Experience

Jacksonville Aviation Authority

• United States
• Aviation and Aerospace Component Manufacturing
• 1 - 100 Employee

• Cyber Security Compliance Analyst

  • Mar 2023 - Present



Yale University

• United States
• Higher Education
• 700 & Above Employee

• Project Manager

  • Jun 2022 - Oct 2022

  • Manage development and implementation of Captive Portal (carry over from prior year), Status: Complete. • Manage transition Guest WiFi Move (public to private IPs, carry over from prior year), Status: Complete. • Manage review process to identify and place networked devices into specific “security groups” (e.g., Scalable Group Tags – SGTs), MAC address Bypass – MAB, or Profiling) to allow East  West traffic. Status: In-Process. • Manage review of Network Policies, Procedures, and… Show more • Manage development and implementation of Captive Portal (carry over from prior year), Status: Complete. • Manage transition Guest WiFi Move (public to private IPs, carry over from prior year), Status: Complete. • Manage review process to identify and place networked devices into specific “security groups” (e.g., Scalable Group Tags – SGTs), MAC address Bypass – MAB, or Profiling) to allow East  West traffic. Status: In-Process. • Manage review of Network Policies, Procedures, and Documentation, Status: Review In-Process. • Negotiate with stakeholders for security project priority 2022 – 2023 school year. • Security PoC for Yale building migrations. • Drive status reporting / Project Deliverables (Weekly & Monthly) for security projects to client and project management. o Calculate hours “burn rate” o Review submitted hours to identify anomalous trends • Maintain the status of projects in O365/Excel. • Project Management Methodology: JIRA/Waterfall hybrid Show less • Manage development and implementation of Captive Portal (carry over from prior year), Status: Complete. • Manage transition Guest WiFi Move (public to private IPs, carry over from prior year), Status: Complete. • Manage review process to identify and place networked devices into specific “security groups” (e.g., Scalable Group Tags – SGTs), MAC address Bypass – MAB, or Profiling) to allow East  West traffic. Status: In-Process. • Manage review of Network Policies, Procedures, and… Show more • Manage development and implementation of Captive Portal (carry over from prior year), Status: Complete. • Manage transition Guest WiFi Move (public to private IPs, carry over from prior year), Status: Complete. • Manage review process to identify and place networked devices into specific “security groups” (e.g., Scalable Group Tags – SGTs), MAC address Bypass – MAB, or Profiling) to allow East  West traffic. Status: In-Process. • Manage review of Network Policies, Procedures, and Documentation, Status: Review In-Process. • Negotiate with stakeholders for security project priority 2022 – 2023 school year. • Security PoC for Yale building migrations. • Drive status reporting / Project Deliverables (Weekly & Monthly) for security projects to client and project management. o Calculate hours “burn rate” o Review submitted hours to identify anomalous trends • Maintain the status of projects in O365/Excel. • Project Management Methodology: JIRA/Waterfall hybrid Show less



Wells Fargo

• United States
• Financial Services
• 700 & Above Employee

• Project Manager

  • Jun 2021 - Apr 2022

  • Develop proposal for the Application Programming Interface (API) Security Enhancements project. • Maintain budget for the PlainID & API projects. • Provide status reports (Weekly, Monthly, & Quarterly) for API & PlainID to client management. • Manage implementation of PlainID (Web-based Authentication & Identity Management Solution), Status: Complete. • Negotiate with vendor to determine new features and release schedule for PlainID product. o Product release “new features”… Show more • Develop proposal for the Application Programming Interface (API) Security Enhancements project. • Maintain budget for the PlainID & API projects. • Provide status reports (Weekly, Monthly, & Quarterly) for API & PlainID to client management. • Manage implementation of PlainID (Web-based Authentication & Identity Management Solution), Status: Complete. • Negotiate with vendor to determine new features and release schedule for PlainID product. o Product release “new features” schedule tied very closely to the PlainID implementation. • Manage the performance of API external vendor review, software selection / review, & API Security Enhancements implementation, Status: Complete. • Maintain status of projects in Clarity Software. • Project Management Methodology: JIRA with Clarity project management. Show less • Develop proposal for the Application Programming Interface (API) Security Enhancements project. • Maintain budget for the PlainID & API projects. • Provide status reports (Weekly, Monthly, & Quarterly) for API & PlainID to client management. • Manage implementation of PlainID (Web-based Authentication & Identity Management Solution), Status: Complete. • Negotiate with vendor to determine new features and release schedule for PlainID product. o Product release “new features”… Show more • Develop proposal for the Application Programming Interface (API) Security Enhancements project. • Maintain budget for the PlainID & API projects. • Provide status reports (Weekly, Monthly, & Quarterly) for API & PlainID to client management. • Manage implementation of PlainID (Web-based Authentication & Identity Management Solution), Status: Complete. • Negotiate with vendor to determine new features and release schedule for PlainID product. o Product release “new features” schedule tied very closely to the PlainID implementation. • Manage the performance of API external vendor review, software selection / review, & API Security Enhancements implementation, Status: Complete. • Maintain status of projects in Clarity Software. • Project Management Methodology: JIRA with Clarity project management. Show less



Norwegian Cruise Line Holdings Ltd.

• United States
• Travel Arrangements
• 700 & Above Employee

• Sr. Program Manager

  • Feb 2018 - May 2019

  • Maintain budget for all Information Security projects. • Provide status reports (Weekly, Monthly, & Quarterly) for Information Security projects to NCL Senior Management. • Project Manage NAC – ForeScout appliance deployment to NCL network. • Project Manage PIM – CyberArk appliance deployment to NCL network. • Project Manage Varonis – Data Classification, Governance, & Remediation. • Project Manage Archer – Integrated Risk Management with Exception Maintenance. • Project… Show more • Maintain budget for all Information Security projects. • Provide status reports (Weekly, Monthly, & Quarterly) for Information Security projects to NCL Senior Management. • Project Manage NAC – ForeScout appliance deployment to NCL network. • Project Manage PIM – CyberArk appliance deployment to NCL network. • Project Manage Varonis – Data Classification, Governance, & Remediation. • Project Manage Archer – Integrated Risk Management with Exception Maintenance. • Project Manage Windows 10 + Appgate + Bitlocker image build. • Maintain the status of projects in CA - Clarity. • Project Management Methodology: Waterfall. Show less • Maintain budget for all Information Security projects. • Provide status reports (Weekly, Monthly, & Quarterly) for Information Security projects to NCL Senior Management. • Project Manage NAC – ForeScout appliance deployment to NCL network. • Project Manage PIM – CyberArk appliance deployment to NCL network. • Project Manage Varonis – Data Classification, Governance, & Remediation. • Project Manage Archer – Integrated Risk Management with Exception Maintenance. • Project… Show more • Maintain budget for all Information Security projects. • Provide status reports (Weekly, Monthly, & Quarterly) for Information Security projects to NCL Senior Management. • Project Manage NAC – ForeScout appliance deployment to NCL network. • Project Manage PIM – CyberArk appliance deployment to NCL network. • Project Manage Varonis – Data Classification, Governance, & Remediation. • Project Manage Archer – Integrated Risk Management with Exception Maintenance. • Project Manage Windows 10 + Appgate + Bitlocker image build. • Maintain the status of projects in CA - Clarity. • Project Management Methodology: Waterfall. Show less



Citizens

• United States
• Banking
• 700 & Above Employee

• Senior Project Manager

  • May 2017 - Oct 2017

  Technical Project Manager for Cloud Access Security Broker (CASB) Project and Federated Internal Single Sign-On (SSO) Project. Maintained status of project in PlanView v13 and utilized HP Application Life Cycle Management (ALM) to document stakeholder and requirements process. Project Management Methodology: SCRUM. Technical Project Manager for Cloud Access Security Broker (CASB) Project and Federated Internal Single Sign-On (SSO) Project. Maintained status of project in PlanView v13 and utilized HP Application Life Cycle Management (ALM) to document stakeholder and requirements process. Project Management Methodology: SCRUM.



Deutsche Bank

• Germany
• Financial Services
• 700 & Above Employee

• Information Security Consultant

  • Oct 2016 - Dec 2016

  Administer & Document Data Loss Prevention (DLP) process. Interface with all levels of staff to process, maintain, and re-certify DLP Exceptions. Diagnose and escalate identified DLP configuation issues to appropriate groups for correction. Administer & Document Data Loss Prevention (DLP) process. Interface with all levels of staff to process, maintain, and re-certify DLP Exceptions. Diagnose and escalate identified DLP configuation issues to appropriate groups for correction.



SkillStorm

• United States
• IT Services and IT Consulting
• 300 - 400 Employee

• Consultant

  • Oct 2015 - Feb 2016

  Security Access Control Team • Project Manage the implementation of RSA Multifactor Authentication. • Create multiple versions of user documentation for hardcopy handouts to the user and more complete documentation for web access. • Interface with all levels of personal to setup, install, and train users on the use of RSA Multi-factor authentication. • Provide reports on the status of implementation to Senior Management weekly. • Escalate issues to management for risk acceptance… Show more Security Access Control Team • Project Manage the implementation of RSA Multifactor Authentication. • Create multiple versions of user documentation for hardcopy handouts to the user and more complete documentation for web access. • Interface with all levels of personal to setup, install, and train users on the use of RSA Multi-factor authentication. • Provide reports on the status of implementation to Senior Management weekly. • Escalate issues to management for risk acceptance or remediation. Show less Security Access Control Team • Project Manage the implementation of RSA Multifactor Authentication. • Create multiple versions of user documentation for hardcopy handouts to the user and more complete documentation for web access. • Interface with all levels of personal to setup, install, and train users on the use of RSA Multi-factor authentication. • Provide reports on the status of implementation to Senior Management weekly. • Escalate issues to management for risk acceptance… Show more Security Access Control Team • Project Manage the implementation of RSA Multifactor Authentication. • Create multiple versions of user documentation for hardcopy handouts to the user and more complete documentation for web access. • Interface with all levels of personal to setup, install, and train users on the use of RSA Multi-factor authentication. • Provide reports on the status of implementation to Senior Management weekly. • Escalate issues to management for risk acceptance or remediation. Show less



Duval County Public Schools

• United States
• Education Administration Programs
• 700 & Above Employee

• Information Security Manager

  • Mar 2014 - Oct 2015

  Management Information Security Team • Communicate on security matters to all levels of management and staff. • Member of the Leadership Team. • Vendor management. • Create Information Security, Disaster Recovery, and Business Continuity policy. • Manage the following areas: • Content Filtering (Content Keeper) Team. • Firewall (Checkpoint) Team. • SME for Information Security to DCPS organization. • Participate in the development of in-house applications as SME… Show more Management Information Security Team • Communicate on security matters to all levels of management and staff. • Member of the Leadership Team. • Vendor management. • Create Information Security, Disaster Recovery, and Business Continuity policy. • Manage the following areas: • Content Filtering (Content Keeper) Team. • Firewall (Checkpoint) Team. • SME for Information Security to DCPS organization. • Participate in the development of in-house applications as SME Information Security. • Participate in the integration / implementation of vendor applications and appliances as the SME Information Security. • Coordinate public records requests for the email archive. • Review employee use of the internet; both, internally and externally. • Manage the replacement of the M86 content filtering appliances with Content Keeper. • Manage the implementation of the Proof Point appliance. Show less Management Information Security Team • Communicate on security matters to all levels of management and staff. • Member of the Leadership Team. • Vendor management. • Create Information Security, Disaster Recovery, and Business Continuity policy. • Manage the following areas: • Content Filtering (Content Keeper) Team. • Firewall (Checkpoint) Team. • SME for Information Security to DCPS organization. • Participate in the development of in-house applications as SME… Show more Management Information Security Team • Communicate on security matters to all levels of management and staff. • Member of the Leadership Team. • Vendor management. • Create Information Security, Disaster Recovery, and Business Continuity policy. • Manage the following areas: • Content Filtering (Content Keeper) Team. • Firewall (Checkpoint) Team. • SME for Information Security to DCPS organization. • Participate in the development of in-house applications as SME Information Security. • Participate in the integration / implementation of vendor applications and appliances as the SME Information Security. • Coordinate public records requests for the email archive. • Review employee use of the internet; both, internally and externally. • Manage the replacement of the M86 content filtering appliances with Content Keeper. • Manage the implementation of the Proof Point appliance. Show less



Accenture

• Ireland
• Business Consulting and Services
• 700 & Above Employee

• Senior Vulnerability Assessment Program Manager

  • Dec 2012 - Oct 2013

  Project Management of Vulnerability Assessments (VA) contracted to Citi Corp. • Manage the VA for mobile applications. • Function as the SME on the VA process to all parties. • Create cross-functional teams to perform a VA. • Negotiate with testers and BISO/TISOs to adjust the severity of findings. • Coordinate the identification and remediation of VA findings. • Communicate to all levels of management VA status, findings, and influence remediation efforts. • Platforms:… Show more Project Management of Vulnerability Assessments (VA) contracted to Citi Corp. • Manage the VA for mobile applications. • Function as the SME on the VA process to all parties. • Create cross-functional teams to perform a VA. • Negotiate with testers and BISO/TISOs to adjust the severity of findings. • Coordinate the identification and remediation of VA findings. • Communicate to all levels of management VA status, findings, and influence remediation efforts. • Platforms: Thick and Thin client applications for iOS6 and Android O/S. • Perform maintenance programming in Powershell & VBScript. Show less Project Management of Vulnerability Assessments (VA) contracted to Citi Corp. • Manage the VA for mobile applications. • Function as the SME on the VA process to all parties. • Create cross-functional teams to perform a VA. • Negotiate with testers and BISO/TISOs to adjust the severity of findings. • Coordinate the identification and remediation of VA findings. • Communicate to all levels of management VA status, findings, and influence remediation efforts. • Platforms:… Show more Project Management of Vulnerability Assessments (VA) contracted to Citi Corp. • Manage the VA for mobile applications. • Function as the SME on the VA process to all parties. • Create cross-functional teams to perform a VA. • Negotiate with testers and BISO/TISOs to adjust the severity of findings. • Coordinate the identification and remediation of VA findings. • Communicate to all levels of management VA status, findings, and influence remediation efforts. • Platforms: Thick and Thin client applications for iOS6 and Android O/S. • Perform maintenance programming in Powershell & VBScript. Show less



avVenta Worldwide

• United States
• Online Audio and Video Media
• 1 - 100 Employee

• Vulnerability Assessment Analyst

  • Sep 2012 - Nov 2012

  Accenture purchased avVenta. Accenture purchased avVenta.



Verizon Business Services

• Security Coordinator

  • Oct 2010 - Sep 2011

  Information Security consultation • Create the security policy, security standards, and identify best security practices for a Windows 2008 environment following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Work with HR to develop policy for “BYOD” and “Social Networks.” • Managed the creation of the Computer Security Incident Response Team (CSIRT). Consists of the following sub-processes: Resource… Show more Information Security consultation • Create the security policy, security standards, and identify best security practices for a Windows 2008 environment following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Work with HR to develop policy for “BYOD” and “Social Networks.” • Managed the creation of the Computer Security Incident Response Team (CSIRT). Consists of the following sub-processes: Resource Identification, Data Ownership, Firecall, Escalation, Incident Recording, Senior Management Notification, and Incident Review. • Perform review for application selection of the Forefront Identity Manager. • Implement and monitor controls and reporting requirements detailed in the IT Security Policy. • Perform scans (external & internal) of the company network using nCircle's IP360. • Work with external auditors for SOX and PCI-DSS compliance. • Perform Risk Management function for applications and practices. (NIST 800-30). • Perform Incident Response function for Security-related threats. (NIST 800-61) • Document system processes and review existing systems for improvements. Show less Information Security consultation • Create the security policy, security standards, and identify best security practices for a Windows 2008 environment following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Work with HR to develop policy for “BYOD” and “Social Networks.” • Managed the creation of the Computer Security Incident Response Team (CSIRT). Consists of the following sub-processes: Resource… Show more Information Security consultation • Create the security policy, security standards, and identify best security practices for a Windows 2008 environment following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Work with HR to develop policy for “BYOD” and “Social Networks.” • Managed the creation of the Computer Security Incident Response Team (CSIRT). Consists of the following sub-processes: Resource Identification, Data Ownership, Firecall, Escalation, Incident Recording, Senior Management Notification, and Incident Review. • Perform review for application selection of the Forefront Identity Manager. • Implement and monitor controls and reporting requirements detailed in the IT Security Policy. • Perform scans (external & internal) of the company network using nCircle's IP360. • Work with external auditors for SOX and PCI-DSS compliance. • Perform Risk Management function for applications and practices. (NIST 800-30). • Perform Incident Response function for Security-related threats. (NIST 800-61) • Document system processes and review existing systems for improvements. Show less



MOUNTAIN, LTD.

• United States
• Telecommunications
• 200 - 300 Employee

• Information Security Consultant

  • Mar 2009 - Oct 2010

  Information Security consultation and administration • De-provision and Provision Microsoft Active Directory, Exchange, Novell, PostIni, Symprex, and PeopleSoft v8.0 (AP, AR, HR, Payroll, Time & Labor). • Managed the Surf Control Replacement project. Created a cross-functional group consisting of HR, Legal, Engineering, & Purchasing for the review / implementation of the Websense IPS / DLP software. • SME in the development of security policy, security standards, and identify best… Show more Information Security consultation and administration • De-provision and Provision Microsoft Active Directory, Exchange, Novell, PostIni, Symprex, and PeopleSoft v8.0 (AP, AR, HR, Payroll, Time & Labor). • Managed the Surf Control Replacement project. Created a cross-functional group consisting of HR, Legal, Engineering, & Purchasing for the review / implementation of the Websense IPS / DLP software. • SME in the development of security policy, security standards, and identify best security practices for a Windows 2003 network following ISO 17799/27002 (revised) standards; as applied to, a FERC/NERC environment. The AD structure consisted of trees and domains in a multi-forest environment. • Work with external auditors for SOX and PCI-DSS compliance. • Perform review for application selection of the Forefront Identity Manager. • Created and maintained Active Directory Groups, Group Policies, User accounts, Printers, and Computers on a 2003 AD network and maintained connectivity to a Notes 8.0 network. • Participated in the transition of the LDAP-based Lotus Notes 8.0 network to Windows 2003. • Document system processes and review existing systems for improvements. • Automate tasks using Microsoft PowerShell scripting language. Show less Information Security consultation and administration • De-provision and Provision Microsoft Active Directory, Exchange, Novell, PostIni, Symprex, and PeopleSoft v8.0 (AP, AR, HR, Payroll, Time & Labor). • Managed the Surf Control Replacement project. Created a cross-functional group consisting of HR, Legal, Engineering, & Purchasing for the review / implementation of the Websense IPS / DLP software. • SME in the development of security policy, security standards, and identify best… Show more Information Security consultation and administration • De-provision and Provision Microsoft Active Directory, Exchange, Novell, PostIni, Symprex, and PeopleSoft v8.0 (AP, AR, HR, Payroll, Time & Labor). • Managed the Surf Control Replacement project. Created a cross-functional group consisting of HR, Legal, Engineering, & Purchasing for the review / implementation of the Websense IPS / DLP software. • SME in the development of security policy, security standards, and identify best security practices for a Windows 2003 network following ISO 17799/27002 (revised) standards; as applied to, a FERC/NERC environment. The AD structure consisted of trees and domains in a multi-forest environment. • Work with external auditors for SOX and PCI-DSS compliance. • Perform review for application selection of the Forefront Identity Manager. • Created and maintained Active Directory Groups, Group Policies, User accounts, Printers, and Computers on a 2003 AD network and maintained connectivity to a Notes 8.0 network. • Participated in the transition of the LDAP-based Lotus Notes 8.0 network to Windows 2003. • Document system processes and review existing systems for improvements. • Automate tasks using Microsoft PowerShell scripting language. Show less



JM Family Enterprises, Inc.

• United States
• Motor Vehicle Manufacturing
• 700 & Above Employee

• Information Security Analyst

  • 2001 - 2008

  • Establish security policy, security standards, and identify best security practices for AIX O/S, Windows 2003 O/S, and applications/systems within the JM Family domain following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Perform review to determine level of Sarbanes Oxley compliance. • Identify, document, and implement changes to increase Sarbanes Oxley compliance. • Perform Risk Management function for… Show more • Establish security policy, security standards, and identify best security practices for AIX O/S, Windows 2003 O/S, and applications/systems within the JM Family domain following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Perform review to determine level of Sarbanes Oxley compliance. • Identify, document, and implement changes to increase Sarbanes Oxley compliance. • Perform Risk Management function for applications and practices. (NIST 800-30). • Perform Incident Response function for Security-related threats. (NIST 800-61) • Work with our customers to design and implement role-based access using RACF resource rule groups and dataset rules structures. • Point of contact for HR & Legal to process data requests concerning employee inquiries. • Manage Information Security provisioning within JM Family. • Perform global actions / report creation to the Windows domain using the software application: Hyena. • Automate security event harvesting and report generation using the Windows Scripting language. • Created AIX script for Lawson administrative application to ensure single user sign-on in a multi-user environment. • Mainframe user accounts, rules, and datasets using ACF2 and RACF (converted from ACF2 to RACF). • Perform MS SQL database administration for production servers enterprise-wide. • Midrange user accounts and application for the AS400. • Created and maintained AD Group Policies. • Distributed platform De-provision and Provision – user and application account administration on JM Family Windows domain, IBM AIX servers, Notes servers, and Sun Solaris servers. • Provision and de-provision user accounts on PeopleSoft v8.0 (AP, AR, HR, Payroll, Time & Labor). • Perform daily reviews of Security Event Logs for network and mainframe events. • Participate in Disaster Recovery planning and testing. • Participate in Business Continuity planning and testing. Show less • Establish security policy, security standards, and identify best security practices for AIX O/S, Windows 2003 O/S, and applications/systems within the JM Family domain following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Perform review to determine level of Sarbanes Oxley compliance. • Identify, document, and implement changes to increase Sarbanes Oxley compliance. • Perform Risk Management function for… Show more • Establish security policy, security standards, and identify best security practices for AIX O/S, Windows 2003 O/S, and applications/systems within the JM Family domain following ISO 17799/27002 (revised) standards. • Function as the SME on security standards to HR, Legal, and Senior Management. • Perform review to determine level of Sarbanes Oxley compliance. • Identify, document, and implement changes to increase Sarbanes Oxley compliance. • Perform Risk Management function for applications and practices. (NIST 800-30). • Perform Incident Response function for Security-related threats. (NIST 800-61) • Work with our customers to design and implement role-based access using RACF resource rule groups and dataset rules structures. • Point of contact for HR & Legal to process data requests concerning employee inquiries. • Manage Information Security provisioning within JM Family. • Perform global actions / report creation to the Windows domain using the software application: Hyena. • Automate security event harvesting and report generation using the Windows Scripting language. • Created AIX script for Lawson administrative application to ensure single user sign-on in a multi-user environment. • Mainframe user accounts, rules, and datasets using ACF2 and RACF (converted from ACF2 to RACF). • Perform MS SQL database administration for production servers enterprise-wide. • Midrange user accounts and application for the AS400. • Created and maintained AD Group Policies. • Distributed platform De-provision and Provision – user and application account administration on JM Family Windows domain, IBM AIX servers, Notes servers, and Sun Solaris servers. • Provision and de-provision user accounts on PeopleSoft v8.0 (AP, AR, HR, Payroll, Time & Labor). • Perform daily reviews of Security Event Logs for network and mainframe events. • Participate in Disaster Recovery planning and testing. • Participate in Business Continuity planning and testing. Show less