Roy D. Barrett Jr
INFORMATION SECURITY PROFESSIONAL
abh62n@r.postjobfree.com
SOLUTIONS-ORIENTED INFORMATION SECURITY PROFESSIONAL WITH NOTABLE SUCCESS
DIRECTING, PLANNING AND IMPLEMENTING A BROAD RANGE OF CORPORATE IT SECURITY
INITIATIVES IN DIRECT SUPPORT OF BUSINESS OBJECTIVES. OFFERING A STRONG
TECHNICAL BACKGROUND, WITH NOTABLE ACHIEVEMENT IN AREAS OF PROJECT
MANAGEMENT, INFORMATION SECURITY GOVERNANCE AND POLICY.
. Track record of increasing responsibility in secure network design,
vulnerability identification, remediation plan development, and full
lifecycle project management.
. Demonstrated capacity to implement innovative security programs that
drive awareness, decrease exposure, and strengthen organizations
overall security profile.
. Experienced in Internet, Intranet, LAN and WAN environment designs.
. Hands-on experience leading all stages of system implementation
efforts, including risk assessment, secure system design,
architecture, diagramming, testing, and support.
. Outstanding leadership abilities; able to coordinate and direct all
phases of project-based efforts while managing, motivating, and
leading cross functional project teams.
. Adept at developing effective security policies, procedures,
standards, project documentation, milestones, and technical/business
specifications.
. Experienced in interfacing with entire diversity of audience members
via a wide variety of information delivery media.
. Possess Knowledge of physical security as well as theft prevention,
telephony, and legal knowledge.
. Excellent computer skills, including a high working knowledge of
Windows, Word, Excel and PowerPoint.
. Significant working knowledge of the company's policies related to the
operation of the business
. Superior written and oral communication skills with proven record of
writing formal documents. Conduct Internal Audits to ensure
compliance.
. CORE COMPETENCIES: Customer Service, Network & Systems Security; ISO
17799&27001; OFAC, FCPA, Patriot Act, Cisco PIX Firewall, Checkpoint
NG, WebSense Business Impact Analysis; Regulatory Adherence; Data
Integrity/Recovery; Disaster Recovery Planning; Business Continuity
Planning; Routers, Switches, Security Research & Development; Risk
Assessment, TCP/IP, VPN
Education
. Associate of Science Degree, Information Technology
Professional Certifications
. CISSP (Certified Information Systems Security Professional)
. Comptia Security +
Professional Affiliations
. Member - Information Systems Security Association since 2006
Professional Experience
Portfolio Recovery Associates
2/2010 - Present
Information Security Officer
Key Contributions:
Infrastructure Security
. Develop and implement an information system security policy
. Design, implement and maintain network security guidelines and a
security infrastructure for the corporation.
. Develop and ensure successful implementation of security policies,
standards and plans to ensure the protection of corporate data against
unauthorized use, access, modification and destruction.
. Develop and implement penetration testing and procedures.
. Develop, implement and maintain an alerting, archival and event log
management system.
. Monitor compliance with information security policies and procedures.
Monitor network, devices and servers for security violations
. Conduct data security forensic analysis and risk assessment for the
entire infrastructure
. Develop and maintain a disaster recovery plan
. Assist departmental technical staff in identifying and implementing
appropriate security safeguards
. Review logs and alerts for anomalies and potential security breaches
. Develop and maintain an adequate Security Awareness Program
. Coordinate and monitor security access for all applications
. Prepare monthly reports on security incidents and security status
. Perform related and special duties as assigned
Application Security
. Develop and implement application and database security.
. Develop and implement source code security analysis
. Serve as a security expert in applications development and database
design efforts
. Research, design, and advocate new technologies, architectures, and
security products that will support security requirements
. Contribute to maintenance and development of application and database
security strategy and architecture
. Analyze business impact and exposure based on emerging security
threats, vulnerabilities, and risks.
Verizon Communications 12/2005 - 1/2010
Information Security Manager
Responsible for Information Security for 21 Verizon outsourced Billing and
Technical support sites offshore/onshore.
Key Contributions:
. Responsible for developing and managing an Security information
analysis program, focused on gathering, analyzing, reporting and
timely dissemination of information to mitigate risks to Verizon's
international employees, operations and assets.
. Provide technical leadership to the enterprise for the information
security program.
. Draft enterprise security standards and guidelines for system
configuration.
. Recommended preventive, mitigating, and compensating controls to
ensure the appropriate level of protection and adherence to the goals
of the overall information security strategy.
. Managed process and acted in the lead role for computer security
incident response team.
. Functioned as participating member of the Verizon Security Governance
Council to promote unity and efficiency
. Monitored internal control systems to ensure that appropriate
information access levels and security clearances are maintained.
. Monitored offshore locations to ensure compliance to Regulatory,
Privacy and Export Control laws.
. Performed information security risk assessments and compliance audits
for information security processes.
. Vendor engagements coordination
. In support of business objectives, performed a gap analysis of Vendor
Information Security standards against Verizon's Information Security
policy set.
. Draft security requirements for RFP's and Statement of Work.
. Formulate comprehensive Disaster Recovery Plan.
Verizon Communications 01/2005 -
12/2005
Security Specialist
.
Key Contributions:
. Responsible for support of existing security policies and procedures,
as well as creation
and implementation of new security procedures.
. Monitored and maintained physical and logical security and access to
systems.
. Assisted with testing of installed systems to ensure protection
strategies are properly
implemented and working as intended.
. Assisted in the development of access-controls, separation of duties,
and roles.
. Participated in development and maintenance of global information
security policy.
. Conducted technical risk evaluation of hardware, software, installed
systems and
networks. Lucent brick firewall troubleshooting
. Monitored and maintained physical and logical security and access to
systems, Circuit
testing
. Intrusion detection monitoring
. ACL, Web sense monitoring
Lockheed Martin
09/2002 - 12/2004
Network and Security Specialist
Recruited to assess the current state of security, then develop and
implement remediation plan.
Key Contributions:
. Administration of entire Windows 2000 environment encompassing one
centralized corporate computer room and a WAN with over 80 Windows
2000, NT and Novell Netware file servers.
. Performed risk assessment and threat analysis reports as needed for
all aspects of networking environment and emerging needs.
. Developed a plan to streamline the application of updates, hot fixes
and service packs to the Microsoft server environment.
. Lead Information Protection Team. Ensuring proper back up and viral
protection is in place.
. Lead Windows 2000 Standards team.
. Served on transition teams during migration to Windows 2000
environment.
. Served on Windows 2000 project management team
. McAfee and Trend Micro Anti-virus
. Served as Security sub-team lead on Windows 2000 Utilities team.
. Lead disaster recovery planning effort.
. Responsible for user education in matters of information protection
and Internet use.
Gateway
Technical Support Specialist
05/1997 - 09/2002
US Army
08/1987 - 01/1997