2004 to Present: Bank of America – Corporate Audit: Vice President, Senior Auditor in the Cyber Monitoring & Investigations Group
- Used automation as a primary method to perform testing. This improved
- Designed and led Audit’s first independent cyber monitoring and investigations program where numerous insider threats were discovered & corrected before risks were realized.
- Evaluated the effectiveness of same with first and second line risk partners.
- Engineered Audit’s first application source code assessment program. Then led execution where numerous internet facing vulnerabilities were unearthed and remedied before exploits were exercised.
- Chief liaison for encryption compliance directly and indirectly executing reviews for credit card applications (PCI) and its immense interchange network and infrastructure throughout the banks global financial network.
- Architected and automated at the scale of the company Audit’s first Active Directory and RACF access control measurement program. For the first time Audit began independently assessing its multiple role and discretionary based access review frameworks within the business.
- Assessed, deliberated and reported control effectiveness for all aspects of the master data governance, classification and quality assurance programs.
- Identified regulatory technology requirements, determine methods to apply or address, then monitored oversight to assure regulators, customers and shareholders its control effectiveness is sustainable.
- Effected numinous improvements to enterprise information technology (IT) policies and system baselines. Determined scope and objectives for complex technology audit programs and testing criteria.
2001 to 2004: TeliStar – Principal & Senior Technology Security Consultant
- Architect and led onsite inspections for Bank of America’s critical suppliers within corporate audit. Provided direct oversight evaluating the effeteness of supply chain compliance with internal Global Information Security. Established than directed oversight of supplier remediation efforts. Directed the reading and redlining of contracts and service level agreements (SLA).
- In partnership with Odell International built the application and technology infrastructure for the construction of the Military Medical Complex in Riyadh and UAE in Saudi Arabia.
- General consulting at large performing intrusion and vulnerability assessments for companies like BASF, BMW and Stabilus.
- Expert analysis skills to implement countermeasures immediately reducing risk exposure
1996 to 2001: Hoechst Celanese – Chief Firewall & Security Architect
- Architect providing the IT security designs for DMZ, intranet and extranets for its international chemical and pharmaceutical corporations.
- Down-sized and de-merged these complex networks with three fortune 500 companies.
- Integrated firewalls, virtual private networks (VPN) and commerce solutions throughout the U.S., Asia, and Europe.
- Implemented countermeasures to reduce risk and provided designs for continuous monitoring.
- Implemented encryption technologies such as IPSEC, HSM, PGP, SSL, SSH, Secure FTP and VPN.
- This included Public Key Infrastructure (PKI) CA design, piloting, implementation and the operational adoption of user, service tokens and computer certificates.
1992 to 1996: Duke Power – Senior Problem Resolution Engineer
- Preformed network analysis for debugging the performance and capacity of business applications and network infrastructure (DNS, DHCP & VPN) used throughout the utilities wide area network (WAN).
- Disseminated innovative expertise in analyzing, diagnosing and resolving complex IT problems without existing guidelines or procedures.
- Severed as expert using Ethernet, Token ring, FDDI network packet analyzers for advanced protocol troubleshooting in all layers of the OSI model.
1986 to 1992: ComputerCare – Partner & General Manager
- Designed turnkey network and application solutions for U.S. Government agencies; U.S. District Court, U.S. Attorneys, Bureau of Prisons, FBI and DEA.
- Responsible for managing service and support contracts with key relationships in diverse IT implementations while supervising four field engineers.
- Doubled hardware sales during first two years and captured 13% of sales in new banking-related business by conducting software training, troubleshooting and consulting services the third year.
1984 to 1986: TRW Defense Group – Programmer
- Contractor working in the beltway area of Washington D.C. on various defense and intelligence efforts.
- Maintained a Top Secret government clearance.
1978 to 1984: United States Army – Air Traffic Control Radar & Navigational Aids Electronic Technician
- Assigned to the U.S. Army Communication Command (Information Systems Command) at fort L.J. McNair supporting the Military District of Washington (MDW).
- Detached to the Pentagon servicing radar, computer, encrypted communication, transponders and navigational equipment at the heliport and other metropolitan aircraft landing zones.
- One year of duty in Seoul Korea at K16 repairing Identification Friend or Foe surveillance (IFF) transponders, computers and Surveillance & Ground Control Approach radar.
- Honorably Discharged, Good Conduct, Overseas and Army Service Ribbon, maintained a secret security clearance and qualified as Sharpshooter with M16.