Security Information Technology
Resume:
JOSEPH M. DERA
CISSP, CEH, MCSE, MCDBA, MCSD, MCSA
**** **********-************ **.
Bordentown, NJ 08505
*****@***.***
QUALIFICATION SUMMARY
SKILLS MATRIX
SKILL EXPERIENCE
YEARS EXPERIENCE YEAR LAST USED
PROFICIENCY
Total IT Experience 12 years Presently Expert
Executive or C level IT 8 years Presently Expert
Experience
Project Management 8 years Presently Expert
Experience
Application Development 10 years Presently Expert
Experience
Pharma/Healthcare Experience 8 years Presently Expert
IT Security Experience 10 years Presently Expert
Help Desk/Support Services 10 years Presently Expert
Experience with Sharepoint 6 years Presently Expert
Infrastructure and 10 years Presently Expert
Networking experience
EDUCATION AND CERTIFICATIONS
EDUCATION
Master of Science in Information Technology, Aspen University
Bachelor Degree, Pennsylvania State University
Cisco Networking Academy, Burlington County Community College
Burlington County Institute of Technology
CERTIFICATIONS
> Certified Information Systems Security Professional (CISSP)
> Certified Ethical Hacker (CEH)
> Microsoft Certified Systems Engineer (MCSE)
> Microsoft Certified Database Administrator (MCDBA)
> Microsoft Certified Systems Administrator (MCSA)
> Microsoft Certified Solution Developer (MCSD)
> Paralegal Certification, Pennsylvania State University
TECHNICAL SUMMARY
AREA TECHNOLOGY
Security HP WebInspect, IBM AppScan, RSAM, Cisco Pix
Firewall, Watchguard Firewall, Cisco routers,
McAfee Intrushield, McAfee Total Protection,
McAfee HIPS, McAfee Network Security Manager,
McAfee Anti-Virus, Nessus, Wireshark
Operating Systems Windows 2000, 2003 & 2008 Server, VMWare ESX
3.0/3.5/4.0, Linux, Novell, Unix, Microsoft
VirtualPC
Business Development Six Sigma, Sarbanes-Oxley, HIPAA, cGMP, 21 CFR
Part 11, Disaster Recovery/BIA/BCP, ITIL, ISO
27000, PCI DSS
PROFESSIONAL EXPERIENCE
September 2008 - Present
Accenture Inc./Bristol Myers-Squibb
Senior Security Engineer
> Conducted risk assessments/audits on high security risk applications,
infrastructure and databases using tools like HP WebInspect.
Documented all residual risk, provided security risk advice and got
business approval for remaining risk based FDA, Sarbanes-Oxley, HIPAA
and 21 CFR Part 11, PCI DSS, ISO 27001.
> Participated in architectural design using SDLC. Designed customer
requirements and participated in architecting infrastructure
solutions.
> Maintained application and database standards related to security best
practices balancing business needs with security risk within SAP,
Oracle, SQL Server, DB2 and MySQL.
> Assisted in transition activities around database compliance
monitoring and security assessments.
> Served as subject matter expert in SDLC, database security and design;
coached and advised peers on technical activities.
> Assisted with security database control, made recommendations, and
developed mitigating controls using tools such as Remedy.
> Incorporated new ideas and knowledge of current trends and events in
information security and technology to project the future business
environment.
January 2008 - September 2008
New Jersey Office of Information Technology
Senior Security Officer
> Performed security audits and assessments using software such as
Foundstone's security tools and IBM's AppScan. Responsible for
remediation of several servers to meet or exceed the DHS security
guidelines.
> Responsible for Windows systems security, management, configuration,
monitoring, automation, and troubleshooting including Whatsup, EMC
SAN, NAS, MOM, and Netpro Application AD and Security Suite.
> Built VMware/ESX/Vcenter environment, involving 50 servers, performing
P2V and V2V, hot/cold clones. Drafted P2V and V2V procedures based on
VMware best practices. Updated and patched the VMhosts.
> Assisted in the SDLC project management, installation and
configuration of new and existing hardware and software into the
agency Windows 2000 and 2003 multi-forest Active Directory
environment. Configured server and application security lock down.
> Recommended facilities/application upgrades and participated in Data
Center designs based on data center assessment and capacity
requirements. Assisted in reviewing, planning and implementing the
Backup & Disaster Recovery Environment.
> Network Application Support providing network and application
analysis, problem management and project support.
June 2007 - December 2007
Arthur Schuman, Inc.
Senior Security Technology Consultant
> Drafted and implemented various policies and SOPs including company-
wide security policies and training materials for end-users for
company software, SDLC procedures, including disaster recovery and
computer system validation, FDA regulated environment, and cGMP/21 CFR
Part 11 related procedures.
> Responsible for the implementation and maintaining of Microsoft
Exchange 2003 e-mail system, Blackberry Enterprise Server, Windows
Terminal Servers, SQL server 2000 and 2005 databases, Citrix, Active
Directory, Windows 2003 servers, VMware ESX servers and Workstation.
> Implemented network and security interconnection between several
remote/branch offices across US, including Los Angeles, Chicago,
Edison (NJ), and Wisconsin in conjunction with retail/manufacturing
operations of largest Italian cheese manufacturer in the US with
approximate sales of $500 million a year.
> Provided and maintained company-wide computing and security standards
including servers.
> Prepared and managed the annual budget of over $1 million and hardware
and software expenditures.
> Managed the design, security and building of WAN, data center, NAS,
Fatpipe, Secure offsite data backup of 500 GBs of data.
December 2005 - June 2007
Bilcare, Inc.
Director of Information Technology
> Designed and implemented all security for network and data center in
conjunction with retail/manufacturing operations of pharmaceutical
manufacturer in the US/India with approximate sales of 150 million a
year.
> Managing several remote offices in foreign countries, including
India, Singapore and the UK.
> Drafted and implemented various policies and SOPs including company-
wide security policies and training materials for end-users for
company software, including disaster recovery and computer system
validation, FDA regulated environment, cGMP and 21 CFR Part 11 related
procedures and the PMP/SDLC procedures used for application
development in the IT department. Also includes administrator of
application for workflow and compliance processes.
> Prepared and managed the annual budget of $1M+ and hardware and
software expenditures.
May 2000 - November 2005
ARC Group Associates
Vice President of Information Technology/Chief Security Officer
> Maintained knowledge and expertise of current applicable computing and
security technology industry strategies and technology evolutionary
cycles/plans including SDLC methodology.
> Provided security recommendations and assisted in implementing
effective controls that minimized operating environment risks such as
security related issues, viruses and other potential harms.
> Maintained an understanding of enterprise business initiatives and
objectives.
> Managed 2000/2003/Linux based servers with PHP, MySQL and Apache,
Microsoft Exchange e-mail system, GoodLink Server, Active Directory in
conjunction with healthcare services organization in the US with a
national presence across the country.
> Managed the design and building of WAN, data center, data call center,
infrastructure and topologies, including Cisco routers, T1 lines and
fiber cable backbone.
> Prepared and managed the annual budget $1 Million and hardware and
software expenditures.
> Drafted and implemented various policies and procedures including
company-wide security policies and training materials for end-users
for company software, including disaster recovery, HIPAA related
procedures and the SDLC procedures used for application development in
the IT department.
February 2000 - May 2000
ARC Group Associates
Network Administrator/Database Administrator
> Designed and implemented all security for network and data center.
> Developed and designed stored procedures and triggers to enforce
referential integrity and consistency in tables.
> Using various SQL Server and Windows NT tools, such as Query Analyzer,
DTS and Transact SQL, monitored, maintained and performance tuned SQL
Server databases.
> Responsible for the database administration of all company related
databases.
> Promoted to the position of Vice President of Information Technology
due to implementing and designing cost savings system improvements and
enhancements to business applications.
September 1997 - January 2000
Computer Services Corporation (CSC) - Legalgard Division
Programmer
> Coordinated and headed programming team for a various number of
developing and upgrading projects to Visual Basic and Powerbuilder
applications using SDLC principles.
> Assisted in data maintenance and integrity to Oracle database.
> Conducted and supervised several QA and security tests of Visual Basic
applications and upgrades to applications with an Oracle back-end.
> Maintained help desk application to provide communication between over
120 users and technical support team.
> Provided technical support to all departments for all proprietary
applications including troubleshooting and solutions.
> Assisted in the understanding and training of new software and
applications with users.
June 1999 - Present
JD Computer Consulting
IT Security Consultant
ORGANIZATIONS
Information Systems Audit and Control Association, Member 2010
American Management Association, Member since 2006
Experts-Exchange.com, Sage level, Member since 2007
REFERENCES
Available upon request.
Contact this candidate