2

Click here to load reader

PeterNicholsResume

Embed Size (px)

Citation preview

Page 1: PeterNicholsResume

Peter Nichols [email protected] Richland Hills, TX - 817.905.7893 http://www.linkedin.com/pub/peter-nichols/11/b5a/b99

ObjectiveAn Information Security Architect seeking an opportunity to:• Provide a reliable IT Infrastructure Services within any corporate culture via gathering and managing IT Infrastructure data, vulnerability data, and

customer requirements to ensure consistent and transparent service delivery to IT customers. • Develop and implement a proportional information management strategy via an “advocacy not adversary” approach.• Present and prepare Business Continuity awareness to information technologists and business segment leaders.

SkillsSoftware: Nexpose, WebInspect, AppSpider, Mimecast, BigFix, AlertLogic SIEM, Real Secure IDS, Checkpoint Firewall, LDRPS, SalesforceLanguages: Python, Visual Basic, .NET, Active Server Pages, SQL, Arduino, PERL, LUAPlatforms: Windows Server/Workstation, Active Directory, Cisco Routers/Switches, OS X, Linux, Raspberry Pi, AndroidFrameworks/Standards: NIST 800-37, ISO 27000, HiTrust, PCI, CoBIT

EducationWentworth Institute of Technology, Boston, MA. Baccalaureate of Science in Computer Hardware Engineering Technology, 09/88. GPA of 3.3. Dean's List Honors. Relevant courses: Data Communica-tions, Local Area Networks, Fiber Optics for Communications, Laser Physics.

Certificates/Post-Graduate Classes SANS GIAC Security Essentials Certified (GSEC, re-certified in 2014), ITIL Foundation Certification, Cisco CCENT, SANS Intrusion Detection, Business Continuity Planning (BCP-901), Cisco Interconnecting Network Devices (ICND), ISS Internet Security Scanner. Certified Associate Business Continuity Planner (ABCP).

ExperienceROBERT HALF. DALLAS, TX (FEB. 2016 - NOV. 2016) Security Architect - Primary duties center around designing, creating and implementing Information Security Systems that provided Vulnerability Man-agement, Email Filtering, Patch Management, and Desktop Imaging for multiple clients. Metrics based processes were implemented to ensure secure operating system configuration via Nexpose. Web applications security via AppSpider was implemented. Prepared and presented maturity assess-ments on clients overall security program.

INTELLIGENT DECISIONS. FORT WORTH, TX (NOV. 2014 - JAN. 2016) Data Center Operations Manager - Responsible for managing specific components of the GSA OCIO Fort Worth Data Center. This facility is used to house computer systems and associated components, such as telecommunications, virtual server groups and storage systems. To fulfill this role, building infrastructure is monitored specific to the data center, such as lighting, power, fire suppression, access control, raised floor and electrical pow-er and coordinates issues with building management. I lead a team that was directly responsible for ensuring that systems were installed in a manner compliant to GSA policies and industry best practices. The team provided standards, procedures, and subject matter expertise to all of business lines requiring housing of IT Systems; while developing metrics and key performance indicators to ensure that service delivery is proportional to the cost.

LONGWAVE INC. FORT WORTH, TX (FEB. 2004 - OCT. 2014) Senior Security Engineer - Primary duties center around designing, creating and implementing strategic System Security Plan, Risk Mitigation Plan, IT Contingency Plans and security processes and procedures for the Office of the Chief Information Officer (OCIO), General Services Administration for Cloud, Server, Network and Client based general support systems. Processes were created leveraging MaaS360 and Veracode to ensure mobile de-vices remained compliant to policy. Metrics based processes were implemented to ensure secure operating system configuration via Foundstone. Web applications security via Webinspect were implemented. Preparing and presented strategic plan to executive management for their Authorization and Accreditation of their information system per NIST SP800-37 specifications.

(JAN. 2010 - OCT. 2014) As Information System Security Officer for the Enterprise Application Services (EAS) and then Enterprise Server Services (ESS) for the GSA OCIO, which is the focal point for ensuring implementation of adequate system security to prevent, detect and recover from security problems for Web, Cloud (Salesforce, WebEx, Smartsheets, Adobe Connect), Architecture and Security Scanning (for EAS) and then File, Print, Backup, Health, and Server Management and Virtual Server Infrastructure systems (for ESS). Coordination of risk mitigation and providing configuration management guidance to ensure secure communications (SSL/TLS), availability, accountability, confidentiality, integrity and security control assurance is an important aspect. (FEB. 2004 - JAN. 2010) While Greater Southwest Regional Information System Security Officer, I was responsible for implementation and manage-ment of information security infrastructure such as firewalls (Cisco PIX), intrusion detection equipment (CA eTrust) and vulnerability scanning (via Foundstone, nMap, Nessus) applications. Implemented Risk Mitigation, Change Management, Inventory Management, Business Continuity, Secu-rity Awareness and Vulnerability Management processes. I also managed the project to transform their “Server Room” to a managed Data Center, and then performed day-to-day Data Center operations to reduce waste, improve the performance of the space and utilize energy efficiency in-creases of newer IT equipment and capabilities.

AMERICREDIT CORP. FORT WORTH, TX (JUNE 2000 - OCT. 2003) Senior Security Engineer - Produced dozens of Risk Assessments for IT projects such as Customer Relations Management, Oracle Accounts Receiv-able and an upgrade to Exchange 2000 from version 5.5. Implemented Security Principles into a Project Management Methodology, which reduced project total cost of ownership. Implemented OFAC SDN monitoring of customer loan process. Designed Business Continuity awareness training and presented a Disaster Recovery Program to IT and business segment managers. Mentoring junior analysts. As a Senior Information Security Analyst – Created Microsoft, AIX and Novell server and Cisco Router and Switch configuration standards, and implemented them on more than 100 different enterprise servers. Securely configured 5 different Firewalls covering corporate web surfing, business-to-business applications and segmentation be-tween design and production systems. Designed and implemented a 4 node Intrusion Detection System using Internet Security System’s Real Secure. Updated corporate Information Security Policy. Created a methodology to scan and remediate security risks across a 4000-node network. Mentoring junior analysts.

mailto:[email protected]?subject=
http://www.linkedin.com/pub/peter-nichols/11/b5a/b99
Page 2: PeterNicholsResume

AchievementsAs ISSO for Enterprise Application Services, I teamed with developers, administrators, and management at all levels to spearhead security documenta-tion of hardware, software, communications, and controls needed for the initial “Authorization to Operate” for Salesforce Cloud platform. This effort required systems integration analysis, the creation of a security model for the organization that could be implemented by GSA’s authentication in-frastructure, was compatible with the Salesforce security model and could be documented to the 800-53 standard for FISMA compliance. Once the ATO was achieved the team continued high-productivity security verification and documentation for individual applications on an ongoing basis via a repeatable and sustainable process to:• Ensure that the business need, privacy and sensitivity, and the development solution is documented,• Analyze the security of the Salesforce application, focusing on user and group membership, feature controls, proportionality to the Salesforce open

security model,• Customized code is scanned for vulnerabilities, and the specific application’s security controls are captured,• Present the security of the end product to the business owner so that they can take on the responsibility comfortably.Several customized procedural documents, presentation materials and metrics were created to support the ongoing effort, and then tried and tested over dozens of customized applets. Finally, guidance was created and transferred to ensuring that the process evolved along with GSA’s needs and the Salesforce platforms growth.

The Office of the Chief Information Officer for GSA had undergone a dramatic shift in strategic direction with the institution of the GITGO contract. The information system security management structure reflected the previous strategy of management of IT resources and IT Leadership predominantly at the regional level. The documentation and security management structure had to be re-engineered to reflect a shift from the regional structure to a national infrastructure. This presented a unique opportunity to upgrade the systems and strategy in parallel. An IT business analysis study was per-formed and systems were regrouped to reflect the organizational changes. I then created with the IT business lines; System Security Plans, Business Process Documents, Contingency Plans and Risk Mitigation Plans for the Enterprise Server Services system, Enterprise Network Services system and the Enterprise Client Architecture system.

The creation of a Disaster Recovery Plan for a business segment requires a fundamental understanding of all of a business segment’s processes. The “Business Impact Analysis” (BIA) that I performed for many business segments in the company is an identical process to the first step an Internal Audi-tor would take in examining a business segment. The BIA that I performed for these departments helped them identify additional “preventative con-trols” they could use to mitigate or eliminate risk in the event of a disaster. A simple example is the accounting department could purchase a spare “for deposit only” stamp for $5 that would allow them to continue to deposit large corporate checks should the primary location be lost. A more complex example came when the Internal Audit department was confused as to what their role should be in a disaster; “Internal Audit is not seen as a critical business function”. Although I agree that may be true during normal business functioning, the Sarbanes-Oxley Act changed that departments criticality dramatically during times when financial numbers must be certified to the SEC; as late reporting can dramatically damage a public companies stock price. Not only does a Disaster Recovery (DR) Plan for Internal Audit reduce this risk, but also provides important experience for auditors when review other businesses DR plans.

InterestsHiking, Raspberry Pi/Arduino GPIO Projects, 3D Printing and Woodworking.

White PapersWhite Papers available at www.itdiscovery.info on ADSI application integration, discovery scanning, remediation, risk management, and other informa-tion security topics.

Page �2

http://www.itdiscovery.info

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Documents
The Dutch Republic In International Trade

The Dutch Republic In International Trade

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Documents
Minne hävisivät soneran rahat

Minne hävisivät soneran rahat

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Documents
1 시스템분석입문

1 시스템분석입문

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
Aesops Fables

Aesops Fables

Documents
Compressing And Decompressing Folders

Compressing And Decompressing Folders

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
расписание электричек Москва-Железка

расписание электричек Москва-Железка

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
United States Constitution

United States Constitution

Documents
The Best American Humorous Short Stories

The Best American Humorous Short Stories

Documents
Acetone Peroxide

Acetone Peroxide

Documents
Tragic Heroes

Tragic Heroes

Documents
European Colinization of Latin America

European Colinization of Latin America

Documents
Chapter-01

Chapter-01

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Fortran

Fortran

Documents
Algorithms

Algorithms

Documents
Heidegger Kritik

Heidegger Kritik

Documents
xCDC14a

xCDC14a

Documents