Oct 2016 – Present · 9 yrs 7 mos · Denmark · Remote

• DevSecOps practices with a focus on cloud agnostic solutions using open source tools such as Terraform, Ansible, Packer and Vagrant
• CI/CD Security
• Azure DevOps
• IaC Scanning
• Docker Image hardening and Security
• Cloud Greenfield projects (AWS, Azure, GCP)
• Cloud Development (migrate apps to the cloud, leveraging cloud-native services)
• Cloud security and privacy assessments, pen testing, complete initial setup of Policies, AD Federation, Roles etc.
• Mobile application testing & hardening recommendations
• API Management (security, rate limiting etc)
• Threat Intelligence/Hunting and Incident Response experience using open source frameworks such as Buscador/OSINT, SANS SIFT, FireEye FLARE, and Enterprise Tools such as Recorded Future, Crowdstrike Falcon, Cyberproof Intsights, Orca, Sentinel, Mitre Attack Framework DevOps Implementation

Jul 2014 – Oct 2014 · 3 mos · Portland, Oregon Metropolitan Area

• Senior Cyber Security Analyst that provides cutting edge, innovative, and thoroughly-vetted finished intelligence products, including high-quality papers, briefings, recommendations, and findings to senior-level decision makers and executive management. Work a rotating schedule that includes night shift to support 24/7 a week environment model at Nikes Secure Operations Center (SOC). Leverage knowledge of industry best practices, good judgment, and problem solving skills to execute security operations. Use Splunk and FireEye CMS, among other tools for security response to triage security issues. Respond to alerts and make good decisions under pressure and quickly adapting to any security challenge.

Apr 2014 – Jul 2014 · 3 mos · Portland, Oregon Area

• Security Analyst position in the Information Risk and Compliance department at Portland General Electric (PGE). Responsible for the assurance and protection of organizational information assets. This position assesses complex IT systems, develops remediation plans, and recommends and implements processes improvements to Information Security Program efforts.

Nov 2013 – Sep 2016 · 2 yrs 10 mos · Anywhere, USA

• Responsible for the design and development of innovative security architectures for protecting data deployed into customers cloud. Consulted on security vision and strategy around cloud-based applications, across all types (Infrastructure, Platform, and Software).
• In charge of assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development, application security, data protection, cryptography, key management, identity and access management, network security) within SaaS, IaaS, PaaS in cloud environments.
• A strong security posture in direct interaction with (Devops team) deployment orchestration, automation, and security configuration management (Jenkins, Salt, Terraform).
• Develop threat model for specific subscription (Azure), accounts (AWS)

Nov 2010 – Feb 2012 · 1 yr 3 mos · Washington DC-Baltimore Area

• Provided Information Assurance (IA) analysis and certification and accreditation (C&A) expertise to IRS Safeguards Program. Reviewed security requirements, products, configurations, and IA architectures necessary to ensure the government and vendor's security architecture and associated accreditation documentation meets Internal Revenue Service requirements. Provided advice and recommended direction on IA and C&A matters. Provided programmatic support in a dynamic and challenging environment. Participated and collaborated in team meetings to coach program managers and IA practitioners through certification and compliance processes, and track critical IA processes and elements through use of automated and semi-automated tools. Maintained the accurate, steady, and consistent flow of information in response to client direction through established processes. Enhanced existing IA doctrine and processes through application of project management skills. Served as primary action officer or project management liaison as necessary.

Dec 2005 – Apr 2010 · 4 yrs 4 mos · New York City Metropolitan Area

• Member of the Policy and Compliance group with the firm’s Global Information Security department. This position encompasses multidisciplinary skills such as Project management, Auditing, and Network security analysis. Developed within a multitasking environment were the ability to communicate effectively and influence IT leadership, staff, and stakeholders within the Global community to implement security recommendations and embrace the compliance framework. The ‘Code of Connection’ is the firms approach to ISO 17799, sets a baseline for security policy guidelines and standards for secure applications and services worldwide. The Code of connection is dynamic in nature and will evolve with the technologies and changes the firm will engage in the next years. These regulatory cannon is of worldwide application therefore the need to develop and maintain strong, collaborative relationships with all levels of technical and Non-technical peers in Ernst & Young and the Global partners worldwide is a must. Code of Connection designated 12 countries to be audited, discovery, data collection, interviewing, analysis, reporting, remediation and telecommunications hosting are of direct responsibility and within the positions range of accountability. The position required previous systems and security architecture as well as a high level of adaptability and technologies comprehension to understand and develop an efficient methodology for the audits. Create internal guidelines using NIST’s publications and oversee the proper implementation.

May 2005 – Sep 2005 · 4 mos · Anywhere, USA

• Responsible for providing IT Security Advisory and Accreditation services to ensure that the firm’s internal IT infrastructures, applications and services are compliant with PwC’s global IT Security policies and standards and industry best practices. In addition to performing IT Security Risk Analysis reviews for existing PwC applications, the ISTO will be responsible for conducting RA analyses for IT projects prior to implementation. The ISTO will also be required to respond to day-to-day enquiries and activities. The role necessitates an ability to communicate effectively and influence IT leadership, staff and other stakeholders within the South and Central America region’s territories to implement security recommendations. The ISTO will also engage with the business on a range of information security areas including security policies & standards and security awareness. Consult territories on all security matters including Firewall configuration (Checkpoint/Cisco PIX) and VPN implementation.

Oct 2004 – May 2005 · 7 mos · Greater Atlanta Area

• Coordinate with vendor contacts to research and evaluate new technologies, recommend new projects to management and implement those which are purchased, and review/maintain firewall policy and logs. Maintain security policy, work with management in multiple departments to balance security goals with functional requirements, and document current security policies and procedures and make recommendations to management for changes where appropriate. Additional responsibilities include coordinating Incident Response efforts during virus / worm outbreaks, reviewing the security posture of current network architecture, systems, and applications, and making recommendations to management when appropriate and implement approved changes. Duties also include responding to second-tier user support requests when necessary and other duties as assigned. Ability to assume duties of clients Information Security Officer outlined in board of Director's Security Policy.

Aug 2001 – Sep 2004 · 3 yrs 1 mo · New York City Metropolitan Area

• Accountable for managing, enhancing and supporting outsourced security operations for JPMorganChase client. Team member of 10 accountable for administering security procedures on client’s multi-platform environment, consisting of more than 96 applications, including Windows NT, Novell NetWare and AS/400 platforms. Manage and monitor internal security for more than 14,000 users across WAN. Administer and monitor security infrastructure for Novell NetWare and Lotus Notes systems. Introduce new processes, procedures and technologies to reduce vulnerability. Accountable for overall success of assigned projects, from initial needs assessments and design through implementation, configuration and customer satisfaction. Direct all aspects of projects, including project planning, scheduling and tracking. Manage risk assessment, issue resolution and change management initiatives. Facilitate internal and external audits to identify vulnerability and risks, and implement additional controls. Evaluate security features of new software to ensure compliance with access control policies, prior to deployment into environment. Perform user access certifications to ensure compliancy with internal IT Control Policies and government regulations. Train new Security Administrators on technologies and procedures. Was originally brought in as a Consultant and hired within 2 months.

Dec 2000 – Mar 2005 · 4 yrs 3 mos · Washington D.C. Metro Area

• Responsible for administering, optimizing and enhancing technical infrastructure to optimally provide support to users throughout Kingsbay and Bethesda bases. Team member of 20 accountable for supporting and upgraded LAN/WAN infrastructure consisting of Windows NT/2000 servers and desktops. Manage user accounts in Active Directory, Exchange 2000 and SIPRNET networks. Perform security maintenance on local PDC. Analyze and resolve hardware, software and networking issues.