Security Manager
Resume:
T. Joseph Cook CRISC, CHFI, CCFE, PCI-QSA
Contact Information: 8780 Cedar Brook St. Pickerington, OH 43147
571-***-**** (c)
Overview
Accomplished manager and security architect who drives results in
technology and operations management, customer care, staff/organizational
development, business development/project management, negotiations, and
strategic planning, with both start-up and established organizations.
Subject Matter Expertise includes:
. Performed over 50 PCI audits for retail merchants and payment service
providers in North America.--Customers include Fortune 100, Consumer
Credit Bureaus and the United States Government (US Treasury
Department/ USPS).
. Business Security Assessment (BSA) ISO 17799 Audits.
. Directing and managing an organization's information security systems
and technology initiatives. Areas of focus include Lotus Notes,
Encryption, Network Security, PKI, Content Control, and Malicious Code
Architecture.
. Managing across large, complex organizations; able to work in
unstructured situations.
. Building client and vendor relationships, business process, and
contract instruments that are in alignment with company interests and
objectives.
. Working in a team-oriented environment where technical and business
skills can be used both as a competitive tool and supportive ability
to meet goals and objectives of Security Architectural Design,
Management, Development, and System Administration.
. Meeting product launch schedules and delivering the "best" solution
within corporate resource constraints
. Creating project environments that deliver on expectations while
recognizing and developing team player skills.
. Using technology to lower costs, improves productivity, and increase
revenues.
Working environments include: Government, Military, Financial, Healthcare,
Education and Non Profit.
Public Trust Clearance for the United States Postal Service and the United
States Treasury Department
Held Security Clearance for the United States Department of Defense-10years
Professional Experience:
Verizon Business
Cybertust / Betrusted / Info-Fortress Solutions, Inc. May '02 to present
Senior Security Consultant-Verizon Business
Senior Security Consultant-Cybertrust
Manager of Professional Services/Senior Security Consultant- Betrusted/
Info-Fortress
Senior Security Consultant-Cybertrust
Client responsibilities include serving as a Subject Matter Expert
specializing in secure email, wireless communication, and Public Key
Infrastructures. Provide consultative solution resolutions to clients with
sales of $1 billion. Manage multiple client engagements and other related
activities. Manage engagement teams that assist clients in employing proper
information systems, resources, and controls necessary to maximize
efficiencies and minimize risk. Work with client personnel to analyze,
evaluate, and enhance information systems facilitating the business
internal control process, as well as performing audits of the IT
environment and other attest services. Work with the teams and clients to
create plans for accomplishing engagement objectives and a strategy that
complies with professional standards and addresses the risks inherent in
the engagement. Brief the audit team on the client's IT environment and
industry IT trends. Maintain relationships with client management to manage
expectations of service, including work products, timing, and the value to
be delivered.
Customer Advocate Focus:
? 100% Dedicated to the Success of the Customer
? Completely Focus on Customer's Interests
Assist Customers with Developing/Maturing their Security Architecture
Vision:
? Perform GAP Analysis for Existing Security Architecture
? Provide Consulting, Architecture, and Delivery of Advanced Security
Technologies for:
? Identity Management
? Secure E-Mail
? Encryption
? Digital Dashboards- Delivery of security metrics for senior management.
? Use of Digital Certificates (PKI)
? Intrusion Detection
? Enterprise Directory Service
Advise Customers of Requirements for Successful Delivery of Security
Architecture:
? Changes in Organizational Structure
? Changes in Technology
? Potential Impacts to Business Philosophy
? Potential Customer Impacts
? Potential Regulator and/or Legal Considerations
Represent Customer's Security Architecture Vision and Project Requirements
to Vendor:
? Assist Customer's with RFP and RFI document development
? Lead Technical Discussion for Security Requirements
? Lead Security Evaluation of Vendor's Products
? Appraise Customer of Critical Path Issues Associated with Vendor's
Products and/or Service
Manager of Professional Services-Betrusted
Responsible for all Professional Services engagements. The responsibility
includes managing project scope, staff, overall process, standards, quality
project/ staff costing, measurements, and management reporting. Managing an
internal staff of 30+ security engineers/ architects and all security
client engagements. Direct report to the President of Professional Services
of North America.
Responsibilities include:
? Overall accountability for project definition, scoping, staffing, and
delivery of a successful solution, together with Engagement
QC/Infrastructure Manager
? Managing technical aspects of the client relationship (primarily with
client staff responsible for day-to-day project management) and
relationships associated with involved partners, together with Client
Engagement Managers
? Managing technical team
? Supporting project cost, measurements, and management reporting with
Engagement QC/Infrastructure Manager & Client Engagement Managers
? Managing client relationship at sponsor level with Client Engagement
Managers
? Resolving customer dispute issues with Client Engagement Managers
? Managing Bid/Proposal, Project Funnel Reporting and Project Delivery
Staff
? Offering technical knowledge and ability to Manage Technical Security
Solutions to Large Client technical environments
? Managing all phases of technical project development methodology,
including design, programming, testing and integration, and implementation
Bank One, Columbus OH April '99 May '02
VP\Information Technology Architect
(Lotus Notes/ Encryption/ Virus and Content Management/ Application and Web
Security)
? Responsible for supporting and enhancing the Corporate Security
Technology Development and Delivery Services Department. This included the
effective and efficient design, implementation and maintenance of
integrated system security controls, administrative process and
technologies that deliver Security Services via Alternative delivery
channels in accordance with corporate strategic plans, operating plans, and
IT Architectural requirements.
Focus areas included:
? Managing internal and external resources
? Securing base email encryption for internal and external communications
seats.
? Investigating infrastructure security, backup regime, access controls and
protection and system security and recommended improvement measures.
? Providing backup improvement recommendations and crisis team general
procedures. CSIRT automation process.
? Performing evaluation of production deployment of Lotus Notes within Bank
One from a security perspective.
? Continuing the implementation of Internetworking controls as it relates
to Internet based Systems-Content Filtering-Real-Time employee relations,
spamming and malicious code.
? Architecting and implementing an internal anti-virus live update network
for the corporation.
? Identifying Lotus Notes-based applications across Bank One, and
establishing a plan for security review.
? Providing Custodial accountability for Lotus Notes MSB's review and
update.
? Administering Lotus Notes Management Reporting and Tracking System
? Configuration and production support for JAVA-based Internet Usage
Reporting Technology.
? Providing technical support for the implementation of Security
technologies and proof-of-concept testing.
Exel Logistics Westerville, Ohio Sept '98 - April '99
Lotus Notes System Administrator -North America
(Anti-virus, content control, encryption, SMTP file attachment security
controls)
Lotus Systems Exam: System Admin I, System Admin II
System Administrator responsible for administering the Notes 4.6 network
for North America. The Lotus Notes network consisted of 1400 users. Duties
include managing the Notes network on an enterprise-wide level. Workload
included the following activities:
? Setting up and maintaining the Notes servers, SMTP, and connections to
the servers, performing ongoing administrative tasks, Managing Notes Mail,
Certifications, Ensuring Security, and maintaining and developing
databases. Managing database rollouts and implementing replication
schedules. Coordinating and managing client
based aspects of server upgrades. Lotus Systems Exam: System Admin I,
System Admin II
? Coordinating and managing client-based aspects of server upgrades.
? Content Filtering-Real-time employee relations, spamming, and malicious
code.
? Architecting and implementing an internal anti-virus live update network
for the corporation.
American Cancer Society Ohio Div Dublin, Ohio May '95 - Sept '98
Director of Technical Services and Instruction
Lotus Notes System Administrator responsible for administering the ACS's
Notes 4.6 network at the state Level.
Additionally charged with managing any projects that affected the Notes
network on an enterprise-wide level.
Workload included the following:
? Setting up and maintaining the Notes servers and connections to the
servers, performing ongoing administrative tasks, Managing Notes Mail,
Certifications, Ensuring Security, and maintaining and developing
databases.
? Developing Business Continuity Strategy and Methods for IT Disaster
Recovery and Business Recovery
? Developing Corporate Security Strategy for Physical Access Control
? Managing database rollouts and implementing replication schedules.
Coordinating and managing client-based aspects of server upgrades
? Core applications included - multiple implementation of supporting NT
servers for Internet, e-commerce, and networking.
? Developing the in-house training program for the American Cancer Society,
which included all course objectives, materials, and lesson plans.
Coordinated the training of all other ACS offices in the State of Ohio.
Other Duties: Project Manager/Leader responsible for all major projects
within the department (rollouts of hardware, software, and training
projects). Skills include Microsoft Project, Time Management, and Conflict
Resolution. Overseeing the day-to-day function of the Information Systems
Department. Managing the training budget and personnel.
MILITARY:
220th Engineering Installation Squadron Zanesville, OH Feb '92 - Aug '99
Ohio Air National Guard, Zanesville, OH
Deployment LAN Team: One of a few select teams in the nation. Job scope was
to install, support, and recover any computer LAN system (systems include
all four branches of the United States Military). Job function included
threat assessment, impact analysis, preventative measures, physical
security, and disaster recovery plans for combat computer systems.
Communication Cable Systems Specialist: Installed, maintained, and repaired
copper core and fiber-optic cable supporting the computer network.
Monitored and analyzed performance of the cable systems. Certified by the
United States Air Force in Communication Cable Systems and Electronic
Principles.
EDUCATION:
PCI Qualified Security Assessors (QSA)
ISACA Certified in Risk Information Security Controls (CRISC)
Certified Hacker Forensic Investigator (CHIF)
Certified Computer Forensic Examiner (CCFE)
M.Ed., Microcomputers in Business (ABT) Ohio University, Athens, OH
M.S., Ohio University, Athens, OH
B.S., Ohio University, Athens, OH
Skills
Business Continuity Management PC Support Applications
IT Disaster Recovery Product Selection
Lotus Notes Database/Web Design Security Program Management
Lotus Notes System/Database Administrator Project Management
Lotus Notes Security Project Planning
Content Control/Malicious Code Architecture Physical Security
Implementations Requirements Specification
IT Management System Design
Executive Consulting System Selection
IT Strategy Development Systems Documentation
Staff Management Testing Environment
PROFESSIONAL TRAINING:
Computer Forensics
Lotus Notes 4.6 Notes Basics, Mobile User, Power User, Application Dev. I &
II, System Admin. I & II Domino
Interactive Internet, LotusScript, and LEI data pump.
SANS (System Administration, Networking, and Security) TCPIP/Network
Intrusion
TECHNICAL SKILLS:
Operating Systems
Windows 2000/2003/NT/XP
Forensic Toolsets
FTK
Enterprise / Networking Security Products
Checkpoint Firewall-1/VPN-1, Cisco PIX/ASA, Cisco Secure ACS, Secure
Computing, Snort, Microsoft IIS
Vulnerability Assessment and Penetration Testing Tools
Nessus, AppScan, Ethereal/Wireshark, LOphtcrack, John the Ripper, Nmap
Wireless Assessment Tools
AirSnort, Network Stumbler, Kismet
Protocols/Standards
TCP/IP, UDP, SSL, HTTP, 802.11x, PKI, PCI DSS v1.2, BS-17799, PABP/PA-DSS
Contact this candidate