Leader of Healthcare Security Operations and Assurance programsBuilding the SOC program from greenfield to it's current state of continuous growth and improvement

Technical Manager for a team supporting various security functions, including but not limited to, incident response, vulnerability management, configuration management, SIEM, IDS/IPS, and malware detection.Improved vulnerability scanning procedures and troubleshooting through the use internal & external scanners as well as common open-source tools, such as NMap and Metasploit. Stayed abreast of current vulnerabilities and exploits by reviewing news sites, vendor notifications, attending conferences and conversing with other InfoSec professionals. Prioritized vulnerability mitigation based on risk analysis, review of infrastructure, publicly available exploits and ease of attack. Implemented mitigating controls when appropriate, such as configuration changes to Web Application firewalls, Web Content Gateways and Email Gateways. When immediate mitigation was not feasible configured IDS and SIEM alerts by researching and implementing signatures of exploits.Investigated incidents involving malware and data exfiltration by reviewing firewall and antivirus logs. Consulted external sources for malware review.Drove team to continuously improve systems and skills through knowledge transfer, cross training and documentation of procedures ensuring practices were consistent & repeatable. Developed budget requests and road maps with Senior Management. Regularly met with Executive and Senior Management to discuss current issues, initiatives and risks.Acted as liaison between Information Security and other business units

Senior Consultant specializing in FISMA, HIPAA and PCI compliance. Developed security recommendations, roadmaps, and solutions for clients in an effort to solve client security concernsPerformed internal penetration testing of secure networks, including gaining physical access to facilities.Identified the key gaps between the target and current state and prioritize them based upon estimated impact level and organizational readiness for change management. Performed PCI DSS readiness assessments for clients preparing to undergo onsite assessment and fill out self-assessment questionnaires.Participated in phishing campaigns to gain credentials used to gain access to systems.Utilized aircrack, airmon and airodump to conduct wireless assessments and gain access to corporate wireless networks.Performed information gathering scans using NMap and Metasploit scanners.

Information Security Analyst for Centers for Medicare and Medicaid Services (CMS) Business partner. Ensuring multiple sites adhere to Company, HIPAA and FISMA security standards.Improved vulnerability management program by researching solutions to deficiencies, submitting proposals budgets for remediation, and implementing solutions. Maintained vulnerability scanning infrastructure, ensuring scans completed and reporting was available and accurate.Worked independently to define and implement security initiatives. Determined mitigating controls for required software packages.Maintained and updated security documentation; Policies, Procedures, Guidelines, System Security Plans, Contingency plans and Risk Assessments.Conducted incident investigations into virus/malware infection, lost IT equipment and potential incidents of Personally Identifiable Information (PII) release.

I am responsible for maintaining the systems and network equipment for Advancemed, a division of CSC, in the Nashville office. The group is expanding quickly and I am building the site to be a model for similar units that will be placed throughout the country.

While with DoDDS I supported and maintained a school with 700 computer systems and approximately 1500 users. Some days it was pure insanity but most days it was an amazing experience with plenty of room to learn new skills and techniques to make such a large system run with minimal downtime.