Christopher Lewis (CISSP)

Mobile Phone: 214-***-****

E-mail: w2gfn4@r.postjobfree.com

Austin Texas

OBJECTIVE

To secure a challenging position within the Computer Security field that will capitalize on my comprehensive knowledge of new cutting edge technologies in the areas of Computer Forensic, intrusion detection, vulnerability assessment, penetration testing, risk assessment, and firewall configuration, installation, and testing.

Current Salary: $105-125hr (W2 only)

Salary Expectations: Negotiable, Base Salary + Bonus Structure + Benefits

WORK EXPERIENCE

SIEM Practice Principal

11/2011 Present

Alaiado

Consulting

• Conceptually designed and implemented SIEM (ArcSight) multi-layered correlation and analysis methodologies and tool-sets.

• Designed and architected PCI compliant solutions for customers. This included developing custom flex connectors for various vendor specific technologies, use cases, dashboards, rules and trends.

• Developed visualization methodology and integrated business visual analytics tool allowing analysts to explore up to 1 million events on screen at once. Techniques were shared with and ultimately used by ArcSight in developing their Interactive Discovery tool.

• Transfered ArcSight correlation experience to the clients internal SOC team. Worked with ArcSight administrator(s), GSOC lead, and other team members to develop ArcSight rules, channels, cases, flex connectors, super connectors and analysis methodology which continued to be used after my departure.

• F5 LTM/GTM

• SME responsible for F5 Support and Management.

• The Global Traffic Manager (DNS Load Balancing Device) SME.

• Technical Resource on implementation project(s).

• Created and delivered presentations to managers and co-workers on the Global Traffic Manager and the benefits.

Principal ArcSight Architect

10/2011 Present

Verizon

Consulting

• As Principal System & Security Engineer I am responsible for the architecture design, capacity planning, application administration, and day-to-day operation of the global security infrastructure. This infrastructure is used 24x7 to monitor and manage the security of our worldwide customer base. You will stay on top of recent system administration developments. As system engineer I must interact on a daily basis with other departments such as development and the operational team. I have a strong understanding of incident handling in a network or security operation center (NOC/SOC).

Senior ArcSight Architect

4/2011 11/2011

Neiman Marcus

Retail

• Conceptually designed and implemented Neiman Marcus multi-layered correlation and analysis methodologies and tool-sets.

• Designed and architected PCI compliant solutions for Neiman Marcus Point of Sale registers (POS). This included developing custom flex connectors for various vendor specific technologies, use cases, dashboards, rules and trends.

• Designed security statistical correlation modules based on Neiman Marcus fraud detection engine to integrate with any data source (including ArcSight).

• Developed visualization methodology and integrated business visual analytics tool allowing analysts to explore up to 1 million events on screen at once. Techniques were shared with and ultimately used by ArcSight in developing their Interactive Discovery tool.

• Transfered ArcSight correlation experience to the Neiman Marcus internal SOC team. Worked with ArcSight administrator, GSOC lead, and other team members to develop ArcSight rules, channels, cases, flex connectors, super connectors and analysis methodology which continued to be used after my departure.

Principal Penetration Tester

5/2010 – 4/2011

Arsenal Security Group

• Perform onsite and remote security consulting including penetration testing, application testing, web application security assessment, onsite internet security assessment, social engineering, wireless assessment, and IDS/IPS hardware deployment.

• Perform ethical cracks ("hacks") to assess the vulnerabilities of test, Internet, and/or Intranet connected systems, networks, and applications including Windows, Linux, AIX, Solaris, HP-UX, OpenVMS, and Cisco IOS/CatOS.

• Generate and present reports on security vulnerabilities to both internal and external customers.

Senior ArcSight Architect

2/2010 - 7/2010

Citibank (Citigroup)

Banking

• Conceptually designed and implemented Citibank's multi-layered correlation and analysis methodologies and tool-sets.

• Designed security statistical correlation modules based on Citibank's fraud detection engine to integrate with any data source (including ArcSight).

• Developed visualization methodology and integrated business visual analytics tool allowing analysts to explore up to 7 million IDS events on screen at once. Techniques were shared with and ultimately used by ArcSight in developing their Interactive Discovery tool.

• Brought ArcSight correlation experience to the Citibank internal SOC team. Worked with ArcSight administrator, GSOC lead, and other team members to develop ArcSight rules, channels, cases, flex connectors.

Senior Security Architect

8/2007 – 12/2009

Rand Corporation | Santa Monica, Los Angeles, CA

Government and Military

• Information Security Architect IV

• Involved in developing enterprise security strategies.

• Leads Forensic security projects.

• Develops and manages security for all IST functional areas (e.g., Forensic, data, systems, network and/or web) across the enterprise.

• Maintains exceptional knowledge in networking, databases, systems and/or Web operations.

• Provides Tier 3 support to customers and IST staff for security related issues.

• Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.

• Educates IST and the business about security policies and consults on security issues regarding user built/managed systems.

• Coaches more junior level staff on security related technologies and procedures.

• Also served as Project Manager (ArcSight architect) for designing & implementing Log Management, Event Management and Security monitoring, based on ArcSight products (ArcSight ESM SIEM & Logger) and others monitoring tools. ArcSight infrastructure architecture & design, uses cases definition how meet business requirements.

Sr. Security Architect

10/2006 – 8/2007

Stanford University/Perot | Palo Alto, Santa Clara, CA

Healthcare Services

• Gather requirements and architect technology solutions for security environment based on requirements.

• Design viable security solutions in accordance with the defined architecture. Responsible for leading teams of consultants in performing INS core security services, including risk assessments, security audits, network vulnerability assessments, as well as security program services such as identity management, security remediation, and patch management initiatives.

• Test product(s) to ensure proper function. Implements product(s) in production status. Apply vendor or internal fixes to resolve programming errors and/or enhance functionality. Provide primary support for installed security product(s).

• Work with application development team leads to ensure application security is aligned w/security architecture and business needs.

Work with key business leaders on new projects to ensure security as forefront of each project.

• Use Vulnerability Assessment tools such as Nessus, eEye Retina and WebInspect and for platform and application discovery.

• Develop procedures and/or programs to support internal departmental objectives.

Manage VA compliance and enforcement for production areas and in accordance with SOX efforts.

• Understand impact of product changes on subsystems, users and operating procedures

Perform problem diagnosis and resolution. Interfaces with product vendors if necessary. Uses internal resources and expertise as needed.

• Work on complex issues and use troubleshooting and incident handling skills that require analysis of situations or data.

• Internal and external contacts often pertain to company plans and objectives.

• Serve as consultant to management and external spokesperson for the organization.

Consistently work with abstract ideas/situations across functional areas of the business.

Require in depth knowledge of the functional area, business strategies, and the company’s goals.

• Influence policy making.

• Assess intangible variables, identifies and evaluates fundamental issues, providing strategy and direction for major functional areas.

Manager

1/2006 – 9/2006

Baylor Health Care Systems | Dallas, Dallas, TX

Healthcare Services

• Oversee staff and vendors positioned and purposed to safeguard the company’s assets, intellectual property, and information systems as well as its employees and visitors.

• Responsible for development and management of Security Strategic planning for Corporate IT to include People, Process, Technology and Facilities.

• Evaluation and management of existing information system’s security components which includes policies and procedures of information systems risk management. Review and recommend changes to policies as conditions warrant.

• Lead the development and renewal of Security Policies and Administration procedures.

• Develop and update Security Assessment guidelines and integrate into the Project Management Methodology.

• Responsible for conducting all Security Risk Assessments for Corporate IT. Work with outside consultants as appropriate for independent security audits.

• Maintain relationships with local, state, and federal law enforcement and other related government agencies. Keep abreast of changes to existing and proposed State and Federal legislation and regulatory laws pertaining to information systems security and privacy.

• Develop, manage, and enforce security related best practices and procedures.

• Overall responsibility for the integration of Baylor Health Care Systems security program with Business Continuity Planning, Crisis Management and Response, and Disaster Recovery.

• Define IT Security infrastructure for network, servers, applications, and databases.

• Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.

• Prepare and deliver program status and security situation briefings for senior management and other parties designated by senior management.

• Ensure that the Baylor Health Care Systems IT organization obtains, develops, and retains qualified and competent security specialists.

• Either serve as or appoint staff to serve as security consultant to Baylor Health Care Systems projects involving changes to the organization’s facilities, procedures, systems, or management practices.

• Ensure that appropriate security-related training and education are provided to Baylor Health Care Systems IT and general business personnel as required by regulation or organization changes.

• Maintain awareness of emerging threats, such as new viruses, hacker contests and system vulnerabilities. Provide recommendations for mitigating risks associated with these threats.

• Participate in the development and documentation of information security standards, best practices and guidelines. Develop a security strategy, architecture and appropriate policies.

Influence policy making. Assess intangible va

7/2005 – 1/2006

SAIC | San Diego, San Diego, CA

• Security Architecture Development, Content Filtering, Access Management

• Develop and deploy IDS/IPS (Intrusion Detection /Intrusion Prevention Systems)

• Develop and deploy SIM (Security Information Management)

• Develop and deploy CSA (Cisco Security Agent)

• Systems Re-engineering, Network design, WAN Troubleshooting / Desktop and Network Support

• Project Management, Training, Presentations

• Intrusion Detection Deployment / Installing and securing Wireless networks

• Security Investigation, Data Forensics

• Business Continuity Planning /vulnerability Assessments

Sr. IDS/IDP Engineer

12/2004 – 7/2005

Lucent Technologies | Murray Hill, NJ

• Telecommunications Services

• Aided in the development of Information Security systems architectures in large Government and Private sector networks.

• Specialized in architecting advanced open and closed source Intrusion Detection Systems and processes to effectively mitigate risk.

• Participated in activities associated with the identification, prioritization, and resolution of incidents.

• Coordinated activities associated with the implementation of information security initiatives to senior business managers.

• Lead teams to define and refine security processes and establish metrics.

• Evaluated technologies for effectiveness and fit with corporate cultures.

• Architected Intrusion Detection solutions to manage information security risk for mission critical infrastructures.

• Architected Security Information Management systems.

• Specified and designed firewalls, site-site and remote access VPNs, and application authentication systems.

• Performed internal, external penetration security assessments.

• Performed ISO 17799 audit of one of Canada’s largest communications providers. Identified opportunities for improvement and joined efforts to align business units with upcoming SAS 70 objectives.

Sr. Network Security Engineer

5/2004 – 12/2004

CompuCom | Dallas, Dallas, TX

• Responsible for monitoring and interpreting output from intrusion detection systems.

• Participate in activities associated with the identification, prioritization, and resolution of incidents. Coordinate activities associated with the implementation of security initiatives.

• Install and configure network and host based IDS/IPS.

• Implement security controls and audit operating systems, including Windows and UNIX. Audit and recommend secure firewall and router configurations.

• Perform manual and automated assessments on desktops, servers, routers, switches and firewalls. Utilize experience and understanding of IS environment.

• Prepare progress reports for work performed. Act as liaison between security and all other Compucom groups.

• Provide 24/7 on-call support as required. May be required to work off-hours (including weekends) as required.

• Interpret vulnerability / exploit alerts and implement countermeasures.

• Perform UNIX and Windows system administration.

• Interface with other security personnel, operations, and customers and make decisions on operating procedures, analytical approaches, and configuration options.

• Perform information gathering scans on hosts and networks.

• Perform penetration tests and security audits on hosts and networks.

Sr. Security Engineer

6/2003 – 9/2003

DevonIT | King of Prussia/PA

• Currently designing and building a new security offering that includes:

• Hardening of network operating systems, firewalls, and network devices,

• Vulnerability testing using Nessus and ISS

• Some penetration testing

• Designing and implementing a managed network monitoring service utilizing:

• The Tripwire suite to monitor data and operating system integrity

• Netsaint for Unix and NT monitoring as well as network device monitoring and alerting

• Private I for Cisco PIX firewall log monitoring

• Various tools for Vulnerability testing

• Evaluate client's current security and IT policies.

• Evaluate current security on clients LAN's, WAN's, and Internet points using a multitude of

• tools including Nessus, ISS and NMAP.

• Recommend new policies as well as network design changes.

• Recommend, implement, and maintain operating system and network device patches.

• Recommend, implement, and test firewall policy and configuration changes

• Manage client network status utilizing Tripwire, WhatsUp Gold, NetSaint, and Snort.

• Analyse Snort alerts and TCPDump captures to determine and trace threats.

Sr. Network Security Engineer

10/2001 – 9/2002

Department of Energy | Washington DC

• Deter, identify and investigate computer and network intrusions.

• Conduct computer surveillance/monitoring, vulnerability assessments, and audits of information security infrastructure and policy.

• Design and implement computer and network security training. Provide computer forensic support to high technology investigations.

• Duties may include evidence seizure, computer forensic analysis and data recovery. Research and maintain proficiency in open and closed source information security tools, techniques, procedures and trends.

• Convey technical information effectively and concisely to a wide range of audiences.

Network Security Consultant

1/2001 – 10/2001

NetSN | Dallas TX

• Installed, configured, tested, and managed WatchGuard Firewall, Check Point Firewall-1, Gauntlet NT, Gauntlet UNIX, Cisco Pix, and other security services for integration with existing Internet service providers within internal and external customers. This included but is not limited to VPN’s, VLANS, ACL’s, and BGP on both firewalls and routers.

• Explore, define, install, test, and maintain new avenues of computer security including feasibility, profitability, and risks for various Internet service providers (ISP) and companies including

• National Computer Enterprises, a VAR reseller of Network Associates software. Perform on-site customer analysis of existing firewalls and vulnerabilities. Research, analyze, and present in-house profitable and risk-free security and intrusion detection processes to executive management.

• (Environment included – WatchGuard Firewall, Gauntlet Firewall, Cisco Pix Firewall, Check Point Firewall, CyberCop Scanner, ISS RealSecure, Tripwire, Cisco routers & switches, VPN’s, VLANS on many different platforms including Windows 95-98-ME-2000, Linux, Solaris, & Novell.

Network Security Consultant

11/2000 – 1/2001

NCE | Shelby Township MI

• Installed, configured, tested, and managed WatchGuard Firewall, Check Point Firewall-1, Gauntlet NT, Gauntlet UNIX, Cisco Pix, and other security services for integration with existing Internet service providers within internal and external customers. This included but is not limited to VPN’s, VLANS, ACL’s, and BGP on both firewalls and routers.

• Explore, define, install, test, and maintain new avenues of computer security including feasibility, profitability, and risks for various Internet service providers (ISP) and companies including National Computer Enterprises, a VAR reseller of Network Associates software.

• Perform on-site customer analysis of existing firewalls and vulnerabilities. Research, analyze, and present in-house profitable and risk-free security and intrusion detection processes to executive management.

Network Security Engineer II

5/1999 – 11/2000

Allied Riser Communications | Richardson, Dallas, TX

• Network Security Engineer: Installed, configured, tested, and managed WatchGuard Firewall, Check Point Firewall-1, Gauntlet NT, Gauntlet UNIX, Cisco Pix, and other security services for integration with existing Internet service providers within internal and external customers. This included but is not limited to VPN’s, VLANS, ACL’s, and BGP on both firewalls and routers.

• Monitored pushdown security, remotely assessed problems within various departments, and performed remote and on-site repair and maintenance.

• Utilized CyberCop Scanner and Sniffer to test applications and assess vulnerability.

• Installed virus detection scanners and updates. Alerted all departments of network activity.

L3 Help Desk Analyst

2/1998 – 11/1999

Network Associates | Dallas, Dallas, TX

• Responded to incoming inquires concerning virus scan software.

• Interacted with the European Development Team to document and develop anti-virus software. Updated applications and website.

• Supported the Event Orchestration with software distribution.

• Supported Event Orchestrator for software distribution. Interacted with the Gauntlet Security Task Force to find vulnerabilities and create patches accordingly. Installed, configured, and tested Gantlet Firewall.

Certifications

12/2007 – 12/2011, ArcSight Certified Systems Analyst (ACSA)

12/2007 – 12/2011 ArcSight Certified Intergration Administrator (ACIA)

2000 – 3/2004, ISC(2) CISSP

2000 – 6/2002, Internet Security Systems | Herndon, Fairfax, VA - Ethical Hacking

2000 – 2/2002, Internet Security Systems | Herndon, Fairfax, VA - ISS Internet Scanner

2000 – 1/2002, Internet Security Systems | Herndon, Fairfax, VA - ISS RealSecure Basic

2000 – 1/2002, Internet Security Systems | Herndon, Fairfax, VA - ISS RealSecure Advanced

SKILLS

Perl Beginner

WAP Beginner

XML Beginner

Linux Intermediate

Firewalls Expert

Watchguard Firewall Expert

LAN Expert

WAN Expert

Cisco Intermediate

Check Point Expert

Intrusion Detection Expert

Ethical Hacking Expert

RealSecure Expert

EnCASE Expert

Contact this candidate