TPRM Senior Consultant

• Nov 2022 - Present

I'm taking all this Third Party Risk Management experience on the road to help other companies identify and mitigate risk and mature their programs. Really excited for this opportunity! I'm taking all this Third Party Risk Management experience on the road to help other companies identify and mitigate risk and mature their programs. Really excited for this opportunity!

Third Party Risk Associate Specialist

• Jan 2021 - Nov 2022

Third Party Risk Senior Analyst

• Jun 2016 - Jan 2021

I find weak security controls in PepsiCo's Third Parties. I work to improve our teams ability to do that efficiently. I love what I do!

IT Security Analyst

• Feb 2016 - Jun 2016

I loved doing third party risk but had to move to Chicago. I was responsible for New and Existing Vendor IT Security Risk Reviews which includes analyzing Vendor Security Controls in SSAE-16 SOC 1, 2, and 3 reports. Reviewing 3rd Party pentests or performing Web Application Penetration Tests with IBM Appscan on vendor’s websites. Reviewing datacenter or cloud provider SSAE-16 security controls. Reviewing vendor PCI-DSS certifications. I loved doing third party risk but had to move to Chicago. I was responsible for New and Existing Vendor IT Security Risk Reviews which includes analyzing Vendor Security Controls in SSAE-16 SOC 1, 2, and 3 reports. Reviewing 3rd Party pentests or performing Web Application Penetration Tests with IBM Appscan on vendor’s websites. Reviewing datacenter or cloud provider SSAE-16 security controls. Reviewing vendor PCI-DSS certifications.

Computer Systems Analyst

• Oct 2011 - Nov 2015

Supporting Compliance Team member for the Energy Management System. Responsibilities included writing security controls for Tripwire for SOX and NERC requirements. Conducting Patch assessments for AIX, Solaris, RHEL, and Windows assets. Maintaining and updating the inventory changes. Reviewing security configurations of systems. Reviewing and updating policies, procedures, and work practices. Supporting Compliance Team member for the Energy Management System. Responsibilities included writing security controls for Tripwire for SOX and NERC requirements. Conducting Patch assessments for AIX, Solaris, RHEL, and Windows assets. Maintaining and updating the inventory changes. Reviewing security configurations of systems. Reviewing and updating policies, procedures, and work practices.

Configuration Management Analyst

• Apr 2011 - Oct 2011

Centers for Medicare and Medicaid Services (CMS) requires its contractors to be FISMA compliant through implementing NIST standards. DISA Security Technical Implementation Guides (STIGS) are the recommended checklists to configure the network infrastructure, operating systems, and applications. My job is to analyze, recommend changes, scan and report compliance for all of the STIGS to the CMS contractor - Cahaba GBA, which is a subsidiary of Blue Cross Blue Shield of Alabama. If I do a good job BCBSAL will hire me permanently or TEKsystems will find me another temp position. My goal is to find a permanent position in the Birmingham area in an IT/Infosec/Audit department where I can improve their security posture. Show less

Internal IT Auditor

• Apr 2011 - Oct 2011

Refer to my position description for TEKsystems. Refer to my position description for TEKsystems.

Internal IT Auditor

• Apr 2011 - Oct 2011

Refer to my position description for TEKsystems Refer to my position description for TEKsystems

Information Assurance Analyst

• May 2010 - May 2011

Information Assurance Officer for a 28 site WAN for the Joint Reserve Intelligence Program (JRIP) Program Management Office for the Defense Intelligence Agency (DIA). Working in a program office with government and two civilian contracting companies (an inter-team environment). I am responsible for interpreting, planning, and implementing information security regulatory requirements which are the Director of Central Intelligence Directive (DCID) 6/3 standards. I am responsible for the confidentiality, integrity, and availability of defense intelligence information assets. Assist in the development of an Enterprise Security Program Plan. Implement and enforce IA security plans and policies. Using the vulnerability assessment tool Retina to scan over 2000 computers on a monthly basis to report vulnerabilities to the DIA Information Assurance Office. Plan, coordinate, and lead the implementation of Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGS). Conduct security testing on new enterprise applications. Planned and coordinated the implementation of the SIEM product – Arcsight. Ensured that the network security infrastructure was configured according to DISA STIGS. Reviewed and certified 95 NATO participant systems for Empire Challenge 2010, an annual event that has a direct impact on the warfighting effort in Afghanistan. Organized vendor training to get 9 Booz Allen Norfolk Employees CISSP trained and certified. Show less

Information Assurance Analyst

• Jul 2009 - Jun 2010

Gold Disk and Retina scanned over 100 unclassified and classified Windows, Cisco, and Linux systems responsible for. Create and perform Diacap POA&M for DISA STIG and IAVM remediations. Configure and Update Infosec Antivirus, HBSS, Hercules, Snort IDS, SCCVI, and numerous other IA software. Configured systems in a VMWare virtualization environment. Ensure new systems connecting to the network and IA compliant. Create monthly network posture reports base on active scans. Review central audit logs for system anomalies and INFOSEC baseline changes. Assist the IAM in submitting ATO packages to Netwarcom. Show less

Information System Administrator Instructor

• Jun 2006 - Nov 2009

Passionately instructed military students in the duties and responsibilities of System Administration of Windows, Solaris UNIX, Oracle, and Sybase servers and clients. Taught 3 convenings of the Journeyman Networking Course (JNC) 6-week course. Taught 6 convenings of the Naval Tactical Command Support System II (NTCSSII) Manager 4-week Course. Taught 4 convenings of the Theater Battle Management Core System (TBMCS) System Administrator 4-week Course. Instructed and complied with requirements for secure network communications. Instructed and performed operational tests and required adjustments to system configuration. Instructed, loaded, and maintained Oracle and Sybase databases. Instructed and maintained Weblogic web application servers. Instructed and followed NSA established procedures for information system security manager’s management and validation. Instructed and maintained classified system records, technical manuals, and media. Instructed and installed both Windows 2000, 2003, and HP-UX, and Solaris UNIX based network operating system. Instructed basic UNIX scripting. Instructed, scheduled, and performed backups for data recovery procedures in case of loss or damage. Instructed and performed system auditing. Developed and implement Information and Security education, training, and awareness program. Delivered Powerpoint led lectures employing recitation, question, and group-paced instruction. Provided instruction for implementation of the following networking protocols: TCP/IP, IPX/SPX, NetBEUI, HTTP, FTP, TELNET, and SMTP. Maintained student records in accordance with Privacy Act. Proctored tests to evaluate student’s progress in fulfilling learning objectives and counseled students with academic problems. Maintained course documents and curriculum. Conducted internal and external course reviews to align courses with current Navy Schoolhouse curriculum development standards. Show less

Network Vulnerability Research Analyst

• Jun 2004 - Jun 2006

As an ambassador of the USNavy-Canadian Forces Personnel Exchange Program provided critical information operations support to National Defense Headquarters, deployed forces, and other national and international agencies. Led a 4 man team researching, conducting threat risk evaluation, and advising the Information Systems Security Officer's community across the Canadian Forces on network vulnerability mitigation strategies. Generated over 200 CFNOC computer vulnerability advisories ensuring the availability of critical networks during a period of high-tempo operations and low manning. Hand picked for expertise to represent CFNOC for an International Cyber Defense Coordination Working Group (ICCWG) meeting. Contributions included building, configuring, and securing a team network and then defending it from penetration teams. Liaised and developed collaboration between Australia, Canada, New Zealand, UK, and US Network Vulnerability Research teams. Efforts established a 24-hour virtual vulnerability research team decreasing computer emergency response time by 65%. Show less

Solaris Unix System Administrator

• Dec 2000 - Jun 2004

Administered 2 Unix local area networks on a classified LAN. Installed and configured Solaris 8,9, and 10 on over 400 servers and workstations that served 2 cryptologist training programs with 5 courses and 25 classrooms. Responsible for the physical security of equipment located in an NSA-certified Sensitive Compartmental Information Facility (SCIF). Conducted backup operations for business continuity using Veritas Backup with tape farms. Conducted security auditing of users activity and created scripts to catch students attempting to cheat. Administered Gauntlet firewall on a classified network. Responsible for the configuration of security protocols: NFS, NIS+, DNS, and upgrading the IP scheme from a Class C to Class B network. Created network maps for ease of management and inventory control. Created new user accounts, built new servers and workstations, corrected trouble calls, and researched innovative cost saving strategies to enhance system utilization. Conduct clearing, sanitizing, and releasing of computer components connected to SCI networks. Validate IS accreditation. Develop and implement Information and Security education, training, and awareness program. Provided technical input on equipment procurement to support projected increases in training throughput. Researched, tested and installed SunPci co-processor interface cards reducing hardware requirements by 50%. Show less

Weapons Computer System Administrator

• Nov 1989 - Dec 2000

Maintained and operated Naval Gunfire Control Computer Systems on 2 Naval Ships and 1 Shore location all in California.