Led all projects from the security perspective for a large scale USG FISMA high rated critical infrastructure system using NIST 800-53 controls; Led program through annual SA&A audits and POAM resolution; built Vulnerability Management Program and reduced vulnerabilities by 3/4's using Tenable Nessus and HP Fortify to identify system and programmatic vulnerabilities; Implemented Splunk queries for reporting; Implemented 2FA utilizing MS Active Directory and privilege management with Centrify and CyberArk; Transitioned Symantec Endpoint Protection to Crowdstrike. Implemented change control for security controls on all networking changes including firewalls, routers, switches, protocols, etc. Strengthened environment by eliminating high risk protocols in use; Implemented MS jump servers to force 2FA where software did not support 2FA authentication. Worked with SOC on Splunk alerts and triaging events in order to implement standardized event management and response.Mentored junior staff on a regular basis to build team strength. Implemented warm hand-offs in order to ensure proper resolution on identified weaknesses and ensure correct deliverables.

Evaluate ISO 27000 and NIST 800 Series requirements; generate risk analysis, strengthen system diagrams, data classification, process flowcharts, boundary documents, functional and technical documentation, security controls and plans; and recommendations for all remediation needed.Generate security gap analysis reports, remediation plans, estimate levels of effort to deliver availability and scalability.Working with business units to develop cloud transition plans utilizing AWS Public and GovCloud security groups, firewalls, and load balancers; configurations with zero trust networking and micro-segmentation.Develop external system connectivity plans for IoT devices, utilizing bastian hosts and content filtering.Providing second tier cloud operational alert analysis from deep packet inspection on Palo Alto firewalls and reported in Alienware and Splunk. Develop host and network based intrusion and alert items to report from hosts and firewalls.Utilize Tenable and Nessus network and risk and vulnerability scanning systems.Provide analysis of existing data governance, legal frameworks, and IT standards and policies, and provide recommendations for strengthening governance, continuity, change control, data quality, confidentiality, and assurance.Analysis of network and server’s utilization and capacity against strategic plans; generating alternatives analysis for network services and capacity planning.Evaluate on-prem and cloud systems for gaps against FEDRamp, DoD Impact Levels, EAL, ISO, SOC Level 2, and other best practices frameworks.

Senior Data Analyst - CDC Global AIDS ProgramCISSPProvided national level security analysis (hardware, software, exposed interfaces, protocols, logging, networks, VPNs, firewalls) for dozens of countries sensitive health data systems (HIV/TB); and follow up design and remediation plans. Provided analysis of existing data governance, legal frameworks, and IT standards and policies, and provided recommendations for strengthening governance, change control, data quality, confidentiality, and assurance.Evaluated FEDRAMP approved cloud solutions for use with HIV and TB data systems.Provided discovery and documentation of international US Government systems and security controls pertaining to USG requirements, FedRAMP and NIST; generated system diagrams, data and process flowcharts, boundary documents, functional and technical documentation, security controls and plans; and recommendations for all remediation needed.Provided senior business analyst and project management for US government inter-agency and international projects.Provided business, data, and technical analysis and architecture for clinic and hospital systems; for adding functionality, reporting, and data exchange with web and service based architecture.Connected clinical health systems to reporting system using HL7 messaging.Provided multi-year analysis and plans for health systems and data for a variety of countries in resource poor settings, designing and implementing national service architectures.Developed assessment reports and co-developed evaluation frameworks on a variety of health system related disciplines, including data standards, data sharing, confidentiality and security, program management, and human resources. Remediation reports included everything from application role based security and data classification to protocols on the wire and network security.Provided project performance and financial reporting to OMB on the CDC/Global AIDS Program information system projects.

Security Team Leader - CDC Office of the Chief Information Security Officer – Atlanta, GA Provided security policy development, project management, and senior security engineering for CDC.Supervised a team of 27 persons and provided 3rd tier security support.Researched government requirements in HIPAA, FISMA, NIST, and Health and Human Services documents, and analyzed and generated CDC requirements and recommendations.Generated numerous system boundary documents, security assessments, security plans, and remediation (POAM) plans.Generated draft security policies for CDC.

Partner and Principal ConsultantSuccessfully acted as senior engineer and project manager while providing senior sales support (as sales closer), pre-sales technical support, and 3rd tier technical support.Evaluated numerous businesses network and system security and continuity using BS7799 (ISO 27001), generated assessments, and recommended paths forward.Successfully built security practice policies and procedures for a number of companies.Wrote project plans, and discovery and implementation procedures for services being performed.Evaluated software and hardware systems and negotiated relationships with vendors.Developed general business plans.

Director of Technical ServicesActed as senior project manager and handled critical penetration testing and vulnerability assessments.Provided secure network architecture based on data classification and required availability, with no single points of failure, load balancing, multiple ISPs, and secure networking as per client requirements.Provided discovery and generated security analysis for online banks and credit unions, education, and other sectors.Generated remediation plans and implemented security controls and network devices for banking, education, and business sectors.Analyzed critical systems and networks for continuity and generated gap analysis’ and remediation plans.Built security practice policies and procedures for daily operations.Wrote project plans, and discovery and implementation procedures for services being performed.Evaluated software and hardware systems and negotiated relationships with vendors.Developed products including diagnostic vulnerability testing and assessment; and marketing materials.Provided senior sales support and pre-sales technical support.

Director of IT Operations Evaluated, negotiated, purchased, and managed implementation and operation of data processing systems for an Oracle based, large utility billing system, which handled billions of transactions monthly.Designed and implemented two data centers.Designed and implemented large communication links including MANs and WANs.Evaluated, negotiated, purchased, and managed implementation of administrative and call center telephone systems.Managed development team of 6 internet developers.Managed development team of 2 internal audit analysts performing SAS 70 compliant audits.Managed IT Operations team of 57 employees.Developed Y2K and disaster recovery plans.

VP of Information SystemsManaged systems operation team and 5 person development team.Managed compliance reporting and generated reports to state and federal agencies.Oversaw phone services, negotiated local and long-distance communications contracts.Provided 3rd tier technical support.Acted as senior developer and supervised the systems development team.Evaluated, purchased, and implemented network hardware and software, and database servers.Evaluated, purchased, and implemented company internet presence and dial-up communications facilities.

Manager of Special Projects and Systems Support BranchDesigned and implemented numerous data centers.Developed and implemented Laboratory Information Management Systems and a CDC wide specimen tracking system.Interfaced with research scientists to develop specifications for data systems.Installed the first local area networking at CDC, and architected and helped implement local area networking agency wide.Worked with senior management to restructure the CDC wide computer resources, implementing decentralization of computer resources at CDC; and dramatically improving computing performance.Managed the systems support and database development groups.Worked with medical scientists to design and develop patient tracking and study analysis software.Designed and implemented large scale data backup and disaster recovery systems.Evaluated, purchased, and implemented global email, image storage and retrieval, dial up networking, fax, mainframe data exchange, unified printing, and standardized desktop deployment systems.Evaluated and implemented database servers and development tools.Worked with employees and government officials in various foreign governments to design and implement AIDS tracking and analysis systems.Provided 3rd tier systems analysis and support to other CDC technical personnel.