23 Years - Experience Governance & Strategy Practice at Halock Security Labs
July 2011 - Present
Virtual CISO and Third-Party Risk Management Practice Lead currently managing multiple
information security management systems and both internal and external/service provider
assesssment programs based on ISO 27001/27002, NIST, HIPAA and PCI controls. Presented
findings and remediation projects to C-level sponsors and executive leadership teams.
Implemented Information Security Management Systems (ISMS) based on ISO 27001. Planned
and implemented Security Policy projects. Designed and implemented Incident Response plans.
Contributed intellectual capital to Halock's Professional Services Framework including reporting,
checklists, templates, testing methods and techniques, and research.
Page 1
• Third Party Risk Management
• Risk Management
• Risk Assessments
• Security Policy Standards & Procedure Development.
• Incident Response Development.
• ISO 27001 ISMS
• Regulatory Compliance Assessment and Program Development (HIPAA, GLBA, Sarbanes-Oxley,
etc.).
Information Security Officer at Wells Fargo/Wachovia
June 2005 - July 2011 (6 years 2 months)
Provide dedicated security resources to help educate and support the business units on security
controls and standards; establish security checkpoints in business unit processes; facilitate
ongoing compliance monitoring and security oversight; and provide security consulting to projects
using the ISO 27005 methodology. Led risk assessments to support due diligence for a global
financial institution looking to offshore business functions. Created and managed risk treatment
plans and remediation efforts for over 20 facilities. Initial phase of risk assessments was over 5000
hours.
• External/Internal Attack and Penetration Assessments (Ethical Hacks, Wireless Scans, MacAfee
Foundstone)
• Security Vulnerability Assessments.
• IT Audit and Risk Assessments.
• Network Server and Application Security Assessments.
• Security Policy Standards & Procedure Development.
• Regulatory Compliance Assessment and Program Development (HIPAA, GLBA, Sarbanes-Oxley,
etc.).
• Business Continuance and Disaster Recovery Planning and Testing.
Sr. Network Security Engineer at Wachovia, A Wells Fargo Company
June 2000 - June 2005 (5 years 1 month)
• Designed and implemented network security policies for network access. Developed and
implemented remediation plans for vulnerabilities assessment and mitigation. Designed, installed,
and managed multiple versions of Check Point Firewalls on the Sun Solaris and Nokia platforms.
Designed and implemented Symantec Raptor Firewalls. Led infrastructure upgrade for global
financial institution that include upgrading 300+ firewalls with multiple versions of Check Point
Firewall on the Sun Solaris and Nokia platforms to Check Point Next Generation Provider 1. Led
RSA SecurID dual factor authentication project for remote access and network infrastructure
administration on CISCO, Checkpoint, Nokia IPSO, Solaris and Microsoft equipment.
Page 2
• Expert Knowledge in Nokia Check Point Design, Implementation, and Support.
• Hardened the Sun Solaris and Windows NT/2000 Server operating systems.
• Installed and configured Check Point client VPN access to internal networks.
• Implemented Secure Shell SSH software for encrypted equipment access.
• Prepared security assessment reports for management detailing corrective actions.
• Performed security awareness training classes for staff.
• Managed Check Point Provider 1 and RSA Administration.
COMSEC Administrator at United States Marine Corps
June 1996 - June 2000 (4 years 1 month)
DOD Security Clearance: Top Secret
Small Computer systems specialists ensured the proper installation, configuration, and operation
of stand-alone and client- server information systems. Installed, operated, and maintained
microcomputers and Local and Wide Area Network (LAN/WAN) systems. Configured, optimized,
administered, and troubleshot microcomputer network hardware and operating system software
using Marine Corps standard network operating software and protocols.
• Managed twelve Marines as Platoon Sgt.
• Administered Classified Information Systems Operation and Maintenance
• Supervised and Implement an installation of moving an entire Unit’s HQ from a desk environment
to a field environment, while still being able to perform everyday administrative function during a
mach combat situation. 400+ end-users and systems.
• Perform technical analysis on computer system security procedures including personnel, physical
security, communications, emanations, hardware, software, and data
• Handled Top Secret Cryptographic Equipment and Documents.
Education
Strayer University (DC)
BS, Information Security, 2003 - 2007