[var] => content
[type] => preview
[var] => cut_url
Timothy G. H.
Protection of critical infrastructure and corporate assets, by defending systems and networks from compromise, investigating security breaches, and strengthening enterprise security, supporting organizational goals and objectives
Work History Professional Experience:
March Present: Pulte Financial Services, Englewood, CO
Information Security Engineer Information Security Group Information Systems Division
* Senior security engineer responsible for security operations, including, incident response, forensics, vulnerability assessment, engineering/architecture, operations, administration, & management of network security infrastructure, Firewalls, IPS, VPN, WAF, SIEM, AV/AS, Endpoint Control, Vulnerability Scanners, Content Filtering,. Key contributor to development of corporate security policy and standards, secure configuration standards creation/testing/implementation, enterprise risk assessment activities, project level security assessment and security requirements development, ediscovery policies/procedures/standards.
* Implemented the company&;s first Computer Security Incident Response Plan, Vulnerability Management program, and established a cross organizational Computer Security Incident Response Team.
Feb Mar Qwest Services Corporation, Denver, CO
Lead Information Security Engineer Risk Management Information Security
* Conducted security evaluations and provided technical guidance and recommendations across the organization pertaining to information security, supporting corporate policy, standards and guidelines.
* Individual contributor on large scale info sec, corporate infrastructure, and service related projects providing technical security guidance and risk assessment.
* Vulnerability testing and reporting utilizing open source and commercial tools.
* Completed VoIP gateway analysis and risk assessment for carrier grade commercial VoIP infrastructure. Assigned Primary InfoSec Engineer to IPTV project. Duties included end to end architecture, product, system, application and process analysis & risk assessment. Developed asset based risk assessment framework and process.
* PKI infrastructure System Administrator Solaris/RSA based systems
Oct. Feb. Qwest Communications Corporation, Denver, CO
Supervisor Transport Security Technical Manager I //
Lead Security Administrator Network Element Security Ops Tech V / /
* Built a department providing security operations, administration, management and provisioning of an international telecommunications transport/switching network: SONET/SDH/DWDM//VOIP, as network grew from network elements to over ,. Responsible for Qwest Nationwide, contracted government & customer networks. Selected, hired and managed staff. Provided direction and management of department projects/initiatives, process, procedure, from conception to completion/implementation. Developed positive interdepartmental relationships at various management and organizational levels.
* National Networks subject matter expert SME and point of contact for network element security management, configuration, and deployment. Responsible for new technology security analysis and testing, vulnerability identification & mitigation, deployment recommendations, security operations integration. Provided input and recommendations to vendors for security feature enhancements. Responsible for security risk identification and element management issues, review of proposed architectures, providing mitigating solutions and recommendations. Engage and partner with Risk Management, IT Security, Systems & Technical Support, Provisioning & Installation, Operations and Engineering to work through issues, process, procedure, to resolution. Promote compliance with corporate security policy, procedures, and guidelines, best practices. Serve as interface to National Networks Operations in regards to Corporate Security alert process and vulnerability mitigation. Coordinate, facilitate and manage projects to implement security alert resolutions impacting production network elements.
* Designed & assisted in the development of scripts/programs to perform network wide security configuration changes to simplify user access management, provide intrusion and configuration change detection, increase department efficiency and productivity. Responsible for security management, access control, and auditing of element management systems. Sys Admin Windows , RedHat Linux servers. UNIX security administration, configuration HPUX, Solaris.
* Responsible for Incident Response/Investigations/forensics to document and report on service/circuit outage incidents.
* Identified security risks and designed a centralized access management platform for digital cross connect systems. Reviewed solutions, selected vendor and application, provided requirements, tested, configured, deployed and managed.
* First in the history of the company to deploy Linux and Solaris servers in Integrated Test Facility lab to support system and vulnerability testing of transport/switching devices and element management systems. Prior, no security testing of telecommunications devices was implemented. Perform testing, feature validation, and risk assessment for hardware, and software upgrades, using open source tools.
* Responsible for Identification and analysis of user community, development and configuration of user access and privilege models, development of user, vendor, and contractor access procedures, management of local and remote user and vendor access. Developed Sarbanes Oxley controls documentation and tested for internal audit, implemented quarterly testing and documentation to maintain compliance.
* Implemented real time intrusion detection with existing tools and element management systems. Managed development of syslog servers for centralized collection of SS logs and DCS link security configurations.
Jul. Oct. Rick Johnson & Associates of Colorado Denver, CO
Surveillance Operations & Investigations Manager
* Hired & trained team of surveillance and investigation specialists.
* Oversight and management of all surveillance activities and assigned case work. Conducted physical/electronic surveillance & investigations.
* Provided courtroom testimony in County & District courts, Worker&;s Compensation administrative hearings.
* Investigated wide range of case types Insurance fraud, domestic, civil, medical malpractice, sexual harassment, business intelligence, counterfeit goods, Internet Investigations.
Jan Jul Surveillance Specialists, Inc. Denver, CO
* Founded private investigation firm specializing in surveillance physical and electronic, insurance fraud, domestic issues, collections, asset investigations, public records & electronic database research, process service, etc.
* Responsible for all aspects of operations.
* Sold business & assets to Rick Johnson & Associates of Colorado .
Master of Science Network Security, Capitol College, Laurel, MD, GPA ./. honors
Bachelor of Science IT / NetworksTelecommunications, University of Phoenix, GPA ./.
Associate of Arts, General Studies, Arapahoe Community College, Littleton, CO,
Arizona State University Aerospace Engineering Major,
Professional Certifications & Memberships
GIAC Certified Forensic Analyst GCFA
GIAC Certified Incident Handler GCIH practical awarded honors, published @ GIAC.org
GIAC Certified Firewall Analyst GCFW
SANS Advisory Board Member
Infragard Denver Chapter
OWASP Denver Chapter
Military Experience / Education
Air Force Basic Military Training School,
Air Force Aerospace Warning & Control Systems Operation,
Colorado Air National Guard, E, Honorably Discharged
Security Clearance: Secret Not Active
SANS Computer Forensics, Investigation & Response
SANS Hacker Tools & Incident Handling
SANS Perimeter Protection InDepth
Cisco Systems Securing Networks w/PIX, ASA .
TippingPoint Advanced Technical Security Products
IP CISSP Prep Program
Ciena Multiwave Core Director OAM&P
Nortel OC/ S/DMS Transport Node Technical Overview
Implementing Windows Server Microsoft Certified Technical Education Center
Windows Network & Operating System Essentials Microsoft Certified Technical Education Center
Tellium Aurora Optical Switch Technical Training OAM&P
Nortel Dynamically Controlled Routing NPUP Course
Siemens OCU TEX OAM&P Workshop
Nortel TNXE / EC Operations & Maintenance
Tellabs Titan Fundamental Concepts & Lab
Cisco SDH Workshop
Networking Fundamentals / Webmaster Certification Course hours
Telecommunications Fundamentals WBT
DS, Frame Relay, ATM WBT
SONET Signals WBT