SUMMARY:

  • Information Security Consultant with more than 10+ years of professional experience.
  • Expertise in the areas of Security Policies and Procedures, Vulnerability Assessment, Wireless Security, Risk Assessment and Mitigation, and Network Architecture and Administration
  • Extremely proficient in risk management, risk analysis, risk factoring; threat modeling, incident response, incident analysis and reporting, vulnerability assessment and penetration testing, with a special emphasis on information assurance protection, detection, reaction and restoration
  • Certified Information Systems Security Professional certification from the ISC2
  • Key developer to Factor Analysis of Information Risk (FAIR) certification body with www.riskmanagementinsight.com
  • Responsible for the Information Security Services practice for a $20M/yr. consulting firm

PROFILE:

Risk Assessment and Mitigation

Risk assessment and risk mitigation are some of my strongest skills. Recently, I was involved in a project to help define and create a quantitative risk analysis framework for standardization of risk analysis. The new framework utilized Bayesian statistical analysis and Monte Carlo risk modeling to present the best information for threat analysis and vulnerability strength decisions, this new program is being evaluated by the BITS Financial Services Roundtable.

Education, Awareness and Training

I created and developed training programs for multiple departments encompassing many levels of technical programs. Training included hardware and software installation, Microsoft Office User Specialist Training, Information Security Training, and general Information Security Awareness programs. I have developed multi-level training basals for IT security personnel and for Network Administrators encompassing general computer use training up to advanced IT risk management training.

Security Policies and Procedures

Extensive experience with security policies, including creation of Wireless, HIPAA, Spy-ware and Mobile Code, Remote Desktop Access, Penetration Testing rules of engagement and ID Administration policy. My procedure writing experience includes Incident Response, Database Administration, Forensic Preservation, system configuration, vulnerability (patch) management and many user administration procedures. My policies and procedures are in use by large state government organizations and fortune 100 financial companies.

Network Architecture and Administration

I have seven years of experience with enterprise and large scale network architecture (30,000+ users) and three years (10,000+ users) network administration experience. I design, implement and maintain secure network infrastructure solutions for users including e-mail, web services, perimeter defense, core services, routing, switching and fiber-channel networks and segments.

Wireless Security

I have extensive experience with wireless security and assessments. Far beyond typical war-driving, I have consulted on, architected and implemented advanced wireless networks using not just standard practice, but by utilizing my experience with Radio Frequency (RF) propagation, Side-lobe emissions/blanking, antenna construction/placement, and power regulation. I devised a system for the DoD that utilizes GPS, multiple RF antennas and power metering to perform real-time direction finding and RF location determination with triangulation. I have also worked with military RF equipment in the creation of high power, high bandwidth, long range WAN connections.

TECHNICAL:

ASP.NET (C#, VBScript, JavaScript) SQL, MS Visual Basic, MS VBA, C Script, Perl, HTML/xHTML/XML/WML/SGML, ISS RealSecure SiteProtector, ISS Internet Scanner, ISS Fusion, ISS Network and Server Sensor; Checkpoint Provider-1 NG FP1-4, Nessus, Core Impact, Shadow, Snort, Dragon, Cisco Secure, Enterprise, PIX, Raptor, Nokia Horizon Manager, SSH, RSA Cleartrust, LDAP, Novell e-Directory, MS-SQL, ORACLE, DB2, Windows NT/2000/XP/2003, Solaris 7,8,9, Linux, HP-UX 10.20, 11, Mac OSX and OSX.3, BSD, FreeBSD

EMPLOYMENT:

03/05 to Present Sr. Information Security Consultant
UNICON International, Inc.

03/04 to 03/05 Information Security Consultant
Nationwide Mutual Insurance Company

10/01 to 02/04 Principal Systems Architect (Consultant)
TekSystems @ Defense Logistics Agency, Computer Emergency Response Team (CERT)

06/97 to 10/2001 Information Systems Security Manager (ISSM), Sr. Network Administrator,
U.S. Navy

CERTIFICATIONS:

  • FAIR Certified Master Practitioner, 12/2006
  • Certified AppScan Engineer, 03/2004
  • CISSP Certification, 05/2003
  • Microsoft Certified Systems Engineer, 03/2001
  • Microsoft Certified Professional + Internet, 02/2001
  • Information Systems Security Manager (ISSM), 01/2001
  • Certified Naval Network Security Manager, 09/2000
  • Microsoft Certified Professional, 08/2000
  • Dell Premier Certified Technician, 07/2000
  • Certified Navy Afloat Instructor, 02/2000
  • Navy Certified Network Administrator Level I-III, 12/1999


EDUCATION:

Western Governors University; Salt Lake City, UT; In Progress (July 2007)

TRAINING:

SANS GIAC Advanced Intrusion Detection Systems
New York, NY; 2002

Various Microsoft Official Curriculum; 2000-2004
Yokosuka, Japan, Washington, D.C., Columbus, OH

Advanced Weapons Computer Technician School; Dahlgren, VA; 1996
Graduated 2 of 31 with a 98.95% as a Distinguished Military Honor Graduate

Advanced Electronics Technical School; 1996Great Lakes, IL
Graduated 1 of 26 with a 97.09% as a Distinguished Military Honor Graduate

Weapons Computer Technician School; Great Lakes, IL; 1996
Graduated 3 of 19 with a 94% as a Military Honor Graduate



Valid XHTML 1.0 Strict