• Evaluated new security technology, weighing business needs against security concerns.• Performed vulnerability assessments of technology platforms and provide analysis of key risks, metrics, and remediation plans.• Performed risk assessments and security audits of internal systems and facilities.• Created policies and procedures to remediate outstanding audit items. • Evaluated new security technology, weighing business needs against security concerns.• Directed and lead project teams in the implementation of security measures to meet corporate security policies and external regulations (e.g. HIPAA and OIG).• Trained users and promote enterprise wide security awareness to ensure system security and to improve business efficiency.• Assisted in creating a 2 year security roadmap. • Project lead for Data Loss Prevention (DLP).

• Part of a global incident response team. • On call duties as needed.• Performed digital forensics utilizing EnCase. • Performed security software reviews on candidate external applications for use internally. • Volunteered on various events promoting security awareness across the company. • Posted security related articles on business unit internal website. • Represented the business unit at company sponsored symposium. • Business unit administrator and approver for policy exemptions.• Created documentation and workflow for exception requests. • Improved exemption request forms utilizing customer feedback. • Created frequently asked questions, How-to's, and general education on policy exemptions. • Enforced company policies and educated employees on proper use of company assets.• Created and maintained metrics for senior leadership team on exemption requests submitted and approved/denied. • Using network scanner, located out of compliance devices. • Reviewed candidate software for use on the internal network. • Reduced overall threat on the network via policy waivers and exemption risk mitigation.

• Lead incident responder on security incidents. • Created new process and procedure for eDiscovery. • Performed eDiscovery tasks. • Performed web searches using Blue Coat Reporter.• Created an overall general use asset policy, to work in conjunction with malware remediation. • Assist in communicating to the user community on secure computing practices as necessary.• Coordinated, evaluated, and recommended new products for purchase. • Created a risk assessment checklist for newly acquired offsite offices. • Created malware response procedure. • Trained staff on use of Nessus Vulnerability Scanner. • Performed vulnerability scans and on the internal and external network. • Created new processes and procedures for deleting of old user accounts, e-waste disposal and hard disk destruction. • Created policy and procedure to be used across the enterprise. • Track remediation of key risks and as necessary project manages implementation of mitigating security controls.• Ensure security controls align with a formal security framework.• Identified security control deficiencies and security risks and reports risk for remediation.• Trained staff on best security practices. • Performed network monitoring. • Communicated effectively with management. • Made the security team aware of new security threats.• Created articles to be used for Security Awareness.• Assist in ensuring a security strategic vision is developed and implemented. • Created and ensured data security is built into processes and procedures. • Acted as the local security subject matter expert and work in partnership with the local IT Site leaders to ensure the confidentiality, integrity and availability of information assets.• Created a risk assessment to be used across other care sites.

Experienced with vendor applications/systems such as Splunk Search, Blue Coat for Splunk applications, Nessus, ArcSight (SIEM) (Including familiarity with Active Channels and Report generation with ArcSight Console), McAfee EPO/EndPoint Encryption, SourceFire Defense Center Console, SNORT rules, and Absolute Software Remote Data Wipe. Knowledge of protocol analyzers such as TCP Dump, Wireshark and NMAP. Experience with various OS (Windows, Linux, Backtrack, Red Hat, Ubuntu, etc...). Familiar with Blue Coat Proxy administration (Policy, Web Access, etc...). Communication to less technical staff members.Performed analysis on user Internet trends to block potentially dangerous sites.Familiar with security incident response methodologies and techniquesProvided support for lesser experienced IT Security Analysts.Creating policies and procedures for the Information Security Operations CenterAssisted in several hardware changes for Sourcefire implementationAssumed the role of SharePoint and Wiki site administrator for Information SecurityProvided support for PCI penetration testingProvided easy to digest reports on PCI findingsFamiliar with Mentis Database scannerPart of the Security Incident Response group and part of the On-Call rotationCreated metrics for incoming security tickets. Evaluated security tools for use by the Software Quality Engineering (SQE) group.Gave recommendations for tools to be used by the SQE team.Became part of the Governance, Risk and Compliance (GRC) teamActed as the liaison between McAfee Support and Information SecurityCreated the framework for risk assessments on high risk applications/databases as well as the remediation in risks. Active in Security Awareness programMembership to several local security groups such as SDSUG (Sonora Desert Security Users Group).Arcsight Certified Security Analyst (ACSA)

Learning Management SystemProvided forensics evidence on Online Learning System related issuesCreated and ran customized reports to analyze user's habits, and to also investigate trends Decreased the resolution time of escalated tickets by over 95% and the number of support hours spent per week by 80%Preformed some database administration tasks to local databasesDecreased the number of support tickets (HEAT/Service Desk) in regards to eCampus related issuesSome experience with AJAX, .ASP, C++, Java, .NET languagesAnalyzed business needs and introduced several new processes to increased productivity awareness and efficiencyAssisted in testing new functionality/UI for faculty/student portalCreated/Modified code and deployed .ASP pages to the legacy faculty/student production siteCreated SQL scripts to correct Online Learning Systems alias related issuesCreated policies and procedures to align with business goals and improve efficiency Train technical support staff on use of new functionality with internal and external applicationsWorking understanding of faculty/student lifecycle Served as a liaison between business users and the development team

Resolution CenterFounding member of several groups such as the Knowledge Base Administration, Resolution Center Mentorship teamCreated training procedures to train future hiresTrained several new employees with department tasks, procedures and dutiesExperienced with Exchange 5.5 administrationAssisted in creating workflows and procedures to eliminate unneeded steps in processesConsistently preformed within the top 10% of the departmentConsistently performed with exceeding expectations