SENIOR INFORMATION SECURITY AND DISASTER RECOVERY PROFESSIONAL
A published and well spoken senior-level Information Security and Disaster Recovery Executive / Professional with success in delivering revenue, profit, and efficiency improvements across diverse industries through effective leadership, strategy development / execution, and IT innovations / support.
Create Security Models, Policies, and Procedures.
Manage Incident Response and Business Continuity Efforts.
Interface with Standards Organizations and Law Enforcement in the pursuit of better security.
Recruited to solve critical IT security challenges for SAIC, Bell Canada, and KPMG Consulting.
Proactive leader adept at maximizing efficiency by bringing projects in on-time and under budget.
• Set up the information security program for one of the largest universities in the United States
• Helped set up the Business Continuity efforts for one of the largest cities in the United States.
• Created a multi-million dollar line of business for Security within KPMG Consulting
• Guest Expert on a regular radio show on a top-10 station in the mid-Atlantic region
• Contributed to the development of the CompTIA e-Biz+ certification
• Envisioned and delivered the Security Council that integrates all lines of business throughout Bell Canada’s Teleglobe.
• Designed the PKI strategy for Cisco Systems.
• Quoted by CNN, the Associated Press, Computerworld, CSO Magazine and others.
Problem solver who skillfully utilizes technology to meet business challenges.
• Led data security for a company specializing in providing crucial data and network infrastructure for organizations such as NCSA, OECD, World Bank, and the Department of Defense.
• Developed automated Internet/IP security Intrusion Detection capabilities to respond to incidents within 30 seconds.
• Recruited by Bell Canada to architect enterprise and data center systems security management for a $6 billion organization.
CERTIFICATIONS • EDUCATION
CISSP, CBCP,MCSE+I, MCT (Microsoft Certified Trainer), CCNA (Cisco Certified Network Associate), e-Biz+
In Progress – MBCP (Master Business Continuity Planner), CPP (Certified Protection Professional)
PROFESSIONAL EXPERIENCE
Temple University, 2003-
CHIEF INFORMATION SECURITY OFFICER
• Building the University Security group from the ground up
• Responsible for budget and personnel for the Security and the Disaster Recovery cost centers
• Creating and directing the activities of the University-wide information security functions, including:
• Developing, implementing, and managing the overall enterprise processes for information risk management, and associated architecture, policies, and procedures.
• Developing and implementing policies, standards and guidelines related to data security, disaster recovery, and business continuity.
• Evaluating and providing direction in matters of privacy and privacy protection.
• Serving as the corporate focal point for security incident response planning, execution, and awareness.
• Overseeing the development of, and be the organizational leader of, a corporate security awareness-training program.
• Ensuring security within individual departments and schools through the deployment of a network of IS officers.
• Developing the University Incident Response procedures
• Analyzing legal and regulatory requirements and develops the plans for compliance with such laws as HIPAA, GLBA and the USA PATRIOT act.
• Liaising with and representing the University to such agencies as the FBI, Secret Service, various police departments, FEMA, and others.
• Analyzing security requirements for a new implementation of a major ERP (Enterprise Resource Planning) System.
• Interfacing with the CIO and other top executives to communicate security vision and achieve buy-in.
• Managing the security framework for vast network of over 30,000 devices, including IBM mainframe computers, UNIX machines, and Windows-based assets.
Bell Canada - BCE Teleglobe, 2001- 2002, Company liquidated
DIRECTOR OF INFORMATION SECURITY (NYSE, TSE: BCE)
• Senior IT Executive with full operating and systems planning responsibility for a newly-formed Information Security Group.
• Act as the Trusted Advisor the top Bell/BCE management in the realms of security.
• Create the Security model, Policies and Procedures for Information Security
• Lead the data security group providing services to major organizations and customers.
• Create and manages the SOC (Security Operations Center) and the CSIRT (Computer Security Incident Response Team)
• Achieve 100% compliance with internal organization Information Security standards.
• Control resource management and allocation of $1.2 Million in IT Security hardware, software and network technologies.
• Introduce leading edge systems security and intellectual property protection technologies.
• Manage IT Security systems configuration for all new technology acquisitions and internal development projects.
• Build cross-divisional consensus focusing on overall Information Security strategies.
• Analyze user, customer, and management and data security needs to recommend security policies and product solutions.
• Responsible for Internet Security architecture as well as corporate security policy creation and enforcement.
• Act as focal point for information security protection knowledge for organization worldwide.
• Interface with law enforcement, standards organizations and research facilities
• Create and manages the disaster recovery and business continuity plans
• Plan and helps deliver internal security awareness and other training opportunities.
KPMG Consulting, (now BearingPoint), 2000 - 2001
SENIOR MANAGER / THE GLOBAL SECURITY SOLUTIONS LEADER (NYSE: BE)
• Recruited to create a new line of business – the Information Security Line.
• Provided the vision to create the Security Practice
• Developed the delivered solutions within the Practice (from PKI to Penetration Testing)
• Demonstrated proficiency in consensus building, team building and executive liaison affairs.
• Led the research, strategy and development of the wireless security model as part of a US$6 Billion project for a Fortune 50 company.
• Advised leading companies on e-business network security architecture and information security protection solutions.
• Led as technical expert on all aspects of information security as a consultant to clients.
• Managed and led the hiring, mentoring and training process for the practice.
• Sold and managed complex, long term contracts to local, state and federal government clients
GLOBAL INTEGRITY, AN SAIC COMPANY, 1999 - 2000
PRINCIPAL SECURITY ENGINEER, PROJECT MANAGER AND MEMBER OF THE CENTER OF SECURITY EXCELLENCE
• Recruited by SAIC to interface with its Fortune 500 clientele to function as a Trusted Advisor to C-Level Executives
• Served as the project lead for creation of the PKI Strategy for the worldwide leader in network-equipment.
• Led multiple security audits for leading US and non-US based financial institutions.
• Created Security Policies and Procedures for a leading automaker.
• Ensured compliance with policy at a leading insurance company.
• Managed as on-site Project Coordinator the largest project for GI in North America.
• Assisted Cellular service provider to evaluate their networks and systems’ vulnerabilities.
• Spearheaded engineering teams responsible for software and hardware configurations at many customer sites.
The NorthStar Companies, 1993 - 1997
CHIEF TECHNOLOGY OFFICER
• Designed and implemented $13 million of Physical Security for the leading US automaker
• Designed and implemented physical security mechanisms for various agencies of the US government
• Consulted with customers on network and information security implementation strategy
• Consulted with the US government on Physical Security issues
SPEAKING ENGAGEMENTS
SANS 2000 – Hardware Tokens-Based (Smart Cards) Authentication – “Smartcards, the Road Ahead”. Speaker.
GartnerGroup eSecurity Conference, Sao Paulo, Brazil 2000 – “Why Firewalls are Not Enough”. Speaker.
Montgomery College, Washington DC – “Introduction to Information Security”. Lecturer.
World Bank, Washington DC – “Principles and Benefits of Biometric Devices”. Speaker.
PUBLISHED WORK
Wrote and contributed to about 30 books and various trade periodicals on the topics of Networking, PC Hardware, Security, and Windows 2000 (detailed list available upon request.)
TECHNICAL SKILLS
• INFOSEC MANAGEMENT: Application Security, Audit, Business Continuity Planning, Client Server Architecture, Computer Crime Investigation, Computer Forensics, Confidentiality and Privacy, HIPPA, FERPA, DCMA, Cryptography, Cyber Crime & Law, e-Commerce, Encryption, Incident Response Planning, Risk Management, Information Security Architecture, Information Security Controls, Information Warfare, INFOSEC, Internet Law, Intranet Internet Architecture, Law Investigation & Ethics, Network Security, Penetration Testing, Policy Development, Risk Analysis & Assessment.
• INFOSEC TOOLS: Access Controls, Authentication, Biometrics, Smart Cards, PKI, CheckPoint FW-1, NetScreen, Manhunt, ManTrap, Honeypots, COPS, Dragon IDS, Firewalls, Intrusion Detection, ISS Scanner, Kerberos, L0pht Crack, Nessus, Netcat, NMAP, PGP, PKI Public Key Infrastructure, TACACS+, RADIUS, S/MIME, SATAN, Sniffers, Snort, SSH, SSL Secure Sockets Layer, Tcpdump, Tripwire, VPN Virtual Private Network, Vulnerability Scanners, Whisker.
• NETWORKING: Authentication, Cisco 5/6/7000 Switches and Routers, Client-Server Architecture, DMZ Architecture, LAN / WAN Architecture, Remote Access, Routers, TCP/IP.
• OPERATING SYSTEMS: Cisco IOS, Linux, Novell NetWare, Digital VAX/VMS, Sun Solaris, Trusted Solaris, UNIX, Windows XP, 2003, 2000, NT, 9x.
|
|
