Charlotte, North Carolina * 704-***-**** * email@example.com
I have more than 20 years’ experience as an Information Technology professional with strong expertise in cyber security team leadership, IT security team leadership, and IT enterprise architecture. Demonstrated expertise in establishing and implementing large information security solutions and frameworks. Designed and implemented automated tool-based network visibility solutions that continuously monitor and detect cybersecurity threats and vulnerabilities. Performed evaluations and selections of IT security tools and successfully implemented IT security systems to protect the confidentiality, integrity, and availability of critical business information and information systems. Highly skilled, resolute and enthusiastic collaborator with excellent leadership and communication skills. QUALIFICATIONS
• CCISO Certified Chief Information Security Officer – ECOUNCIL
• CISM Certified Information Security Manager - ISACA
• GCED Certified Enterprise Defender-GIAC
• GSLC Security Leadership Certification – GIAC
• GSTRT Strategic Policy, Planning and Leadership – GIAC (Training Only)
• Palo Alto Networks Certified - ACE
• Cybrary Security Engineering Certification
• Cybrary Intrusion Prevention Certification
• FEMA Introduction to Incident Command
• Bring about strategic change, both within and outside the organization, to meet organizational goals.
• Ability to establish an organizational vision and to implement it in a continuously changing environment. Leading People
• Ability to lead people toward meeting the organization’s vision, mission, and goals.
• Provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts.
• Ability to meet organizational goals and customer expectations.
• Make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks.
• Ability to manage human, financial, and information resources strategically.
• Continuously up to date on technological developments. Make effective use of technology to achieve results.
• Ensure access to and security of technology systems. Building Coalitions
• Building coalitions internally and with other internal departments, State and local governments, nonprofit and public-sector organizations, or international organizations to achieve common goals.
• Persuades others; build consensus through give and take; gain cooperation from others to obtain information and accomplish goals.
STRATEGY AND PLANNING
Developed and communicated acceptable use policy (AUP), mobile device management (MDM) and bring your own device
(BYOD) policy, many other security policies and standards for the enterprise. REGULATORY, COMPLIANCE AND FRAMEWORK EXPERIENCE HIPAA, NER-CIP, NRC (Nuclear Regulatory Commission CFR 10-73.54), SOX, FERPA, HITECH, PCI, NIST 800-53, 800-82, NIST CSF.
Collaborated with large departments to establish enterprise security framework to accomplish IT security objectives and leverage common tools to reduce costs and risk. Coordinated with CISO group to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.
DUKE ENERGY CORPORATION/ OPTIMI
Cyber Security Architecture and Network Defense Consultant, Sept 2018 – Present Build and oversee the implementation of cloud, network and computer security for the organization. As a senior-level Architect Consultant, I'm responsible for creating complex security structures – and ensuring that they work. In addition to handling defense (e.g. vulnerability testing, installing firewalls, etc.) and response (e.g. dealing with security-related incidents), I also often assist in building security infrastructures, providing technical guidance, assessing costs & risks, and establishing security policies and standards. Along with the usual assortment of IT & security tools, I also have a unique set of management-focused hard skills
(e.g. risk assessment procedures) and a strong core of previous work experience. My Current Job Responsibilities:
• Assist with Regulatory standards and compliance, NERC-CIP, FERC, SERC, NRC, PCI, HIPAA
• Acquire a complete understanding of a company’s business, technology, and information systems
• Plan, research and design robust security architectures for any IT or cyber project
• Perform vulnerability testing, risk analyses, and security assessments
• Research security standards, security systems, and authentication protocols
• Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, cloud, and related network devices
• Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
• Prepare cost estimates and identify integration issues
• Review and approve the installation of firewalls, VPNs, routers, IDS scanning technologies, and servers
• Test final security structures to ensure they behave as expected
• Provide technical supervision for (and guidance to) a security team, or executives
• Define, implement and maintain corporate security policies and standards
• Assist with security awareness programs and educational efforts
• Respond immediately to security-related incidents and provide a thorough post-event analysis
• Update and upgrade security systems as needed
RETAIL BUSINESS SERVICES (AN AHOLD DELHAIZE COMPANY), Salisbury, NC Principal Network Security Engineer/ Architect, Jul 2015 – Jul 2018 Developed and established strategic, long-range goals and direction for the Network Security area of IT Operations Provided strategic direction concerning cyber and network security solutions, projects, and frameworks Consult to legal department concerning cyber security.
Established security recommendations and managed the implementation of security initiatives Directed department staff including assisted in hiring, and career development to ensure alignment with defined goals.
Assisted Infrastructure and Application Development teams to ensure proper security controls are implemented across technology initiatives.
Facilitate continuous improvement of Global Security Incident Response Team, and oversight of Network Security team performance.
Developed and interpret organizational goals, policies, and procedures. Developed computer information resources, providing for data security and control, strategic computing, and disaster recovery.
Communicated with department heads, managers, supervisors, vendors, and others, to solicit cooperation and resolve problems.
Negotiated or approve contracts or agreements with suppliers, distributors, federal or state agencies, or other organizational entities.
Established departmental responsibilities and coordinated functions among departments and sites. Maintained knowledge of applicable HIPAA, ISO 2700x, SOX, NIST, CIS, and data privacy practices and laws. HP ENTERPRISE SECURITY SERVICES, CHARLOTTE, NC
Account Security Officer/ Security Architect, Mar 2013 - Jul 2015 Designed security policies, programs, or practices to ensure adequate security relating to issues such as protection of assets, alarm response, and access card use. Recommend improvements in security systems or procedures. Inspected security design features, installations, or programs to ensure compliance with applicable standards or regulations.
Prepared, maintained, and updated security procedures, security system drawings, or related documentation. Budgeted and schedule security design work.
Created or implement security standards, policies, and procedures. Planned, direct, or coordinate security activities to safeguard company assets, employees, guests, or others on company property.
Supervised subordinate security professionals, performing activities such as hiring, training, assigning work, evaluating performance, or disciplining.
Collected and analyze security data to determine security needs, security program goals, or program accomplishments.
Prepared reports or make presentations on internal investigations, losses, or violations of regulations, policies and procedures.
Attended meetings, professional seminars, or conferences to keep abreast of changes in executive legislative directives or new technologies impacting security operations. Trained subordinate security professionals or other organization members in security rules and procedures. Wrote security-related documents, such as incident reports, proposals, and tactical or strategic initiatives. UNIVERSITY OF NORTH CAROLINA AT CHARLOTTE, CHARLOTTE, NC Lead Security Architect/ Engineer, Nov 2011 - Mar 2013 Encrypted data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers. Designed security policies, programs, or practices to ensure adequate security relating to issues such as protection of assets, alarm response, and access card use.
Developed plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs. Migrated from Cisco x6 ASA Firewalls to x2 Palo Alto 5060 Firewalls Reviewed violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
Trained users and promote security awareness to ensure system security and to improve server and network efficiency.
Documented computer security and emergency measures policies, procedures, and tests. Developed conceptual designs of security systems.
Directed daily operations of department, analyzing workflow, establishing priorities, developing standards and setting deadlines.
Configured security settings or access permissions for groups or individuals. Installed network software, including security or firewall software. Analyzed and report computer network security breaches or attempted breaches. Installed new hardware or software systems or components, ensuring integration with existing network systems.
AT&T MANAGED SECURITY SERVICES - TIAA, Charlotte, NC Lead Network Security Engineer, Oct 2010 - Nov 2011 Provided technical expertise with the deployment and maintenance of TIAA-CREF’s remote access solutions.
Provided network security expertise and guidance around security issues and recommend solutions to mitigate and eliminate risk to TIAA-CREF information assets. Migrated from Netscreen to Fortigate firewalls
Was responsible for contributing to the design of cutting-edge, high performance and secure network solutions and to help drive those solutions to completion. Assisted, developed and mentored network security SMEs and provided technical leadership for the global network security and remote access engineering team Responsible for detailed documentation of remote access solutions and technical security standards Contributed to the development of the remote access engineering and security roadmap of TIAA-CREF Global IT network infrastructure.
LPL FINANCIAL, CHARLOTTE, NC
Lead Network Security Engineer, Jan 2007 - Oct 2010 Designed, developed and implemented data and voice networks which serve the business needs of the enterprise.
Provided highly skilled technical assistance in network planning, engineering, and architecture. Identified and diagnosed complex problems and factors affecting network performance. Provided integrated team support and maintenance of network hardware and software. Managed Network Security needs from IPS/ IDS to Firewalls Performed security audits on network devices to maintain any compliance needs and ensure a secure network.
Evaluated and identified opportunities for network performance and functionality improvements. EDUCATION
WESTERN GOVERNORS UNIVERSITY
B.S. Cyber Security and Assurance, (not currently enrolled) GRADUATION ESTIMATED 2021 (Not Completed)