Maintain and support daily operations of Threat and Vulnerability Management Program (TVM)Meet monthly with platform owners to discuss open vulnerabilities and patching cyclesEnsure platform groups are adhering to patch SLAsIdentify applications for patching to reduce risk to the companyIdentify areas for risk reduction

Projects:• Test, evaluate, and recommend essential security operations tools and vendors for Endpoint Detection and Response (EDR), Managed Security Service Provider (MSSP), and Security Information and Event Management (SIEM)• Work with team to configure selected SIEM and EDR tools.• Work with team to create a Security Operations Center (SOC) including the MSSP, EDR, and SIEM tools and vendors selected.Roles and Responsibilities:• Currently evaluating our current EDR/AV/SOC requirements and capabilities and suggesting new solutions to meet all of our needs and requirements.• Responsible for identification, isolation, triage, and enterprise-wide remediation for both real and perceived threats.• Drive detection and remediation of known IT security-related infrastructure vulnerabilities.• Identify and investigate gaps and propose solutions for missing capabilities that are identified during remediation and business response.• Help establish a process for measuring and monitoring the effectiveness of the tools and techniques for IT security incidents.• Assist the IT Security Operations Lead in monitoring IT Security-related enterprise metrics and actively run programs, processes or projects as needed to meet or exceed minimum acceptable performance• Create and maintain standard operating procedures related to response to external incidents, internal self-identified vulnerabilities, and insider threats to ensure the team’s preparedness to respond appropriately• Drive remediation of all vulnerabilities on GE Transportation endpoints, ensuring appropriate response to high risk and aged findings.

Completed Projects:• Removed WannaCry/EternalBlue/DoublePulsar from GE Transportation network using custom Splunk searches and reports divided into subnets and geographic locations for quick remediation of infection.• Determined that WannaCry/EternalBlue/DoublePulsar proliferation through our network was due to endpoint/server images not being upgraded with latest patches before being installed on production devices.• Recommended a new procedure to our CISO/CIO to stop all endpoint/server installations during a high priority vulnerability/threat in our environment. Suggested that new images with latest patches be created before new devices were installed on our network.Roles and Responsibilities:• Currently evaluating our current EDR/AV/SOC requirements and capabilities and suggesting new solutions to meet all of our needs and requirements.• Responsible for identification, isolation, triage, and enterprise-wide remediation for both real and perceived threats.• Drive detection and remediation of known IT security-related infrastructure vulnerabilities.• Identify and investigate gaps and propose solutions for missing capabilities that are identified during remediation and business response.• Help establish a process for measuring and monitoring the effectiveness of the tools and techniques for IT security incidents.• Assist the IT Security Operations Lead in monitoring IT Security-related enterprise metrics and actively run programs, processes or projects as needed to meet or exceed minimum acceptable performance• Create and maintain standard operating procedures related to response to external incidents, internal self-identified vulnerabilities, and insider threats to ensure the team’s preparedness to respond appropriately• Drive remediation of all vulnerabilities on GE Transportation endpoints, ensuring appropriate response to high risk and aged findings.

• Support the development of new Remote Monitoring & Diagnostic software• Maintain and develop testing schedules• Liaison between end users and development team• Gather end user requirements

Roles and Responsibilities: • Routine line management and leadership of staff within the Information Security Management function• Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security• Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies• Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the SVP of Technology • Leads the design and establishment of security requirements, security designs and implementing strategies and solutions to protect BSI from information security breaches.• Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations• Leads or commissions suitable information security awareness, training and educational activities• Leads or commissions information security risk assessments and controls selection activities• Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties• Actively assist the security requirements and design processes associated with the implementation of new and changed business processes and information systems• Investigate and report on information security issues, exposures, and threats and recommend mitigation action• Ensure that security logs and events are monitored and implement appropriate strategies

Completed Projects:• Perform a full security audit for all 5 locations.• Perform network drive consolidation and cleanup.• Update Document Management Processes and Procedures.• Update Security Policies and Training classes• Review all Information Security and Disaster Recovery Policies and Procedures.• Review Information Security Policies and Business Continuity Plans for potential vendors.Roles and Responsibilities:• Manage the information security function in accordance with the established policies and guidelines.• Establish and maintain information security standards and procedures in compliance with information security and risk management policies, standards and guidelines.• Function as an internal consulting resource on information security issues.• Conduct the information security risk assessment program. • Review compliance with the information security policy and associated procedures.• Coordinate information security efforts with the IT Infrastructure Team.• Coordinate security orientation and security awareness programs.• Assist in coordinating contingency plan tests on a regular basis• Lead planning and/or implementation of projects. May participate in the design and/or testing phases. • Facilitate the definition of project missions, goals, tasks, and resource requirements; resolve or assist in the resolution of conflicts within and between projects or functional areas; develop methods to monitor project or area progress; and provide corrective supervision if necessary. • Responsibility for assembling the project staff; for their technical or functional development, performance, and/or termination during the project or projects. • Manage project budget and resource allocation. . Work cross-functionally to solve problems and implement changes. • Present oral and written reports defining plans, problems, and resolutions to appropriate levels of management.

• Lead planning and/or implementation of projects. May participate in the design and/or testing phases. • Facilitate the definition of project missions, goals, tasks, and resource requirements; resolve or assist in the resolution of conflicts within and between projects or functional areas; develop methods to monitor project or area progress; and provide corrective supervision if necessary. • Responsibility for assembling the project staff; for their technical or functional development, performance, and/or termination during the project or projects. • Manage project budget and resource allocation. • Facilitate the definition of service levels and customer requirements. Interact regularly with existing or potential clients to determine their needs and to develop plans for improving delivery. Advocate on behalf of clients and represent clients' needs as appropriate to senior management. Work cross-functionally to solve problems and implement changes. • Present oral and written reports defining plans, problems, and resolutions to appropriate levels of management.• Maintain and modify Salesforce

Completed Projects:• Completed construction of expanded area at the Titusville, PA location which included the construction of a new server room with anti-static tile, dedicated A/C unit, dedicated electrical service, and fire suppression system. This project was completed and all employees were moved into this area in 30 days.Roles and Responsibilities:• Manages daily operations of programming unit, provides technical expertise to staff supervised, and resolves problems escalated to the Supervisor level.• Develops work plans, goals, and objectives, and evaluates project progress in relation to programming unit activities.• Create industry level software standards, definitions and processes.• Ensure that all software standards, methodologies and processes are followed.• Ensure that all development and test steps are documented in the software and as external functional documents..• Advises and consults with departments regarding the identification of software and information infrastructure problem areas, determines procedural changes and/or application program modifications, and assists with problem resolution.• Manages, maintains, and monitors project plans, timelines, and testing.• Conducts research and analysis on the development of work plans for software enhancement and solutions to software deficiencies.

Completed Projects:• Maintained the IT Vendor Management program• Review Information Security Policies and Business Continuity Plans for potential vendors.• Updated and maintained the Information Security Policy and the Business Continuity Program.• Wrote and implemented the Disaster Recovery Plan• Maintained an open and informative working relationship with all department managers across all BSI Financial sites. • Updated the entire network at the Titusville, PA location to current standards• Updated IT infrastructure and hardware across all BSI Financial sites to current standards• Virtualized 90% of all servers across all BSI Financial sites utilizing VMware vSphere 5• Assisted the CIO with annual IT budget• Implemented and installed an Anti-virus program across all BSI Financial sites• Updated and implemented Group Policies• Setup Active Directory Security Groups• Setup offsite Web and Database servers at RackspaceRoles and Responsibilities:• Ensure the IT infrastructure is built to meet business objectives and cost-effectively scale for the future in terms of reliability, growth, performance and productivity.• Help determine need for and coordinate third party contractors as required to implement infrastructure solution.• Review and update informational security policies on periodic basis• Provide user awareness sessions and testing on BSI information security policy• Interface with vendors for support services in telephone, computers, and network systems. • Maintain inventory of supplies and spare parts. Research and recommend new and replacement equipment as needed.• Conduct Team meetings, providing guidance and direction in accordance with overall strategy• Coach and direct network staff in operational activities to ensure compliance with departmental and company goals and objectives• Review on a continual basis the department procedures, staffing and equipment for maximum efficiency while controlling costs