• Technical security lead for all security related issues and decisions for the healthcare division spin-off of a major Fortune 500 manufacturer• Project Manager and Technical Lead for the reconfiguration and reimplementation of current security systems, including Check Point Firewalls/IPS/IDS, SafeNet 2-Factor Authentication, Remote Discovery, Web Filtering/Antivirus, Secure File Transfer, and various security related web applications• Managed requests and handled VPN, Citrix, and VDI issues related to enterprise PAC files for multiple domains• Technical lead for support of Check Point firewall infrastructure and migration to new OS and hardware• Technical lead for the export of Check Point Firewall firewall policies to firemon• Technical lead for the management of Check Point firewall and IPS policies• Provided administrative support for McAfee Proxy/Web Filter/Antivirus• Provided senior level support to administrators of WS_FTP, used for secure file transfers SFTP across multiple domains• Assisted with network security assessments for various business units• Technical Lead for the deep discovery of corporate and manufacturing networks, including detailed mapping of applications, ports, and protocols, in order to properly create new, or reconfigure current, systems to the spin-off networks• Technical lead for the migration of several external class C networks to an internal NAT configuration in order to meet compliance requirements including firewalls policies, servers, DNS, load balancing and certificates• Provided overall architecture guidance and high level troubleshooting for the implementation of Access Data eDiscovery on all servers and client workstations• Responsible for reviewing, analyzing, and recommending cloud based solutions for network security firewall zones, web filtering and web hosting• Able to communicate and interpret advanced security concepts across worldwide business units using VoIP, Instant Messaging and Lync

• Architect and Technical Lead for the design of a multi-tiered network security architecture for the growing Fortune 500 enterprise • Technical Lead for the implementation of a Security Operations Center (SOC) to manage ongoing threats to the organization• Provided detailed documentation, including network diagrams, for the implementation of a new network security architecture based on technical and business requirements• Architect, Project Manager and Technical Lead for the reconfiguration and reimplementation of current security systems, including firewalls, IPS/IDS, routers/switches and antivirus• Technical Lead and Architect of an enterprise wide logging infrastructure and QRadar SIEM implementation• Mentored the SOC team by providing expert advice from previous alert/tuning experience from multiple SIEM systems• Technical Lead for vendor review and analysis of all 3rd party software, hardware, and network requirements• 'Acted' as a mentor for less senior members, providing guidance on new assignments, testifying in court, certifications and career advice• Responsible for the design of unique and complex business requirements related to SCADA/Gas Pipeline security.• Technical Lead for the deep discovery of corporate and industrial control system networks, including detailed mapping of applications, ports, and protocols, in order to properly define security zones• Acted as a primary resource in the design, acquisition and implementation of a new firewall, HIPS, File Integrity Monitoring, remote data aquisition (EnCase) and SIEM infrastructure• Responsible for the direction of information security related decisions across all lines of the corporation.• Developed working relationships with key business and technical units to appropriately balance risks• Provided weekly briefings to key security personel and management regarding new threats that impact our environment.

● Technical Lead for the implementation of an Application Security program for the enterprise.● Provided live hacking demonstrations during training events held for all major application development teams.● Documented major applications and development environments in order to develop a set of application security standards for the enterprise.● Performed penetration tests on internal, vendor, and partner websites/applications.● Project Manager and Technical Lead for the migration from Surf Control to Websense.● Provided 3rd Level (Emergency) support for administration of RSA 2-Factor Authentication appliances● Project Manager and Technical lead for the implementation of Algosec Firewall Analyzer.● Analyzed firewall rules to determine weak points between networks, business partners, and vendors.● Developed custom NMAP and Nessus scripts able to scan SCADA environments without system interruption.● Technical lead for the implementation of special SCADA profiles using Cisco ASA VPN appliances.● Mentored security team members on the use of NMAP, Nessus, BurpSuite, Linux, Websense, Forensic Analysis, and court testimony.● Provided forensic analysis of compromised systems to determine the source of infection.● Technical Lead for vendor review and analysis of all 3rd party software, hardware, and network requirements.● Responsible for the analysis, implementation, and approval of CheckPoint firewall requests for corporate and industrial control networks.● Responsible for the analysis, implementation, and approval of TippingPoint IPS requests and updates.

Brought on as a Senior Level Security Architect to design/implement solutions of Quest Software products to mitigate threats and meet PCI/HIPAA/SOX compliance requirements. Products include ActiveRoles Server, Intrust, Intrust for Active Directory, Active Directory Recovery Manager, Spotlight on Active Directory, Archive Manager, etc.

● Brought on as a Senior Level Security Consultant specializing in application security to help design the next-gen security architecture for Intuit (makers of TurboTax, Quicken, QuickBooks)● Performed a comprehensive test of IDS/IPS capabilities with ISS Proventia, Sourcefire, Palo Alto, and TippingPoint products● Implemented a test lab network including Crossbeam and Cisco Nessus routers and switches to test 10 gig capabilities of security products.● Implemented clustered Juniper SSL VPN appliances to handle remote access into proof of concept labs● Created application security baselines for Windows Server, Red Hat Enterprise Linux, and Solaris● Created custom .pcap files of attacks using tcpprep and tcprewrite to ensure accurate test results

● Senior Level Security Architect and Quest Certified Product Specialist brought on to design and implement solutions for Quest Software products. Solutions include defining business and technical requirements, mitigating threats, and meeting PCI/HIPAA/SOX compliance● Designed and implemented an ActiveRoles Server solution to assign role based access to resources using Active Directory for a major energy company in the Southwest● Designed and implemented an Intrust solution to manage Account/Server access for a major power company in the Southwest● Designed and implemented an Archive Manager solution to archive email according to HIPAA requirements at a major hospital system in the Midwest● Designed and implemented an Intrust, Intrust for AD, and Intrust for Exchange access management and tracking solution for a major global law firm. These requirements encompassed both U.S. and European Union laws that deal with tracking employee information● Designed and implemented an Archive Manager solution to help alleviate stress placed on Exchange clusters for a major Hospital system in the US

● Brought on as a Senior Level Security Architect with the goal of providing a full audit of network security and implementing new security controls to help meet HIPAA and PCI requirements. These requirements included RSA two-factor authentication, Websense Content Filtering, DMZ Re-Design, Intrusion Prevention Systems (IPS), SSL Offloading, SSLVPN, TLS Encryption, penetration testing, and vulnerability assessments● Created processes for penetration testing of the internal network and DMZ. All current systems were tested and provisions for future systems were defined. These processes included the use of Nessus, Metasploit, NMAP, Ping Plotter, Whisker/Nikto, Wikto, custom perl/shell scripting, and custom XSS attacks● Managed a multi-phased pilot project to install Juniper IDP Intrusion Prevention Systems. This project required analyzing the current network, defining business and technical requirements, implementing evaluation systems onto the network, and presenting a cost vs. benefit analysis describing the advantages of utilizing IPS in the network● Redesigned the DMZ from a flat architecture, where all servers were located on the same subnet, to a multi-tiered architecture● Installed Juniper SSL VPN appliances for client/vendor portal access into the network● Deployed multiple RSA ACE Servers with Steel Belted Radius to offer 2 factor authentication for network equipment and power users across the enterprise● Designed 12 SMP (Security Management Program) tasks for auditing Enterprise Security Group systems based on HIPAA and PCI requirements● Configured Alteon Layer 2 Switches and NetApp network caching systems to optimize network bandwidth and server performance.● Configured Websense Trend Micro-IWSS for Internet contecnt and Anti-virus filtering ● Implemented Citrix Netscaler systems for load balancing, SSL Offloading, and SSL VPN● Implemented TLS Encryption, according to HIPAA requirements, between Hospitals for email communication security

● Brought in as an Intrusion Prevention Specialist to define business requirements in accordance with regulatory compliance including Sarbanes-Oxley Act (SOX), COBIT, HIPAA, and Payment Card Industry (PCI) as well as IT Best Practices● Developed project plan outlining the scope of work, projected hours, and an itemized list of tasks to be completed by the project team● Provided a full network audit of systems on the Publix network. Successfully identified all business and system requirements with respect to Intrusion Prevention and File Integrity Monitoring systems. Requirements were then listed in a Systems Requirements Document (SRD) for review by IT management. This document included provisions for different types of data such as PCI/HIPAA/PID/SOX● Developed a Request for Proposal (RFP) to be sent out to prominent IPS vendors. These vendors include Cisco, ISS, TippingPoint, Solidcore, and Tripwire ● Developed a testing plan to assist in the final selection of a product. These tests simulated the production network and had the goal of verifying the functionality of all major IPS features. A full penetration test of the environment was conducted to simulate IPS safeguards. Penetration testing was done via Nessus, Metasploit, NMAP, and custom perl scripting● Created a Technical Design Recommendation (TDR) outlining viable implementations for utilizing Intrusion Prevention technology within the company● Created a Formal Recommendation Document detailing the final details for this project. This recommendation includes the use of Intrusion Prevention Systems in approximately 1,000 stores and software on over 25,000 servers and workstations

● Lead network security engineer for the Plant Vulnerability Mitigation project in the Strategy and Architecture department. Held responsibility for the design of security for manufacturing plant networks● Managed a successful pilot of Intrusion Detection System (IDS) technology in the Ford manufacturing environment utilizing ISS Proventia IDS appliances● Created project management scorecards and monthly reports to track pilot progress. These included baseline, tasks, funding/cost tracking, resource management, project issues, critical risks, vendor management, and quality control● Participated in a Cisco NAC/Quarantine Proof of Concept project to determine its possible use in a plant environment● Advised on the use of RSA SecurID USB tokens for two-factor authentication use in the rigorous plant environment● Participated in a 6-Sigma project to determine the future of Host Endpoint Security for the entire Ford network. These included plans for future use of firewalls, virus control, mail/web filters, quarantine, network access control, GPO, intrusion detection and prevention, and VLAN network segmentation● Helped write the Strategy Statement and Project Roadmap for Plant Vulnerability Mitigation ● Provided penetration testing to plant networks to identify security holes and made recommendations on how to mitigate risks● Provided network audit documentation to upper management to describe the current state of plant networks● Tested Host-based Intrusion Prevention Systems (IPS) on plant manufacturing servers