Resume

 

Phil Gawron, (CISSP)(CHFI)(MCSE)

2026 Samuelson Rd, Portage, IN 46368,  Philip.J.Gawron@gmail.com

Hands-on information security manager / subject matter expert with over 14 years of IT experience. Experienced in security initiatives surrounding application deployment, networking, data loss prevention, user access management, security awareness training and systems integration.

SUMMARY OF QUALIFICATIONS

 

Multiple investigations which included forensic examinations, interviews and time-line reconstruction

Managed 25 Cisco security devices across North America

14+ years in the IT field covering all areas of infrastructure: hardware, Active Directory, networking, help-desk, security and management

Authored policies and standards which satisfied business objectives along with legal requirements

Led the Financial Crimes and Information Security Committee (FCISC)

 

Certifications & Professional Memberships

 

Certified Information Systems Security Professional (CISSP) Nov 2003

EC-Council Computer Hacker Forensic Investigator (CHFI) Dec 2010

Microsoft Certified Systems Engineer (MCSE) Jan 2000

Expired Certifications

GIAC Certified Forensic Analyst (GCFA) (expired July 2011)

GIAC Systems and Network Auditor (GSNA) (Expired March 2010)

Cisco Certified Security Professional (CCSP) (Expired 2009)

Professional Membership

INFRAGARD -Chicago Chapter

ChicagoFIRST

Technologies

  • Vulnerability Management: Qualys, Nessus, Nikto, IBM Rational Appscan, Metasploit, WSUS, KFSensor honey pot
  • Email Security: Postini, Websense, Symantec Endpoint protection, PGP
  • Network Security: Cisco Firewalls, Juniper Firewalls, IPTables, Athena Firepac, Netflow, NAC, Wireshark
  • DLP: Websense Data Security Services, Websense Web filter, Varonis Data Governance Suite
  • IDS/IPS: OSSEC, Snort, BASE, AANVAL, Cisco IDS
  • Forensics: AccessData FTK, Helix, CAIN Livecd, Netcat
  • Operating Systems: Windows (all versions), Linux (Debian and Red Hat based distributions)
  • Misc. CyberArk, Maximo, Idera SQL Monitor

Professional Experience

MF Global, Inc. July 2007 – November 2011

IT Security Officer

Broad range of responsibilities forIT Systems security and Data Privacy. Hands on manager of a small team This team was responsible for examining and enhancing the firms global security posture. This includes resolving privacy and security issues, network architecture and implementing activities requiring complex and/or multidisciplinary approaches in Corporate Information Security Function for a global company.

Key Projects:

  • Global standardization of network security design. Migrated legacy network architecture to comply with global network security standards. Converted Juniper firewall configurations into Cisco ASAs, Transitioned from a flat security structure into a layered security zone implementation with Cisco devices.

  • Maintained and enhanced the firm’s network security posture during the transition to two new data centers. This included a complete redesign of the New York data center and a more traditional “yank and replace” of the UK data center.

  • Developed and implemented tools and processes for a global Data Loss Prevention Program, while ensuring legal compliance:

    • To monitor the loss of confidential information.

    • To securely maintain confidential information in the primary document repository.

Project Highlights:

  • Developed and Implemented an Incident Response Team and Framework. This team included technical and business orientated individuals. Integrated the IT incident response team and framework into the existing Operational Risk framework.

  • Carried out firm wide penetration testing. Testing included web application security, network security, desktop/user security and limited social engineering attacks.

  • Assessed perimeter security configurations, host based security configurations, IDS rules, and provided guidance on a layered security model. Firewall and router ACLs were examined for unintended access along with misconfiguration.

  • Developed and implemented processes for the security evaluation of business partners and vendors. These processes led to the additional benefit of having relevant information regarding our security posture, readily available and formatted for potential partners or regulators.

  • Developed and Implemented Security Standards and Policies based on ITIL

    • Information Security Policy

    • Acceptable Use policy

    • Network Security Standard

    • Mobile Device Security Standard

    • Vulnerability Management Standard

    • Protection of information on portable media

    • Firewall Implementation Standard

    • Anti-virus Standard

    • Password Standard (both Internal and External)

    • User Access Management

  • Ensured that business management can make informed decisions by stating and documenting risks, threats and mitigating controls in language they understand.

    • Ensured aspects of outsourcing efforts will not violate privacy or regulatory requirements

    • Ensured management was informed about differences between regions

    • Ensured management was informed about implications of design and implementation of new products

  • Developed and implemented a security awareness program. This program included in person training, computer based training along with a security Intranet portal

  • Developed methodology, architecture, and set of processes, implementing global detection, scanning, and remediation of continuing threats within the company. Primary contact for external audits. Performed internal audits of web applications, network infrastructure and end points.

  • Implemented IT general controls across the global landscape. Maintaining these controls was critical in enabling the company to go public. Company was able to successfully pass all Sarbanes-Oxley 404 audits (SOX)

    • Point of contact for internal and external auditors.

    • Performed quarterly physical security reviews

    • Audit systems access against approved access.

    • Examined user access across multiple systems to ensure proper separation of duties

  • Determined System and Network security requirements.
    • Audit Firewall configurations

    • Consult and approve system designs

    • Offered secure solutions instead of denying requests

Corporate Contributions:

  • Analyzed security tools output, to safeguard the company from technological damage during a rapidly spreading, increasingly destructive, high risk period.

  • Instituted significant cost savings by reducing hardware needs and utilizing open-source solutions in non-mission critical applications.

  • Fostered an environment where security was looked to for solutions and not as a necessary evil.
  • Saved the company from substantial loss of confidential information, foreseeing danger of potential partner through strategic analysis and identification of their system’s flaws.
  • Found software alternatives which reduced costs by $200,000 per year.

Man Financial Inc December 2000 – July 2007

Network Security Engineer

Managed network security devices including Cisco Pix, Cisco ASA, Cisco VPN concentrators. Approved and supervised third party networking connections, conducting procedures for risk assessment authorization and documentation. Technical liaison between the business community and vendors.

Key Projects:

  • Defined and established network security environment for the company.

  • Designed and implemented segregated environments for mission critical internal access.

  • Mentored others in recognizing and mitigating risks.

  • While maintaining security, I established connections and migrated services from companies acquired through acquisition.

  • Carried out numerous forensic examinations. These examinations recovered evidence of employee malicious behavior.

Infrastructure Lead

Managed projects, increasing overall security of the company’s business systems. Managed a team of six, overseeing help-desk, server administration and networking.

ED&F Man November 1997 – December 2000

Infrastructure Team Member

Help-desk, server administration and networking activities

 

 

USCitizen, INC May 1996 – October 1997

IT Consultant

Provided IT Technical services to a variety of companies.

 

Primerica Financial Services March 1992 – June 1996

Regional Sales Manager

Led a team of six representatives. Held Series 6, 63, 7 & 24 licenses

 

A.L. WilliamsNovember 1988 – March 1992

Account Manager

Sales representative. Held series 6 & 63 along with Life Insurance licenses

 

Education

 

Purdue University 1984-1986

Area of study – Computer programming