• Over twenty-five years of experience working in Information Technology. • Have assessed systems under FISMA, NIST, CMS MARS-E, State, PCI DSS, HIPPA, SOX, and SASE frameworks. • Expert in NIST SP 800-53 Rev. 4, IRS Publication 1075, C&A Policy, Processes & Risk Management • Certified Information System Security Professional (CISSP), achieved April 2002 (#29360) • Certified Ethical Hacker (C|EH), May 2010 • Performed PCI DSS 3.2, HIPAA, GLBA, IRS Safeguards, and Federal Certification and Accreditation Assessments • Extensive experience with Security Architecture design, policy, and implementation of internet facing networks and environments. • Architect and implemented Security Requirements for projects. • Developed assessment and Security Testing Methodologies, and testing plans. • Vendor Management for Security product vendors • Performed application Risk Assessments. • Developed and published Security opinion letters. • Developed and participated in enterprise Security standards development. • Developed high-level designs for Web-Based Architectures, firewall ingress/egress rules, IDS placement and rules, IP traffic management, Physical Security requirements, and other components. • Protocol reviews, and Trust Boundary designs. • Reviewed Java, C++, and VB 6-.net code for potential Security issues. • Designed and worked with teams to implement Security in both internally developed and off the shelf products (IIS, Apache, Weblogic Web server, IIS, many others) • Participated in over 100 projects as the lead Security SME. Worked within own department and others to transfer information about improving Security for projects.