Certifications*

CISM – ISACA Certified Information Security Manager (Obtained October 2017)

GCFA – GIAC Certified Forensic Analyst

CISSP – Certified Information Systems Security Professional

SSCP – Systems Security Certified Practitioner

Security+ – CompTIA Security+ Certified Professional

CCNA – Cisco Certified Networking Associate

Network+ – CompTIA Network+ Certified Professional

CTT+ - CompTIA Certified Technical Trainer

BS Almeda University & Montana State University, Bozeman

Professional Experience:

Pacific Western Bank 12/2017

Sr. Desktop Computer Technician contract / Robert Half

Contract relocating the bank computers to a new building.

Win10, Active Directory, activations, ensuring scripts run successfully and installing software and configurations, swapping out old equipment, setting up network printers and troubleshooting issues. Installing new VOIP telecom equipment

Supervising and supporting other technicians and contractors from other agencies as needed.

Sandia National Laboratories – Tularosa Project 11/2017

Mid-Level Penetration Tester contract / CTEC

DoD sponsored study at CERL (Cyber Engineering Research Laboratory) in Albuquerque, New Mexico

of cyber security probably outside the Kirtland Airforce Base:

- utilizing only the tools within KALI Linux to attempt (along with other directives) to simulate a real-world OP

•gather intelligence, making as little “noise” as possible, gaining footholds and pivoting, identifying traps and misdirection, etc ... using my judgment as to whether safe to hack further into the system, etc..

All participants were anonymous agents and wore wrist monitors for vitals and were in communication with a handler throughout the OP via a second laptop that could also be used for internet access.

Afterwards there was a debriefing, mission reports were written and the proctor administered cognitive, aptitude and various psychological and other tests.

Herjavec Group 04/2017 - 08/2017

Security Consultant (Governance Risk Compliance)

As a member of the GRC department, I worked with some of THGs largest clients, such as: Moneris, LifeLabs, The Royal Canadian Mint on performing gap assessments of their Information Security Policies and Procedures and subsequent development of those policies and procedures to ensure compliance with: PCI DSS, HIPAA, GDPR, ITAR, etc…

In presales meeting discussions with Healthcare clients such as Walgreens, Delta Dental of NJ, and others regarding HIPAA / HITECH Risk and Gap assessments and HiTRUST Compliance.

I wrote and published a White Paper on the topic: 23 NYCRR 500 which was featured on the THG website.

Working with Sales team to create SOWs and worked with Project Managers and leading security teams to achieve SOW objectives.

Supervised, mentored and supported other consultants with the firm and did the same as a liaison with various departments of client companies.

ZipRecruiter

Information Security / Compliance consultant Independent Contract 01/2016 – 04/2016

Developed the company’s Information Security Policy with special emphasis on PCI DSS 3.1, HIPAA, and consideration for International Laws and Regulations. This effort was done in conjunction with Compliance Point.

Development of a Security Awareness Program – Utilizing Hoopla Slides, Incentives, Games, Google Forms, Signage, Banners

Created and delivered Security Awareness presentations and Security Awareness Training Sessions for On-boarding and On- going training for departments.

Working with external security assessment company – Black Hills for ongoing assessments and mitigation plans.

Utilized FogBugz ticketing system to submit and respond to security tickets.

Attended all Security Team meetings, provided support as subject matter security expert and responded to Security team incident reports and emails.

Development of user-side Acceptable Use Policy; created and developed Business Continuity Policy, Document Retention Policy, and began development of Incident Response and Disaster Recovery Plan.

Conducted physical security audits and made recommendations for remediation of issues.

Beverly Hills Trauma Group 1994 – 2017

Information Security Administration/ IT Manager (P.T. Position since the early 90’s)

All tech support / help desk for the office including MS Office, Website maintenance, Medical billing, Security Administration.

Development and Implementation of HIPAA Security Policies and Procedures. Business continuity planning.

Administration and account maintenance of user accounts and all desktop support for Windows OS environment.

Created Security Awareness Training program from the ground up and developed training presentations.

Conducted risk assessments and gap analysis of the medical practice, which included identification, and quantification of risks, cost benefit analysis, ROI reports, and infrastructure design and business continuity planning assistance.

LA Gay & Lesbian Center 2012 – 2014

Clinical Systems Analyst

As the senior member of the HSIT Department, first point of contact, and main source of provider support, I was responsible for supporting, administrating, configuring and querying the Health Information Systems software which includes: Allscripts Professional EHR, Allscripts PM, and the QS1 pharmacy program.

The direct contact with the Navicure and Powerline Healthcare clearinghouses for troubleshooting medical and pharmaceutical claims processing.

Liaison between HSIT and the IT Department for the Health Services and Mental Health departments. This includes placing routine help tickets to the I.T. Department using the web-based TrackIt! Ticketing Software.

All account creation and maintenance for the Allscripts EHR and Allscripts PM via Allscripts Administration Module and Allscripts Security Manager respectively as well as all account creation and maintenance in the QS1 program. I also perform troubleshooting, lab mapping, clinical customization of the Allscripts software.

My administration duties often overlap with the I.T. Department and I assist with User account administration of Health Service and Mental Health Services Departments in Windows Active Directory.

Created queries to extract and analyze data from Allscripts EHR and Allscripts PM for the reporting of quality measures (to the government, for grants, research studies, etc.). I mainly use MS Access and MS Excel and some MS SQL to perform these duties.

Developed data auditing procedures in collaboration with program managers to ensure the system is being used in an appropriate manner. Establish and ensure the integrity of clinical data collection, security and backup procedures. Assisting with the development of strategies for collecting and storing clinical data in a secure and reportable manner.

Children’s Hospital Los Angeles 2008 – 2010

Information Security Manager / Project Manager

I was responsible for ensuring CHLA compliance with HIPAA Security, other regulatory acts and agencies such as The Joint Commission / JCAHO.

Project Manager responsible for drafting PM Business Cases, tracking all security projects, assessing the security of existing & proposed projects, applications & network architecture: Active Directory, Windows and *Nix servers, SQL Server, Oracle, etc...

Creation and review of CHLA policies and procedures and responsible for streamlining processes.

Performing risk assessments, risk analysis, site audits, penetration testing, etc…using Security and Forensic tools such as: Foundstone / McAfee Foundscan vulnerability scanner, Core Impact, WebSense, EnCase Forensic Edition 6, AccessData Forensic Tool Kit, Cain & Abel, Wireshark, SenSage, etc…

Worked with internal auditors Ernst & Young and external auditors Deloitte & Touche assisting with risk assessments, audits, and new project oversight.

Performed Forensic Investigations; investigated incidents of theft and compromised data; interviewed witnesses, acquired evidence and maintained chain of custody logs working with private investigators and physical security teams.

Managing user accounts; VPN / WebConnect Remote Access; overseeing the termination process.

Compliance Board Member and Change Control Board Member.

Participated in “Environment of Care” inspections with the heads of multiple department and “Compliance rounds” with the hospital Compliance and HIPAA Privacy Officer..

Created security awareness training – newsletters, announcements, personalized training, intranet, presentations, and worked with Carnegie Mellon University on beta testing their anti-phishing security awareness project.

Worked with prospective vendors evaluating products (i.e., laptop encryption, log analysis, penetration testing tools, etc) and with current vendors such as Cerner, McKesson, etc.

LA County DHS (Dept. of Health Services) 2006 – 2007

Information Security Architect/Engineer – Network Security (Compliance Office)

Developed Security Policies and Procedures while ensuring that DHS was in compliance with its own existing security policies on ePHI and other sensitive and confidential data.

Defined IT security requirements; identified and resolved technical security issues, including security reviews of network devices (i.e., routers, firewalls, VPNs, etc.), servers, desktops/laptops, and other technologies on multiple platforms.

Overseeing regulatory compliance - HIPAA, JCAHO, ITIL, etc.… at all LA County Facilities:

o LAC+USC Hospital, Olive View Medical Center, Rancho Medical Center, Harbor-UCLA, King-Drew Medical Center, High Desert Health System, Ferguson Health System Administration Facility

Conducted Risk analysis, Vulnerability scans, Security assessments, Site audits, and new product testing, including recommendations and CBA (Cost Benefit Analysis).

Implemented vulnerability assessment scanning at all DHS hospitals using McAfee Foundstone (appliance and scan engine application). Responsible for developing the new policy and the procedures for its continued use, as well as the following:

oCreated the customized scans for all facilities and provided reports of findings to the DISO.

oCompiled and designed customized Remediation Plans for each facility.

oPerformed Foundstone administrative tasks: accounts and maintenance

Responsible for utilizing and evaluating security tools such as: WebInspect, AppDetective, Infinistream (a sniffer with real-time playback abilities), EnCase forensics, and others.

Computer Task Group – CTG, Inc. 2004 – 2005

Senior Security Consultant / IT Security Lead Auditor

On-site project supervisor, company liaison, and lead auditor for the west coast practice of CTG.

Responsible for performing Security Risk Assessments at (mainly) Hospitals and HMO’s; focusing on regulatory compliance with HIPAA and other applicable laws. JCAHO, etc.…

Participated in or conducted C level Project Initiation Briefings

Conducted a thorough IT Audit of Policies and Procedures, as well as, any other relevant documentation. Reviewed Disaster Recovery Plans; Security Awareness training; Back-up and vaulting procedures; EDI transaction code set activity; Business Associate agreements; etc. Performed Risk Analysis with clients and participated in Risk Assessment meetings.

Audited physical site security; building; grounds; alarm systems; guards (internal and contractual); HVAC.

Ran internal and external security scans of client networks using tools such as Nessus, MBSA, and other IT Security tools that are considered “best practice”. Performed vulnerability assessments for dial-up, wireless, web applications depending on client environment.

Thoroughly documented the audit and updated client at various stages. Prepared final reports for the client and conducted the presentation of findings to the board of directors, security administrators, network engineers, etc.

IBM Global Services @ Washington Mutual 2001 – 2004

Systems Administrator / Media Manager

Responsible for security of media, off-siting, destruction, restores, and supervised bi-yearly inventory.

VERITAS NetBackup Administration of StorageTek L700 and L700e LTO tape libraries with SN3250 Routers (Fiber to SCSI channel bridging) backing up approximately 600 clients.

IT Security audits of Iron Mountain storage facilities.

NOTE: Obtained my first Security Certifications while working here and at the same time was an IT Technical Trainer with both: The Learning Tree University in Chatsworth and at the LA Gay & Lesbian Centers’ Learning Curve program.

Teaching experience:

The Learning Tree University in Chatsworth, CA 2001 – 2004

Instructor – Information Technology / Technical Trainer

Classes taught: CompTIA Security+, CompTIA Network+, CISSP prep, and substituted on an as needed basis for other Information Technology classes: Microsoft Office (Word, PowerPoint, and Excel), introductory computing, website creation, etc.

Went through CTT+ training and certification process.

The Learning Curve program for the LA Gay & Lesbian Center “The Village” in West Hollywood, CA 2002 – 2004

Instructor – Information Technology / Technical Trainer

Classes taught: Security awareness and introductory computing, web, Internet, and various Microsoft Office classes.

References available upon request

* ALL CompTIA certs earned during GFL (good-for-life) period and never expire.

Contact this candidate