B randon Riley
acecpd@r.postjobfree.com L akeland, Florida
Cell: 813-***-****
E DUCAT ION
Masters of Science- IT Management Western Governor’s University 2010
Bachelors of Science- Computer Science Western Governor’s University 2008
SECUR I TY CLEARANCE
US Secret
CERT I F ICAT IONS/SKI LLS
Oracle Certified Associate 11g
SAP
SAML-Ping Federate
M D M/BYOD
M icrosoft Certified Technology Specialist (Windows 7)
CISSP (May014)
CISA (June 2014)
CompTia Network+, CompTia Security+, CompTia A+, CompTia Project+
I T I L v3 Foundations in Service Management
C CNA
CCNA Security
PC I, SSAE 16, ISAE 3402, SAS70
Air Magnet-ISO/IEC 7816 and ISO/IEC 14443(RF)
COBIT 5/IS0- 27001/27002
R etina/Rapid7/Nessus- Vulnerability Management/Pen Test/Symantec DLP
E nterasys D ragon- H I DS/N IDS
BIG F IX (T IVOL I)
ENCASE
Data M igration**
DLP – Symantec
Strong platform knowledge: Windows/Apache Tomcat/SQL, Active Di rectory, Blue
Coat, I ronPort, Radius,
E XPER IENCE
TBC, Juno Beach Fl
Principal Security Architect Jan 2014 – April, 2014
• The successful implementation of Nexspose Rapid7 technology solution for projects
supporting major, highly complex business applications with complex integration
needs across multiple technology disciplines by defining development specifications,
technical requirements, system performance objectives and identifying system
modifications to meet objectives.
• Recommending end-to-end technology and security design solutions and takes full
accountability for the architecture of a solution;
• Applying industry/technical knowledge to provide solutions that increase business
results and/or minimize r isk regarding the integration of applications across multiple
p roduct systems and delivery channels;
• Identifying, recommending, and implementing emerging IT t rends, developments,
and improvements/solutions by either buying, building or reusing;
;
• Identifying gaps in current standards/services and negotiating enterprise vs. project
solutions and developing standard application architectures, frameworks, and
development standards;
• Review and present solutions to Engineering board representing the Line of Business
M ar r iot Vacation Club International, Bartow FL Aug 2011-Jan 2014
Sr IT Security Architect /IT Controls
• Symantec DLP Architecture Project Implementation & Monitoring
• Configuration and Implementation of Ping Federate for Risk M i tigation
• Recommends preventive, mitigating, and compensating controls to ensure the
appropriate level of protection and adherence to the goals of the overall information
security strategy.
• Assists in the development of access-controls, separation of duties, and roles.
• Conducts technical r isk evaluation of hardware, software, and installed systems and
networks. Assists with testing of installed systems to ensure protection strategies are
p roperly implemented and working as intended.
• Responsible for the completion of Sarbanes-Oxley testing and coordination with
external auditors
• Manages resources and prepare staff performance evaluations for various audits and
p rojects relating to IT, compliance, assurance, continuous controls monitoring, and
business process improvement
• Liaison between management and the external audit firm performing the SAS
70/SSAE 16 for MVW’s outsourced IT service provider.
• P rovides t raining to the audit staff on IT audit techniques, audit tools, and emerging
t rends in IT audit
• Works closely with internal and external clients to develop, maintain, and document
a control framework utilizing COSO, COBIT, and IT I L frameworks
• Responsible for the General Computer Control (security, operations, change
management, and IT-entity level) framework design, analysis, testing, and
remediation for Sarbanes Oxley compliance
• performed audits across multiple system platforms, including operational
assessments, technical assessments to the SOX standard.
Active involvement with:
• Data M igration
• Cisco switching, routing, firewall, and other networking functions
• Microsoft Exchange and Blackberry Enterprise Server, and Active Directory
environments
• Back end administration of various Hotel systems such as Opera PMS and Micros
POS.
• Hotel environment applications, such as PMS, POS, Call Accounting, HSIA,
Telecommunications, task management systems and more. Schedule and audit joint
ventures according to the terms of Completes special projects as needed (IT
A udit/Risk Assessment and Controls)
• Performs monthly audits of employee separations and internal t ransfers
• Provides management reporting around the control and policy area
Team Taclan, Tampa, FL M ar 2010 – Aug 2011
I nformation Security Program Manager/Architect
1 Provided technical leadership to the enterprise for the information security program,
2 Installed and maintained security infrastructure, including IPS, IDS, log
management, and security assessment systems. Assessed threats, r isks, and
v ulnerabilities from emerging security issues.
3 Published Security Updates newsletter for technical groups. Drafted enterprise
security standards and guidelines for system configuration.
4 Managed process and acted in the lead role for computer security incident response
team.
5 Performed and created procedures for system security audits, penetration-tests, and
v ulnerability assessments.
6 Developed scripts to maintain and backup key security systems.
7 Prepared the overall security plan and managed the security operations of the
organization, including assignments and staffing.
8 Directed the investigations of property loss, thefts and unlawful activities
9 Managed all the security costs through financial analysis and contractors/vendors
negotiation.
10 Strong Windows Active Directory background or a strong Unix/Linux background
I T T Systems (Army Contract), Afghanistan/Bagram/Kandahar Feb 2009 –
F eb 2010
Forensic Incident Response Director
1 Provided IT Security support for 20,000 users in the field via email, phone and onsite
services. Completed work orders and complete resolution of security incidents.
2 Analyzed technical requirements and advises Senior Management in strategies for
i mplementing IT solutions. Authors security plans & policies.
3 Deployed and administered and enterprise-wide Symantec Anti-virus solution/
E nforcing Security Policy.
4 Employed network scanning tools such as ISS Internet Scanner, Har r is STAT, SMS,
and WSUS to detect system and network vulnerabilities/deficiencies.
5 Ut ilized skills to determine if requisite cyber security patches and remediation
p rocedures have been applied per IAVA requirements.
6 Provided technical advice to organizations reporting incidents to the CERT/CC while
CERT/CC served the role of incident response team of last resort. Reviewed
submitted data including
U nited States Army, Ft. Bragg NC Oct 2003 – A ug
2008
Security Operations Center Manager (Jun 2007 – Aug 2008)
1 Oversaw all operations and functions of high-volume help desk operation providing
1st and 2nd level support for more than 5,500 users. Hi red, t rained, and supervised
team of 19 analysts. Performed performance reviews.
2 Served as final escalation point before manufacturer / vendor / service provider.
3 Compiled and analyzed data, prepared daily reports on call volume, abandon rate,
carry over, and outages for senior management.
Network Security Engineer Ft. Gordon GA/Iraq (Oct 2003 – May 2007)
1 Used t rouble t icketing, phone and email to provide helpdesk support at all levels
i ncluding desktop and system administration support for Windows, L inux and Solar
workstations and servers, online network support, t roubleshooting and fault
correction related to internet browsing, email, DNS and remote access. (Remedy &
T rackit)
2 Knowledgeable of RFID protocols, reader architecture and design (software and
hardware), middleware, or other software systems that interface RFID reader
devices.
3 Enforced the DoD 8100.2 standard which simplified compliance audits as well as
performance.
R eferences will be provided on request.