Provided architectural design and coordinated the implementation and integration of security products into existing network environments. Identified significant actual and potential cyber security issues, trends and weaknesses while recommending specific modifications, solutions and mitigation controls to limit exposure to information systems security risks. Developed strategies for responding to future security challenges, identified regulatory requirements, reviewed established policies, drafted policy guidance and standards and presented them to management for endorsement. Reviewed proposed new systems, networks and software designs for potential security risks and worked to resolve security issues with integration. Defined the scope and level of detail for applicable security plans and policies. Implemented and interpreted the requirements of policy directives. Developed project plan for implementation, identified major milestones and activities, coordinated development and implementation of policies and guidelines required for infrastructure protection and tools for monitoring program effectiveness.

Designed, developed and deployed enterprise security solutions (Firewall/VPNs, HIDS/NIDS, WAF, DLP etc.) and strategies (Configuration Management, Centralized Logging, Vulnerability Tracking, SIEM, Secure SDLC etc.) to provide a defense-in-depth approach to system security operations. Managed and monitored security information sources and their associated logs to effectively identify suspicious system behavior and other evidence of unauthorized intrusions or attacks.Conducted vulnerability assessments, penetration tests and system audits to enhance the security posture of systems. Provided detailed written and verbal analysis of exploits along with their respective countermeasures. Worked with system administrators and data custodians to create hardened system baselines and secure network infrastructure coupled with integrated testing in response to current evolving threats with potential to impact target environments.Identified, analyzed and responded to suspicious activity of breached systems in accordance with commonly accepted forensic and malware reverse engineering methodologies with a technical focus on examining and assessing malicious malware threats. Provided technical leadership and management to incident response and digital forensics investigation teams. Developed a series of easily configured open source systems for rapid deployment used by teams to fulfill triage event analysis and remediation of remote segments.

Served as technical lead for 24/7 global Security Operations Center (SOC) providing advanced analytical support and mentorship to junior analysts, engineers and investigators. Created SOC policy, process and procedures to ensure staff perform appropriate analysis, escalation and handling of critical information security incidents. Promoted a holistic approach to resource allocation by working directly with management and system owners to build Use Cases anchored with core business initiatives. Authored and presented custom training courses on packet analysis, binary manipulation and log management.Performed architectural design and integration engineering to facilitate normalization of over one hundred unique data feeds from thirty vendors across twenty unique geographical regions and four continents. Developed ArcSight content to correlate, analyze and alert on actionable items while limiting false positives. Tuned parsers and supporting devices to enable increased feed volume, improved correlation capability of events and discovery of subtle event patterns. Integrated automated Open Source Intelligence (OSINT) feeds into SIEM solution to inversely identify breakouts.

Responsible for the successful redesign and implementation of ArcSight Security Information Event Management (SIEM) systems. Introduced a structured content development process with support for integrated use case creation and management. Worked with system owners to ensure proper installation and configuration of critical monitoring devices. Created metrics and associated reporting to validate successful flow of event data into the SIEM infrastructure. Integrated automated network discovery scanning of undocumented networks into the ArcSight console, allowing the results to be readily available for import into the SIEM asset database. Drafted and presented training classes around the use and development of ArcSight content (filters, rules, channels, trends, dashboards etc.) to identify and mitigate organizational threats.Worked with development teams across the organization to integrate secure coding practices into their development lifecycle (SDLC). Developed incident management polices and procedures with a focus on secure enterprise logging, monitoring and auditing. Called upon as first responder to identify, assess, contain and address a wide variety of security incidents.

Managed security assessment engagements from statement of work to completion. Guided clients in developing strong security policy and procedures around industry best practices to meet regulatory obligations and limit organizational risk. Implemented secure centralized logging and monitoring solutions. Provided security based user awareness training to satisfy agency compliance requirements.

Executed vulnerability assessments against internal/external networks, applications and devices for public, private and international organizations. Translated data gathered throughout the assessment process into clear and concise reporting which identified and validated the vulnerability discovered, the potential organizational impact when abused and mitigation measures to address respective weaknesses in security posture. With a focus on root cause analysis, provided deliverables and associated analytics were easily leveraged by client resources to respond to risks within their association and/or products.Aided in the distribution and delivery of enterprise wide E-Discovery scanning software with a focus on PCI-DSS, HIPAA & GLBA compliance auditing for a Fortune 5 company. Designed and presented training to aid analysts and developers pinpoint personally identifiable information (PII). Worked with QA team to improve accuracy and reduce false-positives of PCI-DSS related results within findings.

Provided remote network management and monitoring via OpenEmbedded Linux handheld to manage client and internal application/file/mail servers, routers, firewalls and hosted servers. Used ssh suite, Windows Terminal Server and FreeS/WAN to provide 24/7 support of internal as well as client LANs, WANs, WLANs and VPNs. Relieved customer bottle-necks through the use of Gigabit Ethernet solutions and open-source packet shaper. Maintained ISDN and T1 services for group and clients. Performed Blackberry roll-out to handhelds with Web App & MS Exchange Migrated Exchange 5.5/NT to 2K/2K. Implemented Linux based "Exchange Killer" IMAP server. Built UnixWare cluster and nightly WAN replication via cron job to co-located disaster recovery server using rsync over ssh tunnel. Installed and configured Bayesian heuristic Spam filter, client and server. Installed and configured PHP/PostGreSQL web-based (Apache) call tracking system.Supported: SCO OpenServer/UnixWare, Sonicwall Firewall/VPN, RedHat, Windows workstations/servers and Cisco routers/switches.