Information Security Technology
Resume:
Aury M. Curbelo, Phd
Phone: 787-***-**** Email: ********@*****.***
Responsible for implementing data security policies, protecting information assets, preparing disaster recovery strategies, and establishing security protocols for several clients. Established and implemented security program policies and standards for 20+ departments/agencies. Collaborated with engineering and developers on security concerns for network and application projects. Presented Information Security topics for business-specific issues to senior leadership, department heads and the board of supervisors. Served as the HIPAA Security Consultant, establishing programs and evaluating compliance. Coordinated Business Impact Analysis, Disaster Recovery, and Business Continuity plans, programs, and testing. Teamed with law enforcement in the forensic investigation of network incidents that led to litigations.
DIGETECH
Senior Information Security Consultant
2007 – Present
Promoting and monitoring the IT Information Security program.
Responsible for the development and implementation of IT security standards, IT Security Awareness, procedures, and guidelines.
Conduct vulnerability assessment, risk management assessment, ISO27001 and business continuity plan.
HIPAA Security Consultant for several Hospitals - interpreted regulations, wrote policies, developed and facilitated security training and managed compliance process.
Provided guidance on developing, implementing and effectively managing security processes and programs (BCP, Incident Response Planning, Risk Management, Vulnerability Management, and Privacy)
Creation and deployment of Security Awareness Program, Computer Incident Response Team, and Disaster Recovery / Business Continuity Plans to safeguard the firm.
Implemented new security policy based on ISO 27001 framework adopted company-wide.
ECIJA (MIAMI)
Senior Information Security Consultant
2011 – 2013
Performing ISO 27000, COBIT, COSO, and NIST Controls and Policies.
Align the objectives of the company in its IT projects with fulfillments of ISO 2700.
Audit controls established and based in 11 domains of ISO 27000.
Develop and set policies, procedures, and operating standards in compliance with the organizational needs.
Issue recommendations and implement the standards ISO 27000 in the area of information security.
Communicate regularly with technical, applications, and operational staff to ensure database integrity and security.
Perform Gap/Risk/Impact analysis and supply management with necessary reports.
Draw up documents related to risk analysis.
Perform Pen testing and Vulnerability assessment.
Facilitate information security training and awareness.
PROFESSOR AND RESEARCHER
University of Puerto Rico
2002-Present
Responsibilities are to teaching courses such as:
Introduction of Information Security I and II
Security +
Computer and Mobile Forensic
Data communication and Network
Business Continuity and Disaster Recovery
Auditing and Assurance in Information Systems
Telecommunication in the Modern Office
Introduction to Computerized Data Processing
Introduction to Social Engineering and Hacking Social Media
Data mining and computer warehouse.
Security in Cloud Computing and Business
Education
(2014) Certification in Information Security Professional Practices (ISSP)- University of Fairfax, Vienna, Virginia
(2002) Ph.D - Information Technology and Human and Community Resources Development -Ohio State University Columbus, OH
(1999) MS - Information Technology- University of Puerto Rico, Mayaguez PR
Awards
ISC2 (2012) Up-and-Coming Information Security Professional Award - Nominee
ISC2 (2012) Community Service Star Award - For developing a Cyber Security Awareness Campaign for Teens in Puerto Rico
Technology Summary
Encase- Nessus- Wireshark- Mobile Phone Examiner Plus (MPE+)-FTK- MOBILedit Forensic- Oxygen-Katana-Cellebrite UFED- ProDiscover-Maltego-LaFoca-VMware-AlienVault-Qualys-ZAP-NMAP-Backtrack-CAINE-SANS Investigative Forensics Toolkit – SIFT and more.
Affiliations
FBI Citizen Academy – Infragard- ISSA -ISACA -Federal Information Systems Security Educators' Association (FISSEA)- High Technology Crime Investigation Association (HTCIA)- APWG eCrime Research, and more.
Contact this candidate