Security Engineer, Security Management, Development, and Training
Resume:
Mark D. Spivey
EXECUTIVE PROFILE
**** ******* ***** *******, ** 77375
281-***-**** ********@*****.***
Network Security Management
Network Administration
Enterprise-level Systems Mgmt
ArcSight Administration
AirMagnet Administrator
Cisco MARS Administration
Websense Administration
Network Design/Implementation
Risk Assessment/ Compliance
Security Policy Development
Vulnerability Assessment
Malware Analysis
Penetration Testing
Incident Response
Computer Forensics
Security Training
Public Relations
Team Building
Cross-Functional Teaming
Budget Control/Expenditures
Vision & Motivation
Change Management
Author
Over 12 years of network security, administration, testing, and compliance.
Pivotal member of management, corporate compliance, assessment, and incident response, bringing creative energy and focus to high-level strategic planning and decision-making. Corporate security awareness enhanced by developing specialized security courses. Driven by challenge and motivated by opportunity to add value. Never satisfied with the mundane or the status quo.
Visionary with global perspective and strong attention to detail.
Key contributor to planning and decision-making. Organize successful security development,customer satisfaction, and product implementation. Manage teams’ performance and training. Skilled penetration tester, forensics analyst, and incident response. Firm enforcement of “accountability brings compliance” schema.
Technical strategist and moderator between corporate officers and employees.
Overcome complex business challenges and make high-stakes decisions by employing
experience-backed judgment, innovation, strong work ethic, and irreproachable
integrity. Respected as motivational, lead-by-example manager, change agent, and proponent of empowerment and accountability.
SECURITY MILESTONES
Professional Accreditation
Certified Information Systems Security Professional (CISSP) since 2000
SANS GIAC Certified Incident Handler (GCIH) since 2006
Security Management
Managed primary and secondary group of college instructors and staff in the areas of network security and development.
Established departmental inter-operations, policy, and standard operation procedures
Developed and implemented compliance procedures against the ISO 17799 framework
Security-Driven Development
Cultivated and nurtured relationships with Management, building solid partnerships that laid the support foundation to drive increases in ROI.
Increased security awareness throughout the organization with proprietary security training course development
Developed multi-departmental security awareness in regards to sensitive data, accountability, and enforcement
Author
Author of Practical Hacking Techniques and Countermeasures, Auerbach Publications, 2006 ISBN # 084*******. This book, written as a lab manual provides a step-by-step guide to common tools and techniques used by today’s attackers to gain unauthorized access to computers and their associated networks. Now in over 40 Countries and used in major Universities.
Author of Practical Hacking Techniques and Countermeasures 2nd Edition, Auerbach Publications, 2011 ISBN # TBD. This is an updated version to the initial release. Expected release date August 2011.
DISTINCTIONS
"I worked with Mark for 5 years both as his supervisor and as his colleague. He is always energized by challenges. Because of this, I recommended him to establish the Network Security technology. He took on this challenge of creating a new department and did all of the budgeting, hiring, course development, and planning. His knowledge of digital security and management made him and his new team extremely successful with his graduates placed globally." – Ron Sanders, Associate Vice President of Student Learning, Texas State Technical College
“Mark Spivey is a network security expert. He has been in the computing and network security fields for many years. He has the ability to see if any networking system is being compromised, document the results, and formulate a plan on how to secure that networking system. He has had much success with securing various networks, small and large, so that no confidential data is breached by unauthorized users, as well as authoring his own security book." – Carol M. Meier - CCNA, CCDA, CCAI, Net +, Senior Instructor, Texas State Technical College
“Mark Spivey is an excellent resource of Computer Security and Computer Networking expertise, his ability to solve problems and bring results is not matched by many in this field, and he is hungrily sought after by any company demanding a sound security-rich environment.” – Danny Fletcher, Network Administrator, Waco Housing Authority
CAREER DEVELOPMENT
Inceed Houston, TX
2012 to Present Security Architect
Recruited to conduct Risk Assessments against Corporate Standards and Guidelines. Coordinated with the Project Manager, Technical Contacts, and other applicable personnel and departments to meet the objectives in a timely manner. Responsible for acquiring any supporting documentation to validate the risk assessment findings.
Performance
Reviewed all Corporate Security Standards and Guidelines
Conducted Risk Assessments on a Global Scale including locations in the UK, Australia, India, etc…
Provided security consultation services to various departments on numerous projects
Weekly video conferencing with remaining security architects in both the UK and Australia
Conducted Peer reviews of Risk Assessments for accuracy and completion
Analyzed proposed project designs against security standards and made appropriate recommendations
Implemented the Dispensation process for those items not meeting established standards
Foster Wheeler USA Corporation Houston, TX
2011 to 2012 Network Security Administrator
Specifically brought in to develop Foster Wheeler USA’s Security department as they had none. Due to a major security breech a PricewaterCooper assessment required Foster Wheeler to put in place the appropriate countermeasures to mitigate the risks. PricewaterCooper projected a 36 month projection for completion. In 6 months I was 70% completed. I contained and eradicated a major malware/virus infection throughout the organization, developed Security Policies, procedures, implemented Enterprise-level IDS/IPS, Antivirus, prevented the direct theft of millions of dollars of proprietary, sensitive company information from a foreign national, and a multitude of security-related tasks.
Performance
Developed and Implemented Security Policies and Procedures.
Designed the Global Security Awareness Framework for all Global Locations (USA, UK, Milan, and Singapore)
Implemented and administered the McAfee Network Security Manager IDS/IPS (formerly IntruShield)
Installed and administered the McAfee ePolicy Orchestrator (ePO) solution
Distributed the McAfee antivirus solution via the ePO
Administered the WebSense Internet Filtering solution
Administered the Barracuda SPAM solution
Administered the Cisco ASA firewalls
Implemented and administered the Damballa Malware solution
Implemented and administered the USB device control process via the Safend solution
Conducted Internal Investigations
Successfully captured a foreign national (Italian) attempting to steal proprietary company data
Performed forensic analysis of hard drives
Conducted Qualys vulnerability scans of both external and internal networks
Liaison to the FBI as an InfraGard member
Developed a monthly Security Awareness Newsletter (Secure IT) to promote user security awareness
Conducted vulnerability assessments and penetration testing against Internet facing and internal servers/workstations.
Provided corporate compliance to support established policy and procedures.
Significantly increased security awareness corporate-wide and achieved noted management endorsement and credibility.
Developed comprehensive risk assessment procedures, including planning, implementation, follow-up and analysis as modeled against the ISO 17799 and 27001Framework.
Conducted detailed incident response for further forensic analysis to determine incident level and correct countermeasures.
Jack Henry & Associates, Inc. Houston, TX
2003 to 2011 Network Security Engineer
Recruited to the department to initiate and create a solid foundation in the Risk Assessment process, to conduct vulnerability and penetration testing against production and disaster recovery environments, in addition to incident response against network security attacks against financial banking customers and forensic analysis for the entire corporation.
Conduct research/analysis to evaluate current security trends and attack tools, recommend and provided best practices to secure mission-critical systems. Developed a targeted security awareness training program to guide employees from the fundamentals to administration and security concerns. Crucial group member with individual responsibility of the security of the Houston data center department.
Performance
Performed analytical, technical, and administrative work in the planning, designing, installation and ongoing security administration.
QualysGuard management of corporate servers, workstations, Cisco devices, and other network devices.
Conducted extensive vulnerability assessments and penetration testing against Internet facing and internal servers/workstations.
Provided corporate compliance to support established policy and procedures.
Significantly increased security awareness corporate-wide and achieved noted management endorsement and credibility.
Developed comprehensive risk assessment procedures, including planning, implementation, follow-up and analysis as modeled against the ISO 17799 Framework.
Cultivated and nurtured relationships with Managing Directors, building solid partnerships that laid the support foundation to drive increases in ROI in regards to securing company assets and established customer relationships.
Demonstrated aptitude to work independently or with multiple teams to identify requirements and finalize essential projects.
Provided ArcSight administration and configuration for enterprise network management through event correlation and parameters.
Distributed Patch management with the Citadel Hercules application throughout production and non-production environments.
Conducted detailed incident response for further forensic analysis to determine incident level and correct countermeasures.
Performed AirMagnet Administration for PCI compliance and wireless security of the Corporate environment.
Performed the duties of the WebSense Administrator for all Internet filtering.
Conducted internal investigations, computer forensics, and incident response as required.
Texas State Technical College, Waco, TX
1999 to 2003 Department Chair Network Security Technology, 2000 to 2003
Instructor – Networking & Systems Administration, 1999 to 2000
Nationally recognized for the number and quality of technical graduates throughout the Nation and Internationally.
As DEPARTMENT CHAIR, NETWORK SECURITY TECHNOLOGY, Responsibilities included determining site location and all aspects of the logistics required to establish the technology facilities. Directed all facets of strategic planning, course development, management of staff and student associations, as well as departmental growth and public relations.
Performance
Independently developed the entire first year’s curriculum to include security policy creation, firewall configuration, encryption techniques and algorithm development, current hacking techniques and countermeasures, computer forensic analysis, intrusion detection technologies, and operating system bastion techniques.
Management and expenditures of departmental budget in excess of $100 thousand.
Established department’s vision, mission, and core directives.
Directed Instructor’s career development towards Industry recognized certifications.
Represented the technology for all departmental public interviews, as well as television appearances.
As INSTRUCTOR, COMPUTER NETWORKING & SYSTEMS ADMINISTRATION, Hired to bring a “Hands-on” perspective to the technical student. Instructed students through all aspects of network design and administration. Implemented a resume and work portfolio workshop to guide students to perspective employers.
Performance
Successfully developed comprehensive itinerary, lessons, and testing to validate given instruction.
Designed and built a portable networking “wall” to provide students with a hands-on medium to learn and authenticate networking abilities.
Provided security-related instruction and consultation to associate Instructor’s and college administration.
Increased student awareness in networking by providing concise, detailed, and challenging classroom instruction.
Central Freight Lines, Inc., Waco, TX
1997 to 1999 Network Analyst
Founded in 1925, Central Freight Lines is one the largest Freight Line Company’s in Texas.
Accountable for technical network operations and assessment. Performed detailed analysis of networking environment both locally and throughout 80 remote locations. Software development as well as hardware support for critical infrastructure requirements to maintain customer support and growth.
Performance
Conducted analysis of network environment to provide high quality of service to the corporation and their clients.
Provided IBM Tivoli administration to provide enterprise-level management of the corporate network.
Developed custom InstallShield software packages for specialized deployment of applications and utilities.
Directed all aspects of IT for remote facility startup; including communications, design, hardware, security and expenditures.
Project Lead for the successful Y2K software compliancy project with the direction of 3 teams of employees, including assignments, accountability, and follow-up.
EDUCATION
Associates in Applied Science, Texas State Technical College, Waco, TX 77010
PROFESSIONAL DEVELOPMENT
Certified Information Systems Security Professional (CISSP #41921)
Foundstone Ultimate Hacking
SANS Certified Incident Handler (GIAC)
SUN Solaris System Administration
SANS Malware Reverse Engineering
QualysGuard Operational Training
McAfee Intrushield (IDS/IPS) Operational Training
Cisco MARS Operational Training
Global Knowledge Network Security & Firewall Administration
IEEE Computer Society Member
Global Knowledge Secure Communications & VPN
ArcSight Certified Security Analyst
Sidewinder Firewall Basic/Advanced Administration
Contact this candidate