Feb 2019 – Present · 7 yrs 4 mos

Jan 2019 – Mar 2019 · 2 mos

Mar 2016 – Feb 2019 · 2 yrs 11 mos · Sacramento, California Area

• Serve as a member of the IT senior leadership team and provide direction and policy guidance as the Information Security Officer for the CDCR Agency. As a CISO provide direction on information security and privacy across all of CDCR's institution operations, parole, health and rehabilitation programs. Provide broad authority and management responsibility for protecting the privacy, confidentiality, integrity, and availability of CDCR information and services. Align services responsible for information security, privacy, and security operations to enable CDCR's service innovation and business objectives within acceptable levels of security and privacy risk.

Jan 2016 – Present · 10 yrs 5 mos

Jul 2011 – Mar 2016 · 4 yrs 8 mos

• Lead and manage a team of the State of California’s most technical information security engineering and operations experts to fulfill the agencies strategic IT infrastructure and risk objectives. As the Information Security Engineering manager main objectives include protecting the agency’s information and information processing assets. Manage vulnerabilities within the agency’s information processing infrastructure. Manage threats and incidents impacting the agency’s information resources. Provide security assurance through the implementation of technical controls to enforce the appropriate use of the agency’s information resources. Educate staff and technical teams about information security and privacy protection responsibilities. Essential Functions: • Develop, implement and manage the Agency’s information security program that supports business operations and aligns with the Agency’s mission, goals and objectives. • Ensure the Agency and all its member departments are compliant with all applicable legal, statutory and regulatory requirements. • Coordinate with the Agency’s departmental information security officers to ensure Information Security policy is developed, implemented and managed according to enterprise requirements. • Develop, implement, and manage agency information security program components including Risk Management, Audit and compliance, Information Security Governance, Incident Management Program, Security Awareness, Education and Training, Continuity of Operations and Continuity of Government Programs • Interface with the California Technology Agency on all policy matters and represent the Agency and its departments on security policy and standards workgroups.

Aug 2009 – Jul 2011 · 1 yr 11 mos

• Implementation in enterprise infrastructure information security architecture. Keep ahead in defenses against web borne threats. Implement enterprise malware solutions to dynamically detect and prevent malware based threats targeting the enterprise. Conduct malware analysis and research to implement and stay ahead of new attack vectors.

Jul 2008 – Jul 2009 · 1 yr

• Led the Enterprise Information Security Vulnerability Management Program/Compliance Monitoring Unit. Conducted vulnerability testing and penetration testing on all infrastructure including servers, networks, applications, wireless, printing.

Feb 2007 – Jul 2008 · 1 yr 5 mos

• Systems administration within an enterprise UNIX environment consisting of over 300 servers under the California Child Support Automation System. Middleware administration and support for WebSphere, Tivoli, TAMe, Rational products, DB2. Conducted server automation with Perl, Korn Shell, Jacl, and Jython scripting.
• Worked with Rational ClearQuest, ClearCase.
• ▪ Support and configure Web Application Servers (WebSphere) in a secure enterprise computing environment.
• ▪ Ensured security compliance for the IRS Data Safeguard audit
• ▪ Fallowed Unix security patch compliance
• ▪ Enforce operating system access control
• ▪ Perform technical troubleshooting, analysis, and problem solving in the UNIX environment.
• ▪ Design and implement shell scripts with Korn shell and Perl to manage security as well as performance logging.
• ▪ Support web and database systems on servers.
• ▪ Perform security patching compliance on UNIX systems.
• ▪ Act as a technical lead and provide Unix support for Software qualification testers and batch operators

Jul 2004 – Mar 2008 · 3 yrs 8 mos

• Provided consulting services providing security, systems integration and implementation services to local businesses within the financial, real estate, healthcare, and government industries.

Jun 2003 – Jan 2007 · 3 yrs 7 mos

• Worked under the Network Systems Division at State of California’s government data center. Teale Data Center is the State’s largest multi-purpose data center and currently provides data processing services to over 250 state agencies. The Network System Division supports and maintains CSGnet. CSGnet is a multi-protocol wide-area network which provides connectivity to over 1,100 customer locations around the State and supports many critical state-wide applications and services.
• ▪ Manage and maintain access controls within WAN systems and services
• ▪ Implement automation with scripting
• ▪ Administer Cisco routers and switches
• ▪ Work with local Telco’s to connect state agencies
• ▪ Provide technical support to customers
• ▪ Manage and enforce security in the WAN within government backbone
• ▪ Troubleshoot Cisco networking equipment
• ▪ Maintain SNMP network management tools