DevSecOps Cyber Security Engineer. May 2023 (MSP ITSEC5)UC Davis Hospital Information Security Operations Team - Perform Blue and Purple Team penetration test on organizations assets.-Work with the Developer teams to build security testing and automation into the development lifecycle as part of the DevSecOps team.-Lead the organizations DevSecOps cyber security for the Healthcare development and data analytics.- Recommending mitigation controls systems and applications following ISO 27001, NIST CSF, FIPS, HIPAA, HITECH, PCI-DSS, FDA and other frameworks and requirements.-Develop and publish policy to the UC Davis Hospital Policy Library to guide compliance with UC Systemwide Policies including IS-3, and TJC, HIPAA, ISO, NIST CSF, PCI-DSS, FDA and other frameworks and requirements.Cyber Risk Analyst May 2020 to May 2023 (MSP ITSEC4)UC Davis Hospital Information Security GRC Team - Perform Cyber risk assessments for systems, devices and applications following the NIST SP 800-30, 800-37 and 800-39 frameworks and requirements.-Perform Cyber Security Supply Chain risk assessments (VRA) applying UCOP IS-3 and the NIST IR 8286 series.-Evaluate, document and report on Cyber risk applying the NIST IR 8286 series, and the UC Systemwide Policies.- Recommending mitigation controls systems and applications following ISO 27001, NIST CSF, FIPS, HIPAA, HITECH, PCI-DSS, FDA and other frameworks and requirements.-Develop and publish policy to the UC Davis Hospital Policy Library to guide compliance with UC Systemwide Policies including IS-3, and TJC, HIPAA, ISO, NIST CSF, PCI-DSS, FDA and other frameworks and requirements.

DHCS MediCal for San Joaquin and Stanislaus County (MSP ITSEC4)- Engineering, architecting and configuring the security tools into the infrastructure, to include Nessus, Tenable.SC, Splunk among others.- Audit and Compliance to SOX, FIPS, NIST, and industry standards and best practices for the handling of PII, HIPAA, PHI, PCI-DSS, Legal, Financial, and Investigative data.- Developing the Enterprise Information Security Architecture.- Engineering and developing security controls for new systems and applications being deployed into the environment.- Developing and implementing the information security incidence policy and procedures for systems where loss of life during system downtime is possible, to include the development of contingency plans based on the business objectives and service level agreements.-Participating and reviewing all IT projects and implementations to insure compliance with security standards.

Information Security Architect for the Child Welfare Digital Services (https://cwds.ca.gov) DevSecOps team. (ITS II)- Vulnerability and Penetration Testing using Kali Offense, Nessus and Burp Suite Professional among other tools to perform penetration test and cyber-attacks on State information systems as part of a holistic cyber hardening strategy in both on premise and cloud environments.-Risk analysis of penetration and vulnerability scans to identify and qualify or quantify the organizations risk and develop mitigation plans.Engineering, architecting and configuring the security tools into the infrastructure, to include Nessus, Tenable.IO, Rapid7, Checkmark, Palo Alto, Splunk, Kali Offense, and JFrog Xray among others.- Developing Continuous Integration / Continuous Delivery (CI/CD) solutions to provide integration of security into every phase of the systems and software development life-cycle using dynamic, static, and manual testing, and automated security validation for containers, dependencies, and infrastructure components.- Audit and Compliance to SOX, SAM, SIMM, FIPS, NIST, and industry standards and best practices for the handling of PII, HIPAA, PHI, PCI-DSS, Legal, Financial, and Investigative data.- Developing the Enterprise Information Security Architecture.- Engineering and developing security controls for new systems and applications being deployed into the environment.- Developing and implementing the information security incidence policy and procedures for systems where loss of life during system downtime is possible, to include the development of contingency plans based on the business objectives and service level agreements.-Participating and reviewing all IT projects and implementations to insure compliance with security standards.

Leader for the California Highway Patrol (https://www.chp.ca.gov) Unix / Linux Site Reliability Engineering Team (SRE). (ITS II)Support the CHP high security data centers, dispatch centers and communication networks.

Information Security Engineer for the California Highway Patrol (https://www.chp.ca.gov)DevSecOps team. (ITS II)Special Assignment to support Information Security efforts for the Child Welfare Services California Automated Response and Engagement System (CWS-CARES)Implement security controls in AWS for FIPS 140-2 compliance.Tune and refine the End Point Security Controls.Update the Audit and Non-Repudiation Security Controls to insure full coverage.Support the re-architecture of the Intrusion Prevention controls.Assist in the recruitment and training of the CWDS Security team.

Information Security Leader for the Child Welfare Digital Services (https://cwds.ca.gov) DevSecOps team. (ITS I)Lead the Security Operations team in:- Vulnerability and Penetration Testing using Kali Offense, Nessus, Rapid7 and Zed among other tools to perform penetration test and cyber-attacks on State information systems as part of a holistic cyber hardening strategy in both on premise and cloud environments.-Risk analysis of penetration and vulnerability scans to identify and qualify or quantify the organizations risk and develop mitigation plans.Engineering, architecting and configuring the security tools into the infrastructure, to include Nessus, Tenable.IO, Rapid7, Checkmark, Palo Alto, Splunk, Kali Offense, and JFrog Xray among others.- Developing Continuous Integration / Continuous Delivery (CI/CD) solutions to provide integration of security into every phase of the systems and software development life-cycle using dynamic, static, and manual testing, and automated security validation for containers, dependencies, and infrastructure components.- Audit and Compliance to SOX, SAM, SIMM, FIPS, NIST, and industry standards and best practices for the handling of PII, HIPAA, PTI, PCI-DSS, Legal, Financial, and Investigative data.- Developing the Enterprise Information Security Architecture.- Engineering and developing security controls for new systems and applications being deployed into the environment.- Developing and implementing the information security incidence policy and procedures for systems where loss of life during system downtime is possible, to include the development of contingency plans based on the business objectives and service level agreements.-Participating and reviewing all IT projects and implementations to insure compliance with security standards.

Information Security Officer for the California Student Aid Commission. (SSS II) (https://www.csac.ca.gov/)Lead the Security Team team in managing the Information Security Program:Performing deep penetration scans and cyber attacks on State information systems as part of a holistic cyber hardening strategy.Insuring compliance with all California State and US Federal security and information control standards and policy to include SOX, SAM, SIMM, FIPS, and NIST.Applying industry standards and best practices for the handling of PII, HIPAA, SOPIPA, PCI-DSS, Legal, Financial, Investigative and FERPA data.Participating and reviewing all IT projects and implementations to insure compliance with security standards.Reviewing, developing and implementing security policies and standards.Developing and implementing the Disaster Recovery and Business Continuity Plans, to include leading an annual review and audit of all plans.Developing and implementing the Data Retention and Data Destruction policies.Developing and implementing the Security Incidence policy and procedure, to include the handling of criminal Incidence. The Chief Information Security Officer is the leader for all critical Incidence, including engagement of appropriate law enforcement agencies and follow through with all criminal investigations.Overseeing and insuring delivery of the Information Security and Awareness training.

Manage the IT staff for the Consumes River College campus. (http://crc.losrios.edu/)

Manage the activities of the Incident Management team for middleware applications.• Develop and maintain the work process and on-call processes for the team.• Resolve internal and external conflicts.• Monitor and guide the team to insure team goals are achieved.• Develop and support team knowledge tools.• Develop and implement team and individual training plans.• Recommended changes in recruiting practices that resulted in higher retention and performance for the team.• Audit security and compliance and insure team follows security policy.• Implemented security practices that insured the applications complied with US Defense Department regulations (FISMA) and HP company policy.• Manage team work schedules and day to day activities• Work with partner teams and external vendors to resolve cross platform issues.• Participate in hiring and review activities.

Subject matter expert and senior technical developer for multiple development projects responsible for insuring all aspects of security, support, sourcing, cost, and transition are addressed.• Designed and implemented a –n tier web application for Sun Microsystems that fully automated Sun’s monitoring reporting, allowing Sun a competitive advantage in server sales.• Designed and implemented a 3 tier website for BP Solar based on IIS and MS-SQL that was done in half the normal development time allowing BP to offer a new photovoltaic marketing campaign on time.• Analyze and define requirements.• Work with users during discovery and UAT to define and refine requirements.• Document, chart and diagram solutions.• Code, package and deploy solutions.• Develop and document training plans, and train end users.• Develop and document implementation plans.• Participate in multiple application and hardware refresh projects for –n tier web application, server and desktop systems.

Supported all major and strategic accounts for financial, banking and cash settlement systems as the senior engineer for field services.Major accounts included the US Treasury, California State Controllers Office and all major banks and financial institutions on the west coast.

Supported high security mobile communications systems in a hostile and challenging environment.Served with the Combat Electronics Support Platoons of the 108th and 581st Military Intelligence Battalions, CEWI.