Experience

• 7 Delta Inc

  Practice Director/ Security Architect

   Advised and led technical security architecture projects for various business services teams. Managed a range of information security enterprise projects. Monitored security and storage product sales. Worked with IT, technical operations, and development teams to foster tolerablesecurity best practices and ensure for uniformity.Communicated with vendors, outsourcers, and contractors to evaluate legacy and state-of-the-art security products. Authored and reviewedsecurity documentation for operational handoff. Worked with professional services and security product teams to redefine acceptable best practices to support the alliance-partner relationship enterprise project efforts

• Cisco

  Project Manager

  Principle Consultant –
   Managed small, medium-to-large-size security projects, such as SCRUM Master. Assisted with the remediation and mitigation plan of OpenStack Vulnerability management processes. Liaised, advised, and aligned suitable technology and security measures for vulnerability remediation. Planned and ensured that assigned projects complied with the overall program scope ,i.e., schedule and quality assurance. Advocated, monitored medium-to-large-scale project progress, and developed technical metrics and solutions to support the customer. Researched on inter-disciplinary technological areas, such as OpenStack security. Investigated and stayed abreast with the rapidly evolving technology landscape. Briefed senior management on the project development focusing on vulnerability assessment and risk mitigation.Assessed and conducted vulnerability scans, data exploitation, automation, and JIRA tenant dashboard reporting. Monitored and tracked mitigation activities and conducted ad-hoc scans using Metasploit and available assessment tools. Tested and traced system vulnerabilities using RallyAgile Project Management tools. Liaised with data center DevOps/DevSecOps teams in the report of OpenStack system logs and remediation

• Norfolk Southern Corporation

  Security Architect

   Developed functional and viable security solutions to address external business partner’s technical challenges. Architected, deployed, configured, and maintained cloud platforms, i.e., mobile security, other security responsibilities include:providing technical support amid vulnerability assessment, risk assessment, network security, product evaluation, and security implementation in a large corporate enterprise. Conducted system technical assessments and aided in the establishment of new security policies and standards. Analyzed and steered security product evaluations and made applicable recommendations for further improvement. Participated and supported the AWS/Azure enterprise deployment of cloud platforms and applications in support of the organization’s IT modernization. Applied vulnerability assessment and management tools to help minimize security incidents, risks, and threats. Performed static and dynamic code scanning and testing to identify potential vulnerabilities affecting the infrastructure. Assisted with defining, implementing, and maintaining information security policies, standards, and procedures. Tested and performed audit log reviews to assess the overall infrastructure security posture

• DXC Technology

  Security

   Architected technology efforts such as product assessments, risk assessments, performed evaluations, and completed deliverables. Coordinated system performance diagnoses and scalability assessment activities in support of the mission. Architected and engineered cloud solutions to support the AWS and Azure deployment and sustainability efforts. Planned, harmonized, and supported the organization’s IT vision &cloud strategy work products, technology, and product analysis: white papers and responses/inquiries on various technology and product topics. Drafted and defined technology-based business solutions. Led and guided small-to-medium project teams on how to interact with emerging technologies.Reviewed and approved design decision model processes to warrant the established level of authoritybefore entering the implementation stage of the SDLC.Collaborated with team members on areas involving IT strategy, technology innovations, and enterprise architecture services. Evaluated and diagnosed production and technical issues to improve daily operational posture. Technologies included Privileged account management (PAM); CyberArk, Xceedium, Rapid 7 Nexpose, Cloud Passage/Halo, SailPoint Identity IQ, SecurityIQ, and ForgeRock OpenIDM and OpenAM. Assisted in the implementation of best practices, techniques, and solutions forthese complex projects. Supporting the lead architect in the creation of solutions for the IAM managed service provider (DXC Technology) using ForgeRock OpenAM and DS and IDM
   Architected privileged uses access solution using OpenIDM
   Supported DXC technical delivery staff by creating a combination of SABAS/TOGAF architecture

• Emory Healthcare

  Senior Information Security Analyst

   Managed the enterprise IATRIC healthcare-Risk IT integration deployment. Developed security procedures to support the Electronic Health Record (EMR) modernization effort and MEDITECH system project implementation. Created and assigned user profiles using IATRIC Security Audit Manager (SAM). Led the external and internal risk assessments and improved risk mitigation plans. Reviewed and enforced the organization’s compliance with the Medical Center’s Health Insurance Portability and Accountability Act (HIPAA). Developed, refined, and realigned information security policies to support the organizations adopted architecture plans. Evaluated, real-time, Advanced, and Persistent Threats with Palo Alto next-generation firewalls. Developed security policies and agile requirements for the next-generation security firewalls. Performed enterprise vulnerability scans with Nessus and Qualys cloud-based tools. Mitigated security risks and assessed system threats for remediation. Analyzed privacy & security incidents and provided senior management with acceptable recommendations as deemed necessary

• (ISC)²

  (ISC)² members wanted a way to educate the most vulnerable members of society – children. The Safe and Secure Online (SSO) program was introduced in 2006 in conjunction with Childnet International, and brings (ISC)²’s information security expert members into classrooms to help children ages 7-14 learn how to protect themselves online and become responsible digital citizens.