FISMA, CISSP, DIACAP, SIEM

Certified Information Systems Security   Pro. (CISSP)

Certified   Secure Software Lifecycle Professional (CSSLP)

  • Enterprising strategic leader with outstanding technical skills in software, cloud, data, optical, radio, satellite, and wireless networks consisting of architecture, development, design, engineering, prototyping, implementation, project management, security, and systems.
  • Successfully lead highly technical, mission critical, enterprise level large scaled projects that exceeded business, technical, and security requirements.
  • Successfully skilled at analysis, development, and detailed design work consisting of use cases (misuse), sequence scenarios, sequence diagrams, subroutine examples, prototyping, prototyping development, behavioral analysis, detailed design requirements documentation (e.g. Conops, et cetera), Service Oriented Architecture (SOA), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), implementation strategies, design constraints, verification of strategies, correlating requirements (Risk/Business matrixes) while maintaining the “big picture.”
  • Proponent of processes and facilitating business cases, risk management & analysis process, security plans, trade-off analysis, secure software development lifecycles (SDLC) processes, information systems security engineering processes (ISSE), development processes (SDR, PDR, CDR), polices/procedures and information classifications to creatively solve complex business objectives and to place businesses in a forward position for current and future requirements.
  • Strong verbal and listening skills with the proven ability to communicate technically complex concepts to a wide audience utilizing both verbal and written presentations.
  • Demonstrated exceptional leadership skills along with substantial communication skills that place a strong emphasis on teamwork.
  • Successfully created Open System Layer Modular Network designs that support Service Oriented Architecture (SOA), n-tier architectures, Net-Centricity, Life Cycle Management, technology insertion and refresh, Commercial off the Shelf (COTS), Government off the Shelf (GOTS), and/or reusable Non-Development Items (NDI).
  • Holistic security approach to every project and is considered a subject matter expert (SME) in various domains.

Security Software Architecture/Engineering

Successfully architected, designed, developed, code development, engineered, prototyping, implemented and lead security architect for security systems solutions for software infrastructures that included, but not limited to, OS (Windows/UNIX platforms), source code/manage code (C/C++, C#, UNIX, LINUX, XML, HTML, PHP, CSC, JAVA, Visual Basic, .NET, Pascal), Databases (Relational, RDF, MySQL), VMware, Applications, Web Applications, Open Source (Open ID, OAuth, OpenSSL, XMPP, OpenVPN), Interfaces (REST, Python, JSON, .NET, FLASH), Storage Area Networks, Access Controls (Active Directory, LDAP, RADIUS), Identity Management (policies, rules, protocols), security analysis of source code, packets (OSI layer 1-7), digital signatures and compared with standard x.509 (certificates), incompatibility analysis and resolutions. Penetration, vulnerability, custom attacks, sniffing, and any other form of testing required (White/Black Box).  Created and provided risk management & analysis, security plans, information classification, questionnaires, trade-off studies, intellectual property analysis, and licensing analysis et cetera.

 

Security Network Architecture/Engineering

Successfully architect, designed, developed, prototyped, engineered, implemented (executed equipment configurations), project managed, and lead architect for security systems solutions for network infrastructures that consisted of cloud, data, wireless, video, SANS, VMware, and voice networks.  Deployed network security devices such as intrusion detection/prevention systems, firewalls, crypto (PKC/PKI, SSL, RSA, IPSec, VPN, and AES), event correlation devices and strategically placed network analyzers to assist in investigations of security threats.  Created and provided risk management & analysis, security plans, information classification, questionnaires, digital signatures “certificate” analysis, trade-off studies, intellectual property analysis, licensing analysis, disaster recover business continuity, configuration management, quality assurance, change control, and business cases documentation to justify new designs that incorporate all security analysis results that directly comply with customers’ current and future requirements.  Penetration, vulnerability, custom attacks, sniffing, and any other form of testing required (White/Black Box).

Industry Standards and Protocols

Successfully, architect, developed, designed, prototypes, engineered, implemented software, cloud, and network security solutions, that includes policies, assessments, lifecycles, implementation, certification and accreditation, risk management, investigation, behavioral analysis, certificate analysis, and any other form of security tasks all tasks that were required to comply with the following standards, guidelines, and protocols and not necessarily limited to the following:

  • IEEE, IETF, NIST, FISMA, DISA, STIGS, ISO/IEC, ICS, FIPS, ISSE, SDLC, PKI, TPM, IETF, DOD, DOJ, SOA, CJCSI, DIACAP/DITSCAP, HIPAA, HITECH, PCI, PII, PFI, SOX, GLBA, XMPP, SSL/TLS, OAuth, Rest, et cetera and not including various types of open source standards, guidelines, and protocols.
  • VoIP, Voice over ATM, QoS, Internet (single/multiple ISPs), LAN/WAN, VPN, TCP/IP, UDP, BGP, EIGRP, MPLS, VLANS, SMP, RADIUS, TAXACS/+OSFP, EAPS, DNS, POP3, SSH, SMTP, HTTP/HTTPS, XMPP, FTP, RTP (Real-time Transport Protocols), H.323, SIP (Session Initiation Protocol) “Skinny” SCCP (Skinny Client Control Protocol), MGCP (Media Gateway Control Protocol) ISDN, SS7, PSTN, 3G, Layer-2  (SPANNING TREE (IEEE 802.1d), RIP, IPSec, encryption protocols, network security (IDS/IPS, Firewalls), correlation devices, and fiber-optics (Metro-Ethernet), Metropolitan Area Networks (MAN).

 

Professional experience includes the following clientele:

Eastman Kodak, Inc. Nationwide   Insurance, Inc. Saint Joseph Health   System
Sun Microsystems,   Inc. Lockheed Martin ~   Kirkland AFB County of Riverside   – RCIT
Guidant   Corporation/Abbott Labs Nortel Networks United States Army ~   Ft. Detrick
Five Star   Telecom/ICN Telecom ~ Seoul Korea MCI Com/MCI World   Com Nextel   Communications
Pacific West Tech ICG Communications   (Earthlink), Inc. Daley Tax   Professionals, Inc.
Cable & Wireless   Communications, Inc. Adelphia Business Riverside Wesley   United Methodist Church
Norvergence Gladius Insurance   Services, LLC

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Namtek or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Namtek shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: