Resume

Sign in

Security Analyst

Location:
San Jose, California, United States
Posted:
August 28, 2018

Contact this candidate

Resume:

Gerald Lee Pauler

San Jose, CA

In IT industry for great 30 years with solid experience in Cyber Security

Certified CISSP with Ph.D. in Computer Science

Adept in utilizing Pen-Tests, HIPAA/HITRUST/HSR, IDS/IPS, SEIM, AlienVault, FTK (Forensics Tool Kit), Tripwire, ISO 27000, NIST 800-53, Retina, Nessus, McAfee, InMon, FortiAnalyzer, and HITECH

Proven expertise in designing Security Programs including creation of over 100 Security Policies for HIPAA/NIST Compliance

Solid exposure in creating and building the Security Architecture including a Corporate Information Security Program including all Policies, Procedures and Plans to include HITRUST and HIPPA regulations/standards

Excellent skills in utilizing ACAS (Nessus), Retina, Gold Disk, DISA, STIGs, Snort, Nmap, Netmon, wireshark, Websense, SonicWALL, Qualys, Tripwire, sniffer products and others for analysis and troubleshooting, incident response and pen testing

SUMMARY

My skill set in Information/Cyber Security includes creation of security policies, procedures and plans, auditing, risk assessment, hands-on network routing and switching, troubleshooting, monitoring, management activities and working with a variety of security software tools in Windows and NIX environments with two factor authentication (PKI - CACs - smartcards)

My work has involved reviewing, updating and creating security policies, procedures, standards and plans. Work included active directory security policy and auditing, vulnerability audits/assessments, Pen-Tests, HIPAA/HITRUST/HSR and network infrastructure

Used security tools such as IDS/IPS, SEIM (Symantec Endpoint Protection), Alien Vault, FTK (Forensics Tool Kit), Tripwire and inter-connections. Played a key role in assisting with the security education and training of process/control owners for their understanding of ISO 27000 series and NIST 800-53 security controls by conducting detailed analysis and presenting results to information security management teams. Coordinated SOC and SSAE compliance/reports

Designed and conducted user Security Privacy and Awareness Training

As a Cybersecurity Manager, I led an incident handling team and worked with incident analysis/remediation/forensics on a daily basis, coordinating with Network Operations, Datacenter and the Helpdesk

Coordinated with Project Managers, Network Operations, Data Center Operations and Information Assurance Teams using ISO 27000 principles, standards for PCI/SOX/DSS, etc. and guidelines on risk management/analysis (Risk Assessment) for the identification, assessment, and prioritization of risks (ISO 31000) followed by application of resources to minimize, monitor, and deal with the impact of security events

Provided oversight for vulnerability scans (Retina and Nessus) and worked with security tools such as Symantec Endpoint Protection, Alien Vault, McAfee, InMon, FortiAnalyzer, etc. for security information, event management and IDS/IPS

Responsibilities included managing, monitoring, analyzing, improving and troubleshooting security systems

Created and worked with Disaster Recovery and Business Continuity Plans

Managed virus protection program for prevention, detection and elimination of viruses

Participated in Compliance and Risk Assessment programs.

I meet requirements of the National Information Assurance Training Standard for Senior Systems Managers (CNSSI 4012) certification and the standards for the National Training Standard for Information Systems Security (INFOSEC) Professionals and System Certifiers (NSTISSI 4011 and 4015 certifications). DoD IAT/IAM Level III. CNDSP Analyst/Incident Responder/Auditor/Support

EDUCATION & CERTIFICATION

Ph.D. in Computer Science from Oklahoma State University, MBA degree from the University of Mississippi and BA degree from Kansas State University (Emporia, KS)

Registered Professional Engineer (Lic # 34 in Quality Engineering

Lieutenant Colonel, U.S. Army, Ret. Graduate of the National Defense University (Industrial College of the Armed Forces), the U.S. Army War College, the Command & General Staff College, and the Engineer Advanced Course

Member of several professional organizations including the Federal IT Security Institute and the FULBRIGHT Alumni Association

Several Military Honors and Awards including six Battle Stars

NSA INFOSEC Professional, CISSP (Certificate/ID number: 369390), MCSE, MCSA, MCTS, ITIL, MCP+Internet, NTCIP, MCT, CompTIA A+, NET+, Project+, Security+, Server+, CEH, CCNA, JNCIA, JNCIS, CTT+, Secret Clearance, DoD IAT/IAM Level III. CNDSP Analyst/Incident Responder/Auditor/Support

EXPERTISE IN SECURITY ARCHITECTURE

Designed, built and implemented network and computer security programs

Responsible for creating complex security structures – and ensuring they work

Acquired a complete understanding of a company’s technology and information systems

Planned, researched and designed robust security architectures for any IT project

Performed vulnerability testing, risk analyses and security assessments/audits

Researched security standards, security systems and authentication protocols

Developed requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices

Worked with public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures

Reviewed and approved installation of firewall, VPN, routers, IDS scanning technologies and servers

Tested final security structures to ensure they behave as expected

Provided technical supervision for (and guidance to) a security team

Defined, implemented and maintained corporate security policies and procedures

Oversee security awareness programs and educational/training efforts

Responded to security-related incidents and provide post-event analysis

Updated and upgraded security systems as needed

PROFESSIONAL EXPERIENCE

TAOS, San Jose, CA February 2018 – March 2018

Network Security Engineer

Completed review of all Security Policies

Updated existing security policies

Performed Gap Analysis

Created several security policies for remediation

Worked on compliance analysis for ISO 27001/27002 Security Controls

Satellite Healthcare, San Jose, CA October 2017 – December 2017

Security Analyst

Designed Security Program including creation of over 100 Security Policies for HIPAA/NIST Compliance

Conducted Security, HIPAA/HSR, HITECH internal risk assessments and audits

Created Security Privacy and Awareness Training Policy and slide sets

Created SDLC document to include security and mobile application considerations

Developed Risk Management Policy including Risk Assessment checklists

Assisted research for HITRUST CSF Certification

Worked with Vendor security checklists and created Vendor Security Policy

Boeing, Columbus, OH and the Pentagon July 2017 – August 2017

Delivered CEH and ITIL courses

Taught IT security policies

Created Security Privacy and Awareness Training Policy and slide sets

Created several security policies for remediation

Assisted with security incidents, information security training and knowledge transfer to employees

PDS Tech, San Jose, CA, April 2017 – June 2017

Security Assessor

Completed Security Assessments at several U.S. Contact Centers

Involved extensive physical and electronic inspection/investigation of the Centers including personnel

Completed checklists of over 100 NIST related security controls for Security Compliance

Maintained contact with 16 Centers for remediation and Corrective Action Plans

Livongo Health, Mountain View, CA July 2016 – March 2017

Network Security Analyst

Created and built the Security Architecture including a Corporate Information Security Program including all Policies, Procedures and Plans to include HITRUST and HIPPA regulations/standards

Conducted Security, HIPAA/HSR, HITECH internal risk assessments and audits

Developed HR Policy and Procedure

Created Security Privacy and Awareness Training Policy and slide sets

Created SDLC document to include security and mobile application considerations

Developed Risk Management Policy including Risk Assessment checklists

Assisted research for HITRUST CSF Certification

Worked with Vendor security checklists and created Vendor Security Policy

Created over 90 Policies and Procedures including Remote Access (VPN) Policy

Assisted with Vulnerability scans and Pen-Tests

Assisted with Alien Vault

Worked with SOC/SSAE compliance and reports

SCIF Contract, Pleasanton, CA, October 2015 – February 2016

Cyber Security Analyst

Reviewed audit findings and worked on testing/remediation

Used Tenable Security Center to run Nessus vulnerability scans against network devices and servers

Involved with PCI, NIST, HIPPA & ISO security controls

Conducted a Major Policy Review/Update Project

Conducted Audit Finding Pre-Tests for remediation

Engaged in Business Continuity Plan/Disaster Recovery Plan updates and simulations

Coordinated with LAN Engineers for network security

City of Santa Clara, Santa Clara, CA July 2015 – September 2015

Sr. Information Security Officer

Provided Information Security Program oversight and technical reviews (security technical writing)

Processed security vulnerability scans from Homeland Security and the FBI

Updated and provided information security guidance, reviewed and monitored security plans/bulletins, and communication to CIO on Information Security Project activities

Used Zscaler and SEPP

Conducted CSET NIST 800-53/ISO 2700x Compliance Assessments/Audits

Created City Information Security Plan, CIRP and Auditing Policy

Updated Security Policy and Procedure documents

Worked with Network Engineers on CISCO ASA, etc.

Clorox Contract, Pleasanton, CA November 2014 – July 2015

IT Information/Network Security Consultant

Worked with Druva, WinMagic, Symantec ESM, McAfee, CA PIM and other security tools

Created Corporate Security standards and authored Policy/Standards review/updates (security technical writing)

Assisted with security incidents, information security training and knowledge transfer to employees

DLIFLC, Monterey, CA June 2014 – October 2014

Cybersecurity Manager

Completed DIACAP/RMF processes for ATO. Created Security Policy and review/updates

Used FortiClient, InMon, Symantec (DLP), FTK, Project Management, Incident Handling (FortiAnalyzer), Retina and ACAS Scanning. Managed four Security Incident Handlers

Freelancer, Various locations January 2014 – June 2014

Information Security Consultant

Worked included RMF/NIST for Government, Military and Corporate clients

Delivered CISSP and Security+ Training

DLA NOSC CERT, Columbus, OH November 2013 – December 2013

IA Security Analyst/Incident Handler

Responsibilities included detecting, opening and closing incidents

Utilized 15 secure accounts for IS/CND defense in depth such as Arc Sight Logger, HP ESM, McAfee (HBSS, ePO, etc.), Websense, IBM WebSphere, Symantec, Juniper, & Checkpoint

Independent Contracting, Various Locations May 2013 – October 2013

Information Security Consultant

Worked included RMF/NIST for Government, Military and Corporate clients

Delivered CompTIA courses including CISSP and Security+ Training

VAFB, Lodi, CA February 2013 – May 2013

Information Systems Security Engineer

Responsible for technical/security information for DIACAP, participated in all lifecycle processes, site & system security assessments, DRP, BCP, Security Test and Evaluation (ST&E), IA and C&A Validations

Worked with DOD 8500 series, NIST 800-53, ISO 2700x and others

C&A Consulting Assignment, Golden Forks, ND November 2012 – January 2013

GF AFB global Hawk & Data Center

Completed vulnerability scanning/testing, worked with AD, security policy, DIACAP, RMF, NIST, STIGs, ST&E, IA (Now IS), C&A (Now A&A), and remediation

Used ACAS (Nessus), Retina, Gold Disk, DISA, STIGs, Snort, Nmap, Netmon, wireshark, Websense, SonicWall, Qualys, Tripwire, sniffer products and others for analysis and troubleshooting, incident response and pen testing

Ingram-Micro, San Jose, CA, Contract July 2012 – October 2012

Juniper Security Engineer

Worked on Security Project contract

Installed and configured firewalls, IPS, IPSec VPNs and various screens for intrusion prevention on Juniper SRX equipment

CECOM, Colorado Springs, CO, Contract October 2011 – June 2012

Information Security Consulting/Training

Worked with command and signal security at different DoD 8570 levels in dealing with their systems, IA, IS, AD and CACs (smartcards) through the DoD CA

Work involved details of NIST, security policy, card issuance, renewal, revocation, monitoring and cryptography algorithms, etc.

NSA, Bahrain August 2011 – September 2011

Security Consulting

Worked on intense, secret and extensive IA, IS, AD, security configurations, systems and virtual systems work with over 20 NSA IT Security personnel (in the “Danger Zone”)

Unitek, San Jose, CA November 2002 – August 2011

IT Security Consultant/Trainer

Focused on CISSP, Security+, CEH and ITIL training and consulting. Assignments include work with Boeing, U.S. Military Departments, DOE, Bionetics, Oracle, Hitachi Data Systems, EDS, Atlantic Management Center and AST

Completed major projects for Net-Com Image including Website Hardening, Backups and Security configurations

Brooks College, San Jose, CA March 2001 – October 2002

IT Systems

Managed IT AD and local security including security systems and configuration of Cisco switches and routers

Configured ACLs, VPNs and monitoring

Established Domain model with Secure Password Policy and authentication requirements for Domain logons

Operational Security requirements included physical & logical access controls for running the network including Backup and Account Operators

Applied Security Templates

CISSP Domains: Access Control, Operations Security, and Telecommunications & Network Security



Contact this candidate