A CISSP with over 22+ years of experience in the systems administration and network engineering fields with a focus on system and network security. I bring a vast amount of experience in DoD DIACAP and RMF requirements to government projects and PCI DSS in the commercial space, along with a wealth of practical experience in security requirements and implementations.
I strive to find a balance of security and usability with a common sense approach in order to manage costs. Allow me to help your organization meet your security objectives with a realistic approach and no over dramatization or the sky is falling. Feel free to contact me today to discuss your requirements.
Other certifications: PCI DSS Internal Security Assessor, PCIP, GIAC Penetration Tester
Systems and Network architect for the Global Positioning System, a USAF program. Working the continuous monitoring requirements under RMF and implementation and deployment of the ground control segment.
Mentor team members for continuous career growth and emerging technologies.
Design and implement performance improvement changes to the virtualization environment, reducing planned investments and saving costs to the program.
Provided consulting for a classified Navy program to get a new environment an approved Authority To Connect (ATC). This effort included reconfiguring the network to provide the appropriate segmentation using VLANS and Firewall controls. Perform STIG efforts on all network components.
Provided SME level support for the on-site DSS inspection.
Time to completion: 7 days
Performed as principle security architect insuring appropriate controls and implementation for continuous success in assessments by a third-party PCI QSA. Maintained PCI ISA certification for smaller Canadian operations and self-certification efforts. Provided all security architectural requirements, design, and guidance for all projects that involved IT, customer data and credit card data.
Quickly became the "go to" person for all things security architecture, involved in high level discussions with executive leadership on a continuous basis.
Port Graham, an Alaska Native company, was tasked by FEMA to develop the necessary communications requirements for rapid restoral of alerts sent via NOAA's towers. Through lessons learned from Katrina and the lack of availability of traditional communications lines, I performed as a principle engineer in creating rapid deployment and restoral of NOAA alerts and the Emergency Alert System (EAS) alerts. Due to the timing requirements of EAS, this proved to be a rather interesting challenge over traditional SATCOM channels.
Provided and implemented controls to meet DIACAP requirements, provided mitigations when necessary.