CONTACT INFORMATION James O. (Jim) Truitt 1-770-650-5705 (home) 2115 Old Forge Way http://jotruitt.tripod.com/ Marietta, GA 30068 E-mail: jtruittat_private INTRODUCTION Over twenty years experience in all aspects of the software/system life cycle. Progressing from Software Developer, to System Integrator, to Task Leader, to Systems Engineer, to Information Systems Security Professional. I have been actively involved with network, computer and information security as an Information Systems Security Professional since 1989. CERTIFICATION Certified Information Systems Security Professional (CISSP) EDUCATION University of Florida Math Masters/Bachelors CLEARANCE DoD Top Secret clearance, with SBI. (last active June 1998) SKILLSETS security, network security, computer security, information security, security policy, security program, security architecture, intrusion detection, penetration testing, security plan, security awareness, risk management, risk review, risk assessment, assurance, security engineer, security analyst, security consultant, security administration, security testing, security management, biometrics, forensics, disaster recovery, business continuity, security audit, privacy, encryption, PKI, information warfare, information protection, information assurance, web security, ecommerce security, security consulting, security training, security mentoring LAST POSITION Worldspan Position: Information Security Engineer My responsibilities as Information Security Engineer included: Providing leadership and direction for the Worldspan Information Security Program. Facilitating and providing guidance to the Worldspan Security Council (VPs and Directors) and the Worldspan Security Working Group (Managers and Administrators). Establishing policies, standards, guidelines, procedures, and controls ensuring the security and integrity of all Worldspan computing environments, networks, systems, and information assets. Defining and developing methodologies, processes and procedures for penetration testing, vulnerability scanning, log monitoring and incident management. Working with the Development, Roll-Out and Quality groups to incorporate security into their respective processes. Providing support to Internal Audit in developing and conducting security audits and reviews. Acting as liaison with the Legal Department on matters of electronic privacy, acceptable use, terms of service and 3rd party agreements. Assisting the Regulatory Group with the annual European Union Audit and Worldspan privacy initiatives. Providing security consulting and expertise to all Worldspan projects. Promoting security awareness across the enterprise with security web pages, security presentations and security reading rooms. Performing risk reviews, risk assessments and product reviews for Worldspan functional groups, such as Human Resources, Finance and Product Development. Supporting Technical Operations and Internal Systems with the planning and design of security solutions for all Intranet and Internet connectivity. Assisting the Marketing Group in responding to security questions and issues that come up as part of the proposal process. PRIOR PROFESSIONAL EXPERIENCE Booz-Allen & Hamilton Position: Senior Associate Network Security and Information Assurance (IA) task area leader supporting the IA Branch of N5 of the National Communications System (NCS). This Includes supporting the Network Group (NG) and Information Infrastructure Group (IIG) of the President's National Security Telecommunications Advisory Committee (NSTAC). Additionally I was involved in the Firm's Information Security (IS), Information Warfare (IW), Infrastructure Protection (IP) and IA activities. SSDS, Inc. Position: Security Engineer GlaxoWellcome Firewall migration. Supporting the customer's project to consolidate two existing firewalls (TIS Gauntlet and DEC SEAL) into a single new firewall (TIS Gauntlet). Involved in business development activities. Assisted in the development of security services offerings. General Research Corporation International Position: Information Systems Security Engineer Defense Investigative Service (DIS) Integration program Information Systems Security Engineer for the integration effort. Responsible for the integration of security controls in the overall DIS integration effort. Responsibilities include; review of the DIS Computer System Security Plan (CSSP), review and refine security requirements, provide support to the test organization for developing security test plans and procedures, define and create a Security Integration and Test Environment (SITE), interface with customers to resolve security issues and develop solutions for the program, work with vendors to assess how their products may be applied as part of the DIS security solution, assist in the development of a Continuity of Operations Plan (COOP) for DIS. Harris Information Systems Division Position: Staff Engineer National Crime Information Center (NCIC) 2000 program Security Engineer. Total responsibility for security in the developed system. A major component of the security effort was the development and integration of an intrusion detection capability. ISDN Security Program. Exposure to ISDN protocol, ISDN services, ISDN security, ISDN Key management services, Secure Data Network System (SDNS) security protocol. (study) DNS team. The DNS team designed the replacement network for NASA's back-end DNS, migrating from dedicated point-to-point communication lines to a true networked environment using the TCP/IP protocol suite. Tasks dealt with computer/network security issues/concerns associated with this migration. This culminated in a 75 page Security White Paper and four ESRs to implement the papers recommendations.
This archive was generated by hypermail 2b30 : Sun Apr 07 2002 - 12:42:21 PDT