Sign in

Security Manager

Snellville, Georgia, 30078, United States
March 10, 2011

Contact this candidate
Sponsored by:
Post Jobs to
Multiple Job Boards &
Get more Candidates
Try it Free!
Start your 30-day
Free Trial

Karifah Bowen CISSP, CISM

**** ****** **** *****

Snellville ga 30078

Areas of Expertise Objective

To join a team of information security professionals that are

Risk Management focused on aligning risk management and security initiatives that

Compliance support business goals.


g Highlights of Recent Achievements

Intrusion Implemented an automated Compliance Monitoring tool which

Detection/Prevention increased the efficiency of the risk assessment process by 30%

Systems Developed and implemented a risk scoring tool to determine the

Vulnerability priority of individual application assessments based on multiple

management risk factors.

Project Management Created a SharePoint list and backend workflows to automate the

Policy and Standards tracking and distribution of risk assessment tasks


Effective Partnering Professional Experience

& Influential Skills

for Solution


Sarbanes-Oxley Lockheed Martin, Atlanta, GA

FFIEC May 2009 - Present


Third Party Team Leader, CDC CSIRT


ISO 17779/27001 Perform Security Test and Evaluations of Information Systems as

Professional part of the C&A Process

Certifications & Application Security reviews as assigned

Organizations Perform Incident Response duties as part of the CDC CSIRT

Certified Manage and Develop SharePoint CSIRT site to automate internal

Information Systems processes

Security Developed a security analyst training program for CSIRT analysts

Professional (CISSP) Manage CSIRT analysts performance of daily duties

Develop report metrics for the executive management


Information Security Georgia State, Atlanta, GA (Contract)

Manager (CISM) July 2008 - May 2009

Member of the

International Lead Information Security Administrator

Systems Security

Association Project Manager for PGP Whole Disk Encryption deployment

Member of ISACA Product evaluations for various security solutions

Recommendations Monitor events from multiple Intrusion Detection/Prevention

"Karifah and his systems. McAfee Intrushield and IBM SiteProtector based in the

skill-set Technology Operations Center

represented the Correlate events in IDS/IPS to other security tools such as

organization very Anti-Virus and Network Monitoring software

well. Karifah could Perform vulnerability assessments using ISS Internet Scanner and

always be counted on HP WebInspect

to provide sound Disseminate reports from vulnerability assessment tools to

advice and direction technology mangers

to more junior Investigate security incidents

analysts. Handle Helpdesk tickets as they come in.

-Brian Clark,

Manager, Security

Assessment &

Remediation Mgmt,

SunTrust Bank

SunTrust Banks, Inc., Atlanta, GA

"Karifah has a broad May 2006 - July 2008

knowledge of

Information Security Senior Information Security Analyst

coupled with a depth Performed assessments of Internal and External applications,

in all technology systems, and processes. Measured the systems against SunTrust

areas of a global Information Security Policies and Standards as well as Industry

enterprise. In regulations such as PCI DSS, GLBA, HIPAA, and Sarbanes-Oxley.

addition, he is able

to bridge the gap Review written information security standards and guidelines for

between business business and technical systems, providing feedback to the Security

process and Standards team

technical controls. Evaluate and advise on vendor contract sourcing and audit

documentation, e.g. RFP, MSA, SAS70

-John Reeder, Vice Review and approve policy exceptions to the Information Security

President, Audit & Policy Committee

Information Security Manage and Provide direction for junior analyst's duties and

at Goldleaf projects

Financial Solutions


SecureWorks, Atlanta, GA

Jan 2005 - May 2006

Security Operations Center Shift Manager

Managed a team of 7 Security Operations Center (SOC) analysts and

operators charged with administrating and monitoring intrusion

prevention systems installed on over 1000 customer sites.

Monitored IPS systems for over 1000 clients within the Security

Operations Center

Provide SecureWorks clients with detailed review of vulnerability

reports with recommendations for remediation.

Create shift reports to senior management

Train junior analysts on SecureWorks technologies and industry

best practices

Respond to and resolve escalated client issues

Monitor SLA metrics and analyst productivity, providing direction

as necessary

Comsys, Atlanta, GA (Contract)

Aug. 2004 - Jan. 2005

Information Security Analyst

Conducted detailed information Security Assessments of information

systems maintained internally

Documented results of assessments including non-compliance issues

and associated remediation plans and prepare reports and

associated documentation as appropriate

Assisted BU management with the development of effective

remediation plans and associated timelines for resolving issues

identified during the assessment

Scheduled and conducted follow-up assessments and \spot checks\ as

required ensuring all issues identified during assessment have

been resolved

Maintain appropriate documentation of completed Information

Security Assessments.

Interland, Atlanta GA (Laid Off)

Feb. 2004 - July 2004

Information Security Analyst

Monitored IDS/IPS systems within the Security Operations Center

Performed Duties on the Information Security team responsible for

securing 10,000 servers

Vulnerability Assessments using FoundStone's FoundScan Software

Disseminated reports to Management based on results of

Vulnerability Assessment

Remotely Managed Virus protection for Data Servers using McAfee


Performed Forensic Analysis on Servers to determine if the server

has been compromised

Performed Root Cause Analysis on servers that have been found to

be compromised

Used PatchLink software to distribute Microsoft critical patches

for Windows servers

Internet Security Systems, Atlanta, GA

Sept. 2002 - Feb. 2004

Technical Account Manager

Work with ISS Large Enterprise clients to Configure and Administer

Host and Network based Intrusion Detection Systems

Perform On-Site Customer Visits to Plan suggest Deployment


Ensure my clients understood the product direction IIS was moving


Provide support of Host and Network based Intrusion Detection

Systems on-site

Assisted Sales Department with Technical Sales

Demonstrated ISS Solutions for Existing and Potential Customers

Addressed my client's position to Engineering and Upper Management

on issues to enhance Clients Security Deployment.

Planning, Implementation, and support of Host based IDS/Personal

Firewall on Desktops, and Laptops.

Technical Support Engineer

Nov. 2001 - Sept 2002

Provided technical support to ISS clients using the BlackICE Host

and Network based intrusion detection systems

Participated on project team for new release.

Trained new support personnel on the BlackICE enterprise product

Tad Telecom, Duluth, GA

Jun 2000 - Nov. 2001

IT Technician

Installed and Configured Cisco 3600 and 2600 series routers

Supported WAN that included 25 branches in a HUB and Spoke

topology using Cisco Routers

Troubleshot Routing issues using Cisco IOS as well as utilities

such as trace and ping.

Performed Audits on Event Logs on Critical Systems to ensure

Integrity of Systems.

Ensured Critical System/Security Patches were tested and applied

to applicable Systems

Configured Check Point Firewall on Nokia

Team Member of Disaster Recovery Design Project.

Responded to failures in accordance with Incident Response Plan

Management of Remote Access Solutions, VPN and DUN

Created Documentation of Wide Area Network using Microsoft Visio

2000 Professional

Designed and Manage System Tape Backup procedures using Veritas

Backup Exec in conjunction with Off-Site Storage Plan

United States Navy, Jacksonville FL

Dec. 1993 - Jun 1997

Operations Specialist

Perform Authentication Procedures

Encode/Decode Communications

Perform Secure External Communications

Operate IFF Equipment

Monitor Compliance with Emission Control (EMCON) Plan

Maintain and Update Publications Inventory

Inventory Classified Material

Prepare Classified Material Destruction Reports

Plan and Coordinate Communications Material Security Operational,

Communication, and Physical Security Training.


1999-2001 AIU

Major: Computer Information Systems

Bachelors of Information Technology - May of 2004

1997 -1998 Florida Atlantic University

Major: Computer Information Systems

Contact this candidate