Experience

• 

  Nys lottery

  Apr 1992 - Dec 1999

  Information security officer

  • Designed, implemented and managed compliance for all IT Security program policies and procedures.• Advised executive management, internal and independent auditors in all areas of Information Security.

• 

  Metlife

  Dec 1999 - Jul 2007

  Senior it security consultant

  • Developed and managed Security Alert Response Team, directing multiple IT Engineering teams in researching security alerts, testing and deployment of software patches and service packs, resulting in 85% reduction in virus infections, receiving multiple company awards.• Acted as principal SME for infrastructure server configuration hardening procedures for all operating systems platform security.• Designed, implemented and managed both IT Risk Acknowledgement and Privileged Access Review processes reducing numerous IT Audit issues.• Completed daily and periodic vulnerability assessments/penetration tests of internet and intranet servers. Show less

• 

  Momentive performance materials

  Jul 2007 - Jan 2009

  Global it security leader

  Managed all areas of Information Security and Supervised 12 off-site contractors• Designed, implemented and enforced all IT Security policies, standards and procedures in alignment with ISO Standard 27001, establishing company Information Security Program. • Advised Executive management, IT Leaders and Auditors in all areas of IT Security in preparation for SOX compliance.• Received achievement award for project management, implementation and administration of Sun Identity and Access Manger products, transitioning over 100 application and OS platforms and over 6,000 identities from parent company to divested independent systems, in five months, ahead of time and under budget. Show less

• 

  Saic

  Feb 2009 - Aug 2009

  Information security specialist

  Consultant for Information Security Office of NYS Department of Correctional Services. • Created and updated Administrative policies and procedures to better align with Application SDLC. • Developed Application Security template for standardized review of new projects. • Completed Forensic investigations of hundreds of hard drives and storage devices to facilitate investigations by Inspector General’s staff. • Completed Penetration tests of subnets and applications of NYS DOCS systems, enabling secure deployment of new online Inmate Law Library system. Show less

• 

  Nfrastructure technologies

  Aug 2009 - Mar 2011

  Information security specialist ii

  Worked as Consultant for Information Security Office of NYS Department of Labor.• Conducted security assessments to determine compliance with Federal Unemployment Insurance confidentiality requirements.• Reported on identity and authentication control levels to ensure individual accountability on unemployment claims • Ensured sufficiency of existing controls regarding Federal New Hires data.• Completed Risk Assessments related to Social Networking, FTP processing, allowing Skype usage.• Set up Agency’s new forensic hardware and completed multiple forensic investigations, including providing technical representation for agency PERB hearing. • Acted as Security representative to both agency and Statewide Identity Management projects. Show less

• 

  Ge global research

  Mar 2011 - Oct 2013

  Infrastructure security analyst

  Worked as Identity and Access Management Leader for GEGR and business Highly Privileged Access (HPA) Lead. Acted as Lead for GE corporate-wide projects and initiatives.• Developed, managed and executed global strategy for identity, access and authentication management, reducing numerous design defects, while providing more stable and accurate identity management system.• Performed as Business Policy Owner for multiple security policies, completing gap analyses and leading global remediation and compliance projects.• Lead multiple global projects to develop SOPs, Standards, Policies and Processes to control network device and other Privileged Access to remediate corporate Audit findings.• Established first automated global password controls for distributed accounts. Show less

• 

  Mvp consulting plus, inc.

  Oct 2013 - Jun 2017

  Information security consultant

  Consultant for Information Security Office of NYS Public Safety Cluster• Augmenting the Office staff and teaming to perform regular monitoring and incident response duties. • Working with Qualys, WebInspect, Wildfire, Symantec and other tools to scan for vulnerabilities and maintain compliance for the multiple agencies within the PS Cluster.• Participating in Statewide ISO Standards and Policy development workgroups• Developing Cluster IT Security procedures based on statewide standards.• Performing Security Reviews of various product under consideration by the Cluster agencies Show less

• 

  Tag solutions

  Aug 2017 - Jan 2018

  Senior security engineer

  Providing risk and security assessments to clients that meet regulatory and company specific information controls Providing planning, implementation and support for customer information security programs and controls Creating documentation to support information security practices Managing information security programs and projects

• 

  Cyberstone

  Aug 2017 - Jan 2021

  Senior cyber security consultant at cyberstone

  Providing risk and security assessments to clients that meet regulatory and company specific information controls Providing planning, implementation and support for customer information security programs and controls Creating documentation to support information security practices Managing information security programs and projects

• 

  Retired information security professional

  Jan 2021 - now

  Retired information security professional