Principal Consultant: Identity Management, Public Key Infrastructure, Cryptography, PIV/CAC

• As VP, functioned as the Global Product Manager for Citigroup’s Identity Management Products in use in over 160 countries• Drafted and implemented the organization vetting process to comply with PIV-I and KYC/AML standards

As Director of Technology, guided the development of a suite of information security products Including a fully proprietary, carrier grade Security Information and Event Monitoring (SIEM) solution complete with Customer Relationship Management, near real-time ticketing, and a Two-factor OTP authentication solution with incorporated rule/role-based models and geo-positioning algorithms.

• Lead security officer for the GSA HSPD-12 (USAccess) program from proposal to O&M. • Represented the program to authorizing officials and program stakeholders.• Directed the development of security practices in a new line of Northrop Grumman business (Identity Management).

• As the SmartCard and Credential Team Lead, drafted the VA Registration Practices Statement (RPS) and the VA Key Recovery Practices Statement (KRPS).• Conducted the gap assessment between FIPS 201 (including supporting SP800s) and the Federal PKI Common Policy the drove VA program objectives.

• Designed the FDA's automated system for securely receiving, verifying, organizing and tracking industry originated pharmaceutical applications.• Led project team in efforts to refine and strengthen project business and functional requirements in addition to project scope.• Drafted both the project's system design document and test plan.• Established a formal project plan to include the development of C&A documentation during the implementation of the project.

• Established baseline requirements for a Department-wide HSPD-12 (FIPS 201/PIV) Credentialing Program.• Co-authored the DOT Identification and Authentication Management Service (IMAS) Initial Requirements Document (IRD) to include requisite C&A requirements.• Drafted the FAA Logical Access Control Policy Guideline, which set the requirements for single sign-on using the DOT HSPD-12 compliant PIV credential.

• Established the USCG PKI Project.• Drafted the PKI CONOPS, Implementation Policy and Project Plan.• Represented the CG at DoD/DHS Identity Management and Protection Forums .• Held the CG Chair at the Department of Defense PKI/ACO/BMO Program Management Reviews (run by DMDC)• Developed curriculum and trained all echelon 1 and 2 support units.• Chaired the PKI Technical Working Group.• Designed and managed the implementation and operations of multiple PKI support architectures (OCSP, CPR and Digital Signatures).• Established the framework for Net-Centric Warfare (Single Sign-On) using smart-cards, biometrics, directories and X.509 certificates.• Supervised a team of PKI Support Specialists.• Developed the configuration management baseline for PKI and associated trust models for the CG Information System enterprise.• Briefed upper echelon commanders on PKI Policy, Implementation Status and Operational Requirements.

• Managed Client Accounts (sales, invoicing, relations etc..)• Responsible for the Secure Information Systems operations of 20+ Clients.• Implemented security procedures and controls both physically and electronically to provide a secure information environment for clients.• Information System security included penetration testing, firewalls, cryptography (PKI), secure website creation and remote access solutions.• Physical security included biometric access points, swipe-cards/RFID, CCTV surveillance and physical security of hard stored documents (to include access monitoring).

• Traveled Internationally on behalf of Entrust to perform client PKI integrations and program implementations.• Assisted with numerous CP/CPS audits and executed CA key generation ceremonies for World Bank, JP Morgan, CRESTCO, USDA etc..• Interfaced directly with customers adapting company security and implementation strategies with customer requirements.• Worked part-time in the FIPS 140-1 Cryptographic Evaluation and Assessment Lab (CEAL).• Co-authored Certificate Policies and Certificate Practices Statements (CP/CPS).• Designed and implemented secure portals and single sign-on solutions for corporate applications and information using Entrust Products and X.500 directories.

• Founded a local computer solutions company.