Security Management
Resume:
BRANDON CHILDERS
**** ****** ****** *****, ********, Texas 75070
**********@***.***
www.linkedin.com/pub/brandon-childers/5a/b6b/492/
http://ekonekta.com/webclients/brandon_childers/index.html
Interest: INFORMATION SECURITY
Strategic Planning and Implementation Regulatory Compliance Project Management Risk Management
IT Infrastructure Design Process Improvement Change Management Software Development Life Cycle Management
Deployments and Migrations Business Continuity and Disaster Recovery Security Awareness Incident Management
QUALIFICATIONS PROFILE
Detail-oriented, highly skilled, and multifaceted professional, offering more than 13 years of experience and skills in information security analysis, information security policy design, risk assessment, security incident response, and security solutions. Skilled at designing and implementing cyber security solutions for major government organizations and financial entities. Adept at security policies, solutions, and standards that constantly pass the security, regulatory, and customer audits. Successful in initiating three separate security programs over the past five and a half years which passed all third-party audits and all established laws and regulations. Comprehensive background in developing and implementing strategic technology and security roadmaps aligned with the needs of the business to deliver exceptional security and privacy solutions. Knowledgeable of penetration testing, vulnerability assessment, and security program development. Expert at implementing new concepts, new security technologies, and new security controls as well as in developing innovative security controls and processes. Bilingual in English and Russian.
TECHNICAL ACUMEN
Protocols: TCP/IP UDP HTTP HTTPS SSL FTP TFTP Telnet SNMP ICMP SSH DNS DHCP LDAP WINS NAT VPN SMTP POP IPSEC IMAP
Security Software: Backtrack Metasploit Nessus Nexpose Saint Prism EventTracker TriGeo NitroSIEM Encase
Others: Cisco IDS/IPS IBM ISS RSA Envision McAfee Sourcefire IPS Firewall Alerts/Vulnerabilities
Microsoft Windows UNIX and Linux Microsoft Office Internet Explorer Mozilla Firefox Google Chrome
SQL Oracle IIS Apache
CREDENTIALS
Licenses:
- Top Secret/SSBI Clearance - Department of Defense (DoD): Nov 2007
Certifications:
- Certified Information Systems Security Professional (CISSP) - (ISC) (Scheduled to take the ISSMP certification in September 2013)
- Certified Information Systems Auditor (CISA) - ISACA
- FINRA Series 99 Operations Professional - Financial Industry Regulatory Authority (FINRA)
- Fair Credit Reporting Act (FCRA) Certification - Consumer Data Industry Association
PROFESSIONAL EXPERIENCE
Information Security Officer - H. D. Vest Financial Services, Irving, TX: Sep 2011–Present
The 8th largest independent broker-dealer network in the United States which provides comprehensive financial services to 3,000,000 individuals and small businesses through 7,000 advisors. These services include security investments, retirement planning, investment management, education planning, business planning, and estate planning that is regulated by FINRA and SEC.
- Design comprehensive information security program which involves both internal and advisor/customer security practices and solutions as well as assessment of information security risk in light of executive management's risk tolerance and advisor acceptance as member of the H. D. Vest divesture from Wells Fargo
- Serve as the principal member of the Information Security Steering Committee as well as stakeholder of the Risk Oversight Committee
- Function as the leading member of the Computer Incident Response Team (CIRT), in charge of investigating the internal and external incidents as well as rendering guidance and root cause analysis to executive leadership
- Administer the review, validation, redirection, and approval of information security infrastructure at three data centers
- Organize and facilitate risk mitigation meetings between infrastructure and development as well as oversee and approve physical security systems and strategies at all H.D. Vest Facilities
- Handle threat and vulnerability management (TVM) activities as well as complete the execution of due diligence audits and assessment of vendor contracts for information security concerns
- Evaluate and approve security exceptions as well as monitor the compliance with all the employed policies
- Render direct oversight to the Security Operations Center (SOC) activities, which included penetration testing, scanning, and monitoring of the environment
Career Accomplishments:
- Played a pivotal role in implementing a successful information security program, with policies and standards that complied with the requirements derived from Financial Industry Regulatory Authority (FINRA), Payment Card Industry (PCI), Experian’s Security Assessment (RI3PA), Federal Financial Institutions Examination Council (FFEIC), Health Insurance Portability and Accountability Act (HIPPA), and Securities and Exchange Commission (SEC) regulations which required resolution of concerns from the parent company expressed during divestiture activities
- Passed the SAS 70 type II audit
- Successfully managed and corrected the security architecture, which was originally developed by the divestiture contractors, while meeting stringent timelines
- Prospected vendors for the supply of technical services to implement the information security architecture that was available for purchase by the advisors to ensure adherence to FINRA, FFIEC, and SEC regulations which were available to be installed in all 50 states
- Prepared weekly reports for the management regarding the security state of the environment and forensic root cause analysis of H. D. Vest and advisor security incidents which brought major impact to the strategic decision-making regarding security, compliance, and business objectives and budgetary allowances
- Presented five information security presentations to 700 H. D. Vest advisors at the H. D. Vest national conference
Principal Cyber Security Engineer - Aeronautical Radio, Inc. (ARINC), Carrolton, TX: Sep 2010– Sep 2011
A provider of security solutions for the Department of Energy (DoE), Department of Defense (DoD), National Security Administration (NSA), Department of Homeland Security (DHS), airports, rail and transit companies, and other government entities.
- Oversaw the design, testing, and implementation of the cyber security solutions of the AIM physical security systems for 64 nuclear power plants across the Unites States as well as Strategic Reserve, Department of Defense, and Department of Energy sites
- Spearheaded the preliminary and ongoing sales meetings on how product provides appropriate levels of cyber security and comply with current regulations
- Carried out systematic cyber security assessments and audits as well as completed fuzzing, internal vulnerability scans, penetration testing, and interpretation of results for the facilitation and auditing of remediation efforts as well as removal of vulnerabilities
- Responsible for driving ARINC initiatives in Information/Operations Warfare, Electronic Warfare, Knowledge management/discovery, Cyber Security Systems Engineering & Integration, and Information Assurance
- Took charge of the design, testing, and implementation of the secure network architecture for ARINC physical security systems
- Generated comprehensive and accurate documentation of all cyber security implementations
- Worked as the founding member of the Cyber Security Stakeholders Committee, responsible for coordinating with the senior management regarding cyber security initiatives along with providing insights about the emerging information security business sectors
- Acted as the primary point of contact for forensic investigations and incident response for ARINC cyber security customers, which included provision of due diligence guidance relating to the incidents
- Served as an effective ARINC representative, responsible for meeting with a panel at Johns Hopkins in January 2011 to a group of more than 200 students and small business owners regarding information security
Career Accomplishments:
- Displayed expertise in formulating cyber security program compliant with the Nuclear Regulatory Commission (NRC) and Nuclear Energy Institute (NEI), which included controls for the mitigation of risk and reduction of the system’s attack surface and processes for employing controls and maintaining separation of duties
- Provided effective solutions to client’s cyber security concerns for four $20M systems that caused delivery delays for several years, which helped enhance the ARINC image as a cyber-security service provider which led to further business developments
- Successfully secured $300M in new National Security Agency (NSA) cyber security business
Operations Security Officer - Digital Matrix Systems (DMS), Addison, TX: Feb 2008–Sep 2010
A small, privately held company, providing credit analytics, credit reporting software, and custom credit score solutions to credit card, consumer loans, mortgage loans, collections, and insurance industries.
- Directed the physical and information security operation for an environment that process 750,000 credit report requests daily
- Assured accuracy in creating the ISO 17799/27002 information security policy along and assessed and remediated the software development lifecycle for secure practices
- Gave a weekly update to the management regarding security vulnerabilities and emerging threats as well as rendered recommendation on security control solutions
- Assured compliance with the business and security certification, auditing requirements, and current state of security infrastructure in creating, implementing, and managing information security policy
- Established and led the Computer Incident Response Team (CIRT) in containing and resolving security incidents along with overseeing forensic investigations and providing root cause analysis conclusion reports to the management
- Led the validation and testing of business continuity and disaster recovery plans
Career Accomplishments:
- Displayed expertise in developing a successful information security program within one year where none had previously existed as well as enabled the successful passing of the company on 63 audits and SAS70 type II within two and a half years, including the achievement of PCI and RI3PA/EI3PA compliance within six months of the project initiation
- Played an integral role in developing, testing and deploying security controls without delaying the contractual-based service level agreement (SLA) of returning the credit report request to end user in three seconds or less
- Brought improvement to the employee security awareness through instigation of training programs and materials
Senior Security Analyst - Electronic Data Systems (EDS), Plano, TX: Feb 2000–Feb 2008
A leading global technology services company, delivering business solutions to clients in manufacturing, financial services, healthcare, communications, energy, transportation, and retail industries and governments.
- Functioned as an effective primary Computer Incident Response Team (CIRT) contact for internal and external clients that reported any security events, including server compromise, corporate espionage, inappropriate employee Internet and email usage, and confidentiality breaches
- Completed accurate documentation of all evidence for computer forensic investigations as well as maintenance of chain of custody and enforcement of business continuity plans
- Spearheaded the investigation, diagnosis, resolution, and remediation of Cisco Intrusion Detection System (IDS), IBM Internet Security Systems (ISS), RSA enVision, McAfee, Sourcefire Intrusion Prevention System (IPS), and firewall alerts and vulnerabilities
- Performed thorough analysis of client networks and devices for the identification and resolution of security risks
- Documented new technologies as well as trained and supported new and existing clients
- Provided expert leadership to a team for the Plano Global Security Operations Center (GSOC)
- Established new RSOC’s in Saragosa, Spain, and Kuala Lumpur, Malaysia and facilitated the training of analysts
Career Accomplishments:
- Established the security center in Saragossa, Spain, ensuring compliance with the European privacy laws and regulations as well as assisted in the employment of procedures for regional security center in Kuala Lumpur, Malaysia
- Functioned as the subject matter expert (SME) for Electronic Data Systems (EDS) Security Team that received the Microsoft 2008 Excellence in Overall Security Award
EARLIER CAREER
Call Center Supervisor - CompUSA, Plano, TX
EDUCATION
Coursework toward Pre-Medicine Program - Texas Tech, Lubbock, TX
Coursework toward Pre-Medicine Program - University of Texas at Arlington, Arlington, TX
Coursework toward Pre-Medicine Program - University of Texas at Dallas, Richardson, TX
PROFESSIONAL DEVELOPMENT
- Leadership management development and stress management classes - 2007
- Anti-Terrorist Training, Department of Defense - 2007
PROFESSIONAL AFFILIATIONS
The International Information Systems Security Certification Consortium (ISC)
Information Systems Audit and Control Association (ISACA)
Financial Industry Regulatory Authority, Inc. (FINRA) Karen
PUBLICATIONS
Childers, B. (2010). How one company prepared for PCI DSS compliance. Computer Security and Fraud, (2010)8. 3.
Childers, B. (2010). Turning cyber threats into business opportunity. ARINC Newsletter, (2010)125.
Contact this candidate