Security Manager
Resume:
Karifah Bowen CISSP, CISM
Snellville ga 30078
Areas of Expertise Objective
To join a team of information security professionals that are
Risk Management focused on aligning risk management and security initiatives that
Compliance support business goals.
Management/Monitorin
g Highlights of Recent Achievements
Intrusion Implemented an automated Compliance Monitoring tool which
Detection/Prevention increased the efficiency of the risk assessment process by 30%
Systems Developed and implemented a risk scoring tool to determine the
Vulnerability priority of individual application assessments based on multiple
management risk factors.
Project Management Created a SharePoint list and backend workflows to automate the
Policy and Standards tracking and distribution of risk assessment tasks
development
Effective Partnering Professional Experience
& Influential Skills
for Solution
Development
Sarbanes-Oxley Lockheed Martin, Atlanta, GA
FFIEC May 2009 - Present
PCI-DSS
Third Party Team Leader, CDC CSIRT
assessments
ISO 17779/27001 Perform Security Test and Evaluations of Information Systems as
Professional part of the C&A Process
Certifications & Application Security reviews as assigned
Organizations Perform Incident Response duties as part of the CDC CSIRT
Certified Manage and Develop SharePoint CSIRT site to automate internal
Information Systems processes
Security Developed a security analyst training program for CSIRT analysts
Professional (CISSP) Manage CSIRT analysts performance of daily duties
Develop report metrics for the executive management
Certified
Information Security Georgia State, Atlanta, GA (Contract)
Manager (CISM) July 2008 - May 2009
Member of the
International Lead Information Security Administrator
Systems Security
Association Project Manager for PGP Whole Disk Encryption deployment
Member of ISACA Product evaluations for various security solutions
Recommendations Monitor events from multiple Intrusion Detection/Prevention
"Karifah and his systems. McAfee Intrushield and IBM SiteProtector based in the
skill-set Technology Operations Center
represented the Correlate events in IDS/IPS to other security tools such as
organization very Anti-Virus and Network Monitoring software
well. Karifah could Perform vulnerability assessments using ISS Internet Scanner and
always be counted on HP WebInspect
to provide sound Disseminate reports from vulnerability assessment tools to
advice and direction technology mangers
to more junior Investigate security incidents
analysts. Handle Helpdesk tickets as they come in.
-Brian Clark,
Manager, Security
Assessment &
Remediation Mgmt,
SunTrust Bank
SunTrust Banks, Inc., Atlanta, GA
"Karifah has a broad May 2006 - July 2008
knowledge of
Information Security Senior Information Security Analyst
coupled with a depth Performed assessments of Internal and External applications,
in all technology systems, and processes. Measured the systems against SunTrust
areas of a global Information Security Policies and Standards as well as Industry
enterprise. In regulations such as PCI DSS, GLBA, HIPAA, and Sarbanes-Oxley.
addition, he is able
to bridge the gap Review written information security standards and guidelines for
between business business and technical systems, providing feedback to the Security
process and Standards team
technical controls. Evaluate and advise on vendor contract sourcing and audit
documentation, e.g. RFP, MSA, SAS70
-John Reeder, Vice Review and approve policy exceptions to the Information Security
President, Audit & Policy Committee
Information Security Manage and Provide direction for junior analyst's duties and
at Goldleaf projects
Financial Solutions
Inc
SecureWorks, Atlanta, GA
Jan 2005 - May 2006
Security Operations Center Shift Manager
Managed a team of 7 Security Operations Center (SOC) analysts and
operators charged with administrating and monitoring intrusion
prevention systems installed on over 1000 customer sites.
Monitored IPS systems for over 1000 clients within the Security
Operations Center
Provide SecureWorks clients with detailed review of vulnerability
reports with recommendations for remediation.
Create shift reports to senior management
Train junior analysts on SecureWorks technologies and industry
best practices
Respond to and resolve escalated client issues
Monitor SLA metrics and analyst productivity, providing direction
as necessary
Comsys, Atlanta, GA (Contract)
Aug. 2004 - Jan. 2005
Information Security Analyst
Conducted detailed information Security Assessments of information
systems maintained internally
Documented results of assessments including non-compliance issues
and associated remediation plans and prepare reports and
associated documentation as appropriate
Assisted BU management with the development of effective
remediation plans and associated timelines for resolving issues
identified during the assessment
Scheduled and conducted follow-up assessments and \spot checks\ as
required ensuring all issues identified during assessment have
been resolved
Maintain appropriate documentation of completed Information
Security Assessments.
Interland, Atlanta GA (Laid Off)
Feb. 2004 - July 2004
Information Security Analyst
Monitored IDS/IPS systems within the Security Operations Center
Performed Duties on the Information Security team responsible for
securing 10,000 servers
Vulnerability Assessments using FoundStone's FoundScan Software
Disseminated reports to Management based on results of
Vulnerability Assessment
Remotely Managed Virus protection for Data Servers using McAfee
EPO
Performed Forensic Analysis on Servers to determine if the server
has been compromised
Performed Root Cause Analysis on servers that have been found to
be compromised
Used PatchLink software to distribute Microsoft critical patches
for Windows servers
Internet Security Systems, Atlanta, GA
Sept. 2002 - Feb. 2004
Technical Account Manager
Work with ISS Large Enterprise clients to Configure and Administer
Host and Network based Intrusion Detection Systems
Perform On-Site Customer Visits to Plan suggest Deployment
Strategies
Ensure my clients understood the product direction IIS was moving
in.
Provide support of Host and Network based Intrusion Detection
Systems on-site
Assisted Sales Department with Technical Sales
Demonstrated ISS Solutions for Existing and Potential Customers
Addressed my client's position to Engineering and Upper Management
on issues to enhance Clients Security Deployment.
Planning, Implementation, and support of Host based IDS/Personal
Firewall on Desktops, and Laptops.
Technical Support Engineer
Nov. 2001 - Sept 2002
Provided technical support to ISS clients using the BlackICE Host
and Network based intrusion detection systems
Participated on project team for new release.
Trained new support personnel on the BlackICE enterprise product
Tad Telecom, Duluth, GA
Jun 2000 - Nov. 2001
IT Technician
Installed and Configured Cisco 3600 and 2600 series routers
Supported WAN that included 25 branches in a HUB and Spoke
topology using Cisco Routers
Troubleshot Routing issues using Cisco IOS as well as utilities
such as trace and ping.
Performed Audits on Event Logs on Critical Systems to ensure
Integrity of Systems.
Ensured Critical System/Security Patches were tested and applied
to applicable Systems
Configured Check Point Firewall on Nokia
Team Member of Disaster Recovery Design Project.
Responded to failures in accordance with Incident Response Plan
Management of Remote Access Solutions, VPN and DUN
Created Documentation of Wide Area Network using Microsoft Visio
2000 Professional
Designed and Manage System Tape Backup procedures using Veritas
Backup Exec in conjunction with Off-Site Storage Plan
United States Navy, Jacksonville FL
Dec. 1993 - Jun 1997
Operations Specialist
Perform Authentication Procedures
Encode/Decode Communications
Perform Secure External Communications
Operate IFF Equipment
Monitor Compliance with Emission Control (EMCON) Plan
Maintain and Update Publications Inventory
Inventory Classified Material
Prepare Classified Material Destruction Reports
Plan and Coordinate Communications Material Security Operational,
Communication, and Physical Security Training.
Education
1999-2001 AIU
Major: Computer Information Systems
Bachelors of Information Technology - May of 2004
1997 -1998 Florida Atlantic University
Major: Computer Information Systems
Contact this candidate