Responsible for establishing, maintaining, and advancing an enterprise-wide information security program that protects the confidentiality, integrity, and availability of the County's information and IT infrastructure. The County includes 21,000+ employees serving a population of approximately 1.9 million in the heart of Silicon Valley.

Conduct daily general assessments of the County’s information security status and participate in responding to security incidents.Collaborate with compliance and privacy teams to address corrective action plans; assists in developing and updating the County IT Incident Response Plan.Identify information security threats and incidents; audit pertinent logs, analyze the results from information security scans and coordinate with County and non-County technical contacts and organizations to identify, investigate, respond and resolve information security incidents.Provide technical input to Countywide information security policies, procedures, standards and practices; participate in the systems development lifecycle performing risk assessments based on pre-defined phases.Coordinate with departmental management and technical support staff to plan, schedule and oversee the implementation of information security solutions.Develop standards, methods and procedures for securely configuring County servers and computer equipment, multi-functional devices, data centers, databases and backups using the national vulnerability database and associated checklists.Define and establish technical standards, methods and tools for investigation of information security incidents and performs investigations when required.Mentor Countywide IT staff to address information security , including assisting in identification, investigation and resolution of issues.Perform analysis and evaluation of County web applications to identify vulnerabilities present in application code; collaborate with web application development team to apply code fixes.Assist the Chief Information Security Officer in collaborating with information security vendors to perform third-party information security audits and coordination with departments.Conduct or assist with forensics investigations to determine if a security breach and/or misuse of information systems or networks has occurred.

Develop policies and procedures for the new cloud computing office at NASA.Follow NIST 800-53 and FISMA guidelines to develop a system security plan and ensure NASA is in compliance with FEDRAMP regulations.Develop incident response, configuration management, penetration testing, and vulnerability scanning plans, as well as completing those duties once NASA’s cloud services go live.Complete live incident response at NASA Ames Research Center for approximately 2,000 active users/systems. Review new technology for implementation into NASA’s cloud environment.Recipient of the NASA Contractor Council Certificate of Excellence in 2014 for work done in the field of Cloud Computing.

Scheduling and operational lead for NASA Tier-2 SOC staffCoordinate training, operational readiness, and new technology implementationsEffectively manage and implement information security policies based on FISMA and other NASA compliance requirements. Reviewed and performed risk analysis, contingency plans and testing of IT controls.

Project lead for completing the NASA IT Security Operations Center system security plan. (FISMA)Project lead on next generation security manager implementation project for NASA (Agency wide)Lead for annual control testing, contingency plan testing, and PIA renewal for SOC, Q-radar, and CCITS-lab plans.Arcsight analyst: Review incoming IDS events, investigate PCAP and alerts for compromises, initiate IP blocks, create tickets in Archer based ticketing system, and interface with NASA Centers.Recipient of NASA Group Achievement Award in 2008 and NASA Group Achievement Award in 2009 for work done in the field of IT Security.

Project lead on next generation security manager implementation project for NASA’s Advanced Super Computing Facility.Project lead for completing the NASA Advanced Super Computer division system security plan.Lead for annual control testing, contingency plan testing, and PIA renewal for all NAS plans.Project lead for division’s compliance of NASA HQ mandated FDCC and CIS benchmarks Performed security scans and audits on all Division computers, servers, and high end supercomputers.NASA certified administrator in Linux, Windows XP, and Mac OS X.Recipient of NASA Ames Honor Award in 2007 for work done in the field of C&A.

Performed computer vulnerability scans of NASA Supercomputer Network.Maintained Elevated Access DB: A MS Access database of privileged internal users.Performed security vulnerability assessments on each system connected to the internal network.Maintained SecureID: Set-up accounts, troubleshoot user issues & distribution of tokens.ITSM quarterly Reporting: Reported ISS scan results and checked for compliance of NASA issued vulnerability list.Performed ISS to Nessus plug-in conversions.