Gulfport, Mississippi, United States
Chief Information Security Officer | CISO Connect with me using: ►►► [email protected] ◄◄◄ All Invitations to Connect Welcome LION – LinkedIn Open Networker *************** Recruiters, HR Managers, Hiring Managers, CIO connect with me to get access to my network deep in industry leadership. *************** Strong leader and highly experienced executive excelling in the creation, execution, and management of comprehensive information security systems for corporations and governmental entities. A rare blend of deep technical skills and business acumen with a deep knowledge of international laws on privacy and the security of information. Able to effectively communicate with audiences ranging from deeply technical system administrators and engineers to the Board of Directors of billion dollar corporations. Policy maker able to originate security standards and procedures in fulfillment of critical federal, state, and industry requirements and in accordance with changing corporate requirements. Experienced in controlling multi-million dollar budgets, both operational and capital. Project of note, in 1998, designed, implemented, and operated the first global commercially successful Voice over Internet Protocol (VoIP) network. Respected professional offering 20 years of national and international technology management. Creative thinker and analytical problem-solver with demonstrated ability to manage projects from planning through execution/completion under the pressure of fast-paced, time-sensitive environments. Extensive experience managing both domestic and international business and technology programs. Experience working as a senior Scientific, Security and Technical Advisor for the White House (OMB) Hands-on experience leading all stages of software application development efforts, including requirements definition, design, architecture, testing, and support. To brainstorm and collaborate from any of these perspectives, call me at 919-449-7495.
Conduct Factor Analysis of Information Risk (FAIR) consulting and integration into client enterprise risk management programs Conduct client Business Security Assessments (BSA) and advise on recommend technology and process improvements. Conduct Qualys scans and compare results with FS-ISAC and US CERT data and then prepare recommend global organizational corrective actions. Vulnerability Reduction: Review all monthly Qualys external, internal and Web Applications scanning with an emphasis upon Cross-Site Scripting (XSS), and SQL injection vulnerabilities. Conduct scans looking for CSRF vulnerabilities specifically looking for referrer headers, and non-standard browsers or plugins that allow referrer spoofing, and lack tokens that are not within policy. Address logic flaws by hand verifying configuration, LDAP (SSO) and checking document object model for out of place values or parameters. Prepared and present report findings and next steps for adoption of necessary security and IT actions utilizing Governance, Risk and Compliance (GRC) systems Administer and analysis scanning to locate vulnerabilities within the infrastructure and software deployed Lead the project to determine new software value to increase security situational awareness. Utilize Monte Carlo, Six Sigma and value stream mapping to reduce security process stages and increase controls.
Attending networking events Researching Industry Leaders Tracking Industry Trends Participating in Industry Discussions
Primary leadership force of information security and the privacy protection of the electronic protected health information (EPHI) medical records system operations, providing the overall information security management of information technology assets. Developed comprehensive policy set aligned with numerous government regulations and international standards through a crosswalk process to ensure complete coverage. Ensured comprehensive risk management and regulatory compliance for the protection of health records, and delivery of information security services to protect the electronic medical records. Lead the effort to resolve Identity Access Management & Enterprise Security Architecture compliance challenges to address regulatory compliance mandates including HIPPA, HITECH, HITRUST, PCI DSS, ISO 27001/2, FISMA, NIST, FIPS, Sarbanes Oxley, SOX, SSAE16, EU Data Protection, and GLBA. Lead the corporate Business Continuity Planning (BCP) and Disaster Recovery (DR) program.
Interim Chief Information Security Officer (CISO) Ensured overall system security in compliance with federal, state, and industry law and regulations as the highest-ranking security executive company-wide. Assessed and upgraded all security technology as necessary, continually reviewing firewalls, intrusion detection/prevention systems, monitoring systems, analytical engines, and encryption systems. Directed vulnerability assessments as well as penetration tests and any required remediation. Orchestrated the completion of medical internal and external audits. Collaborated with senior staff in several mergers and acquisitions due diligence (M&A) and integration of new subsidiaries into the corporation. Collaborate with corporate C-level management teams and subsidiaries to provide concrete guidance in information security governance and enterprise security management challenges.
Managed the development, design, implementation, and operation of the CDC Global Disease Detection network, statistical analysis and classification. Directed CDC Bio-Medical Informatics software application development and field testing. Research member of CMS and CDC electronic health records study. Managed CMS data center operations, and implemented a three tier architecture and increased DASD (storage) Oversaw the CMS modernization architectural blueprint tactical and five-year strategic plans. Directed the operation of the CMS data center, application development including finance payment systems. Directed the response to proposal (RFP) design and implementing of technical solutions for both commercial and public sector customers such as Nike, Bellsouth, Port Authority of NY and NJ, NYC MTA, Housing and Urban Development, Centers for Disease Control, White House, and Center for Medicare and Medicaid. Redesigned the USPS ERP financial EDI and lock box and payment infrastructure and process. Managed the design and implementation of an integrated Critical Infrastructure, Command and Control Systems, Communications, Cyber and Physical Security infrastructure for NYC MTA Appointed as the LM advisor for the joint NY/NJ Port Authority, DoD research program developing a real time decision support system and cross platform communications for the Regional Information Joint Awareness Network. Managed the implementation of several ITIL and Six Sigma process improvement programs.