-
ARA
Sr. DevSecOps Engineer | Supervisor
September 2023 - Present (6 months)
Eglin, AFB
Analytic, Software and Engineering Solutions (ASES): Team Lead enhancing CI/CD pipelines, infrastructure, security automation, collaborating with cross-functional teams, implementing cutting-edge solutions & scalability. Leading security projects, Cloud Security Architectures: MS Azure, AWS & GCP, OpenStack, FISMA/FedRAMP, NIST 800/RMF/CSF/CMMC & continuous Authority to Operate (cATO) in a classified environment. Using Linux (RHEL/Ubuntu), Python/Bash, GitLab, Ansible & Terraform. Integrated compliance of security program & federal requirements. Continuous scanning, vulnerability assessment & management, penetration testing of multiple applications & infrastructure. (C#/C++, Java/JavaScript & Node.JS)
-
Mega Services LLC
Cyber Security Trusted Advisor
April 2023 - September 2023 (6 months)
Atlanta Metropolitan Area
Contracted to directly advise the President/CEO on Strategy, Technology, Operations & Service Delivery, Leadership & Management, addressing in depth Cyber Security needs. Automated Availability, Confidentiality & Integrity by capitalizing on experience in communications & architecture of security solutions. Automated Processes, Procedures & implemented AI solution (Azure/Bard/ChatGPT) to automate Cloud and Content Delivery Botify, Zoho, Python & JavaScript. In the role of CISO, supported Audit & Compliance: PCI-DSS & SOC II, Third Party Reviews, SAST/DAST & Cyber Threat Intel. Successfully completed project under budget and ahead of schedule.
-
TransUnion
Information Security Officer (ISO) | Advisor
April 2018 - April 2023 (5 years 1 month)
Atlanta Metropolitan Area
U.S. Markets Technology, requiring hands-on security engineering and architecture of security solutions. In-depth analysis and reporting in the Vulnerability Threat Management Program of Corporate Governance, Risk and Compliance (GRC). DevSecOps Advisor/Approver in the STAR process and PI/Agile sprints; SAST/DAST/SCA, OWASP, Kubernetes Orchestration & Management, Puppet. Improved Incident Response & Vulnerability Management; AgileCentral, Archer, BlueLava, Kenna, Splunk, PowerShell, Remedy & Jira. Leading projects, CI/CD, Cloud Security Architectures: MS Azure, AWS & GCP, FedRAMP, NIST 800/CSF & CMMC + ISO 27000. Ongoing PCI-DSS/PA-DSS, SOC II (1&2), Third Party Reviews, Internal Audit, PII/PHI Protection & M&A Policy Compliance.
-
Bank of America
Information Systems Security Engineer | AVP
December 2011 - April 2018 (6 years 5 months)
Atlanta Metropolitan Area
Global Information Security (GIS) – Led teams ranging in size from 3 to 7 employees and contractors. Supported Asset Inventory Management with context. Led results driven change using Factor Analysis of Information Risk (FAIR) and performed Third Party risk assessments for industrial clients using ISA/IEC 62443 in the GIS Transformation for the Audit & GRC teams. Led Cyber Threat Intel (OSINT), Metrics & KRI for IDS/IPS Incident Response: SourceFire/SNORT, after leading Exercises & Wargames (CAPP/QD2/FSISAC). Worked daily building coalitions and reporting using tools: SIEM, PKI, MFA, & ActiveDirectory (AD). ArcSight, Archer, PowerShell, PowerPoint, SharePoint, Visio, Excel, & OneNote.
