Current project: Head-to-head PoC of two SIEM/UEBA vendorsPerformed security reviews of AWS, Azure, and on-premise systems to ensure best practices and avoid common pitfalls.Corporate IT tended to review compliance items (full-disk encryption, updates, etc.) only during audits. Created “Governance calendar” and reports to periodically review audit items and ensure compliance between audits.Some systems have vulnerabilities, but for various reasons cannot be patched. We implemented IPsec with user authentication to segment vulnerable systems and reduce attack surface to a handful of user accounts.Created extensible Powershell reports to audit Active Directory for errors and provide report with instructions to remediate.Performed gap analyses of NIST 800-53/FISMA and NIST CSF to compare cost of compliance/remediation with potential new business

Managed team of 4 employeesImplemented Forcepoint/Websense web, disk, and email DLP systems with email encryption in-house in less than a year, including testing and user training.Created a locked-down laptop image that routed all traffic via DirectAccess and prevented any local output via printing, removable storage, wireless, or Bluetooth to meet customer requirementsImplemented Device42 to map and document dependencies using netflow and netstat data and identify configuration errors (such as production systems connecting to non-prod database servers).Deployed Foreman to do automatic, repeatable installs of CentOS and applications at remote sites without an on-site technician.Previous vulnerability scans were performed without authentication, missing many vulnerabilities. We implemented Tenable’s SecurityCenter (Nessus) to perform authenticated scans on all systems, manage the vulnerability lifecycle, and provide reports to stakeholders and management.Implemented Safenet/Gemalto Luna HSMs in FIPS 140-2 mode to secure a 3-tier PKI using Microsoft Certificate Services. We created scripts and reports to notify system owners of pending certificate expiration, and automated renewal where possible.We require all encryption in transit of all confidential data, but CIFS pre-3.0 does not support encryption. We implemented Windows IPsec to encrypt any protocols where native encryption was unsupported.We also require all confidential data to be encrypted at rest, but our version of VMware did not support disk encryption. Implemented Safenet’s ProtectV full-disk encryption process on 85 Windows VMs and verified performance.IT users with knowledge of the wire transfer process posed a risk of submitting unauthorized wire transfers. We implemented Tripwire to monitor all wire transfers and alert business users if an unexpected wire transfer was requested.Created, updated, and maintained corporate policy documents

Managed team of 10 employees Performed two datacenter moves to lower costs and improve infrastructureDesigned and built Microsoft RDS farm supporting over 500 users in India on thin clientsCreated automated deployment scripts to create repeatable, reliable server builds.Reduced overnight/on-call incidents from several times per week to less than one per month.Virtualized server workloads to reduce physical server count and simplify disaster recoveryPerformed several successful disaster-recovery/business continuity tests

Rebuilt and maintained 16-server Microsoft Terminal Server farm with Netilla front-endDeveloped automated install procedure for servers using MS RISTeam lead for Designing and rebuilding disaster-recovery data center (racks, cabling, power)Developed web application for saving and querying syslog data (PHP, PostgreSQL)Maintenance and troubleshooting for Double-Take disaster-recovery softwareMonitoring and server management using HP SIM and custom scriptsDeveloped bootable CDs for automated installation of servers with patches, HP drivers and AVGeneral server installation, troubleshooting, and supportDesigned ssh/Unison-based solution for secure replication of data between servers

Enterprise wide deployment of MS SMS; standardization of patch level on all systemsMigration of medium-sized data center from El Paso, TX to Bristol, PA without service interruptionMigrated 500 users, 8 Netware servers, 2TB of data from White Plains, NY data center to Windows servers in Bristol, PAMonitoring of enterprise network using MOM 2005, Openview and CiscoworksMonitoring of enterprise servers using HP SIM, Ipswitch What’s Up GoldDesigned, deployed internal intrusion-detection system using Snort on OpenBSDInternal vulnerability assessments using NessusDeveloped:• VBScript/XML-based logon script for managing complex drive mappings and printers • Web application (ASP.Net, MSSQL) to track installation of desktop/server computers• Application for remote installation of patches• Sharepoint application for IT documentation, change management• Automated tools for finding, removing worms/viruses• Scripts for large-scale changes and standardization (DNS, WINS, etc.)

Successful migration of 15,000 users to a new Active Directory forest and Exchange organizationDeveloped Intranet web site to report real-time progress of migrationDevelopment of custom scripts and applications to solve problems:• Service to monitor Clearswift email queue size and export as performance counters • Application to enable Exchange IM for users by region en masse• Application to measure inbound SMTP latency by sending email, then measuring delivery time via WebDAV• Application to create email distribution lists for users on each Exchange storage group and database• Emergency script to repair/regenerate email addresses accidentally deleted• Service to monitor Antigen text log file, then log relevant alerts to NT event log• Multi-threaded application to scan network searching for machines vulnerable to MS03-007 exploit• Wrote “how-to” scripts to demonstrate concepts to Provisioning deployment team• Developed automated server-installation procedures to install servers, applications and patches to ensure consistent deployments• Wrote application to synchronize legacy Exchange 5.5 data with Active Directory contacts• Created reporting tool for mailbox usage across multiple servers• Monitoring/graphing tool to report trends in number of concurrent users per server