Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Thomas-S-Gardner-Resume-Q3-2015

advertisement 
Thomas Scott Gardner, CISSP
2619 E. Cherrywood Pl
Chandler, Arizona 85249
Phone: 602-421-5568
tgardner@synackfin.com http://www.synackfin.com
Professional Summary
Certified Information Systems Security Professional specializing in security architecture,
network and systems engineering of large scale enterprise networks. Extensive experience in
Internet services & perimeter network design, compliance consulting, enterprise security
program development. Incident and vulnerability management, cybercrime investigations, digital
forensics, and legal testimony. Distributed systems & cloud services security and virtualized
data center design. Specialties: Information security consulting, Financial services, on-line
banking, ISP/NSP, and Cloud security.
Employment History
Universal Technical Institute, 16220 N., Scottsdale, Arizona. Sept 2013 to Date
Information Security Engineer
Enterprise Information Security Engineer responsible for the development and management of
UTI’s enterprise security programs, SOX, and PCI-DSS compliance efforts. Risk management
duties include compliance gap analysis, logical & physical security assessments, third party
vendor risk and compliance reviews, and security awareness program development.
Security Architecture and engineering responsibilities include public and private cloud services,
Firewall and perimeter services network design, Intrusion detection & prevention systems, email
and web content filtering, malware remediation, remote access solutions and end-point
protection.
Responsible for the development and management of UTI’s vulnerability and patch
management programs, Web application security testing and assessments, centralized log and
security event management systems (STRM Q-Radar), incident response and investigations.
Apollo Group, 4035 S Riverpoint Parkway, Phoenix, Arizona. Feb 2012 to Sept 2013
Principal Information Security Architect
Senior member of the corporate Information Security team responsible for the research and
development of Apollo Group’s enterprise-wide security infrastructures, global network, Cloud
services and complex on-line educational systems.
Core Information security duties include compliance gap analysis, security consulting, and
technical security assessments. Formulation of enterprise security strategies, roadmaps, and
security technologies adoption. Development of enterprise security reference architectures and
collaboration on corporate information security policies and control standards.
Primary technology focus areas are perimeter network, firewall, web services design, layer 4-7
switching, web proxies, content filtering and acceleration. Enterprise remote access and
Wireless network services design. Unix/Linux, and Windows systems engineering, data center
virtualization technologies and Amazon S3 Cloud services design.
41st Parameter, 17851 North 85th Street, Scottsdale, Arizona. Sept 2011 to Jan 2012
Information Security Architect / Consultant (Contractor)
Information Security Architect / Consultant for PCI-DSSv2 / ISO27001-2 enterprise compliance
effort. Performed enterprise security assessments, compliance gap analysis, and technical
Thomas S. Gardner Resume 2015 (Page Two)
controls development. Designed multi-tiered Internet services, internal network segmentation
architectures, (Virtualized machines and storage) Managed overall PCI compliance project and
development of new policies, procedures, and technical control standards.
Limelight Networks 222 South Mill Ave, Tempe Arizona. Aug 2008 to Aug 2011
Director of Information Security / Architect / Engineer
Primary responsibilities were the Information Security architecture, engineering, and
management of Limelight Network’s corporate and global Content Delivery Networks. Designed
and deployed an Enterprise Security Program based on ISO27001-2 security framework and
included policy, risk management and business continuance / disaster recovery solutions. Core
duties: Security consulting, security infrastructure development, systems and network
engineering.
Summary of Accomplishments:









Enterprise Network Design - Designed and implemented enterprise segmented
network architecture, established perimeter firewalls, and intrusion detection systems,
secure wireless WLAN, remote office and remote access VPN solutions based on
Juniper ISG/SSG, and Cisco ASA/PIX security products.
Enterprise Security Program - Developed, and managed Enterprise Security Program
and Information Security Management System based on the ISO27001-2 security
frameworks.
Compliance – Member of the enterprise governance, risk, and policy development
team. Designed and implemented technical controls, policies, process, and control
standards for PCI-DSS and Sarbanes-Oxley compliance.
Security Consulting – Assisted internal teams in security solutions development.
Performed compliance gap analysis, third party / vendor security assessments, and
merger and acquisition site reviews.
Risk Management – Performed physical & logical security assessments, wrote security
plans, and developed risk reporting process. Performed application security
assessments, penetration testing, and ethical hacking. Designed technical controls and
process to mitigate risks.
Incident and Vulnerability management - Designed and managed enterprise
vulnerability and Incident management programs.
Security Information and Event Management systems - Designed and implemented
enterprise SIEM systems: centralized logging, NIDS, alerting and monitoring,
compliance reporting, based on AlienVault SIEM / OSSIM and Juniper Network Security
Manager(NSM) and STRM, implemented AirDefense WIDS
Business Continuance and Disaster Recovery - Performed business impact
assessments, developed enterprise BCP/DR strategy process, procedures and test
plans for critical infrastructure.
Wells Fargo 2600 South Price Rd. Chandler, Arizona 8/16/99 to 08/2008
Information Security Architect (Information Security Architecture Team)
Responsibilities were the Architecture and design of continuous availability Internet banking,
financial processing systems, and corporate IT infrastructures. Primary focus was security
consulting, compliance, data leakage prevention, and perimeter network security.
Summary of responsibilities and accomplishments:
 Developed Wells Fargo’s enterprise Internet Secure File Transmission services based
on Tumbleweed/Axway Secure Transport. (Distributed data center architecture)
 Perimeter / firewall network engineering. Cisco CSM, Raptor, Cisco PIX, ASA,
Checkpoint, iptables, F5 LTM / GTM , L2/L3 Network design.
Thomas S. Gardner Resume 2015 (Page Three)





Remote access design – VPN, SSL-VPN, endpoint security, Designed and implemented
secure vendor access solutions.
Security consulting – Solutions engineering, security assessments, Vendor and site
reviews. Vulnerability assessments (WebInspect, Nessus), penetration testing
Compliance: Policy and control development, eGRC Archer, gap analysis on PCI-DSS,
FFIEC, Gramm Leach Bliley.
Wireless LAN Member of enterprise Wireless security engineering team: Cisco Wireless
products Airmagnet, AirDefense WIDS.
Security Information & Event Management (SIEM) engineering (Arcsight, Loglogic,
Splunk).
Education, Degrees, Certifications, Awards:






DeVry University Phoenix Arizona. Associate of Science Degree in Electronics
Engineering. ASEE. Presidents List. GPA 4.0/4.0
Certified Information Systems Security Professional CISSP #79107
Hewlett Packard certified Unix consultant and Network Engineer.
Received over ten “Service Excellence” awards from Wells Fargo management teams.
Received multiple commendations from the Arizona Maricopa County Attorney (Rick
Romley) for tools and consulting Internet crime investigation.
Novell certified Unixware instructor (CNI).
Professional Training & Conferences


















Juniper JSA Threat Analytics Q-RADAR SIEM training course. 2/2015
SANS SEC 560 Ethical Hacking and Penetration Testing Track 10/2014
RSA 2013 Cloud Security track. 2/2013
Blue Coat Certified Proxy Administrator course 3/2012
Blue Coat Certified Proxy Professional 3/2012
Juniper Networks Advanced IPSec VPN Implementations course 02/2011
SANS SEC 560 Ethical Hacking and Penetration Testing Track 07/2010
SANS SEC 503 Advanced Intrusion Detection System Track 11/2009
SANS Security Conference (Securing Windows Track) (02/2008)
Burton Catalyst Conference (Security Architecture track) (06/2007), (06/2006)
Cisco Advanced PIX Firewall (FWSM) administration 03/2004
Cisco Secure Virtual Private Networks (CSVPN) 07/2003
Symantec Advanced Enterprise/Raptor Firewall Administration for Solaris 10/2001
Building Cisco Scalable Networks (BSCN) 11/2000
Intrusion Techniques and Countermeasures Computer Security Institute 06/2000
Interconnecting Cisco Network Devices Course (ICND) 12/1999
Cisco Network Academy CCNA CNT140, CNT150 2/1999
C Programming. Estrella Community College 6/1998
Related documents
Network and Unix Systems Security Administrator
Network and Unix Systems Security Administrator
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Comparison of career texts
Comparison of career texts
Arizona's Executive Branch
Arizona's Executive Branch
Age Appropriate Transition Assessments Questions
Age Appropriate Transition Assessments Questions
Social Studies Teacher (Junior HS) (HHS16-004)
Social Studies Teacher (Junior HS) (HHS16-004)
Below grade level in math
Below grade level in math
Statement-Proof-Commentary PPT
Statement-Proof-Commentary PPT
Download
advertisement