• Managed and improved the Infrastructure Vulnerability Assessment Program, including configuring, scheduling, monitoring, and reporting results of vulnerability, patch, and compliance scans.• Administered, maintained, and improved configuration of the McAfee Vulnerability Manager (MVM) and the Scuba Database Vulnerability Assessment tools. • Trained and led staff on operation and maintenance of tools.• Created and distributed custom vulnerability, patch, compliance and KRI reports to platform teams and IT and Security management. Reports created in QlikView and SQL Server Reporting Services using T-SQL.• Participated in and contributed to the Patch and Vulnerability and Infrastructure Risk Remediation groups.• Led the Americas Vulnerability Rating Forum (VRF), producing business and environment-specific ratings of patches and vulnerabilities. Provided input and challenges to the Global VRF.• Improved and updated Standard Operating Procedures and Configuration and User Guides for the Vulnerability Assessment Program.

I perform security risk assessments of applications and infrastructure. This involves researching and understanding the business purpose of applications in order to perform risk assessment in the appropriate context. I analyze the output of vulnerability scans, penetration tests, SIEM and NIPS alerts, logical access and change management testing and documentation, and other relevant output. I interview technical and business owners of applications and infrastructure, explain and validate risk issues with them, and formalize risk issues for tracking and remediation.

I perform IT audits including support of financial audits and SOX opinions for both public and private companies. I also perform third party reporting assessments, including SOC 1, and SOC 2 for security and privacy. Additionally, I perform IT security consulting services. These services include capabilities and tools assessments, enterprise behavioral malware analysis, and compliance audits.