management

Vontu Data Leakage Prevention integration with Symantec Mail

Security gateway

Proventia IDS/IPS firewall -monitoring, identifying,

escalating, and reporting security threat events/alerts.

BNYMellon's subsidiaries and business partner integrator

Request for Proposal and statement of work

Metrics report on Security solutions

Implementation of Preventive control/countermeasures to

ensure CIA

Change management and reporting

Auditing

Budgeting

Staying abreast with Security technologies and threats via

RSS feeds, Security vendors, Seminars,

Training institutions and attending courses at the

Universities to ensure counter measures

are in place to ensure CIA.

Supervised/Team lead by providing operational oversight for

System Security team's activities.

Wide Area Network/Lotus Notes administrator

07/1998 -07/2000

. WAN administrator for Novell 6.x and NT domains

. Managing and set up network access for users

. Created and managed containers, file and system access & login scripts

. NDS file system security

. NFS file system security

. Users and Groups account administration

. Global Policy Administration

. Implementing Novell Distributed Print Services (NDPS)

. Using ZEN works to manage workstations

. Using ZEN works to manage applications

. JetAdmin to configure remote printers

. Use RCONJ and RCONSOLE to remotely access the server console

. Create, manage, and provide maintenance support of Lotus Notes accounts

Infinite Technology Group/The Bank of New York, New York, NY

09/1996-07/1998

PC System's Administrator/Help Desk Rep

Coordinator of software and hardware installation, configuration and

upgrades

Coordinator Data Center server connectivity: IP address, server

location

Maintain Data Centers Diagram

Liaison for the Bank of New York with various vendors

Troubleshoot user's software and hardware issues

Formulate work request to various vendors

Troubleshooted hardware and software issues

Pc acquisition and oversee hardware and software purchases

Provided LU's addresses to mainframe administrators

EDUCATION

Pace University: Master Internet-Security and Info Assurance

Grad/2009

Pace University: Network Security and Info. Assurance certificate

2006-2007

New Horizon: Win 2003 Eng, Novell, Security +, SCNP, Pen Tester, CEH

2000-2006

Linux: Linux Engineering training 07-

2005

Loyalist College and Applied Arts & Technology: ITIL certificate

06-2004

The Chubb Institute: Network Engineering certification

Grad-2003

Symantec: Symantec Antivirus certification

06-2000

Novell: Certified Novell Administrator

06-1999

Baruch College: BBA in Information Systems

Grad/1995

Contact this candidate