Director of Advisory Services

• Apr 2018 - Present

Leading a team of talented security consultants and penetration testers in the DC region. Leading a team of talented security consultants and penetration testers in the DC region.

InfoSec Engineering Consultant

• Jul 2003 - Present

Independent consultant and contractor, specializing in network security and disaster recovery issues for small businesses. Independent consultant and contractor, specializing in network security and disaster recovery issues for small businesses.

Payment Security Engineer

• Nov 2017 - Apr 2018

Sr. Security Engineer

• Nov 2015 - Nov 2017

• Developing Risk Management program for multi-state consumer finance corporation based upon PCI, FFIEC and ISO 27001:2013 security and compliance requirements. • Develop and implement policies, operational and audit procedures, and security awareness training programs. • Implemented automated security incident tracking system and change control processes using existing resources. • Advisor to CIO, CISO, CCO, and HR and Compliance departments. • Member of the Information Security Steering Committee. Show less

Security and Compliance Manager

• Nov 2014 - Nov 2015

• ISO 27000 Compliance program manager for multiple data centers; successfully updated/re-certified to ISO 27001:2013. • Authorized Auditor/Trusted observer for Key Ceremonies for VISA Trusted Security Management platform. • Manage PCI Compliance programs for multiple online banking and transaction support operations. • Develop policies, operational and audit procedures, and security awareness training programs. • Authorized key developer of digital encryption keys to support HSM banking operations. • Lead auditor/observer for annual Disaster Recovery testing for four data centers in the US and Europe. Show less

Senior Security Consultant / Audit Team Lead

• Aug 2010 - Nov 2014

• Performed security audits, vulnerability assessments, risk assessments, and other advisory services for clients within the Baltimore/Washington area. • Provided security and management recommendations and solutions for security issues in diverse environments. • Managed schedules and deadlines; provide guidance and leadership for other auditors as needed. • Performed Risk and Compliance Analyses for HIPAA, ISO 27000 and other standards. • Designed and created presentations, documents and detailed reports. • Developed policies and provide security awareness training. • Served as Editor for all client-facing reports and documents. • Experienced in commercial, educational, financial, healthcare, insurance, legal and non-profit sectors. Show less

Adjunct Professor

• Mar 2006 - Dec 2013

• Developed and taught the following mid-level Information Security courses relevant to college and Continuing Education students: CISSP Preparation; Securing and Auditing Network Systems; Introduction to Encryption and VPNs; and Fundamentals for Network+ Certification • Taught the following applications: Nessus; nMap; openVPN; PGP; and other relevant security tools • Developed and taught the following mid-level Information Security courses relevant to college and Continuing Education students: CISSP Preparation; Securing and Auditing Network Systems; Introduction to Encryption and VPNs; and Fundamentals for Network+ Certification • Taught the following applications: Nessus; nMap; openVPN; PGP; and other relevant security tools

Director of Information Technology

• Oct 2003 - Oct 2012

• Develop and implement Information Technology solutions related to telecommunications and data infrastructure. • Direct volunteer staff in the maintenance of servers, computers, office equipment, telephones and software. • Develop annual budget and strategies for fund-raising to support LAN and communication needs. • Develop and implement Information Technology solutions related to telecommunications and data infrastructure. • Direct volunteer staff in the maintenance of servers, computers, office equipment, telephones and software. • Develop annual budget and strategies for fund-raising to support LAN and communication needs.

Information Security Engineer

• Nov 2005 - Aug 2010

• Assessed and evaluated IT initiatives to determine their impact on security policies, procedures and standards. • Performed security audits, vulnerability assessments and penetration tests of internal and external systems. • Developed environment-specific Information Security Policies and outline relevant enforcement mechanisms. • Evaluated enterprise information systems infrastructure at the network, host and application levels. • Managed, evaluated and procured content protection systems and endpoint protection systems. • Managed daily review of network security logs provided by various applications. • Assessed and responded to security-related issues and challenges. • Created presentations, design documents and reports as required. • Managed change control processes within the development lab. • Served as Project Manager for remediation efforts using POA&M model. • Provided security awareness training and technical support. Show less

Security Consultant

• Apr 2004 - Nov 2005

• Performed security audits, vulnerability assessments, and other services for clients in the Mid Atlantic area. • Provided security and management recommendations and solutions for security issues in diverse environments. • Deployed and administered RSA Authentication servers and Surf Control Web and Email Filters. • Created presentations, design documents and detailed reports as required. • Performed wireless audits, risk assessments and password analysis. • Designed and created presentations, documents and detailed reports. • Supported projects in legal, healthcare, and commercial sectors. Show less

Senior Sales Engineer

• Dec 2001 - Apr 2004

• Provided solutions-based technical sales support for local and remote sales opportunities. • Developed network diagrams, presentations, and internal training documents for the sales team and their customers. • Experienced in several verticals, including educational, entertainment, financial, healthcare, legal and non-profit. • Projects included colocation, connectivity, network security, disaster recovery, dedicated server hosting, private networks and telephony solutions. • Supported up to 25 sales staff and 5 remote engineers. • Provided training to remote engineers. Show less

Senior Sales Engineer

• Aug 1999 - Dec 2001

• Provided solutions-based technical sales support for local and remote sales opportunities. • Developed network diagrams, presentations, and internal training documents for the sales team and their customers. • Experienced in several verticals, including agricultural, educational, entertainment, financial, healthcare, and legal. • Projects included connectivity, security, disaster recovery, remote hosting, and private network solutions. • Supported up to 20 sales staff.

Supervisor, Engineering Admin/Telecom Audit Group

• Apr 1998 - Aug 1999

• Managed productivity of six-person staff while enforcing FCC Tariffs with various Telecom vendors. • Improved efforts to collect credits from vendors for disconnected, over-billed, or mis-engineered circuits. • Created documentation for circuit disconnection procedures, circuit dispute policies, and escalation procedures. • Trained employees on networking and telecom technologies to increase their effectiveness as auditors. • Responsible for successful collection of $3M vendor overpayments. Show less

Supervisor, Leased Line Installations

• Feb 1997 - Apr 1998

• Supervised installation process for all customer circuits on the East Coast.• Primary escalation point for Telecom issues. • Supervised Order Entry/Contract Verification team for all orders.

Account Representative

• May 1996 - Feb 1997

Sold windows and unix-based managed web hosting and dedicated Internet connectivity circuits (56 Kbps – 45 Mbps) within various vertical markets. Los Angeles – San Diego territory. Responsible for successful revenue generation prior to the original IPO of DIGEX (DIGX) on Nasdaq in 1997.

Various

• Mar 1994 - May 1996

Clerical & Accounting duties in the Legal, Accounts Payable, and Transportation departments Clerical & Accounting duties in the Legal, Accounts Payable, and Transportation departments

Various

• May 1987 - Jun 1991

Inventory Control (audit) from 1987 to 1989 at corporate headquarters in Richmond VA, followed by Credit Mgr in Tappahannock VA until 1991. Inventory Control (audit) from 1987 to 1989 at corporate headquarters in Richmond VA, followed by Credit Mgr in Tappahannock VA until 1991.