| Contact Information | |
| Name: | John Taylor |
| Email: | john (at) cybersuperior (dot) com [email concealed] |
| Location: | Superior, Colorado, United States |
| Resume | |
| Position/Title: | Sr. Security Engineer |
| Resume: |
John E. F. Taylor 787 Eldorado Dr., Superior, CO 80027 (303)554-6922 John (at) cybersuperior (dot) com [email concealed] Career Profile CISSP/ SAS-70 Audits / Sarbanes-Oxley / GLBA / IT Security Plans / Security Policies / IT Security Training / Network Security / Risk Analysis / IT Audit / COBIT / NIST/ FIPS Over the past 22 years I have had the opportunity to enjoy a classical technical and analytical career for several large organizations including First Data Corp., Loews Corp., Shearson Lehman, Citibank, the State of Colorado, Lockheed Martin, et al. My duties have included creating and analyzing security plans and policies, performing IT audits and SOX audits, managing development teams and QA teams, creating functional specs from end-user requirements and developing IT systems. For the past 7 years my primary concern has been the data security side of the IT system development and maintenance processes. To improve my knowledge of that area, I have taken several courses and received several certifications pertaining to data security. I am a Certified Information Systems Security Professional (CISSP). Education  BA, Trinity College, Hartford, CT  MBA, St. John’s University, New York, NY  CISSP  GSNA Certification (GIAC Systems & Network Auditor)  Certificate of Completion – SANS Institute, Bethesda, MD o (Auditing Networks, Perimeters and Systems)  Graduate Certificates of Training, Colorado Technical Univ., Greenwood Village, CO o (Information Systems Security Architect)  Certificate of Completion – Batky Howell (Advanced Java Programming) Selected Achievements and Skills • I am a Senior Security Engineer who performs information security risk assessments for Lockheed Martin. I evaluate aerospace systems in several categories, including network security, access control, architecture and design, application development security, et al. I write reports of my findings and include strategies to mitigate the identified risks. • I have designed and written multiple systems, web-based and client-server, that utilized industry-wide best practices to ensure information security. I have also performed analysis of applications to identify existing security vulnerabilities and I have recommend software modifications to mitigate those vulnerabilities . • I have used many of the latest and most reliable audit tools and techniques. I also have used and analyzed the results of tools that perform web application scans, database scans and operating system scans. • I was one of 6 independent IT security consultants selected by the CISO of the State of Colorado to initiate a state legislature mandated effort to upgrade the cyber security of all of the state agencies. I led the process which included performing a risk assessment of each agency, writing a document which described the agency’s current cyber security status and devising a 3-year plan of action and milestones to mitigate the security control gaps that were identified. • I was a member of a small IT Security consulting firm that performed IT audits and designed IT security plans and procedures for various types of organizations. I often had to teach both management and the staff the reasons for many of the policies, but also the consequences of violating those policies. I accomplished this through various methods including the use of presentations (MS PowerPoint), handouts, stickers, quizzes, etc. • I completed a contract to perform risk analysis for an organization that wanted to assess its information security. Although the organization is not subject to Sarbanes-Oxley, they attempted to implement a similar control structure to prevent information security incidents. My experience as an auditor, specifically as a SOX auditor, helped me assess the risks that this organization faces and determine whether their current controls were adequate. • I have extensive experience performing Sarbanes-Oxley audits. I also have audited financial companies for GLBA compliance. • I am skilled in the management of technical personnel and the development of information systems. I have designed and developed many and varied client-server and web-based applications that have performed banking, accounting, brokerage, manufacturing or other functions. • I have exceptionally strong written and verbal communication skills. I am highly personable and capable of working with technical staff, business staff and upper management. These skills have been very useful in my auditing endeavors. I am proficient in solving problems and implementing solutions under tight deadlines. I have extensive technical skills and business and managerial experience Career Overview Lockheed Martin – 2/2008 – Present – Sr. Security Engineer Large international firm that fulfills various types of government contract in aerospace, space systems, etc. I performed information security risk assessments for aerospace systems. My duties included conducting risk assessments on the systems and writing reports for upper management that included an executive overview, detailed descriptions of the architecture and the business objectives of the system, my risk findings and strategies to mitigate those risks. The risk findings were based on: • Interviews with technical and administrative subject matter experts • Hands-on testing and evaluation of security controls • OS scans, web application scans and database scans utilizing 3rd-party software • Company-wide policies and industry standards and best practices Superior Cyber Solutions Corporation - 1/2005 – 2/2008 – IT Security Consultant IT security consulting firm that designs and implements a security infrastructure for its clients. This includes performing audits, designing and implementing security plans and procedures, performing risk assessment and analysis and coordinating regulatory compliance efforts. Some of my contracts included: • Selection by the CISO of Colorado to be 1 of 8 independent auditors to participate in the first phase of a 3-year-long project to bring the IT security of all Colorado state agencies into compliance with the Colorado State cyber Security Plan that is based on NIST 800-53. o Was responsible for advising and guiding 5 specific state agencies to help them determine the control gaps in their cyber security policies and procedures compared to the NIST standard. • Performing IT risk assessment for The American Association of Railroads and 2 of their subsidiaries: Transportation Technology Center, Inc. and Railinc. o Created workpapers to categorize and assess the various types of risks and their associated controls. • Auditing SOX controls for eCollege in Denver, CO. • Auditing IT controls of small to medium-sized mortgage companies, title companies and banks for GLBA compliance. First Data Corporation - 1997 – 2004 – Sr. Software Developer/Application Security Administrator. Large financial services corporation for whom I developed client-server applications and web-based applications and provided security for some of those applications. • Performed functions of a security administrator for multiple production financial database applications. o Maintained user level security and component level (tables, queries, macros, etc.) security. • Acted as Development liaison with network administrators and IT security administrators to obtain VPN access for remote users, to resolve firewall issues pertaining to 3rd-party applications and to convert multiple MS Access applications to SQL Server applications. • Coordinated with software vendors to ensure that their products that were installed on our production servers were configured with adequate data security measures. Loews Corporation -1988 – 1997 - Sr. Programmer Analyst, Sr. QA Analyst A large privately-held corporation for whom I designed and developed financial, accounting and manufacturing systems. • Developed financial and manufacturing applications. • Performed duties of a QA Analyst, including: o Chairing committee that developed a SDLC methodology that significantly reduced the number of post-implementation “bugs” in the company’s applications. o Conducting training classes on various quality improvement tools and techniques. o Conducting post-implementation reviews that were designed to identify system development “best practices”. Shearson Lehman Corporation - 1986 – 1987 - Sr. Systems Analyst A large brokerage firm for whom I created functional specifications and designed brokerage systems based upon end user requirements. • Designed brokerage application systems. • Supervised a team of application developers. |
