
<br>
<br>


<p><center>hosted computing </center><p>


<br>
<br>


<center><script type="text/javascript"><!--
google_ad_client = "pub-0919853936512787";
/* mytvonpc test tag 12/21 */
google_ad_slot = "1162879332";
google_ad_width = 300;
google_ad_height = 250;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></center>

<br>
<br>

<br>
<br>


<center><script type="text/javascript"><!--
google_ad_client = "pub-0919853936512787";
/* test 728x90, created 12/21/09 */
google_ad_slot = "8628513624";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></center>


Privacy architect and security analyst of a large Business 2 Business (B2B), Business 2 Consumer (B2C) and Multi-Level Marketing (MLM) direct selling association (DSA) International E-commerce organization.
Maintain and Audit PCI DSS (Payment Card Industry Data Security Standard) compliance & objectives, EU (European Directive), SOX (Sarbanes Oxley), GLBA (Gramm-Leach-Bliley-Act) and ISO 17799-2005 framework.
Conduct web application, network, system, database and wireless risk assessments. Perform penetration testing and vulnerability disclosure using both commercial and open source evaluation tools; HP Webinspect 7.7, Core Impact 7.5, Backtrack 3, Lab Rat Webgoat, AirSnort, Wikto, Nessus, Nikto, absinth, nmap, WebScarab, twill, Metasploit and OWASP methodologies.
•	Use Enumeration, Truncation, Path & Directory traversal techniques.
•	Enhance company cyber security posture and mitigate risks in Oracle10g / 11i, Windows, AIX, Linux, SQL, ESB, ERP and Cisco based environment's
•	Code review of ASP, .NET, PHP, AJAX, Flash,  JAVA, Python and Perl programming languages. Prevention and disclosure of cross site scripting (XSS), reflective XSS, SQL injection, blind SQL injection, cookie and header injection, social security number (SSN) and credit card (CC) # disclosure.
•	Perform hard drive, blackberry, compact flash and PCMCIA image acquisitions. Administer Encase ediscovery and Helix computer forensics applications with hardware and software read/write blockers, following chain of custody with data evidence files conducting digital investigations.
•	Information gathering, planning, vulnerability analysis, target penetration, attack/privilege escalation, packet capturing, reporting, and cleanup. 
•	Manage & correlate security information event management (SIEM) systems
•	Monitor Cisco MARS, Cisco ASA firewalls, install, configure and support Cisco Security Agents (CSA). Log Rhythm administrator of net flow and syslog
•	Log collection of ecommerce Web servers, Oracle, SQL & AIX databases.
•	Facilitate sanitation, input validation and query parameterization of code,
enforce secure coding guidelines within PCI industry accepted standards.
•	Communicate effectively with non-technical business owners and assist them in understanding risk and security options to enable objectives.
•	Prepare executive briefings and summaries based on security findings. 
•	Management of all Arbonne SSL certificates, Domain Names and DNS.


?	Subject matter expert (SME) of security safeguards including Firewall, VPN, IDS, IPS, Anti-Virus (AV), Content and Web Filter, Secure Messaging, Secure Transfer, SSL, DNS, SNORT, web application security assessment and testing, security event monitoring (SEM) and incident response, request operations. 
?	Enterprise systems administrator of Checkpoint, Radware, Cisco, Trend Micro, SurfControl, Websense, Tumbleweed and Microsoft latest security tools.
?	Design, Implementation and Management of security controls for a large multi-site healthcare provider: St. Joseph Health System (SJHS) consisting of complex Windows, CITIRIX, Novell, UNIX and LINUX clustered environments.
?	Development and maintenance of information assurance, security awareness, training, architecture, policy review and enforcement of Protected Health Information (PHI) and Health Insurance Portability & Accounting Act (HIPAA).
?	 Discovering and protected against internal and external risks, outlying insecure code in .NET, JAVA, PHP, FLASH and SQL applications.
?	Perform exploit analysis, penetration testing and thwarting of latest attack vector and malware including Virus, DoS (Denial-of-Service), XSS (cross-site-scripting), XSRF (cross-site-request-forgery), broken authentication and session management, buffer overflow, insecure storage & SQL Injection flaws.
?	SSL, DNS and Domain administrator; encryption, name server & name mgmt.
?	Point of contact (POC) for Firewall change, remote access, patch management, Virus / SPAM outbreak, risk mitigation and security Intelligence
?	Cisco TAC/ACS+, Network Admission Control (NAC), VMWARE, SQL, Systems Management Server (SMS), Active Directory and LDAP administrator securing Microsoft Group Policy Objects (GPO) and Microsoft Directory Services (DS).

?	Responsible for installation, integration and commission of Raytheon Air Traffic Management (ATM) program systems in accordance with Government and vendor specifications at Federal Aviation Administration (FAA) and Department of Defense (DoD) sites. Customer Premise Equipment (CPE) analysis and maintenance of audio broadcast Air traffic Control (ATC) systems
?	Coordinated FAA telecommunications infrastructure (FTI) in Air Traffic Control Towers (ATCT), Air Flight Service Stations (AFSS) and remote FAA & DoD radar locations. Circuit turn-up and extension, Cisco 1760, 3640, 3662 router and 2950, 4006, 8250 switch configuration, Eastern Research Digital Network Exchange (DNX), HARRIS INTRAPLEX Digital Audio Broadcasting (DAB) and CYCLADES Access Control Server (ACS) implementation and encryption mgmt
?	Used frequency and data signal generators, oscilloscope, and spectrum analyzer tools. Interpreted architect blueprints, design, rack elevation, wiring diagram, power, cabling, rack and stack, ground and raised floor installations.
?	Mission critical support of Defense information assurance security certification and accreditation (DIACAP). Active secret security clearance (SSBI) (TS/SCI)

?	Managed the day-to-day network operations of the Santa Clara Convention Center (SCCC) and clients for tradeshows, conferences, & corporate meetings. 
?	Provisioned T1, T3, VLAN, DHCP, ISDN and Wireless services. Temporary VPN/LAN/WAN and WLAN construction. Custom Integration of VoIP, SIP, IPCC and other technologies required for event topologies. Administered networks consisting of 200 to 2000+ users. Managed WEP, WPA and LEAP encryption.
?	Provided 24x7 technical assistance. Troubleshoot of LAN, WAN, WI-FI TCP/IP connectivity on all OS and browser platforms: Windows, MAC, IE and SAFARI.
?	Cisco Administrator of 1720 and 2620 routers, Cisco 2924 and 3524 switches, Cisco 1200 802.11A/G Access Points, Cisco AIRONET, Cisco IP Telephony, Call Manager and Cisco AVVID. Management of Nomadix Subscriber Gateways, Air Magnet Sensors, Orion Solar Winds and sniffer performance monitoring tools.
?	Site survey and installation of Wireless Infrastructure in the Santa Clara Convention Center (SCCC). Scripted and mounted 80 Access Points for permanent installation in a 200,000 square Ft. exhibition and meeting facility
?	Administered AVAYA 8000 voice switch, set parameters and extracted logging
?	Interfaced with clientele of all industries assessing networking needs and providing information services. Analyzed schematics of events and delivered custom network topologies to specific locations. Assisted in technical sales selling advanced technology solutions in the convention and stadium industry.
?	Architect and manager of diverse voice and data custom production networks 
?	Accountable for SOX, PCI / CISP, GLBA, FDA and ISO regulatory compliances.
?	White House Communications Agency (WHCA) Award for critical event telecom support to the President of the United States and Secret Service staff.
	

?	Provided technical support to field technicians from the Network Operations Center (NOC). Responsible for troubleshooting of telecommunication and transport systems for fault isolation and resolution of connectivity issues.
?	Provided online assistance and coordination, facilitated efforts with MSOs and technical support groups. Managed network incident tickets via Remedy.
?	Monitored network infrastructure & alarms for integrity of T1 and DS3 circuits.

 
?	Technical sales and marketing of SBC services as an exhibitor at tradeshows, Industry and public events. Constructed SBC campaign tents, built in-booth WLANs and administered custom networks, routers, firewall and WI-FI service
?	Responsible for scouting locations, advertising and selling new services in a geographical territory. Supported account executives with digital subscriber line (DSL) customer training conducting hands-on & whiteboard presentations
?	Created and presented demos interfacing with clients and business partners Extensive experience in inside and outside sales and marketing selling advanced voice and data communications and applicable value added services


?	Responsible for aggregation testing on Cisco 6400 & 10000 series routers and Cisco 3000 series VPN concentrators. Created best practices documentation and developed test procedures using proprietary intelligence analysis software
?	Involved in staging and manufacturing of chasis, line cards, AC/DC power supplies, OC12, OC48 and OC192 service capable hardware. Reviewed router/switch/VPN device assembly and verified accuracy of customer invoices


SSH, SSL/TLS, HTTPS, IPSEC, COMSEC, DIACAP, TS/SCI, CI, IC, ESP, AH, IKE, GRE, PKI, S/MIME, SOCKS, WPA, LEAP, PEAP, WEP, VTP, L2TP, PGP, PPTP, BGP, OSPF, EGP, EIGRP, SNMP, ICMP, WINS, DNS, FTP, SMTP, HTTP, TELNET, TCP, UDP, VoIP, WLAN, SWAN, HTML, XML, PHP, FLASH, PERL, C#, C++, .NET Framework, ASP.NET, JavaScript, JAVA, AppleScript, Visual Basic, Intrusion detection systems and sensors (IDS), Intrusion prevention systems (IPS), Host and Network based IDS (HIDS, NIDS), Cisco IDS, active and passive matrix Firewalls, Checkpoint firewall NGX secure platform, Cisco PIX and Cisco ASA firewall,  virtual private networks (VPN), Cisco VPN, SSL VPNs, Point to point VPN, End user VPN, remote access (RAS), Single Sign On (SSO), Cisco Terminal Access Controller Access Control System TAC/ACS+, Cisco Network Admission Control (NAC) and Monitoring, Analysis, and Response System (MARS), Radware DefensePro, DNS Web Server Director (WSD), Tumbleweed Mailgate Email Firewall, Secure Messaging and File Transfer, SurfControl and Websense content, web filter, Trend Micro Officescan AntiVirus server, McAfee Enterprise Orchestrate (EPO), Microsoft Operations Manager (MOM), System Management Server (SMS), Windows Server Update Services (WSUS), Active Directory (AD), Exchange, Microsoft Office, Microsoft Access, Microsoft Project, Microsoft sharepoint, Global Catalog, Group Policy Objects, Microsoft Directory Service (DS), Microsoft SQL 2000/2005, MySQL, SQL backup, SQL clustering, Cisco IOS, router, switch, load balancer, Cisco wireless LAN controller (WLC), Cisco AIRONET, Cisco Clean Access, Information Assurance Awareness Program (IAAP), OWASP, METASPLOIT and SCRUM methodologies, HIPAA, GLBA, PCI DSS, SOX, EU Directive, OPSEC, COMPUSEC and TEMPEST regulations, MILSATCOM, NETWARCOM, Disaster Recovery, physical security, Windows XP/Vista/2000/2003/NT, MAC OS X, Netware, eDirectory, GroupWise, Novell, UNIX, LINUX, BSD, SUSE, REDHAT, DEBIAN, Solaris, CITIRIX Metaframe and Presentation server, Internet Information Services (IIS) 6.5, IIS 7.0, ISA, Apache, WebLogic, SYN, FIN, RFC, virus, worm, Spyware, Malware, Rootkit, keylogger, keystroke, phishing, trojan, spoofing, adware, grayware, Backdoor, scan and stealth attack, buffer overflow, Denial of service (DoS), Distributed Denial of service (DDoS), Broken Access Control, Improper Error Handling, Cross-site scripting (XSS): Document Object Model (DOM), Persistent and Non Persistent types, Reflective and stored XSS, Cross site request forgery (XSRF or CSRF), URL Parameter Manipulation, SQL Injection, Blind SQL Injection, Insecure configuration management, input validation, unvalidated input, code review and sanitation, Cookie Injection, Header Injection, vulnerability scan, penetration testing, ethical hacking, custom exploit development, malicious code collection and correlation, web forensics, BioInformatics, cryptography, encryption, web application security and development, login script, Brute Force, tcpdump, Nessus, Nikto, ISS Internet Scanner, netcat, nbtscan, core impact, backtrack, L0pht Crack, John the Ripper, AppScan, curl, ethereal, wireshark, nmap, lab rat, eeye retina, ophcrack, gfi languard, xprobe2, firewalk, openssl, fport, SPI Dynamics, HP webinspect 7.7, devinspect, Log Rhythm, CAPTCHA, CAPTHCA Bypass, war dialing, war driving, zero day exploit, social engineering, hacker tracking, counter intelligence and exploitation, root cause analysis, browser helper object (BHO), black hat search engine optimization (SEO), IDS signatures, virus pattern, SPAM engine, MIME, global threat database, Symantec, McAfee, Trend Micro Virus definitions, intrusion analysis, vulnerability assessment, network access control server (ACS), Windows Update, Patch Management, WebFilters and Content filtering, vulnerability assessment, Cyber security, Cyber posture, global policy, 
	ISO framework, social security number and credit card number disclosure, simultaneous and sequential crawl and auditing, Encase, ediscovery, guidance software, computer forensics, netforensics, OS fingerprinting, image acquisitions, fastbloc2 read/write blocker, master boot record, trustwave trustkeeper, directory path and domain traversal, risk assessment and payload risk mitigation.