Looking for an Information Systems Security Professional position. *************************** cover ************************************ In my last position as an Information Security Engineer, I provided leadership and direction for the company's Information Security Program, facilitated and provided guidance to the company's Security Council and company's Security Working Group, established policies, procedures, and controls over the security and integrity of all of the company's computing environments, networks, systems, and company information. I worked with Product Development, Roll-Out and Quality groups to incorporate security into their processes. I provided support to Internal Audit in developing and conducting security audits and reviews. I provided security consulting and expertise to all of the company's projects. Additionally, I planned, designed and supported security solutions for all Intranet and Internet connectivity. *************************** Resume **************************** CONTACT INFORMATION James O. (Jim) Truitt 1-770-650-5705 (home) 2115 Old Forge Way http://jotruitt.tripod.com/ Marietta, GA 30068 E-mail: jtruittat_private INTRODUCTION Over twenty years experience in all aspects of the software/system life cycle. Development experience includes design, code, test and integration of software products. Management experience includes the business acquisition process, the proposal process and the role of project leader. Additional experience includes field installation, field support and training (in-house and in the field). Progressed from Software Developer, to System Integrator, to Task Leader, to Systems Engineer and I have been actively involved with network and computer security as an Information Systems Security Professional since 1989. VISION As an Information Systems Security Professional I work to develop an overall coordinated security program. A complete security program includes: technical controls (hardware, software, people and process), physical controls, procedural controls, awareness training, incident response capability, policy definition, etc. All the security measures and controls in the system must be consistent and complimentary, they must not conflict. Security is not an absolute nor a one time endeavor. Security requires a sustained effort to stay ahead of ever advancing technology. A major part of an Information Systems Security Professional's job is to raise the company's awareness of the security needs of the organization. An Information Systems Security Professional works with the company to assess where they are today, to define where they want to be in the future and help develop a strategy to get there. CERTIFICATION Certified Information Systems Security Professional (CISSP) EDUCATION University of Florida Math Masters/Bachelors CLEARANCE I have held a DoD Top Secret clearance, with SBI. (last active June '98) SKILLSETS security, network security, computer security, information security, security policy, security program, security architecture, intrusion detection, penetration testing, security plan, security awareness, risk management, risk review, risk assessment, assurance, security engineer, security analyst, security consultant, security administration, security testing, security management, biometrics, forensics, disaster recovery, business continuity, security audit, privacy, encryption, PKI, information warfare, information protection, information assurance, web security, ecommerce security, security consulting, security training, security mentoring EXPERIENCE Worldspan (7/98 - 11/01) Position: Information Security Engineer Information Security Engineer, providing leadership and direction for the Worldspan Information Security Program, facilitating and providing guidance to the Worldspan Security Council and Security Working Group, establishing policies, procedures, and controls over the security and integrity of all Worldspan computing environments, networks, systems, and company information. Work with Development, Roll-Out and Quality groups to incorporate security into their processes. Provide support to Internal Audit in developing and conducting security audits and reviews. Act as liason with the Legal and Regulatory group on matters of electronic privacy. Provide security consulting and expertise to all Worldspan projects. Promote security awareness across the enterprise. Additionally, plan, design and support security solutions for all Intranet and Internet connectivity. Booz-Allen & Hamilton (1/97 - 6/98) Position: Senior Associate Network Security and Information Assurance (IA) task area leader supporting the IA Branch of N5 of the National Communications System (NCS). This Includes supporting the Network Group (NG) and Information Infrastructure Group (IIG) of the President's National Security Telecommunications Advisory Committee (NSTAC). Additionally I am involved in the Firm's Information Security (IS), Information Warfare (IW), Infrastructure Protection (IP) and IA activities. SSDS, Inc. (11/95 - 5/96) Position: Security Engineer Glaxo Wellcome Firewall migration. Supporting the customer's project to consolidate two existing firewalls (TIS Gauntlet and DEC SEAL) into a single new firewall (TIS Gauntlet). Involved in business development activities. Assisted in the development of security services offerings. General Research Corporation International (6/95 - 11/95) Position: Information Systems Security Engineer Defense Investigative Service (DIS) Integration program Information Systems Security Engineer for the integration effort. Responsible for the integration of security controls in the overall DIS integration effort. Responsibilities include; review of the DIS Computer System Security Plan (CSSP), review and refine security requirements, provide support to the test organization for developing security test plans and procedures, define and create a Security Integration and Test Environment (SITE), interface with customers to resolve security issues and develop solutions for the program, work with vendors to assess how their products may be applied as part of the DIS security solution, assist in the development of a Continuity of Operations Plan (COOP) for DIS. Harris Information Systems Division (10/89 - 12/94) Position: Staff Engineer National Crime Information Center (NCIC) 2000 program Security Engineer. Total responsibility for security in the developed system. A major component of the security effort was the development and integration of an intrusion detection capability. * Security requirements analysis and allocation * Security presentations at program reviews: System Requirements Review (SRR), System Design Review (SDR), Preliminary Design Review (PDR), Critical Design Review (CDR), In Process Reviews (IPRs), Technical Interchange meetings (TIMs) * Create security documentation: System Security Plan (SSP), Security Architecture, Security CONOPS, Security Policy, Trusted Facility Manual (TFM) * Designed Intrusion Detection subsystem: Hardware/software components, generate design documentation; Prime Item Specification (B1), Software Requirements Specification (SRS), Interface Control Document (ICD) ISDN Security Program. Exposure to ISDN protocol, ISDN services, ISDN security, ISDN Key management services, Secure Data Network System (SDNS) security protocol. (study) DNS team. The DNS team designed the replacement network for NASA's back-end DNS, migrating from dedicated point-to-point communication lines to a true networked environment using the TCP/IP protocol suite. Tasks dealt with computer/network security issues/concerns associated with this migration. This culminated in a 75 page Security White Paper and four ESRs to implement the papers recommendations. * Performed Risk Analysis: identified assets and threats, evaluated vulnerabilities, determined probabilities and assessed impact due to breach of security * Developed recommendations for risk mitigation * Proposed controls included: firewalls, gateways, packet filtering, hand-held authenticators, restricted shells, use of proxies, Kerberos * Network architecture: FDDI backbone bridged to FDDI global buses, in turn routed to Ethernet LANs * Worked with routers, bridges, comm servers * Worked with TCP/IP, SNA, GOSIP/OSI * Worked with Ethernet, Token Ring * Generated estimates for cost and schedule to implement security ESRs selected from DNS Security White Paper * Researched and evaluated the feasibility of implementing hand-held authenticators for access control Range Operations Checkout and Control (ROCC) program. Provided coding support in the areas of data acquisition and display processing. Development was done per DoD-STD-2167A. * Design, code, test, integrate, document custom software * Designed, coded, implemented test drivers and automated test files * PDL, Peer reviews, code walkthroughs * 17 CSUs, 125 modules, 40,000 LOC (these are approximate values) * Involved re-engineering a large amount of legacy code Cost History Database (CHDB). Designed and implemented an Oracle database to house project measures and metrics related to project estimated and actual cost and schedule. Designed and implemented Sequel screens to access, format and display the data. Designed and implemented standard reports.
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 08:36:38 PST