CTO, CISO, VP, SR. Network and Cloud Security Consultant/Architect/Eng
Resume:
Scott Kreuser
Miami, FL • ac9bnj@r.postjobfree.com
LinkedIn Profile: http://www.linkedin.com/in/scottkreuser1/
AVAILABLE WORLDWIDE!
SENIOR-LEVEL HANDS-ON ENGINEER, MANAGER, ARCHITECT, AND DEVELOPMENT EXECUTIVE
Specializations;
Cyber Security Manager, Architect, and Leader with Senior Level hands on experience. Cloud and on-prem security, penetration tester, information security compliance gap audits. DevSecOp Security Engineer and DevOp compliance advisor. Implementation Lead Engineer Cisco ISE/ACS/Sourcefire/Firesight/FireAMP/Splunk, WLCs, Network Implementation, RF Wireless Implementation / Remediation / Optimization (Wired/Wireless/SAT), Cryptography, Leader, Smart Grid, CTO, CIO, VP, CISO, Info-Sec, NIST & NERC v3-v5, FedRamp, HIPAA, ISO 27001, PCI, SOX, SOC2, NIST 800-53, FISMA Compliance, and penetration testing. Insight into future networking and security products.
Qualifications Summary
Executive Leader, Business Analyst, Hands on Engineer with more than 30 years of experience in business and system analysis, wired and wireless network engineering, Smart Grid development and implementation, project management, Cyber/Network security and compliance engineer, Red Team testing, Fraud Protection, and international relations. I rapidly identify business and technical problems, formulates tactical plans, initiates change, and implements effective solutions that deliver customer satisfaction, security, profit, revenue, and cost reductions. Excellent proven experience leading, participating, and hands on engineering with cross functional teams delivering products and solutions while focusing on quality, time to market, compatibility, and innovation.
Career Highlights
Synergy InfoSec, LLC.
SR. Network and Cloud Security Consultant/Architect/Engineer
Jun. 2018 – Present
Responsible for consulting/auditing/implementing/and helping companies when they require my expertise. Clients are large consulting firms, such as CDW, PCM. And Quest Systems and their customers.
Responsible for leading teams as necessary.
Performed Audits and Recommendations of Security assessments.
Implemented security controls based upon compliance both wireless/wired as required (PCI, HIPAA, ISO27001, FEDRAMP)
SME and Implementation Security Engineer of Cisco Identity Service Engine at over 45 hospital campuses. 8,200 beds in nine states which services over 5 five million patients annually at Adventist Health (AdventHealth).
Transfer Authentication for PAM users. Specifically, users of network equipment to the Beyond Trust PAM Solution with Secure Auth 2FA Secure Auth Passcode solution.
Setup Cofense Fhishme, trained staff on Cofense Reporter, Cofense Triage, Cofense Vision, and Cofense Intelligence
Working with legal teams to Identify tools, and software that provides information on their complainant of which they previously did not have access to such information.
Cynergistek, Inc. Contracted to Sutter Health Care
Sr. Information Security Engineer
Jan. 2018 – Jun. 2018
Coordinate and perform the implementation of Cisco’s Integrated Security Engine (ISE) w/ Microsoft Active Directory (IAM), PKI across the Sutter Health System (Wireless and Wired 802.1x).
Configuration, implementation, and integration of Cisco ISE for Wireless and Wired Guests, and staff at over 300 hospitals, clinics, and Dr. Offices, via PKI.
SME to provide guidance to the organization and team in selecting strategic options, and draft professional reports and present technical findings to a business audience
SME to provide security technology at an architectural level, as well as Project Management
Cisco Systems, Inc.
Network and Security Architect
May 2018– October 2018
Responsible for introducing Digital Networking Architecture solutions to Cisco Global Partners. Cisco's Global Partner Organization has engaged me as a subject matter expert to help in building out enablement and mentor partners through the design, installation, configuration, and successful demo of Cisco DNA solutions that include SD-Access (SDA) (which includes Identity Services Engine (ISE with Microsoft AD (IAM), DNA Center (DNAC)and wireless controllers and APs, Network Data Platform (NDP), Assurance, Trustsec, Stealthwatch (and other security options such as Splunk), APIC-EM, Catalyst 9k and programmability.
Job Duties:
• Execute training / Bootcamps to partners
• Onsite Partner Lab setup
• Mentoring a partner through and installation at Customer site.
• Design Review Service for a migration or green field environment.
• Support the Partner Proof of Concept / Proof of Value (POC/POV) initiative by providing design support and on-site support of installation and configuration.
• Provide remote support for partners on installation and configuration problems and issues related to SDA, DNAC, NDP, NaaS (Network (physical and wireless as a Service) and NaaE (Network as an Enforcer).
• Prepare best practice documentation
SKY Networks, Inc.
Sr. Network and Cloud Security Consultant
Feb 2014 – June 2018
•SR. Network and Cloud Security Consultant;
Worked with multiple clients as a go to consultant by leading, and managing cyber security teams on a global basis for the physical network (wireless and wired) and cloud cyber security threats that may invalidate compliance. Contain such threats and protection of future security issues. I have implemented or updated processes, policies, and controls by implementing procedures, in Development, and Network monitoring. Technologies such as Cisco ISE, IAM, ASA, Sourcefire/FireSIGHT/FireAMP, Next Generation Firewalls, Cisco DNA, Cisco Prime, Checkpoint, Splunk, McAfee Web and mail Gateways. Performed Security Compliance Assessment audits such as FedRamp, HIPAA, ISO 27001, PCI, SOX, SOC2, NIST 800-53, FISMA, and the Cyber Security Initiative, on both cloud (AWS/AZURE) and On-Premise networks. A lot of my work was in DevSecOps, working with developers on best practices and cloud and on-prem security. Implemented PKI and based Authentication and Authorization.
Some recent clients include;
(some client names redacted for privacy)
1)Norwegian Cruise Line – Managed several projects with geographically dispersed teams to create a POC for a shipside working VOIP over Wireless phone system, upgraded wireless controllers, installed ISE with PKI, upgraded Cisco Prime appliances. Some ship’s and islands were running Aruba wireless networks. I worked with ship-based network engineers on transitions, installation, and testing of low-orbit based satellites from EMC, which introduced a very large increase in bandwidth, also introduced Wi-Fi Hybrid solutions while at port. Also worked with Aruba Engineers to create a POC and implement a wireless network on an island in Belize. I participated in mock incident response, both Shore Based and Ship based.
2)A nonprofit organization – Managed a team with serval team members in multiple countries to Upgrade ASA’s from 8.x to 9.x, Install Firepower and FireAMP for Endpoints (Sourcefire) In accordance with the “Motion Picture of America Association (MPAA) Content Security Model “
3)A Renewable Energy wholesaler; Managed security compliance with the Dept. of Energy by Implementing Cisco ISE with PKI, Trustsec and Cisco ASA/Sourcefire/FireSIGHT/FireAMP for endpoints and Networks (Wireless and Wired). Also developed and led a 2-week dive course on security best practices.
4)A Large beverage company - Worked with Monster’s internal and external teams on integration and implementation of Cisco ISE with wireless and wired 802.1x authentication, replaced Checkpoint Firewall with Cisco ASA, Mcafee mail Gateway installation.
5)A GAS/OIL Distributer; Worked on managing several projects managing internal teams as well as offshore teams on Integration and Implementation of Cisco ISE with Microsoft AD (IAM), PKI, Cisco Trustsec, Cisco AnyConnect and 802.1X wireless and wired authentication with Microsoft Active Directory, Guest Internet access, Cisco ASA, and Sourcefire/FireSIGHT/FireAMP.
6)A World Leading Cement/Concrete producer; Managed the security improvement project with a large team contained of engineers in Canada, and the USA, as well as internal colleagues, and company employee’s. Transitioned company networks from one company into two while performing all upgrades(wireless and wired). Work included configuring Microsoft AD (IAM) with Cisco ISE with PKI, Cisco Trustsec, Cisco ASA, Cisco Prime, and Cisco WLC
7)A top staffing agency; Managed internal resources as well as client resources on Implementation, Integration, Training of Cisco ISE with 802.1X Wired/Wireless configuration with Trustsec, Mcafee(Symantec BlueCoat) Web Gateway, and installation of the Macafee mail gateway.
8)A large healthcare group; Managed Community Health Systems upgrade of Wireless Lan Controllers and integration with Cisco ISE with PKI, Microsoft AD (IAM), Splunk, and Cisco Prime with over 350 CTOs and over 350 Hospitals across the U.S.
9)A Hedge Fund; Responsible for implementing Cisco Prime, Cisco ISE with PKI, implementation (both wireless and wired) with AD (IAM) and upgrade of Cisco UCS. Also performed a Gap-Analysis on compliance with FedRamp, FISMA and PCI.
10)A Bank - Built a compliant POC for blockchain and related Dapps using IBM Hyperledger, and Solidity. Have created SmartContracts and created New Crypto Coins, tokens and ICOs.
The management of teams were diverse, the technology was diverse. My hands-on experience gives me the understanding of all aspects of network security. Some projects not addressed above used the technologies listed below;
•Provide Network Security, Penetration Testing, and network defense strategies to clients throughout the world.
•Consult with major utilities on Smart-Grid Cybersecurity and physical security, and provide recommendations and technology implementation (NERC CIP v3 – v5).
•Provide Crypto-Currency Consulting and Security recommendations.
•Create Solutions based upon Microsoft Azure, AWS and Vmware vCloud Cloud Platforms, VM’s, Databases, Servers, AD, FIM, DNS, IPS, and other cloud base products.
•Migration of Windows XP to Windows 7, Windows 8.1, and Windows 10 operating systems.
•Cisco Prime, ISE, ACS, and 5508 Controller migrations.
•Leader for driving Security Breach issues to closure, while also advising customers on compliance with state and federal laws (NERC / NIST v3-v5)
•Served as VP for National Smart grid solution telecommunications provider.
•Extensive research on Current security issues. (TLS/SSL,Secp256r1(k1), ECDSA, AES, ECDHE etc.) Attacks and recent vulnerabilities (side-channel attacks, timing attacks etc.)
•Extensive use of ASDM and Cisco Security Manager.
•DevSecOps; Worked with AWS/Azure to move client assets from the Data Center to the cloud. Implemented Controls and trained client engineers on procedures.
Silver Spring Networks, Inc., / FPL
SR. Wireless RF Field Engineering Mgr.
Oct. 2010 - Feb 2014
Worked with major utilities including FPL, PGE, BGE, Duke, ConEd, and CPS, to design, implement, and deliver Silver Spring’s smart grid technology to create energy efficient Smart Grid Solutions while focusing on security compliance with NIST/NERC CIP v4 and v5. Designed, Managed and Implemented and optimized solutions that include, secure IPv6 mesh network solutions that empower faster and more reliable connections. Responsible for the design, implantation, support, and operation of the Smart Grid Wireless mesh using Silver Spring Wireless Bridges, Access Points and Relays. Developed the Network to reach every home and office (and basements/vaults).
•Responsible for supporting customers on an IPv6 global mesh network of Millions of subscribers/nodes within the service area of FPL, BGE, PGE, Duke and ConEd.
•Responsible for SCADA integration and troubleshooting with hundreds of thousand RTUs with DNP3 port mapping.
•Evaluated potential security issues with third party IEDs, RTUs, PLC’s, Sensors and Relays.
•In depth communication with customer on all external and internal project status.
•Responsible for performing Site Surveys for mesh deployment, and troubleshooting complex problems in the field.
•Responsible for management of third party companies/contractors to perform complex tasks.
•Self-Managed workflow.
•Created Linux Shell scripts that made tedious tasks run more efficiently.
•Worked with customers to identify additional security concerns, specifically compatibility and consultation of using the HP SIEM Software suite of applications for security and compliance
•Advised on AWS Cloud and Microsoft Azure AD, VPN, and FIM security solutions
•Trained other Engineers on the specific engineering tasks of Distributed Automation of Energy utilizing Silver Spring Technology.
•Trained customers on NERC CIP v3 and v5.
•Startup Engineering Lead of the CPS energy Smart Grid project in San Antonio, Texas.
•While starting the CPS Startup, I started Business Process Re-engineering – I redefined the design, implementation, optimization and remediation process by creating an application for mobile devices (IOS/Android/HTML5) utilizing all the features of the device (location, lat/long, and camera, and collection of RF data) for engineers working in the field. The solution eliminated the need for a laptop, GPS, and camera (aprox. $3,500.00 per engineer), and increasing productivity (est. up to 10 times per engineer.)
General Dynamics / JIS Technology, INC., U.S. Dod, On contract to U.S. Veterans Administration – Principle Wireless Security and Implementation Consultant
Jun. 2009 – Oct. 2010
•Responsible for on-site design of Wireless 802.11a/b/g networks utilizing Cisco Location based services (Cisco LBS), data, and voice while utilizing a complete Cisco infrastructure of Access Points (AP), Wireless LAN Controllers (WLC), Implement Cisco Identity Service Engines (ISE) with current Microsoft AD (IAM), the Cisco Wireless LAN Solution Engine (WLSE), Trustsec, and the Cisco Wireless Domain Services (WDS) in Nationwide Veterans Administration medical facilities. Insured 100% availability of 54Gbs for support of voice, implemented QoS for voice priority.
•Analysis of building design and construction and its impact on environmental and mobile applications while designing enterprise class 100% fault tolerant wireless networks for use in mission critical applications.
•As a team lead, responsible for managing and training other team members and third party contractors.
•Over 1 Million square feet per site of network design (AirMagnet), installation, and optimization.
NCR Global Network Solutions, INC., ATT–
Wireless Network Engineer
Mar. 2008 – Mar. 2009
NCR was awarded the AT&T contract to implement new and upgrading existing Hilton Hotels to meet Hiltons highest quality standards regarding Guest 802.11 Wireless and Wired internet access in rooms, meeting rooms, and lobby’s.
•Responsible for performing Wireless 802.11 Site Surveys with AirMagnet survey software and installations at Hilton branded Hotels worldwide.
•Responsible for documenting and engineering 802.11 Wireless and Wired High Speed Internet access infrastructure in assigned Hilton properties.
•Responsible for installing and configuring 802.11 Cisco Access points, Switches, Routers and Billing gateways.
•Management of crew (Wiring contractors, Technicians)
•Daily communication of project status with Hotel Management and AT&T Management.
•Management of Handoff Meetings to Handoff sites to Hilton NOC.
Independent Consultant
Wireless Security Consultant
Jan. 2008 – March 2008
Clients have included AT&T, Accuvant, City of Hope Hospital, Raytheon, Continental Wireless, T-Mobile, Endeavor Telecom, Megapath Networks, Cilicon Solutions, IP Access, and Neiman Marcus.
•Responsible for advising clients on 802.11 Wireless and wired network designs and implementation. Specialized utilizing Cisco 1100 and 1300 series access points, Catalyst Switches, Motorola APs, and Aruba Networks Thin Access Points and Controllers.
•Performed 802.11 Wireless site surveys using AirMagnet, and predictive analysis using RF3D and the Aruba RF Planner.
•Responsible for Securing networks with Cisco ASA 5500 series firewalls and transitioning networks from Cisco PIX series firewalls.
•Responsible for designing and implementing PCI DSS compliant wireless and wired networks.
•Responsible for GSM site surveys and deploying GSM 3G Picocells.
•Responsible for Implementing 802.11 Wireless Network security using Air Defense.
•Responsible for overall 802.11 wireless and wired network security assessments, recommendations, and implementation.
•Responsible for lowering clients’ bandwidth cost’s by implementing Squid proxy systems, and tight ACS security policies.
•Responsible for designing cable plants and managing outsourced Cable Crews and third party Technicians.
•Responsible for delivering proposals to clients (results of Wireless 802.11 site surveys, Wireless 802.11 AP Placement, Recommended Equipment lists)
•Worked for Continental Wireless on an emergency response unit for Continental Airlines for rollout in emergency locations utilizing KU based satellite, VPN, UHF/VHF radios, and WiMax.
Technisource, INC., AT&T
Wireless Network Engineer
Aug. 2007 – Jan. 2008
Technisource is an IT outsourcing firm performing IT services to NASDAQ 100 traded companies. The project I was assigned to was for AT&T implementing new and upgrading existing Hilton Hotels to meet Hilton’s highest quality standards regarding Guest Wireless and Wired internet access in rooms, meeting rooms, and lobby.
•Responsible for performing Cisco Wireless 802.11 Site Surveys with AirMagnet survey software and installations at Hilton branded Hotels worldwide.
•Responsible for documenting and engineering Wireless and Wired High Speed Internet access infrastructure in assigned Hilton properties.
•Responsible for installing and configuring 802.11 Cisco Access points (AP), Switches, Routers using QoS, VLANs and MPLS, and Billing gateways (Nomadix).
•Management of crew (Wiring contractors, Technicians)
•Daily communication of project status with Hotel Management and AT&T Management.
•Management of Handoff Meetings to Handoff sites to Hilton NOC.
•Using Fluke Test Tools certified all completed network installs.
E2 Systems, Inc.
Consultant
Mar. 2007 – July 2007
E2 Systems develops and manufactures the industry’s first fully interactive financial kiosk. E2 also is a switch processor, directly connected to the MasterCard, Pulse, and FED. Providing the unbanked population services such as; International Money Transfers, Prepaid Debit Cards, Money Orders, and several other Financial Services.
Responsible for creating and managing a JAVA, C#, C++, AS/400 development team and launching a Financial Kiosk throughout the US, Mexico, and Europe. Also managed an international team developing a patent-pending message set that defines the way paper currency is electronically transferred to different ATM cards. Responsible for managing the ISO 8583 message set development, and PCI compliance for the Switch Certification process with Pulse and MasterCard.
Responsible for Setup, Installation, and troubleshooting, of the LAN/WAN including a Squid Proxy, Asterisk/VOIP Network, and Firewall rules.
Worked with financial institutions and analysts to implement PCI certification.
NABI Networks, Inc., a.k.a Constant.com
CEO / CTO
Aug. 2001 – Feb. 2007
A Nationwide IT Solutions Provider with Headquarters in Austin, TX and offices also in El Paso, TX. NABI specialized in Medium size business customers providing high speed internet access (wired 802.11 / WiMAX and wireless), web hosting, VPN solutions, VOIP solutions, and IT outsourcing.
•Responsible for day to day operations, strategy, network design, and engineering.
•Chief Network engineer responsible for all Routers, Switches, DSL Circuits, ATM topology, 802.11 / WiMax Wireless topology, Circuit Management, and installation for preferred customer accounts.
•Managed over 30 employees and contractors, growing sales to over 3M a year.
•Negotiated, managed, and identified several acquisitions, mergers, and bankruptcy operational transitions.
•Managed external relationships with CLEC/TELCO and backbone partners.
•Responsible for over 10,000 end users. Managed TCP/IP network, including FTP, WWW, DNS, SMTP, IMAP, POP3 and database servers
•Responsible for Program Management, Managing thousands of Infrastructure related projects for customers IT outsourcing needs.
•Successfully managed startup, acquisition, and day to day operations of in house data centers as well as client data centers throughout the United States and the Rep. of Panama.
•Implemented Squid proxy server’s allowing the company to save over 35% in bandwidth costs.
•Managed System wide security, utilizing TACACS+, RADIUS and Cisco Access Lists.
•Managed VOIP program and offerings. Responsible for evaluating and developing VOIP solutions including Call Center, Branch/Home office integration, Least Call Routing, billing, and reporting.
•Responsible for Setup/Installation/Negotiation of 802.11 / WiMAX Microwave Wireless Towers and Base Facilities.
•Spearheaded 802.11 Wireless development, implementation and Management of several large WLAN networks in El Paso, Mexico, Panama, and Austin Texas with a user base of over 5,000 Wi-Fi end users.
•Performed RF 802.11 and WiMAX site surveys to identify RF interference in heavily congested Wireless Network communication towers.
•Responsible for rollout of several Cisco Wireless 802.11 Sites utilizing WLSE and ACS, Radius, and TACACS Authentication.
•Responsible for configuring Cisco router deployments using Cisco IOS, ACS, QoS, VLANs, OSPF, BGP and VPN’s.
•Responsible for managing Cisco Firewalls utilizing Cisco ACS Access lists.
•Implementation of Wireless 802.11 HOTSPOTS utilizing RADIUS, TACACS+ and ACS Authentication.
•Managed Tech support/Engineering team.
•Responsible for Certification, Testing, and development of CPEs.
Dell Computer Corp.,
Project Manager, Sr. Advisor, New Product Operations
Aug. 1993 – Jul. 2001
A worldwide leader manufacturing PCs by integrating them with OEM Peripherals and components. Dell has several large international manufacturing facilities, and provides its products and services to over one hundred countries.
•Responsible for introducing new products into Dells worldwide manufacturing facilities in the US, Asia-Pac, Europe and Latin America regions.
•Utilized SDLC and PMI Project Management methodologies to develop and launch hardware (Desktop PC’s, Notebooks, Servers and peripherals) and software (i.e., BIOS, Customer Applications, OEM Applications, and Firmware) to be released worldwide.
•Responsible for all Manufacturing Operations of New Products.
•Engaged core team of over 20 individuals from Marketing, Sales, Development, and Manufacturing, Engineering, QA, Technical support, procurement and logistics.
•Managed product introduction schedule worldwide across all manufacturing facilities.
•Focused on Time to Market, Quality and Manufacturing time.
•Defined New Product Introduction Project Template/Timeline from Business Contract acceptance to Ready to Ship.
•Responsible for the selection of International outsourcing of Rework, Manufacturing, and Technical support facilities.
•Oversaw the selection of OEM Manufacturing facilities worldwide.
•Representing extended team in core team meetings addressing all issues, and communicating schedule changes and or conflicts.
EDUCATION
Business Administration/Management Information Systems
Southwest Texas State University, 1990-1993
CISSP (Pending Endorsement)
IPS Stanford Project Management
PMI Project Management Professional
7 Habits of highly effective people
Microsoft Certified Professional
Phase Review Process (PrP)
Air Defense Certified Engineer
CCNA
Technical Skills;
802.1x, Air Magnet, RF 3D, Wire shark, Aero Scout, Cognio, Radio LAN, SCADA, DNP3, RTU, IPv6, IPv4, Air Magnet Spectrum Analyzer, AutoCAD, Adobe Acrobat Pro, Unix, Linux, Ubuntu, Debian, BSD, Centos, Routing, Switching, Municipal Wireless Networks, RF Design, OSPF, BGP, International rollouts, Cisco WLSE, Cisco ACS, Cisco WCS, Cisco WDS, Cisco WLSM, Cisco ISE, Cisco Prime, Cisco ISE, Cisco Firesight, Amazon Web Services, Azure, Virtual Machines, ESX, Ware, Azure, (T)FTP, DNS, WWW, UDP/TCP, Proxy (Squid), ATM, KU Band Satellite, UHF, VHF, Ham (Amateur) Radio, 3G, 4G, LTE, CDMA, GSM, WiMax, PMP, IPS Stanford Project Management Professional, Product Manager, Director, Manager, SME, CEO, CTO, CISO, Utilities, Municipalities, Oil-Gas, Healthcare, Telecommunications, MPLS, Data Center, Security, HTML5, Mobile Development, Android Development, Quick Base, JSON, SQL, Phone Gap, Sencha, Eclipse, Android Studio, Geolocation, XBMC, Plex, Media Transcoding/Streaming, Penetration testing, Compliance, Crypto-Currency, BTC, HP SIEM Software suite, ARC Sight, KALI, Business Development, cybersecurity, Technology Integration, Merger, Acquisition Due Diligence, DevSecOps
Contact this candidate