John D'Agostino Email and Phone Number

Security Solutions Architect - Solution Design, presentation, and training of information security offerings covering SIEM SOC, MDR, Penetration testing, Cyber Threat Intelligence, Continuous Threat Exposure Management, and AI applications.

Solution Design (North America and Global)• Lead discussions with customers across various verticals to establish business requirements.• Developing custom consulting, technical, and managed service solutions for new implementation and existing architectures. • Presenting approach to how the offering would integrate, work to meet business needs, and provide long term benefit.• Outlining proposed timelines of project kick-off, implementation, and release into production• Solutions covered one or a combination of technologies including Cloud UTM, Professional Security Consulting Services (i.e., IR, Gap assessments, Vulnerability Management, etc.) , Managed Security Services, Secure Operations Center Services, IAM, DDOS mitigation, SIEM, SASE, SSE, ZTNA, Email Gateways, EDR/MDR/XDR, WAF and others.Collaboration (Liaise between Lumen organizations coordinating solution design)• Professional Security Services (Consulting, Managed Security Services, Secure Operations Center)• Customer Stakeholders (Issue Identification and architecture discussions with Manager, Director, CISO, analysis, and third parties)• Sales (Customer Requirements, Deal Strategy)• Business Development (SOW development) • Third Party Vendors (Security Solution Scoping, Product/Service roadmap updates, etc.)Documentation• Bid content development in response to RFP and RFI (usually down-selected)• Product Management Collaboration in developing: o PSS offeringso Professional Security Services Service Guideso Managed Security Services and vSOC operations Guides• Customer Solution PresentationsTechnical Training (Provide instruction to Sales, Engineers, other Solution Architects)• Solutioning use case scenarios.• Opportunity identification• Technical aspects of Lumen security products and offerings • Scoping client projects • Topics cover Cloud UTM, Professional Security Services, IAM, DDOS mitigation, SIEM, Cloud Firewall, SASE, SSE, ZTNA, Email Gateways, EDR

1. Demonstrate and present Fortinet technologies to new and existing clients and demonstrate best methods to meet information security business and compliance needs 2. Scope offers and design Fortinet products into new and existing client network infrastructures3. Present to executive and other levels of management on Fortinet products, services, and compliance.4. Maintain virtual environment used in demonstrating FortiWeb, FortiMail, IBE, DLP, FortiGate, FortiClient and FortiSandbox5. Diagnosed and managed post sale issues.

1. Assess consultant projects and determine time price and time to completion.2. Design solutions to accommodate client information security needs3. Integrate third party products into client information security solutions4. Show products and solutions and demonstrate best fit and use for the enterprise business processes5. Present to executive level audiences on topics of information security, Trustwave products and services, and compliance6. Participate in PCI special interest groups providing guidance on ecommerce compliance7. Analysis of new security offerings and guidance on appropriate implementation to meet compliance objectives.

1.Performed PCi compliance audits and gap analysis for SMB and global enterprise class merchants and service providers.2.Performed audit based on other standards (i.e., FISMA and ISO 27001 and ISO 27002, etc.).3.Wrote PCI compliant policies and procedures for clients (i.e., badge processing, employee, contractor management, etc.) 4.Performed Risk assessments on enterprises in the global investment vertical.5.Developed course material for security practitioner certification.

1. Performed PCI audits for large global and intermediate class organizations.2. Perform Internal and external vulnerability and PCI cap analysis for large global and intermediate class organizations.3. Development of courseware for security practitioner certification 4. Performed PA DSS audits and gap analysis for large global and intermediate class organizations.

Trusted Security Advisor 1. Advisor to clients becoming PCI compliant 2. Advisor to clients regarding HIPAA and ISO compliance 3. Trained clients on the use and management of IBM ISS vulnerability scanners, IPS tuning, and management platform performance. 4. Managed and resolved customer high-severity issues regarding IBM ISS product and the hosting network 5. Assisted clients in integrating IBM ISS products with other solutions (i.e., arcsight, skybox, etc.)6. Mentored clients on implementation, management, and configuration of network, server, and desktop protection applications. 7. Advised clients on internal information security event and vulnerability management Wrote articles for customer and peer education and training regarding: 1. Managed Security Services Log Management 2. Payment Card Industry (PCI) standards and compliance 3. Evaluation, Deployment, Use and Maintenance of desktop security technologies in the enterprise 4. Proventia GX6116 network processing unit (NPU) functionality and network traffic decision flow 5. Use of IDS statistics in detecting poor connection (silent network)

As a senior security consultant my client base spanned several countries (i.e., Brazil, Australia, United Kingdom, Canada, Mexico, Argentina, Venezuela, Bermuda, and across the US) and industries (Government, Banking, Pharmaceuticals, Investing, Insurance, Power, Education and others). In this position I managed teams to deliver or directly delivered services including:1. Network Information Security Audits (ISA) 2. Payment Card Industry (PCI) audits 3. Information security program policy gap analysis 4. Network penetration tests 5. ISS product training 6. Network design assessments 7. ISS product deployment, planning and management 8. A/V program assessments 9. Documenting information security best practices 10. Product training and deployment

As the ISS product training lead, my responsibility encompassed design, delivery, and maintenance of all ISS product training course materials. Achievements during this time included1. Creation of education course materials for all ISS products 2. Establishing the first ISS product certification program 3. Delivering courses globally 4. Training resellers to deliver course material 5. Maintained all course materials

All efforts in this position were in direct support of the NASA Missions Operations Directorate (MOD). Activities in this position included: 1. Performing UNIX system information security configuration audits. 2. Writing and reviewing standard operating procedures (SOP) for incident response disaster recovery, sensitive information classification and other topics. 3. Administering security awareness training for NASA MOD which included topics on Privacy Act of 1974, OMB Circular 130, and other related official publication with respect to NASA MOD. 4. Conducting incident investigations with respect to employee and/or management significant information security events. 5. Maintaining current awareness of information security technologies (i.e., log management, firewall, physical, etc.) with respect to the needs of NASA MOD. 6. Helped establish the NASA Technology Information Security Conference (TISC)

Flight control operations required intimate knowledge of shuttle systems. Activities and achievements in this position included:1. Direct flight support on console and simulations 2. Review, modification, and walk-through (with astronauts) shuttle operation and console procedures 3. Writing flight support applications in C 4. Achieving orbit, ascent/entry, and space-lab certifications for flight operations

As an electrical engineer for TVA, I supported plant electrical systems within the Browns Ferry and Sequoia nuclear power facilities. Responsibilities included:1. Plant electrical system analysis 2. Review, modification, and walk-through of system maintenance procedures