Information Security Cyber
Resume:
Professional Pofile:
Cyber Security/IT Professional: Experienced IT professional with 20 years experience with routing/switching and Information Security. With my experience I have architected, built global network and security solutions. With my broad knowledge I am able to effectively determine risk to an organization and provide the needed solutions to rectify these shortcomings. In addition with this experience I am able to develop solutions, partner with multiple business units and manage projects beginning to a successful outcome.
Professional Competencies:
- Develop short and long term strategic plans. Develop year to year budgeting. Present plans to "C" level executives and Board of Directors. Participated in annual IT Audit Reviews with the SEC. Industry knowledge of PCI, HIPPA, NIST, DFARS, CMMC, SOC for Cybersecurity Controls and ISO 27000 frameworks.
- Team player and always looking for input from peers and outside my group. I believe this builds a sound solution by getting feedback from all stakeholders in a project or troubleshooting an enterprise interruption to the business.
Technical Skills:
- Network Security: Firewalls (checkpoint, ASA and Juniper), SIEM, AV, Riverbed Cascade, Lancope, Fireeye, SolarWinds suite of products
- Vulnerability Assessment: Tenable Security Center, Rapid7, nCircle
- System Management and Security: Could Security for Enterprise and DoD supply chain deployments, IBM Big Fix, developed hardening templates for multiple operating systems
Certifications
CISSP
Currently pursuing, “ A Post-Graduate Program in Cloud Computing”
PROFESSIONAL EXPERIENCE
Egan-Jones Ratings Company – Haverford, PA (Remote) 01/2025 - Present
Information Security Officer
Provide overall security direction for Egan-Jones
Leading SOC 2 assessment
Participate in yearly SEC audit for NRSRO’s
Performing architectural review of Egan-Jones
Reviewing current processes and procedures
Involved in vendor and 3rd party discussions and contract reviews.
Oversee EJR’s MSP
Flagship Credit Acceptance – Chaddsford, PA (Remote) 02/2021 – 11/2024
Cyber Security Specialist – (Lead)
Lead security specialist.
Provide cross team logistics between various groups for information security.
Work with external vendors for new solutions and ongoing contact to stay abreast of new technologies.
Developed the companies Threat and Vulnerability Program across multiple groups.
oDecided what vendor to utilize – Tenable.One
oDeveloped SLAs and documentation with feedback from various groups.
oUtilize Recorded Future for intelligence and integrated in to Splunk
oUtilized Security Scorecard to judge how our internet presence and cross reference tenable and Splunk
Develop processes and procedures.
Design new solutions or provide enhancements to existing infrastructure by working internally within Information Security, cross teams within Flagship Credit and vendors.
Kreischer Miller – Horsham, PA 02/2019 – 01/2021
Senior Information Security Specialist
Practice lead for the Technology Solution Groups (TSG) Information Security team.
Lead for the on-going DoD move to CMMC. Stay abreast of latest events and communicate to DoD customer base.
Able to work on several engagements at the same time, coordinating activities and communicating project status to various stakeholders ranging from internal team members to clients internal and external resources.
Risk assessment engagements are conducted by interviewing senior executives, mid-level management and senior technical staff to bridge the gap between management and IT.
Identify information security risks, threats and vulnerabilities of networks, systems, applications and new technology.
Conduct client IT system, security and control reviews and assist with developing practices such as NIST/CIS/DFARS/CMMC/ISO 27000 series and assist with developing an IT Security and Business Continuity Roadmap for clients.
Design and execute vulnerability assessments, penetration tests and security audits involving data management and social engineering
Lead the efforts for assisting clients with creation of applicable policies, standards, baselines, guidelines and procedures.
Provide and assist in delivery of ongoing educational and industry workshops/webinar events
Maintain up to date detailed knowledge of IT infrastructure and security related solutions, regulations, and new attack and threat vectors.
Have provided several presentations to universities and industry groups on risk based issues.
Automated Financial Services – Exton, PA 1/2018 - 02/2019
Senior Security Engineer
Senior Security Engineer reporting to the CISO.
Mentor Junior Engineers and Analysts.
Provide risk base security solutions.
Provide data for FFIEC and FDIC audits.
Providing direction for establishing new Vulnerability Remediation Program.
Establishing a SIEM solution with QRadar and SNARE.
Team Lead providing direction for data at rest encryption with Vormetric.
Maturing SOC for AFS.
Digitalware, Inc. – New York, NY 10/2017 - 1/2018
Senior Security Architect – (Project)
Subject Matter Expert for the City of New York's Department of IT and Telecommunications.
Responsible for the technical refresh of the 911 Public Safety Answering System (PSAC).
Oversee all security personnel apart of the project, ensure proper technology is selected for deployment and operates for its’ intended use.
Interface directly with both the NYPD and FDNY to provide updates and note any concerns related to the project and status for the Information Security team.
Security tools in environment include: QRadar, Palo Alto, Redseal, McAfee, Riverbed Cascade.
W. R. Berkley Corporation – Wilmington, DE 3/2016 - 10/1/2017
Security Engineer
Information Security Technical Lead for the Information Security Group
Provide short and long term plans for senior management
Heading up global deployment of IBM QRadar solution, including managing the relationship between IBM and Berkley. Have expanded coverage of QRadar from 20 windows logs sources to over 2,000 with multiple operating systems, network devices, databases and firewalls. Have expanded coverage of netflow sources from 6 to 192. Integrated Vulnerability data from Rapid7. Current state of deployment has allowed for actionable offenses based on multiple log, netflow and vulnerability sources.
Reinitiated the corporate Vulnerability Management program. Have established standard scan templates, scan times and tracking vulnerability remediation. Completed POC with Archer IT Vulnerability Management module to streamline remediation process and will be deploying in 2017.
Started testing Trend Micro’s Vulnerability Protection in NA, EMEA, APAC and SA for end point vulnerability detection. This will cut back on network based vulnerability scanning and automated patching when fully deployed.
Tested and recommended Tufin to strengthen current firewall ruleset and assist automation. Deployment in 2017.
Provide policies and procedures where needed.
Axalta Coating Systems – Glen Mills, PA 2/2015 - 2/2016
Global IT Security Engineer
Provide global security solutions.
Provide short and long term plans for senior management and the Board of Directors of Axalta
Provide security recommendations for business acquisitions
Heading up global deployment of IBM QRadar solution
Developed a Threat and Vulnerability Management process
Developing an automated patch management program utilizing IBM Big Fix
Running a proof of concept with AV vendors McAfee and Sophos
Developing a hard disk encryption Proof of Concept
Did proof of concept of RedSeal and currently deploying
Provide policies and procedures where needed.
Sungard Availability Services – Philadelphia, PA 6/2014 – 2/2015
Senior Security Engineer
Researching security tools that will improve coverage of Sungard’s infrastructure.
Responsible for running vulnerability scans using Rapid7 and looking for improvements where necessary.
Support Sungard’s consulting team for client engagements. Will assist on site engagements by doing architectural reviews, proper security tool deployments and vulnerability remediation process review.
Responsible for Sungard’s Radware DDOS solution.
Responsible for Sungard’s Sourcefire IDS solution.
Responsible for testing new solutions and provide documentation to support staff.
Designed, tested and implemented URL filtering using Checkpoint R77.10 running GAIA.
Provide level 3 support for Checkpoint, Juniper and Cisco firewalls.
Comcast – Moorestown, NJ 3/2013 – 5/2014
Senior Security Engineer
Reviewing the current security infrastructure and processes and then providing recommendations for improvement where needed. Also providing level 3 support for our firewall, SSL VPN/IPSec and router/switching infrastructure.
Currently reviewing and providing recommendations on integrating vulnerability scanning, Intrusion Detection Systems and Network Anomalies utilizing nCircle, Lancope, Sourcefire and Fireeye.
Developed a process for a prioritized approach to vulnerability scanning and how to handle remediations. Starting with PCI compliant hosts and then determine other key Comcast systems.
Product lead for Comcast wide deployment for Websense, nCircle and RedSeal.
Recommended the deployment of Tufin for our firewall infrastructure. Product go live target is Q1 2014.
Working on a firewall upgrade project, upgrading to Checkpoint R76 GAIA
Sumitomo Mitsui Banking Corporation, JRI America Division- New York, NY 1/2013 – 3/2013
Vice President - Senior Network Security Engineer
Provided strategic direction and process improvements for the Network Security Group.
Evaluated current network infrastructure and providing recommendations where improvements were needed.
Evaluated our Managed Security Service Provider to ensure proper coverage of the infrastructure and accuracy of reporting and alerting.
Participated in Security Assessments of SMBC applications and assisting in remediation.
Developed a Threat and Vulnerability Management process with vulnerability data originating from multiple sources and integrating into Modulo.
Developed an auditable Firewall Request Process with AlgoSec.
Evaluated vendors for a Network Behavior Anomaly Detection for deployment into the environment.
Core member on the Palo Alto firewall migration project for North America.
Omgeo LLC, A DTCC/Thomson Reuters Company– New York, NY 1/2005 – 1/2013
Security Engineer (1/2008 – 1/2013)
Provided security solutions and support for Omgeo’s production, Client Test, QA and development environments.
Provide security direction between the executive and IT teams
Participated in SECs annual infrastructure review.
Worked with a core team that developed Omgeo’s Threat and Vulnerability Management program. Participated in regularly scheduled vulnerability scanning with Omgeo’s Corporate Information Security Team and work with the Production Operations team to remediate any high or critical vulnerabilities within Omgeo‘s remediation time lines. Vulnerabilities are tracked within Archer.
Participated in Certification and Accreditation reviews for system, database and network equipment
Participated in the review of Penetration Test results and provide recommendations to remediate findings. Attended the following SANS Institute course: Security 560 Network Penetration Testing and Ethical Hacking
Knowledge of Vulnerability Scanners Tenable Nessus and Rapid7.
Deployed an enterprise wide vulnerability scanning solution utilizing Tenable Security Center and Nessus scanners across multiple data centers to scan our dev, QA, Client Test and Production networks. Developed process and procedure to run vulnerability scans against Production and Client Tests hosts before they go live in to Production and Client Test. Remediation process of high and critical vulnerabilities falls in to Omgeo’s Standard TVM process. Worked with the Production Operations Staff to define configuration audits against Operating Systems (Solaris, Linux and Windows), Databases (Oracle and SQL).
Designed, deployed and support EnVision. Forwarded all syslogs from production, client test, qa and development hosts to envision. In addition to syslogs we forward iplanet and RSA Cleartrust logs to EnVision from a subset of hosts.
Designed, deployed and support Firepass F5s. F5s are deployed to manage access to Omgeo’s Production and Client Test environments. F5s allows the use of RBAC controls instead of just depending on firewall rules to allow access to the production and client test environments. With the deployment of the F5s it has allowed the removal of a large amount of firewall rules.
Designed, deployed and support Tufin. Tufin was a fairly new deployment in the environment. Since Tufin was deployed it has identified numerous redundant rules in our firewalls. Next phase was to determine the rule usage and remove rules that are not used and arrange the rulebases for better performance. Tufin is also used to notify the network and security staff when configuration changes occur in the firewalls, routers and switches.
Designed isolated network infrastructure for placement of security devices.
Worked with a core team to determine the appropriate placement of IDS sensors in the Omgeo Production Network.
Designed, deployed and support Riverbed Cascade Profiler and Sensors. Developed service maps via the Performance Analytics module for proactive notifications of applications issues. Developed daily reports and user defined alerts on inappropriate user and protocol usage.
Worked with a cross functional team to design and deploy an enterprise wide Identity and Access Management solution. Integrated Windows, Solaris and Linux in to a central authentication model. Evaluated vendors for possible next steps.
Worked with the Production Operations staff to develop baseline configurations for Solaris, Linux and Windows Operations Systems based on CIS Benchmarks.
Designed, deployed and support Gigamon. Deployed Gigamon to consolidate monitoring tools such as Sniffers, Cascade Sensors, IDS Sensors and Imperva. This will allow for a better configuration of span ports in our switches.
Network Engineer (1/2005 - 12/2007)
Managed and Oversaw Omgeo’s Network and Firewall infrastructure in The Depository Trust and Clearing Corporation (DTCC) data centers.
Managed weekly project meetings with the DTCC to get status on current projects that were on-going as well as discuss new projects that had been opened. In the meetings would prioritize projects for the DTCC so they could allocate resources correctly.
Managed quarterly meetings with the DTCC to review Omgeo’s Network SLE with the DTCC. Made modifications to the SLE when necessary.
Participated in Cross Functional Teams to get network requirements that were needed to complete new projects. After receiving the requirements, develop a solution and then work with the DTCC networking staff to develop timelines and determine what resources were needed to complete the projects.
Co-managed a network build for a data center consolidation project. Provided technical direction and developed milestone dates for completion. The project consisted of migrating Omgeo’s production servers that were running in Thomson Financial data centers and housing them in the DTCC’s data centers. The project was composed of 4 sections: Host to Host connectivity, Client connectivity, Replication and Enterprise/Campus.
Oversaw Omgeo’s Technical Operations outsourcing of ITO monitoring and first level application support with Patni.
Network Lead for Omgeo Connect network build. Provided design and worked with the DTCC on personnel resources that were needed and developed timelines to complete the project.
Provided technical direction and project management for the migration from Nokia IP440s to Crossbeam X80s running Checkpoint NG.
The Depository Trust and Clearing Corp – New York, NY 6/2000 – 12/2004
Senior Internetworking Engineer
Was a team member in the Inter-networking Design and Management group. The IDM group provided DTCC with new network solutions and level 3 network support.
Lead Engineer for the network build for a new financial services company called OMGEO that is hosted in the DTCC data centers. Omgeo is a joint venture between The Depository Trust and Clearing Corp (DTCC) and Thomson Financial. I was responsible for all aspects pertaining to both the Production and Enterprise networks including design, implementation, procedures and documentation. Equipment utilized for this project includes the following: Cisco - 7206, 2600, Catalyst 6509(IOS with SLB); Nokia IP440s Firewalls running Checkpoint 4.1. Routing protocols: EIGRP and RIP. Implemented Policy Routing to minimize static routes and prioritize routes in the WAN.
Developed Disaster Recovery strategy and documentation for Omgeo’s network and firewall infrastructure.
Lead the evaluation AT&T’s IP Enabled Frame Relay Solution that was eventually deployed in the DTCC SMART network.
Lead Engineer for the design and implementation for DTCCs migration to SNI pertaining to Networking. Provided procedures and documentation. DTCC allows their participants access via Ethernet, Token Ring or SDLC for application access.
Lead Engineer for the design and implementation pertaining to networking for the insourcing project of NSCC in to DTCC. NSCC utilized SIAC for all networking services. The insourcing project allows DTCC and NSCC to pass data seamlessly without using the networking services of SIAC. Equipment utilized for this project: Cisco – 7206 and Catalyst 6513; Nokia IP 530s running Checkpoint NG.
Joint Lead Engineer for the build of DTCC’s Packet Over Sonet network. DTCC built a POS network to link three Data Centers. I was responsible for the design and implementation of the Cisco 7609s (Optical Routers) using EoMPLS.
Developed DTCC’s perimeter security policy for the customer facing Frame Relay network. DTCC provides a full service WAN solution for its Participants to access its various applications. Determined that there was a need to secure DTCCs perimeter network to help protect DTCC from unnecessary intrusion.
Provided support for the integration of MBS in to DTCCs network.
Columbine JDS Systems, Inc. – New York, NY 6/1998 – 6/2000
Communications Specialist
Verified monthly communication expenses with office administration.
Managed all Customer Frame Relay accounts, including new installations.
Maintained Columbine JDS Frame Relay accounts from strategic business partners.
Managed access to the internet
GTECH Corporation – Braintree, MA 1/1997 – 6/1998
Communications Manager
Primary contact for LAN/WAN/COMM support for the Massachusetts State Lottery commission during their conversion onto GTECH Computer Gaming Systems.
Supervised LAN/WAN/COMM project staff from other GTECH regional offices that were assigned to Massachusetts State Computer Gaming upgrade project.
Responsible for giving weekly project status updates to the Massachusetts State Lottery Commission on the status of the project.
Periodically reviewed and revised procedures for the LAN/WAN/COMM administration areas based upon system software, hardware and configuration changes that may have occurred.
Managed and Oversaw the following: Novell 4.X, Windows NT, Cisco 7500 and 2500 series routers, Cisco Catalyst 5000 switches, Telenex 2K Matrix Switch, 3 COM 6200 Series Multiplexer
North Star Business Systems, Inc. – Denver, CO 3/1996 – 12/1996
Service Technician
Troubleshot PCs at customer sites
Spec in cable jobs and did installations.
Upgraded customer PCs that included new motherboards, RAM, Hard Drives and other devices specified by the customer.
Experience with Novell and Windows NT
LAN-TECH, Inc. – Englewood, CO 7/1994 – 3/1996
Customer Service Manager
Developed and implemented a new return policy, resulting in decreased lag time for replacement orders and credits to customer accounts.
During the company’s relocation set up LAN/WAN equipment.
Created order processing forms for nationwide branches resulting in decreased lead time for all customer orders.
Approved all returns for corporate and all nationwide branches.
Communicated with hardware vendors for RMAs and replacement orders.
Sold LAN/WAN equipment for the inside sales department
Coordinated all nationwide branch orders.
Oversaw delinquent accounts as well as assisted with the new approval of new accounts.
Equity Group – PA Division 5/1993 – 6/1994
Quality Control Technician
Collected data for approved mechanical freeze tunnel.
Sampled blenders for fat content of initially ground product for formulation and supplier far results.
Examined the fat contents to verify formulating accuracy.
Used statistical applications to monitor and adjust fat blending processes of initially ground beef.
R B Badat Landscaping – Eastampton, NJ 3/1992 – 4/1993
Foreman
Supervised lawn and tree maintenance crew.
Created ornamental landscaping for residential and commercial customers.
EDUCATION
Willingboro High School – 09/1986 – 06/1990
Contact this candidate