LinkedIn Profile

LinkedIn Profile %name
Information Security Consultant, CISSP, CRISC, ITILv3.
Greater New York City Area | Computer and Network Security
Summary

I am an independent consultant (Monkey Hill, LLC) with over 14 of security experience. I formed Monkey Hill in 2013 and bring more than 20 years of focused information technology, web application development, and information security experience.

I help develop the information security strategy, architecture and controls needed to mitigate risk to systems and data. Focus areas include governance, risk and compliance, user education and maturing the cybersecurity landscape through the innovative use of technology, processes, and people across the organization.

I use an information technology service management approach that embraces risk awareness and security architectures designed to achieve strategic business goals.

I have a Master of Science in Electrical Engineering from the University of Michigan and bachelor’s degrees from Drew University and the Georgia Institute of Technology. I hold the professional designations of Certified Information Systems Security Professional (CISSP) and the Certified in Risk and Information Systems Controls (CRISC).

I am currently studying for the Cloud Certified Security Professional (CCSP) exam.

I have knowledge of and experience with PCI DSS, CIS Controls, CIS Security Benchmarks, and NIST CSF. I have technical competence in various computing environments (UNIX, Linux, OS X, Windows), web programming languages (Perl, PHP, JavaScript) and various open source technologies.

I am also an avid nature and landscape photographer.

Experience
Information Security Architect (2013 - Present)
New Jersey Courts
Government Agency, 5001-10000, Judiciary

As a consultant reporting to the Chief of the Information Security Unit, I partnered and collaborated with Information Security staff, the IT Enterprise Architect , and ITO staff to achieve organizational security requirement and ensure that the design/implementation of solutions met the Judiciary security policies, standards, and applicable compliance mandates including NIST Cyber Security Framework (CSF), Center for Internet Security (CIS) Critical Security Controls and Payment Card Data Security Standard (PCI DSS).

* communicated at multiple levels from highly technical to business
* assessed systems for compliance with PCI DSS requirements
* advised and assisted Chief of Information Security on governance, risk and compliance strategy
* developed information security policy, guidelines, standards and procedures as needed
* Developed and executed project plans for PCI DSS problem issue remediation
* performed continuous compliance assessment of cardholder data environment
* established incident response program and patch management program
* developed procedures for the security posture of information systems throughout the systems' life cycle
* provided the gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST Cyber Security Framework, Center for Internet Security (CIS) Critical Security Controls and Consensus Benchmarks, and PCI DSS
* conducted technical reviews of new and existing IT systems to identify appropriate risk mitigation strategies required to bring these systems into compliance with policy and standards
* participated in the investigation of information security violations and breaches and recommended remedial actions as necessary; provided analysis summary to executive management

Independent Consultant (2013 - Present)
Monkey Hill, LLC
Self Employed, myself only, Computer & Network Security

I registered an LLC for my consulting business.