New York 11710
Senior information security technology manager experienced in building teams who are specialized at identifying and applying information security controls in the real business world. I strive to strike the critical balance between compliance, data protection, risk mitigation, and business priorities. Over 20 years of experience in information security, data communications, compliance, telecommunications sector, health care sector, project management, software development and regulatory compliance. Ability to engage at all levels including clients, C-level, Senior Management and technical staff.
Grand Medical Services Group Baldwin, NY Sept ’15 -Present
Information Technology and Security Management Head
Responsible for the management of the overall technology and security management of the group. This includes the development, implementation, and on-going support of all core IS and technology initiatives such as risk assessment, entitlement and access management, cyber security, IS training and awareness, HIPAA, as well as the implementation and coordination of security processes, tools and solutions to meet both business, HIPAA and other regulatory and information protection requirements.
XEROX BUSINESS SERVICES Tarrytown, NY May'14- Aug ’15
Senior Network Design Engineer/ Senior Manager
Ensure approved configuration baselines are implemented, for entitlement, access management, by applying regulatory and information protection requirements for cyber security during the design, installation and configuration of network elements/devices.
Ensured compliance with regulatory reporting by applying information security control standards such as PCI, ISO, NIST during planning, design, and implementation on all projects.
Analyze requirements for internal and external customers andsubmit provisioning requests for circuits and design network solutions to meet their needs.
Analyze network traffic for irregular traffic patterns and design remediation/mitigation strategies for those identified irregularities
Ensure that all network devices and resources are being properly monitored
Developed, documented andcommunicated policies and standards withworking knowledge of IT Security best practices
GRAND MEDICAL SERVICES GROUP Baldwin, NY April ’08 -May'14
Information Technology and Security Management Head
Maintain a core competency with IT security, regulatory compliance and data privacy issues. Ensure that standards of risk management & control are applied throughout the practice.
Measure and report on the effectiveness and efficiency of IT Risk Management activities to management.
Develop, document and communicate policies and standards.
Ensure that critical IT risk issues are communicated to and reviewed by appropriate levels of management.
Participate in the development and maintenance of IT security strategy and architecture.
Ensure that critical IT control processes conform to standards and provide appropriate management reporting.
Coordinate IT Risk Management activities with external service providers, Government & regulatory agencies and other relevant institutions.
Liaise, consult and provide leadership to the business with technical security issues, standards, program development, and security training/awareness and information protection best practices.
Develop a framework and process responsible for assessing information risks and creating corresponding mitigation plans.
Monitor applicability and changes to internal and external regulations affecting technology, information protection and risk.
Ensures communication of key Information Security strategies and plans to management.
Responsible for identifying the hardware,software and infrastructure needs. Identifyingand recommending solutions to meet these needs and implementing the selected solutions.
KDDI AMERICA INC New York, NY Jan ‘08 – April’ 08
Information Technology and Security Manager (Consultant)
Proven record of successfully managing large complex programs with geographically distributed teams.
Built a team of 5 (five) IS professionals responsible for internal IS design using regulatory and compliance frameworks such as ISO 17799, ISO-17799:2005, ISO-27001, ISO-27002, Cobit, NIST.
Planned, developed, and positioned ISMS/SIEM to address internal controls for SOX and J-SOX.
Designed, defined, tracked, and maintained the standard baselines and configuration sets of all managed and/or monitored security devices and implemented industry best practices with regards to firewall, IDS/IPS, VPN and networking/routing security protocols.
Implemented automated system security monitoring/vulnerability assessment tools.
Proposed TCP/IP layers1-7 security requirements/policies/procedures across internal/external organization.
Documented risk assessments for applications, networks, switching and routing security threats.
AT&T CORPORATION Piscataway, NJ June’05 – Nov ’07
Business Unit Process Re-Engineering Manager- NetOps and Planning (Consultant)
Managed a team of 10 Business Analysts.
Led the Globalization of core service delivery and operations functions and processes (transition, transformation, inventory, provisioning, networking, management, billing, and client invoice services).
Ensured services delivered worldwide met or exceeded client expectations and practice margins.
Managed the global tools development and deployment supporting processes, methods for provisioning, procurement, and network management.
Interpreted the AT&T product driven Investment Requirement Document (IRD) in concept and translated to User Business Requirement Document (uBRD).
Led key Managed Center of Excellence (COE) Subject Matter Experts (SME) through uBRD with no impact to production resources in completing baselineuBRD.
Resolved, re-engineered and implemented advanced service realizations processes under extreme tight constraints for delivery of new and emerging services to market in a timely manner.
CISCO SYSTEMS Melville, NY Nov’04 – June ‘05
Business Development Manager ll- Enterprise Voice and Rich Media
Matrix with cross-functional teams in managing the execution of over M$20 worth of projects with telecomm companies in the US and Europe.
Supported development and ongoing optimization of leading practices tied to People, Process and Tools.
Provided guidance for continual improvement of the Advanced Technology Partner and Specialization programs.
Built knowledge capture and management system tied to opportunity and delivery phases of projects, that integrated directly or through operational processes with strategic systems and teams throughout Cisco.
Established trusted relationships with Key Strategic Customers and Partners of the Voice Technology Group and Channel Management Teams.
Continued development of strategic direction for the IPC and Rich Media related services practices.
AVAYA INCORPORATED, New York, NY Sept ‘01 –Nov ‘04
Senior Systems Engineer/ Architect – Network Consulting Services
Managed matrix team and served as senior technical lead on VoIP implementation for converged voice and data networks in the US and internationally.
Provided technical services in design, assessment, analysis, validation, and troubleshooting to commercial clients on complex projects as well as internal initiatives.
Designed, implemented, and supported Wireless solution for FIFA US World Cup Soccer.
Senior Technical SMEresponsible for reviewing resumes of potential candidates and conducting interviews for technical positions within the company.
Provided on-site technical support for infrastructure equipment installation /acceptance, security threats, and emergency network restoral.
BERTELSMANN MEDIASYSTEMS, New York, NY Dec ‘00 – Sept ‘01
Operations Manager –E- Commerce Solution-BmS(Consultant)
Delivered technical hands-on support on a horizontally scaled environment for online transaction of Books, Music Video, and DVD content for Global e-Commerce operations based in EMEA and Japan.
Built and utilized in-house monitoring tools to focus on performance tuning and application security.
Researched and evaluated applications, network systems and security solutions for implementation into operations supporting the networks to guarantee scalability and availability at peak volume times.
Supervised all incoming production security and integration related escalations and issues according to defined processes, and provided status to upper management in timely fashion.
Interfaced with @Stake to evaluate intrusion detection systems, firewalls and other perimeter defenses.
THE A CONSULTING TEAM, INC- New York, NY March ‘99 – Dec ‘00
IT Operation Manager – Network Operations Center (Consultant)
Implemented firewall security and new domain structure for Internet and Intranet connectivity using CheckPointSecureRemote VPN product for remote users in several regional locations for TACT.
Identified system weaknesses, and decrease attack vectors using ISS Internet Scanner.
Monitored and provided Security Assessment for network facilities while looking for potential security breaches.
Defined and implemented Security Policies for access to internal network resources.
Senior Network Engineer
Reviewed and provided daily reports on backup, network bandwidth utilization and performance.
Daily monitoring of reports and logs to assist in identifying security irregularities and their resolution.
COMPUTER ASSOCIATES INTERNATIONAL Islandia, NY Sept ‘98 – March ‘99
Network Engineer/Internet - Security Manager (Consultant)
Provided Security Assessment and Intrusion Detection using CISCO Net Sonar and Net Ranger.
Utilized multiple application/network tools for Penetration testing post scanning cycles.
Tested, configured and installed Firewall security in a multi-protocol environment.
Collected and defined user requirements for implementation of LDAP data store for Level 3 Communications.
BELL COMMUNICATIONS RESEARCH TELCORDIA – Piscataway, NJ April ‘98 – Sept ‘ 98
Systems Engineer, Rapid Applications Deployment (Consultant)
Managed a staff of 15individuals in a schedule-driven dynamic environment.
Collected and defined user requirements for implementation of LDAP data store for Level 3 Communications
AT&T CORPORATION – Piscataway, NJ Jan ‘91 – Sept ‘98
TCP Senior Technical Member II, Business Communication Services
Supported the AT&T WorldNet Intranet Connect Service (ICS) customers troubleshooting routing issues with RIP, OSPF, EIGRP and BGP4 and provided DNS to customers using AT&T Easylink Service.
Interfaced with Bell Lab on architecture of AT&T WorldNet ICS, Dial Platform, AT&T Common Backbone, and Managed Internet Services by assisting with WAN design, integration, and remotely configuring CSU/DSU to connect to ICS over AT&T InterSpan Frame Relay Network.
Provided technical/network support to all customers and vendors, in the US and internationally by implementing various security protocols on customer’s servers (HTTPS, Secure Shell) and performed live execution.
EDUCATION and CERTIFICATIONS
BA, Cognitive Psychology/Artificial Intelligence New Brunswick, NJ
Certified Information Systems Security Professional (CISSP, #360321) 2010
Certification SANS GIAC Security Essentials with CISSP CBK Recertification Exam 2004
Certification Avaya Communications Associate 2003
Certification Certified Wireless Network Administrator CWNA 2003
Certification CISCO CCNP 2003
Certification CompTIA Security+ 2002
Certification SANS GIAC 2002
Certification Microsoft Windows 2000, Pro, Server, Active Directory, Network Infrastructure 2001
Certification Network Security Administrator - Global Knowledge 2000
Certification CheckPoint Certified Security Engineer (CCSE) - Salinas Group 2000
Certification CheckPoint Certified Security Administrator (CCSA) - Salinas Group 1999
Certificate - Project Management - AT&T School of Business 1998
Microsoft Systems Engineer + Internet. WIN NT, TCP/IP, IIS 1997
Certified NetWare Administrator 4.1 - Barnard M. Baruch College ` 1992-1993
Certificate Telecommunications Management Technology Pratt Institute 1991-1992
SANS.ORG Steganography: The New Terrorist Tool? http://www.giac.org/practical/Danley Harrison GSEC.doc