Experience

Contego Inc.

• Canada
• Computer and Network Security
• 1 - 100 Employee

• Project Services Manager

  • 2018 - Present

  Responsible for the implementation of the Project Management systems and controls that are required to support the effective execution of all client projects. Ensure the completion of projects are on time, within budget, and within scope. Prepare reports for upper management regarding the status of all projects. Responsible for the implementation of the Project Management systems and controls that are required to support the effective execution of all client projects. Ensure the completion of projects are on time, within budget, and within scope. Prepare reports for upper management regarding the status of all projects.



Cyber Guardians 365

• Principal Consultant

  • 2005 - Present

  Web application and network security vulnerability assessments, policy review and creation, GAP Analysis. Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to maintain confidentiality, integrity and availability of data. Web application and network security vulnerability assessments, policy review and creation, GAP Analysis. Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to maintain confidentiality, integrity and availability of data.



Herjavec Group

• United Kingdom
• Business Consulting and Services
• 1 - 100 Employee

• Security Consultant

  • 2015 - 2018

  Security assessments and best practices consulting; including web application security, network security, vulnerability assessments and audits. Security assessments and best practices consulting; including web application security, network security, vulnerability assessments and audits.



InterHyve Sàrl

• Switzerland
• IT Services and IT Consulting
• 1 - 100 Employee

• Security Consultant

  • 2014 - 2015

  Perform vulnerability management and information security program implementations using sound best practices and proven hands-on experience, with the goal of improving the overall security posture of InterHyve's European clients. Advocate security and risk management to key stakeholders in order to balance security and business needs. Perform vulnerability management and information security program implementations using sound best practices and proven hands-on experience, with the goal of improving the overall security posture of InterHyve's European clients. Advocate security and risk management to key stakeholders in order to balance security and business needs.

• Security Consultant

  • 2007 - 2014

  Perform security risk/vulnerability assessments (web application and network), as well as basic penetration tests for Contego’s clients’ to meet Compliance and Regulations Standards by Auditors. Review and develop corporate security policies and procedures to meet business requirements and objectives with respect to Governance, Risk Management and Compliance. GAP analysis reviews and reports, as well as PCI assessments. Recommend security best practices for the business analysis and coordination of IT Security projects.



SentryMetrics

• Canada
• Computer and Network Security
• 1 - 100 Employee

• Security Conusltant

  • 2007 - 2007

  Performed threat risk assessments for clients informing them of attack patterns and trends on their network using ArcSight. Network and application vulnerability assessments. Log analysis, monitoring and correlation of data flow from best of breed security products. Performed threat risk assessments for clients informing them of attack patterns and trends on their network using ArcSight. Network and application vulnerability assessments. Log analysis, monitoring and correlation of data flow from best of breed security products.



WhiteHat Security

• Netherlands
• 1 - 100 Employee

• Security Consultant

  • 2007 - 2007

  Performed security analysis of computer systems, web applications and network components including data, hardware and software. Identify known vulnerabilities and security weaknesses in target systems using vulnerability assessment tools and methods. Write customized reports identifying all material findings and remediation plans including detailed ‘how-to-fix’ procedures for identified vulnerabilities and weaknesses. Educated project teams on security initiatives. Performed security analysis of computer systems, web applications and network components including data, hardware and software. Identify known vulnerabilities and security weaknesses in target systems using vulnerability assessment tools and methods. Write customized reports identifying all material findings and remediation plans including detailed ‘how-to-fix’ procedures for identified vulnerabilities and weaknesses. Educated project teams on security initiatives.



Gibraltar Solutions Inc.

• Canada
• Information Technology & Services
• 1 - 100 Employee

• Security Consultant

  • 2002 - 2006

  Main focus on network and application security testing (web and custom applications), and patch management for our clients. Steps used to get access to publicly facing computer systems included passive information gathering, social engineering, scanning of systems and exploitation of flawed systems. Helped manage the Incident Handling team on a global scale for all incidents including virus/worm outbreaks, outside hack attempts, and the Northeastern blackout of 2003. Provided technical IT security guidance and policy interpretation and clarification to senior managers, data owners, project managers, and user departments. Provided reports to senior management on overall security posture.



Intellitactics

• Telecommunications
• 1 - 100 Employee

• Security Consultant

  • 1998 - 2001

  Security Consultant and System Engineer for the Canadian and U.S. Eastern Seaboard. Clientele included government and financial sectors. Vulnerability assessments were performed onsite to identify and quantify vulnerabilities in the computer systems and network components including data, hardware and software. This included the following:o Cataloging assets and capabilities (resources) in a system.o Assigning quantifiable value and importance to the resources. o Identifying the vulnerabilities or potential threats to each resource. o Mitigating or eliminating the most serious vulnerabilities for the most valuable resources.• Product implementations and integration of NSM (Network Security Manager) within the enterprise. Integrating NSM within the enterprise met the following objectives: o Enabled strategic business initiatives while protecting the infrastructure, applications and intellectual property of the organization.o Increased the efficiency of security operations as they manage alerts and resolve incidents. o Enforced policy by implementing best practices and the right controls to reduce risk and satisfy compliance requirements • Part of RFI and RFP response teams.• Technical Support.• Network/System Administration.• Sales Engineering/Presales.