
Information Security & Enterprise Architect ● Seeking Opportunities CISO/CSO, VP/Director ● Contact Me ►http://CISO.ME◄
Greater Chicago Area

Information Security & Enterprise Architect ● Seeking Opportunities CISO/CSO, VP/Director ● Contact Me ►http://CISO.ME◄
Greater Chicago Area
One of the leading Information Security practitioners, certified, highly accomplished Information Security Architect and Visionary with a proven track record of successfully completing complex technical projects, disciplined budget holder, effective communicator with experience in managing multi discipline and multinational teams.
I engage in a wide variety of complex Information Security projects throughout the United States assisting organizations meet their security objectives in difficult situations and tight deadlines. My work focuses on the large global corporations and the federal government addressing their concerns designing and managing technical architectures.
Identity Management:
Sun Identity Management, Federation, RSA ClearTrust, CA Siteminder, CA Identity Manager, Oracle Oblix, OpenSSO, IBM TAM, RACF, ACF2 and Top Secret.
Ethical Hacking and Penetration Testing:
Nessus, Nmap, Metasploit Framework, Wireshark, Qualys, NetIQ and OWASP’s WebScarab
Firewalls, IDS, NAC, DLP and Routers:
Cisco ASA/PIX, Juniper, Microsoft ISA, Checkpoint, Snort, Untangle, McAfee Network Security Manager, FreeNAC, PacketFence, Vontu and Websense.
Business Applications, Middleware and LDAP:
Sun Directory, OpenLDAP, Injoin Critical Path Directory, CA eTrust Directory, Microsoft Active Directory, Meta/Join Directories, WebSphere, WebLogic, Cold Fusion, J-Run, Tomcat, New Atlanta, CA TransactionMinder, Microsoft Exchange, IIS, SNA, WebTrends, Lotus Domino/Notes, Novell eDirectory, Vignette, Broadvision, Corporate Yahoo Portal (Tibco), Plumbtree and Interwoven.
Community Involvement & Philanthropy:
A leading member of the Technology Leaders Association (TLA), a Chicago based executive level networking forum that enables the career development needs of senior information technology (IT) professionals. Founder of the TLA LinkedIn Group one of the largest and popular networking sites for IT executive professionals world-wide.
Information security, network, application, ethical hacking, risk management, disaster recovery, policies and procedures, security architectures, awareness, speaker, single sign on, identity management, IT governance, Federal certification & accreditation, Federal Information Security Management Act (FISMA), NIST, SOX, HIPPA, ISO 17799, COBIT and project management.
(Non-Profit; Information Technology and Services industry)
October 2009 — Present (2 months)
A private-sector volunteer with an inherent concern for national security. Driven to protect our own industry and further motivated to share professional and personal knowledge to safeguard the country. Connecting to a national network of Subject Matter Experts (SMEs) communicate with federal law enforcement and government agencies through national local InfraGard chapters, and contribute to the security and protection of our national infrastructure from threats and attacks.
(Non-Profit; Information Technology and Services industry)
July 2008 — Present (1 year 5 months)
Served a subject matter expert developing the foundation of CompTIA's Security Trustmark Certification program. Trustmark is a vendor neutral accreditation around security business capabilities and processes that have been agreed upon by the IT industry to promote generally accepted security practices that will invoke the trust of end-users.
• Developed the Trustmark Assessment Training Program.
• Developed the Trustmark Assessor Certification Examination Program.
• Developed the Trustmark online assessment database system.
• Participated in several alpha and beta assessments nationally fine tuning the program prior to official launch.
September 23, 2009
Selected security expert and distinguished panelist in CompTIA's Industry Mentors Program Resource Center. The program makes available to association members a volunteer panel of experts who can answer tough business questions and offer options for long-term guidance on these issues. The CompTIA Member Resource Center brings together in one community leading experts and thought leaders in areas that have a daily impact on business operations and success.
(Publishing industry)
January 2008 — Present (1 year 11 months)
CSO (Chief Security Officer) Magazine
Data Breach Fallout: Do CISOs Need Legal Protection?
Since the security executive is on the hot seat after a data breach, some industry experts suggest CISOs get themselves some form of liability protection. The downside is that such protection could shield those who deserve the blame for an incident.
http://www.csoonline.com/article/440108/Data_Breach_Fallout_Do_CISOs_Need_Legal_Protection_
How to Succeed in a Two-Faced IT Security Job Market
More companies are hiring CSOs and moving security tasks in-house. But that doesn't always mean more jobs (article and 3 audio clips).
http://www.csoonline.com/article/501117/How_to_Succeed_in_a_Two_Faced_IT_Security_Job_Market
BusinessWeek
Are H-1B Workers Getting Bilked?
Overseas companies are accused of underpaying foreigners on work visas—and hurting U.S. wages.
http://www.businessweek.com/magazine/content/08_06/b4070057782750.htm
Corporate Bold
Co-Author
Corporate Bold is a book about what today’s corporate professionals need to think about in order to thrive in tomorrow’s corporate structure. The book is currently is in the final stages and is slated to be published in late fall 2009. It will be available through Barnes & Noble bookstores and BN.com.
(Non-Profit Organization Management industry)
November 2007 — Present (2 years 1 month)
One of the leading members of the Chicago based executive level networking forum that enables the career development needs of senior information technology (IT) professionals.
Currently serving the 2,300+ membership in the Chicago IT community network out for opportunities and assist them sharpen their networking skills.
Founder of the Technology Leaders Association (TLA) LinkedIn Group that has become one of the largest and popular networking sites for IT executive professionals world-wide. There are 5,200+ members where some of the best IT executive talent network and provide valuable insights to the global information technology community.
Organized and hosts the evening sessions of the TLA meeting to accommodate the growing membership making it more convenient for the executive IT community to participate. The formal meeting provides structured networking techniques used at most major executive transition groups. It is meant to be a powerful method of generating ideas that might help each of our searches. Informative guest speakers also participate delivering topics of interest affecting the IT industry.
Currently researching the feasibility of delivering the structured networking techniques in the TLA meeting format via Webinars and Web 2.0 technologies to the TLA's global membership outside of the Chicago metropolitan area.
TLA is about colleagues helping colleagues where I have helped the membership consisting of CIOs, CTO's, CISO's, VPs, Directors and Senior Managers across companies and industries committed to networking as a means of building and maintaining strong business relationships and their professional edge.
(Information Technology and Services industry)
January 1996 — Present (13 years 11 months)
Information Security Executive, Architect, Project Manager, Instructor and Engineer for Fortune 100 Corporations and the Federal Government managing, designing and implementing security architectures. Responsibilities include the delivery of security analysis, architectures and recommendations implementing new technologies into existing enterprise environments. In addition, providing project group leadership, budgets, forecasting, headcount, resource allocation, deployment, move planning, logistics, recruiting, team building, process design, methodology, mentoring and development of IT staff.
(Information Technology and Services industry)
September 2008 — January 2009 (5 months)
Corporate Bold is a book about what today’s corporate professionals need to think about in order to thrive in tomorrow’s corporate structure. The book is currently under development and is slated to be published in Spring 2009 and will be available through Barnes & Noble bookstores and BN.com.
(Public Company; 1001-5000 employees; DV; Higher Education industry)
March 2008 — June 2008 (4 months)
DeVry University - Oak Brook Terrace, IL
Technical Security Project Manager
Served as a technical security project manager for various infrastructure and security projects. Spearheaded the projects from design to production implementation with an emphasis in security and managed teams ranging from 5 to 26 staff members.
• Managed the replacement of Checkpoint/Nokia with Juniper firewalls for the corporate data center and twenty six university campus locations.
• Initiated the Data Loss Prevention and Network Access Control projects and participated designing the implementation architecture.
• Assisted and trained staff on various compliance mandates such as PCI, SOX and enterprise security architecture fundamentals.
(Public Company; 10,001 or more employees; MAR; Hospitality industry)
March 2007 — December 2007 (10 months)
A key senior member of Marriott's Information Security team responsible for providing leadership across the systems development life cycle of Marriott IR systems. Develop architectures and solution blue prints for emerging security technologies and standards.
* Developer of security strategies and road maps.
* Author security best practices documents, templates and white papers
* Provide architectural patterns and technology standards guidance.
* Provide guidance for security requirements and security related use/abuse cases.
* Provide guidance on security risk assessments.
* Facilitate preliminary and final review assessment providing recommendations.
* Lead security requirements, analysis and design for new technologies to meet Marriott enterprise business needs.
* Consult with project teams to create security architectures for major Marriott initiatives.
* Develop framework for incorporating security processes to Marriott’s SDLC initiatives.
(Public Company; 10,001 or more employees; ABN; Banking industry)
February 2007 — March 2007 (2 months)
PROJECT ASSIGNMENT:
Served as a key member of the Technology Risk Management of North America (TRM) team responsible for implementing, improving, and enforcing bank information security policy, infrastructure security architecture and availability programs that secure ABN AMRO information assets.
(Government Agency; 10,001 or more employees; Information Technology and Services industry)
November 2006 — January 2007 (3 months)
PROJECT ASSIGNMENT:
Served as a member of the Certification and Accreditation Security Tiger Team. This team was assembled to provide subject matter expertise to ensure the Commerce Department Census Bureau's information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) security standards.
(Public Company; 10,001 or more employees; GE; Biotechnology industry)
November 2005 — November 2006 (1 year 1 month)
PROJECT ASSIGNMENT:
Served as a key member of the Single Sign On (SSO) and Identity Management teams. Responsibilities included designing standards and process for access management across multiple operating systems. Project Architect working with the IT Compliance, Provisioning, and Operations teams to implement access processes which meet business requirements.
(Public Company; 10,001 or more employees; PUSH.OB; Supermarkets industry)
October 2005 — November 2005 (2 months)
PROJECT ASSIGNMENT:
Served as a subject matter expert providing solution upgrade direction for Computer Associates Siteminder.
(Information Technology and Services industry)
November 2004 — October 2005 (1 year )
PROJECT ASSIGNMENT:
Served as a member of the Certification and Accreditation Project to ensure VA hospital information systems are in compliance with various Federally mandated laws such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPPA), Government Information Security Reform Act (GISRA) and executive branch directives.
(Government Agency; 10,001 or more employees; Information Technology and Services industry)
May 2004 — November 2004 (7 months)
PROJECT ASSIGNMENT:
Served as a member of the Infrastructure Engineering Project, a major business systems modernization initiative of the IRS. Contributed to the design and deployment of the infrastructure, which is a combination of custom software modules and commercial-off-the-shelf (COTS) software, hardware and security solutions, integrated to form the technical foundation for the IRS modernization.
(Privately Held; 10,001 or more employees; Insurance industry)
May 2002 — May 2004 (2 years 1 month)
PROJECT ASSIGNMENT:
Provided solution development consulting for Computer Associates Siteminder implementations and 3rd level support for State Farm employees, Agents, Claim Representatives, Mortgage Lenders and automotive body shops.
(Public Company; 10,001 or more employees; KEY; Banking industry)
February 2002 — May 2002 (4 months)
PROJECT ASSIGNMENT:
* Evaluated online Internet banking applications, code reviews and architectures to ensure transactional security.
* Conducted ethical hacking to assess potential risks and vulnerabilities to online banking applications.
* Researched and evaluated various Web Security Application Assessment Tools for assessment automation.
(Public Company; 10,001 or more employees; AYE; Utilities industry)
February 2001 — February 2002 (1 year 1 month)
PROJECT ASSIGNMENT:
* Evaluated and re-architect the Internet infrastructure from both the hardware and software perspectives to provide 24 x 7 operations.
* Designed a highly available e-infrastructure the will withstand hardware, circuit, network and software outages.
* Documented the current environment, including software, hardware, support maintenance processes, ownership, business and technical interdependencies.
* Designed a tiered Internet infrastructure with information security as a primary focus. The design included network infrastructure components, protocols, ISP/ASP services, load balancing, failover, disaster recovery, monitoring, firewall topology, configuration and policies.
(Public Company; 10,001 or more employees; AIG; Insurance industry)
May 2000 — February 2001 (10 months)
PROJECT ASSIGNMENT:
* Designed network infrastructure and security architecture supporting over 20,000 insurance agency users.
* Developed and implemented iPlanet LDAP and Netegrity Siteminder single sign on solution on a NT/Windows 2000 platform.
* Evaluated corporate Internet/Intranet security policies and recommended modifications and additions to support the new implementation.
(Public Company; 10,001 or more employees; MOT; Electrical/Electronic Manufacturing industry)
August 1998 — May 2000 (1 year 10 months)
PROJECT ASSIGNMENT:
* Designed and developed divisional Intranet system for the sales, marketing, human resource, information systems, accounting/finance and executive departments.
* Administered development and production IIS Web, Site Server, Exchange 5.5 messaging/collaboration servers.
* Implemented and administered a secured VPN solution connecting various manufacturing facilities supporting over 6,000 users.
(Public Company; 10,001 or more employees; IBM; Computer Networking industry)
January 1997 — August 1998 (1 year 8 months)
PROJECT ASSIGNMENT:
* Developed document-handling architectures for Intranet sub-nets with direct DB2 database integration using Netscape and Interleaf based technologies.
* Designed and implemented a custom Intranet system to support over 25,000 users using Netscape Enterprise, Messaging, Proxy, Collabra, Compass and Directory server technologies.
* Developed PKI certificate based architecture for client access via Internet.
(Public Company; 10,001 or more employees; GWW; Wholesale industry)
January 1996 — December 1996 (1 year )
PROJECT ASSIGNMENT:
* System transfer planing for Sales and Product Management Internet Web environment to internal Extranet.
* Installation and configuration of development and production servers using Microsoft IIS.
* Performed technical system security audits of web infrastructure and provided detailed security recommendations.
* Provided web architecture analysis and proposals for Human Resources.
* Developed developed company-wide architectures for legacy integration with SAP, Tesseract and Mobius.
* Implemented SAP Security across all standard modules.
* Configuration and use of Profile Generator, role base security using single and composite roles, user administration, naming convention, testing support, change control management, security design, audit support and documentation.
(Retail industry)
January 1992 — January 1996 (4 years 1 month)
Responsible for complete audit engagements evaluating the security controls of corporate computer system environments. Served as a subject matter expert for various e-Commerce implementation projects.
Information security, new technology, entrepreneur, independent consultant, racquetball, cycling, golf and reading biographies. Bilingual: Greek
Information Security Audit and Control Association (ISACA)
Computer Technology Industry Association (CompTIA)
Technology Leaders Association (TLA)
International Who's Who of Professionals - 1997