Devin Harris
Enterprise Security and Infrastructure Architect
Summary
Multi-certified enterprise security and infrastructure architect with 17 years of experience designing and managing enterprise implementations of information security systems, information technology, and networking technology; expert in gathering, analyzing and defining business and functional requirements; creating global metrics, trend charts and other decision-making tools; leading data-modeling and process-mapping initiatives; and designing/re-engineering processes, workflows and technology solutions for systems and networks. Proven ability to lead seamless implementations and deliver next-generation technical solutions improving revenue, margins and workplace productivity. Eight years of active duty military leadership experience in managing teams of people to accomplish tasks ahead of schedule and under budget and recognized as an expert in finding solutions for “hard to solve” problems in ways that work with the current environment.
Overview
17
17
years of professional experience
6
6
Certificates
Work History
Principal Security Engineer
Charter Communications, Time Warner Cable
Denver, CO
12.2021 - Current
- Managing vulnerability management for the News/Networks vertical that provides news feeds to regional Charter broadcast stations.
- Performing Risk Analysis on all incoming technology to the news vertical, including any upcoming projects, new technology products, as well as onboarding existing technologies that had not been properly reviewed.
- Provide monthly status report on news vertical to executive leadership for action/remediation on emerging threats within the charter environment.
- Assisted the news vertical in wide scale remediation of log4j vulnerabilities.
- Applying NIST 800-53 rev 5 and 800-171 rev 2 as the organization moves to increase CMMC maturity across the organization.
Enterprise Security and Infrastructure Architect
Cleveland Clinic Foundation
Cleveland, OH
09.2020 - 04.2021
- Worked with various teams across enterprise to build out profiles for use in Cisco ISE as organization moved towards Zero Trust network security model and infrastructure.
- Advised leadership on industry best practices with regard to medical device profiling, non-medical IOT, and standard IT devices. Collated data from disparate data sources within organization in order to sharpen view into what was on network and highlight new exposures to be risk evaluated.
- Interfaced with Ordr vendor and client to fine tune integrations with existing technologies to include: Cisco ISE, Nuvolo, Pxgrid, and Ping Identity. Was also deeply involved in profile creation and validation of medical devices using Ordr platform on day to day basis.
- Created documentation, RACI, and integration plan for implementation of CIS controls across environment. Assisted management in having discussions with leadership on controls and how they needed to be implemented within organization for greatest effect and ROI.
- Assisted on-site teams in planning for replacement/remediation of existing network hardware to support move to ISE profiling and enforcement. Provided support during upgrades of critical infrastructure as escalation point in event of error/issue during deployment of IOS upgrades to over 2000 Cisco switches in high risk medical environment.
- Conducted risk analysis of new systems being brought into environment using in-house risk scoring system. Aided client teams in streamlining risk process as well as integrating on-boarding of existing network devices that had never gone through proper channels.
Enterprise Security and Infrastructure Architect
Kaiser Permanente
Greenwood Village, CO
10.2019 - 05.2020
- Utilized industry best practices to design, champion to leadership, and pilot enterprise solution that identified, managed, and reported out on all devices in KP ecosystem. This included previously unmanaged endpoints, IOT devices, medical/clinical devices, network infrastructure devices, and facility operations devices in addition to currently managed devices
- Designed and utilized enterprise business intelligence data lake that gathered information from existing but disparate information systems in order to lay ground work for incoming solution as well as act as interim data repository from which relevant device attributes would be pulled in order to develop future control profiles.
- Designed solution for isolated and unmanaged vendor networks using off shelf technology and existing internal licensing to save KP in excess of $2,000,000.00 on third party technology being evaluated for this use-case.
- Generated requirements, sent out RFP's, and evaluated industry leaders in unmanaged/IOT device management space to include Armis, Medigate, Forescout, Ordr, and Zingbox in order to evaluate vendors for implementation of KP future state of Zero Trust Networking environment. In addition, created requirements for interim effort to move to software defined network/access model using existing infrastructure.
- Closely collaborated with other business units in EDGE working group in order to facilitate foundational changes necessary to implement designed solution and minimize/eliminate any end user impact, in this case patients and doctors. Provided support as needed to other groups from network security/infrastructure perspective.
- Advised on necessary changes to existing governance and risk models and policies in place at KP in order to facilitate future state of both IT managed and EDGE ecosystems. Assisted in development of risk model used to risk score and evaluate any new technology being added to KP infrastructure.
Security Engineer
Dominion Voting Systems
Denver, CO
03.2019 - 09.2019
- Led creation of information security program as well as internal governance documentation and policies that were adopted and implemented at organizational level. Used NIST Cybersecurity Framework as guide and tailored program to unique operating landscape to find solution that worked to minimize risk and accelerate increasing information security maturity level.
- Designed and implemented "move to cloud" while maintaining confidentiality, integrity, and availability of major services during transition.
- Shepherded executive leadership through initial cloud audits and lead effort to remediate over 75 critical 2225 medium 20 low findings. Team was able to address ALL critical and low findings, while achieving over 90% remediation in medium category.
- Managed internal vulnerability management program and worked with IT to reduce critical vulnerabilities across enterprise to include moving away from SMBv1 to SMBv3 and addressing TLS vulnerabilities that had potential for catastrophic loss if exploited. Significantly reduced attack surface for ransomware at technical level by implementing CIS controls while also spearheading user education program and internal phishing education/auditing programs. Facilitated reduction of vulnerabilities that were older than 90 days down to near-zero in environment and maintained program management to ensure month by month overall vulnerability reduction.
- Completed full-scale risk assessment of organization and presented findings to executive leadership team in order to inform business decisions and prioritization. Worked closely with executive leadership team to address company wide Key Performance Indicator's and present progress to investment board monthly.
- Developed incident response and disaster recovery plans from ground up and coordinated tabletop exercises that highlighted low-visibility deficiencies that had high recovery impact allowing for adjustment to IR and DR plans so that they better met business needs.
- Produced 3 year plan and budget to implement first 6 CIS control groups across organization while also maintaining existing controls that were not fully or improperly implemented. Lead effort to address "tech-debt" by focusing on solid fundamental IT hygiene in effort to minimize resource overhead and maximize individual impact through process and automation.
Senior Security Engineer
Cerner - Children's National Medical Center
Washington, DC
08.2017 - 02.2019
- Responsible for day to day operations of entire McAfee suite and endpoint protection program, managing about 9,000 workstations and 1000 servers, including highly sensitive servers that control life saving/support equipment needing actual 24/7 up-time.
- Technical Lead as well as lead implementation engineer for year long project to migrate entire McAfee platform from ePO 5.3.1 to newly built 5.9.1 (with extensive experience testing ePO 5.10) environment including endpoint migrations from Virus Scan Enterprise+Host intrusion Prevention (VSE 8.8 patch 11 and HIPS 8.x patch 11) to Endpoint Security and Endpoint Security for Server (10.6 and 10.5.4), McAfee Drive Encryption from 9 various versions ranging 7.0 and 7.1 to 97% 7.2.5, Data Loss Prevention (from version 9 to version 11 patch 4). Streamlined updated process to simplify product update deployments and significantly reduce version sprawl.
- Managed day to day administration of Cisco ASA and Palo Alto firewalls to include upgrade of firewall OS and VPN management for enterprise. Integrated McAfee Web Gateway (upgraded from version 7.4 to 7.7 and then 7.8) into network stack after appliances had been non-functional in environment for nearly 2 years and deployed McAfee Client Proxy (MCP) to entire user base while tuning filters and working with application owners to ensure as little downtime as possible for enterprise applications. In most cases, users experienced 0 downtime.
- Facilitated complete rework of Information Security program at CNMC by providing extensive support in rewrite of all information security and general IT policies, guidelines, and procedures in order to move hospital from maturity level of -1 to maturity level 2. Developed governance and data classification model and deployment plan for Data Loss Prevention (DLP 11.x) to environment where previous DLP deployment had never been fully implemented. Instrumental in getting CNMC data protection program off of ground after numerous failed attempts to start their data loss protection program to meet HIPAA requirements.
- Assisted in implementation of Rapid 7 InsightVM vulnerability assessment infrastructure and was integral in standing up new Vulnerability management program at CNMC as well as day to day scanning and remediation of findings in environment that significantly reduced attack surface of CNMC environment at OS level. Worked with Systems Management team to harden all deployment images in environment (All windows workstation OS's, server OS's as well as their Linux server images) as well as worked shoulder to shoulder with systems team to review and rewrite their entire GPO set in order to meet vulnerability management goals.
- Worked with various departments and clinics to integrate new medical technologies in secure manner. This included vendor relationship management and gaining sometimes hard-to-get departmental buy-in from clinics that had wildly varied sets of requirements.
Senior Security Engineer
Venture Tech - FDA
Rockville, MD
01.2017 - 05.2017
- Responsible for spearheading FDA data classification and governance model for their Data protection program. Worked on project to stand-up large internal SOC integrating Splunk, DLP, and various other data gathering sources in order to protect federal data.
- Deployed Data Loss Prevention (DLP 10.x) to nearly 35,000 endpoints for large federal agency.
- Instrumental in developing use-case for having agent handler in DMZ as well as deploying agent handler into large scale production environment to give new insight into machines that were outside of local network as well as deliver vital signature's and .dat files.
- Conducted large scale risk analysis for implementing agent handlers into FDA's DMZ that withstood intense review and scrutiny from federal information security teams.
Senior Security Engineer
BAE Systems
Reston, VA
05.2016 - 11.2016
- Managed McAfee ePO 5.3.2 and 5.9 infrastructure consisting of over 25,000 end points and monitoring McAfee products such as McAfee Drive Encryption (MDE 7.1x and 7.2x), Data Loss Prevention (DLPe 9.x and 10.x), Policy Auditor (PA 6.x), Virus Scan Enterprise (VSE 8.8x).
- Developed custom Policy Auditor benchmarks that gave never before seen insight into company’s security compliance. Took patch levels from sub 60% to nearly 95% in short amount of time with limited resources.
- Provided support as final escalation point for hard to solve issues. Helped work through company backlog of outstanding tickets to bring security ticket count to zero for first time since 2010.
- Provided SIEM analysis and signature creation based on actual incidents and network traffic. Used
Senior Information Security Analyst
Tista Science And Technology - IRS
Washington, DC
01.2014 - 05.2016
- Lead infrastructure SME for internal project management team handling electronic authentication for high profile government agency that authenticated 4.5 million users in 2015.
- Responsible for day to day security of over 150 RHEL servers in production environment for government project that was serving public.
- Assisted government in gathering forensic evidence following attack of high profile government application using Splunk, Wireshark, and McAfee ePolicy Orchestrator. Helped to bring application back online nearly full month ahead of schedule.
- Managed multiple teams of engineers in fast paced, public facing environment that requires 24/7 uptime and able to consistently deliver projects ahead of schedule and above expectations.
Information Assurance Engineer
IMS Government Solutions
Fairfax, VA
03.2013 - 10.2013
- IA engineer responsible for all technical aspects of information security on both internal and customer systems.
- Mentored junior systems administrators on complex Windows systems administration issues including converting all remaining Windows Server 2003, 2008, and 2008r2 servers to Server 2012.
- Remediated over 600 high and medium vulnerabilities in short amount of time in order to be compliant for annual DOD security audit.
Windows Senior Systems Administrator
Digicon - National Institute's Of Health (NHGRI)
Bethesda, MD
06.2012 - 03.2013
- Managed entire Windows environment consisting of 50+ servers and more than 1,500 Windows and Mac end user systems that serviced medical clinicians, researchers, and other NGHRI faculty and staff.
- Worked with various hospital units to plan, manage, and implement complete overhaul of VMware environment in order to facilitate advanced medical research and genome sequencing. Migrated existing ESXi 4.0 environment to ESXi 5.1 as well as deploying new virtual infrastructure where none existed before.
- Coordinated with department heads on new data storage strategy and setup enclaves for segregated data flows that had to meet strict data segregation guidelines for HIPAA compliance.
- Audited existing GPO environment and lead overhaul and restructure of policies in order to better manage workstations and servers within environment.
- Conducted home folder audit and restructure of more than 4,000 home folders. This included complete tear-down and rebuild of share levels permissions and file level permissions to meet new presidential directives.
- Took home folder error percentage from over 50% to under 5% using custom PowerShell scripts and custom in-house software written by admin team.
Network Security Engineer
District Computers
Washington, DC
03.2011 - 07.2012
- Took initiative to be self-employed in order to gain knowledge and experience.
- Worked with many high level clients in order to provide superior service and increased capabilities to their existing healthcare IT infrastructure.
- Highly technical and fast paced environment with ever changing sites and locations, all with differing technologies that required "learning as you go". Learning on fly was necessary to be competitive and stay abreast of emerging issues and difficulties.
- Worked independently to deploy network infrastructure to clients who had almost no existing resources in place which significantly increased productivity and efficiency for client's day to day activities.
- Conducted network audits of existing implementations in order to assess areas of improvement and provided follow-up guidance on course of action to existing IT personnel.
- Provided Tier I through Tier III support in order to facilitate smooth transition to new systems.
- Able to deal with clients of all skill levels.
- Implemented complete rework of network infrastructure to large client which fixed many existing problems within environment. This lead to over 45% increase in revenue for client in first quarter after deployment. IT issues were reduced from daily occurrences to bi-weekly or monthly occurrences in some cases. Issued guidance to existing IT personnel on how to better secure their network and how to run assessments at given intervals. This lead to decrease in overall security breaches by as much as 80%.
- Instructed clients on industry best practices for network and host based security.
Senior Desktop Support Technician
Terpsys - National Institutes Of Health (NHLBI)
Bethesda, MD
01.2010 - 01.2011
- Recognized as integral part of team that was tasked with delivering excellent customer service in fast paced medical research and in-patient environment.
- Provided top notch tier II/III support in multi-platform environment that consisted of Windows, Mac, UNIX, and Linux systems.
- Assisted medical staff with information technology needs in state of art medical facility.
- Lead team of technicians in implementation of FDCC compliance and 2-factor VPN authentication on over 600 workstations in accordance with NIST publication 800-77.
- Provided support for nearly 4,000 end users in high stress medical environment that included highly complex medical instrument controllers and wide variety of technical challenges.
- Accurately documented daily work with Remedy ticketing system and was able to raise SLA compliance from 80% to 99% in year's time. Decreased time for user to receive new computers from 2 weeks to 4 days through development of hardware independent images and driver escrow implementation.
- Transformed processes/toolsets of geographically dispersed technicians into cohesive, standardized set of solutions that elevated efficiency and accuracy.
- Gathered and assessed needs from internal business units; created custom solutions to resolve issues (e.g., system slowdowns, virus outbreaks and process bottlenecks); and developed functional specifications for IT group.
- Automated previously manual, time-consuming processes to drive gains in data tracking/accuracy, workgroup efficiency and profitability.
- Transitioned Mac infrastructure to JAMF Casper suite and provided technical advice and consulting on implementation of new Mac framework.
Senior Information Systems Operator
United States Army
03.2003 - 03.2010
- Lead team of 9-12 soldiers in support of mission critical information technology tasks and procedures.
- Responsible for more than $1,000,000.00 in equipment and sensitive items to include servers, workstations, and military information technology.
- Organized and lead team of 10 technicians in upgrade from Windows XP to Windows Vista on over 1500 workstations and ensured that end users were trained on operating system and could continue their work. Performed various security audits and penetration tests in order to evaluate network security of unit using tools such as backtrack and metasploit along with Nessus Vulnerability scanner.
- Hardened various servers through patching and documented process in order to bring security in line with industry best practices. Was able to bring unit into compliance with Army IA guidelines and earn "Network security excellence" award 2 years in row.
- Provided tier I through tier III support doing many different tasks above and below job title and requirements.
- Adapted and was able to react to challenges when presented with work that needed to be done on fly and that was unfamiliar at time.
Education
Bachelor of Science - Computer Networking And Security
University of Maryland University College
Adelphi, MDSkills
Implementing/auditing of critical information systems controls
Certification
SANS GCCC
Timeline
Principal Security Engineer
Charter Communications, Time Warner Cable
12.2021 - Current
Enterprise Security and Infrastructure Architect
Cleveland Clinic Foundation
09.2020 - 04.2021
Enterprise Security and Infrastructure Architect
Kaiser Permanente
10.2019 - 05.2020
Security Engineer
Dominion Voting Systems
03.2019 - 09.2019
Senior Security Engineer
Cerner - Children's National Medical Center
08.2017 - 02.2019
Senior Security Engineer
Venture Tech - FDA
01.2017 - 05.2017
Senior Security Engineer
BAE Systems
05.2016 - 11.2016
Senior Information Security Analyst
Tista Science And Technology - IRS
01.2014 - 05.2016
Information Assurance Engineer
IMS Government Solutions
03.2013 - 10.2013
Windows Senior Systems Administrator
Digicon - National Institute's Of Health (NHGRI)
06.2012 - 03.2013
Network Security Engineer
District Computers
03.2011 - 07.2012
Senior Desktop Support Technician
Terpsys - National Institutes Of Health (NHLBI)
01.2010 - 01.2011
Senior Information Systems Operator
United States Army
03.2003 - 03.2010
Bachelor of Science - Computer Networking And Security
University of Maryland University College
Similar Profiles
Kierstin HowardKierstin Howard
OFFLINE CUSTOMER SUPPORT at Charter Communications, Time Warner CableOFFLINE CUSTOMER SUPPORT at Charter Communications, Time Warner Cable
David FaublasDavid Faublas
BAU Sales Specialist at Charter Communications, Time Warner CableBAU Sales Specialist at Charter Communications, Time Warner Cable
Gustavo J. RamosGustavo J. Ramos
Customer Service Representative at Charter Communications, Time Warner CableCustomer Service Representative at Charter Communications, Time Warner Cable
Shanese Jordan-WatkinsShanese Jordan-Watkins
Business Support Analyst at Charter Communications, Time Warner CableBusiness Support Analyst at Charter Communications, Time Warner Cable
Michael WoldMichael Wold
Principal Security Engineer at Compeer FinancialPrincipal Security Engineer at Compeer Financial