PROFESSIONAL SUMMARY
Seasoned Senior Security Information Security Analyst III, and Cybersecurity, internal/external Fraud Investigations and Forensic Security Analyst. Robust experience in end to end security concepts. Enterprise implementation of Symantec DLP platforms. Vendor responsibility, KPI, evaluations, conflict resolution. Exceptional record of competence and discretion for over 500,000 internal/external, vendor endpoint monitoring. The previous client is Fortune 50 companies located in U.S.A and 140 European Countries. Adept at {listening} communication and promotes team cooperations with other engineers and non-technical staff. With the highest standards of confidentiality, dealing with sensitive company information is my passion.
CORE QUALIFICATIONS
10+ years as a problem solver, hard hitter, holds a team and vendors accountable for company policy and SLA requirements.
Customization {Tunning} DLP Repositories, data classification standards, reducing false positives established triggers, and/or modified DLP to meet company security policies.
Excellent leader, SME on implementing costs effective security stacks.
Standardization of (AD), (LDAP) (IDM) (IAM) access protocol authentication.
Metrics, dashboards customization AD-Hock reporting, and extremely focused manager on-time, reporting and change control {ServiceNow} and bottom line responsibility.
Executing DLP and End Point Protection roll-outs and administration.
Meta data management products Bolden James, classifier and encryption.
Cyber Security Strategies, Principal Security Consultant with hands-on IDM SSO, Federated,
Perform forensic security event(s) investigations.
Superior breadth of experience in network monitoring tools SEP, DLP Symantec, intermediate experience with ePO; HIPS, F5, Splunk administration and information security
Excellent proficiency with database segmentation, for different data streams classification encryption, firewalls.
Sound skills in Linux programming Powershell Visual Studio 2017 and advanced network design, Cisco switching and testing
Highly skilled in data analysis and network security perimeter threats and identification of advanced persistent attacks.
Passionate security analysis, and leader with excellent technical acumen and over two decades of hands-on knowledge.
Analyze company’s business owners’ requirements. Business continuity requirements, disaster recovery and ‘risk appetite’ determining the appropriate security layered solutions.
Deep-dive into current company’s continuity and disaster recovering programs and table-top CERT training.
IT Governance/Compliance, security awareness surveys and may result in amended company IT Security policies.
Meet with process leads to understanding workflows.
Experience with PCI-DSS, PHI, PII, Pen-Testing, ISO/IEC 20007 ISO 27001-2.
Contingency Planning/Disaster Recovery.
Able to detect threats implementing threat modeling (STRIDE) network and system security design and implementation.
Experienced in end-to-end connection types; TCP/IP, UDP VPN, SMPT, SMAL HTTP and HTTPS, sFTP etc.
EXPERIENCE
Independent Consultant 05/2015 -09/10/17
AGCO Corporation, Duluth, Georgia
Senior IT Security Analysts {GRC}
Daily assignments varied from day-to-day e.g.
Served as a resource in GRC Controls creating or modifying documentation and workflows
Contributed to the maintenance of the security exception and findings management processes
Maintenance of security program metrics and reporting SOX
SME process management and simplification.
Review exceptions for access control technology and GRC and business continuity security programs
Audits, assessments, risk identification, and remediation management.
Enforced privacy laws, data classification, protection/security regulations
Solid understanding of SOX 404 Compliance.
Genuine Parts Corporation, Atlanta, Georgia
Senior SOC Security Analysts III
Daily assignments varied from day-to-day e.g.
Symantec DLP deployment, testing, refining ‘out-of-box policies’ by ‘fine tuning’ by modifying with new policies to meet company requirements.
Cyber Security incidents/events security response procedures, training documents to action plans for MSSP partner.
Chaired tabletop exercises 'drills' and documentation for Severity {1-4}
Managed (4) Subsidiaries offices in Mexico, Alabama, Canada, and United Kingdom.
USA-based company’s, with over 45,000+ endpoints, subsidiaries and retail stores across the contiguous United States and Hawaii.
Directed pen testing of web UI internal and external applications, malware analysis when required, investigated phishing and whaling email, and training and education for company internal users.
Coke Enterprise Inc., Atlanta, Georgia
Senior Security Network Analysts/Engineer III
Daily assignments varied from day-to-day e.g.
Cyber Security CSIRP training documents to action plans for each CERT severity (1-4), along with tabletop exercises 'drills' and documentation for Coca-Cola organization by Country with (14) offices in Eastern Europe and the United Kingdom.
EU GDRP new security laws and developed internal policies, for DLP, Endpoint, Antivirus and IAM and privileged access requirements.
Team leader for implementation EU GDRP laws for Coca-Cola European operations
Chaired incident response as a team as analysis for the CERT.
Performed forensic {End-Case} and malware analysis when required.
Reviewed and managed access requirements, for elevated user(s) access.
Controlled compatibility with third-party software products, developing a program for modification, and integration, and migration of technology that included; IDM, DLP, SEPM, and AD servers being relocated offshore.
Executed technical feasibility solutions for new functional designs and implement approved options for performance improvement of technical security controls
Chaired administration of the migration team meeting with Belgian and India counterparts.
Our teams' responsibilities were technology that included; IDM, DLP. SEPM protection, and monitored 200 server migrations.
GRC/Security Engineer in charge; rolled-out security stacks that included; Zscaler – Web security, Qualys – Analytical detection, IDM – Access controlled, Splunk – Customization, DLP – Symantec EP, Kali – Metasploit computer security information vulnerabilities and aids in pen testing.
McKesson, Alpharetta, GA
Senior Manager Security Software/Product Security Analysis III
Daily assignments varied from day-to-day e.g.
Software development experience with Python Scripting, Ruby on Rails, Java, Javascript, .NET, C, C++, and C#.
Implemented web and/or software applications pen-testing for Source Code (IP).
Performed on-going security testing and code review to improve software security, troubleshot and debugged issues that arose.
Provided engineering designs for new software solutions to help mitigate security vulnerabilities.
GRC/Security Engineer in charge; rolled-out security and penetrations testing and compliance.
API Sandboxing.
Veracode Dynamic and Static scanning.
Versprite Pen – testing.
Synopsys – Tested collaborate on the commercial application of logic synthesis.
Maintained technical documentation, consulted with team members on secure coding practices, familiarity with new tools and best practices.
Knowledge of techniques, standards and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities, and remediation.
Adequate knowledge of web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols.
GRC/Security Engineer in charge; rolled-out security stacks that included; Zscaler – Web security, Qualys – Analytical detection, IDM – Access controlled, Splunk – Customization, DLP – Symantec EP, Kali – Metasploit computer security information vulnerabilities and aids in pen testing.
Provided direction to program developers and software engineers on designs for new software based on known attack surface and solutions to help mitigate security vulnerabilities.
Security Manager Engineer in charge rolled-out hundreds of applications for patient management used in hospitals worldwide includes; FDA devices, Web-based and mobile applications maintain strict compliance with security policies performing testing and compliance. OWASP top 10 and SANS top 25 application security.
Maintained technical documentation, consulted with team members on secure coding practices, familiarity with new tools and best practices.
Knowledge of techniques, standards and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities, and remediation.
Adequate knowledge of web related technologies (Web applications, Web Services, Service Oriented Architectures) web related protocols.
Express-Scripts, Inc., St. Louis, MO
Senior IT Security DLP / EPO Risk Assessments
Daily assignments varied from day-to-day e.g.
Managed agile web security and applications UI new designs.
Responsible for ensuring that information security represented on relevant business and governance matters and well-integrated within the Express Scripts Application Development and Infrastructure organizations.
Collaborated with senior leaders of the Application Development and Infrastructure teams, providing information security technology, network engineering, operations, threat management and architecture advice while also coordinating with the centralized Information Risk Management team.
Led internal cross-functional department IT initiatives and participated in cross-functional initiatives for Express Scripts and a team of consultants in geographically diverse locations across international timelines.
Conducted weekly project status meetings to review project activities; managed prioritization procedures and matrix.
Evaluated the impacts and risks of changes, assigned tasks that reduce or eliminate those considerations, determined tentative implementation dates, and tracked results of the implementation.
BIMASS.com, Atlanta, GA 01/2013 - 04/2015
Senior IT Security Analysts & Risk Assessments
Consistently deliver quality client services.
Monitored progress, managed risk and ensured key stakeholder informed about progress and expected outcomes.
Stayed abreast of current business and industry trends relevant to the client's business. Established relationships with client personnel at appropriate levels.
Conducted weekly project status meetings to review project activities; managed prioritization procedures.
Set and managed client expectations, managed and escalated issues and changes and measured progress toward goals and revised project objectives, applied change control procedures.
Evaluated the impacts and risks of changes, assigned tasks that were necessary to reduce or eliminate those considerations, determined tentative implementation dates, and tracked results of the implementation.
Efforts reduced costs and project lines time by 9-10%.
Responsible for all development and implementation of WAN and LAN Infrastructures.
Rolled out security stacks that included; Zscaler, Qualys, IDM, Splunk, DLP, and Kali
BG ADDY, LLC, Suwanee, GA 01/2002 - 12/2012
Senior IT Security Analyst & Risk Assessments
The company specialized in; physical layer {1 OSI} and design. Installation of data link {2 OSI} switching configuration, and network. Installation of {3 OSI} routers, firewalls and configuration established IPSec.
Responsible for working closely and collaboratively with CMHS Network and System Administrators as well as IS Leadership on all aspects of network administration.
Vetted LAN/WAN, routers, switches, firewalls, servers, storage, desktop systems, backups and network security vendors.
Developed, designed and constructed in the southeast United States, Tier 2 & 3 purpose-built, server-ready multi-tenant data center offering concurrently maintainable infrastructure to support companies with various data suite sizes and density requirements from 10 racks to over 2,500. Provided its tenants with autonomous data suites that are fully separated by slab-to-deck fire-rated walls, ensuring the utmost in secure data center operations. Compliance requirements providing a highly secure environment to support IT business functions.
FLUOR Greenville, SC 06/1996 - 12/2001
Senior IT Security Analysts Program Manager / Internal Investigations
Commanded, for DoD Deployable Data Centers {DDC}. Military Combat Signal Group could deploy {DDC} into combat zones ready, and could be scaled from one server to 24 complete servers by simply plugging in more nano servers.
Completed HITECH installations for;
Lucent Technology, Inc.
IBM
United States Embassies {IT InfoSec}
Novartis Pharma
Lifecore Pharma
Pfizer Pharma
Intel Microchip Manufacturing
New York School Construction Authority {SCA} in conjunction with New York Inspector General {Organized Crime Unit}
EDUCATION
Gwinnett Technical College Lawrenceville, GA A.S. (continual education)
Major: Information Security Specialist Cybersecurity Investigator
Minor: Forensic Investigations
Continuing education in CEH Certificate and network security
Academic GPA 3.43
National Technical Honor Society
2013 National Technology Leadership Award
PHI THETA KAPPA Honor Society
President, Student Veterans Association
CERTIFICATES & CERTFICATIONS
Symantec DLP and Endpoint protection Advance.
Microsoft Certified Professional (MCP)
HIPAA Privacy Training Certificate
Certified Security Professional OWASP, SANS,
MILATARY
US Coast Guard – Honorable Discharge (Protected Veteran)
Search & Rescue 7th District Tactical Teams, direct reports within the intelligence network