[var] => content
[type] => preview
[var] => cut_url
Senior Security Specialist
Information Security Business Consultant
Accomplished Information Security/Business Continuity Manager and Information Systems Auditor. Over years in Information Technology, with of those years in the Security/Auditing environment. Main experience in IBM largescale mainframes, as well as AS/ systems, RS/ systems, Novell networks and Windows NT networks. Strong background in technical systems, audits and security protocols including operating systems z/OS. Strong background in a variety of security systems, including RACF, CAACF and CATop Secret. Well versed in a number of fourth generation mainframe languages. Strong background in project planning and execution, particularly relating to controls, security, planning, testing and execution. Background in SDLC protocols. Background in SarbanesOxley requirements, FDIC regulations, Comptroller regulations, UK Information Security Act, UK Privacy Act and ISO, RoleBased Access Controls RBAC, and DIACAP/NIACAP analysis and remediation.
Strong verbal and written communication skills, having successfully conducted Security and Disaster Recovery seminars. Published author and speaker on the topics of Information Security, Physical Security IT Audit, Disaster Recovery and Year issues. Also strong background in technical writing on RACF issues.
* Insurance, Banking, Financial, Retail, IT and Technology Firms
* SOX, HIPAA, PCI Regulatory and Best Practice Methodologies, DIACAP/NIACAP
* Published author and speaker on the topics of Information Security, Physical Security IT Audit, Disaster Recovery and Year issues
* Strong background in technical writing on RACF issues, CICS security, z/OS security
* Mainframe CA Software Installation and Knowledge Transfer
* Software: RACF, CAACF, CATop Secret, CACleanup, CAAuditor, Vanguard Suite, Consul
* Database: IMS, CICS, DB
* Language: COBOL, SQL, Easytrieve, BAL, JCL
* Utilities: ISPF, TSO, SDSF, PanValet, Librarian, Xpediter, Endevor
* Platforms: z/OS, VM/VSE, UNIX, Windows XP
* Networking: TCP/IP, SNMP/E, FTP
* Tools: IBM Utilities, VSAM, FileAid, TLMS, Changeman
* Microsoft: Word, Excel, Access, PowerPoint, Outlook, Project, Visio
* Northern Virginia Community College
* Indiana Vocational Technical College
* Transaction Segregation and Security for IBMSupplied CICS Transactions, September
+ Webcasts, in conjunction with NewEra Software
* CICS Command Security, May
+ KOIRUG Kentucky/Ohio/Indiana RACF User Group Meeting
* PENTLAND UTILITIES V. AN UPDATE RACF Update, MayAugust .
* THE DEATH OF RACF&;S OPERATIONS ATTRIBUTE or, how I&;m trying to kill it... RACF Update, November .
* CICS TRANSACTION SEGREGATION AND REGION CREATION CICS Update, part series, March/April/May also reprinted in RACF Update, May / August / December .
* RACF YOUR QUESTIONS ANSWERED RACF Update, August / November , February .
* BUSINESS CONTINUITY AND RACF RACF Update, November .
* PENTLAND UTILITIES REVIEW RACF Update, part series, February / May .
* BUILDING A SECURE DATA CENTRE Insight IS, October .
* RACF RESTRUCTURING RACF Update, part series, February / May / August / November .
* InfoSec, Inc.: Senior Security Specialist, Fort Wayne, IN
* NewEra Software: Member, Security Advisory Board in conjunction with InfoSec, Inc.
* Intellect Corporation: RACF Security Analyst, Lakeland, FL
* Blackstone Technology Group: Security Consultant RACF, Tokyo, Japan
* Global Sources IT: Security Consultant RACF, Bloomington, IL
* TEK Systems: Project Manager SOX Assessment, Southfield, MI
* Computer Horizons Corp: Sr Security Consultant, Westfield Centre, OH
* Qatar National Bank: Sr Security/Business Continuity Manager, Doha, Qatar
* Riyadh Bank: Sr Info Systems Security Analyst, Riyadh, Saudi Arabia
* SBC Warburg/UBS Warburg: Sr Computer Auditor, London, UK
* United Services Life Ins: Sr EDP Auditor, Arlington, VA
* Financial Technologies: Data Security Administrator / EDP Auditor, Centreville, VA
* Perpetual Savings Bank FSB: Senior EDP Auditor, Alexandria, VA
* Summit Bank: EDP Auditor, Fort Wayne, IN
* Lincoln National Life: Computer Operator, Fort Wayne, IN
* Developed a new security infrastructure to comply with regulatory requirements SOX, HIPAA, PCI, GLBA, and Banking regulations and best business practices.
* Technical project design and direction including development of security task lists, work lists, schedules and assignment, staffing, and execution, security implementation and remediation.
* Performed an indepth DIACAP analysis and remediation project for a large insurance concern, completing and clearing issues on the mainframe system ahead of schedule and under budget. Directed the work of three colleagues, generated the DoDrequired documentation and evidentiary materials, kept schedules and updates, and communicated with the client and the assessment firm.
* Development of RBAC Documentation and Implementation for a large insurance concern.
* Performed detailed analysis of mainframe security settings.
* Developed detailed audit process for z/OS security
* Developed detailed remediation process for multiple mainframe system.
* Developed highly detailed project plan for application testing.
* Remediation on security issues discovered via RACF assessment
* Worked on major RACF database clean up and restructuring assignments, the remediation of z/OS security issues outside of RACF, development of operating systemlevel change control processes, Kerberos implementation and policy development, integration of secured mainframe communications into a Macintosh network.
* Investigation, installation, and assessment of addon security auditing products to assist in RACF maintenance and cleanup.
* Assisted staff in security policy development
* Provided project management and direction on specific technical projects and assignments including security migration from native CICS/TS to RACF, native DB to RACF, native IMS to RACF, etc.
* Created a shared mainframe knowledge library, z/OS security audits, creation of a segregated mainframe LPAR for security testing, and other technical assignments as requested by management.
* Investigation of addon security reporting products to assist in RACF maintenance and cleanup.
* Development of a standardized RACF region creation structure and procedure for new CICS regions, ensuring adequate transaction segregation and security monitoring
* Developed comprehensive audit programs for z/OS systems.
* Development of specific SarbanesOxley audit tests to provide control assurance of several largescale application systems
* Created and led the execution of over discrete application tests, covering over control requirements.
* Assisted with SAS assessments for related service supplier
* Develop a ground floor security project, providing development of Project Plans, complete detailed task lists, highlevel policies and detailed job specifications for security project staff.
* Developed highly detailed project plan for security implementation based on SarbanesOxley, FDIC/Comptroller, ISO and other guidelines. Task list contained over specific line items.
* Developed highlevel Information Security and Physical Security policy documents
* Assisted in the development of selection processes and requirements for internal/eternal network penetration/vulnerability testing
* Created the Security and Business Continuity Department, hiring a staff of .
* Began a security centralization process across over separate computer systems and applications.
* Prepared emergency contingency/recovery plans prior to the Iraq war, including business recovery site.
* Performed analysis and administration of OS/ v. security with RACF v..
* Performed analysis and administration of upgrade of OS/ and RACF to v..
* Developed a wide variety of Information Security Policies, Procedures, Standards and forms on a wide range of subjects, including an Corporate Information Security Policy, Internet, Networks, Data Classification and Ownership, LAN and PC Security, AntiVirus, Encryption, etc
* Trained several Saudi IS Security Administrators on the use of RACF, as well as training them on networks, Internet security and other technical subjects
* Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environments, including mainframe, LAN/WAN and communications systems
* Developed a sophisticated audit work paper automation system, which used hypertext to allow for efficient crossreferencing of documents. Allowed for a paperless audit to be performed.
* Published an article in February issue of Computing Magazine included interview with me on Year and Economic and Monetary Union EMU planning.
* Spoke at Compsec &;, &; and &;, as well as other smaller conferences, on IT Audit Security and Control issues.
* Designed and implemented audit programs for examination of technical systems, including indepth examinations of CATop Secret and OS/MVS, as well as Disaster Recovery Planning and Testing.
* Aided in the development of the EDP Audit function for a multibillion dollar life insurance firm for U.S. military service personnel
RECOMMENDATIONS / REFERENCES
Available on Request