Principal

Summary: A Certified Information System Security Professional (CISSP) and Certified Information Security Manager (CISM) specializing in developing business focused solutions to todays Information Security problems. Responsible for delivery of Enterprise-wide Information Security & Privacy consulting services that includes Interim-CSO support, Regulatory Assessments, Enterprise-wide Risk Assessments, Policy development, Awareness program development, Development of Incident Response & Forensic processes, and Internal Security resource requirement definitions.•••••Skills:
Risk Assessments ISO•••••(BS•••••), Business Impact Analysis, Sarbanes-Oxley, Gramm-Leach-Bliley, FFIEC/FDIC/OCC, Patriot Act, California Database Protection Act (SB•••••), HIPAA•••••General Security Security Program development, Awareness Program development & delivery, Policy development, RFP analysis, Data Classification development•••••Technical Security Architecture design, Vulnerability Assessments, Wireless Assessments•••••Project Management Experience managing long-term (••••• month+) Information Security projects while leveraging disparate, cross-functional teams. •••••Certifications: International Information System Security Certification Consortium (ISC)2
A Certified Information System Security Professional (CISSP) since •••••
Information Systems Audit and Control Association (ISACA)
A Certified Information Security Manager (CISM) since ••••••••••Publications:
Privacy Enclaves Ensuring Privacy through the use of Secure Enclaves, POA Journal, June ••••••••••The Privacy Effect A shift in security effort to address Gramm-Leach-Bliley, Pt ••••• POA Journal, July ••••••••••The Privacy Effect A shift in security effort to address Gramm-Leach-Bliley, Pt ••••• POA Journal, August ••••••••••Experience:•••••8/••••• Present SentiCon, L.L.C. Principal Allentown, NJ •••••Independent consultant and proprietor of Information Security and Privacy consulting firm specializing in providing information assurance services to Global••••• clients. Responsibilities include daily operation of business as well as delivering consulting services to customer base. Recent activities include:
Deployment of enterprise-wide forensics program and investigatory tool set for top pharmaceutical firm. Managed all daily project activities, budgetary accounting, resource allocations and delivery commitments. Project activities included:
o Redesign Forensic Lab to accommodate current needs and future growth
o Deploy EnCase Enterprise throughout the global infrastructure
o Develop forensic metrics and analytics for quarterly executive reports
Deployment of enterprise-wide event logging tool (eSecurity) for a top pharmaceutical firm. Managed implementation across various devices to support a global security event correlation and aggregation program. Oversaw all daily project activities, budgetary accounting, resource allocations and delivery commitments.
Development of a Training and Awareness session for top financial institutions on how to protect against Identity Theft and how to assist their customer base in resolving Identity Theft issues. •••••4/••••• 8/••••• Leading Security Services Provider•••••Senior Director, Security Consulting 7/••••• 8/••••• New York, NY
Responsible for the delivery of Information Security and Privacy consulting services to top-tier Financial, Pharmaceutical, and Telecommunication sectors. Performed numerous risk assessments, the majority of which where ISO••••• based. Developed methodologies for managing assessment results to address regulatory issues faced by various industries. Performed several Interim-CSO (Chief Security Officer) roles while assisting the organizations in building their internal security groups. Worked closely with C-level executives to address tactical security needs while building a sound strategic security infrastructure. In-depth Project Management abilities lead to successful implementation of many long-term security initiatives.
Security Highlights include:
Lead an •••••month Security Architecture redesign, developed a sustainable Training and Awareness program, and designed a Self-paced risk assessment program for a Top••••• Pharmaceutical
Project Management and solution development for •••••month Security Re-Architecture project for a global Financial Institution
Developed Intrusion Detection and Monitoring solution for leading Pharmaceutical
Performed Enterprise Security and Privacy Assessments for multiple Pharmaceuticals (HIPAA), Financial Institutions (GLBA), and Communications Providers (ISO•••••)
Business Highlights include:
Managed a multi-million dollar regional revenue target
Managed multiple teams across major cities within the region
Delivered the largest consulting engagement in companies history•••••Senior Principal Consultant, Security Consulting 4/•••••/••••••••••New York, NY
Responsible for management and delivery of Enterprise-wide Information Security consulting services. Internal responsibilities include weekly and monthly management reporting, Quality Assurance documentation review and editing, and supporting the Sales organization on customer visits.
Customer engagements have included:
Multiple ISO•••••/BS•••••based Risk Assessments for Financial and Pharmaceutical clients.
Development of a Gramm-Leach-Bliley assessment methodology
Several Gramm-Leach-Bliley related enterprise assessments
Lecturing, awareness training and educational course development
Third-party security assessments in support of HIPAA Privacy initiatives••••••••••/••••• 4/••••• Predictive Systems (formerly Global Integrity)•••••Principal Consultant, Enterprise Security Services •••••New York, NY
Responsible for management and delivery of Enterprise-wide Information Security consulting services. Internal responsibilities include weekly and monthly management reporting, Quality Assurance documentation review and editing, and supporting the Sales organization on customer visits.
Customer engagements have included:
Enterprise Security and Risk assessments for numerous Financial, Government, dot-com, and Petroleum customers.
Developing methodologies and practices for selecting secure software products
Project management and Architect for an Entitlement system deployment
Project management and Architect for a PKI deployment
Project management and Architect for a De-Militarized Zone deployment
Content development and resources coordination for ten Security Guideline manuals
Performing network and system vulnerability scans for Insurance Assessments contract.

•••••4/••••• •••••/••••• Electronic Data Systems (EDS) (4/••••• •••••/•••••)•••••Director, Information Security Practice 1/••••• •••••/••••• •••••Charlotte, NC
Deliver Information Security consulting services to U.S. Based Financial Institutions. Responsible for management, profit, loss, sales and delivery of Practice services. Practice offerings included Security and Network assessments, Policy development, Architecture design and review, and Awareness program development assistance. . in new business development and the creation of RFP/RFI responses. Also, assisted customer on the following projects:•••••Technologist 9/••••• •••••/••••• Charlotte, NC
Provide senior-level Security Consulting, Project Management and Technical Support to a top-five financial institution. Technical Lead in new business development and the creation of RFP/RFI responses. •••••Production Control Manager 4/••••• - 9/••••• Brooklyn, NY
Managed application development, software installation, regulatory compliance, and system efficiency enhancements.•••••Project Manager 4/••••• •••••/••••• Bloomfield, NJ
Responsible for major project management and systems engineering. Responsible for all Electronic Banking (EFT, ATM, Home Banking) conversions, installations and enhancements.•••••Manager, Programming 4/••••• - 4/••••• Bloomfield, NJ
Managed departmental functions that included budgets, managerial reports and supervision of programming staff. Day to day duties included review of work assignments, operational and client support assistance along with any major project management which was in process.