Wayne Work
Naugatuck,CT
Summary
Extensive experience in successfully performing Information Security & Architectural for fortune one hundred, private and public companies. Performed all aspects of cybersecurity threat frameworks, policies & risk assessments, assessed potential exploitation efforts coming from other internal or external adversaries, the use of the MITRE ATT&AK Matrix, NIST SP 800 series documents and real-time data feed has been essential to performing threat and risk mitigation. Maintained a Top Secret plus security clearance to assist numerous government entities and government contracted civilian organizations.
Overview
48
48
years of professional experience
1
1
Certification
Work History
Partner and Sr. Information Security Network Architect
Security Gauntlet Consulting, LLC
Naugatuck, CT
04.2023 - Current
- Performed an information security forensics investigation in Mexico as well as an initial database assessment that ruled out potential BOTNET activities.
- Performed numerous third-party risk assessments for organizations which evaluated potential security and financial risk within these parties that serviced, hosted, and potentially acquired.
- Architected and managed Network Services and Security Provider (MSSP) offerings that focused on security in all three modes of Cloud-based.
- Performed in-depth vulnerability scanning across the Internet, with a lab-controlled environment, and Ad Hoc situations for customers against their various infrastructure devices and software solutions that they hosted or supported.
Senior Cybersecurity Engineer – Network Security
IBM
Southbury, CT
02.2020 - 04.2023
- Managed IBM’s Cisco Umbrella DNS Security solution that supported and filtered over 350,000 external users worldwide who required VPN access to IBM’s infrastructure.
- Trained in the deployments, implementation, and security of IPv6 Internet Protocol.
- Deployed blocking and allowed content, security and application control policies to the SaaS instance of Cisco’s Umbrella DNS Security solution which supported over 350,000 remote users and across forty plus network segments.
- Developed robust reports which supported CSIRT cases, monthly and bi-weekly status updates and utilized database query solutions on exceptionally large AWS Data Lake systems that consumed and averaged over five billion log entries per day and stored 12 months of logging data.
- Maintained all records for authorization of access and removal of all User accounts within the Cisco Umbrella system.
- Supported, updated, and changed systems outage issues for IBM’s Umbrella instances.
- Mentored junior security professionals and developed training material for new User access to the Umbrella system.
- Managed the Internet Protocol version 6 (IPv6) certified engineer and assisted IBM in the roll out of IPv6 protocols worldwide.
- Supported all aspects of IBM Agile Development and Change Management process which ensured accurate, informative, and timely reporting of all projects.
- Utilized various DAST and SAST applications which assessed and evaluated opensource software packages within the GitHub, deployed applications, and utilized static source code review tools to ensure security solutions were being used within IBM for applications or development.
- Participated in daily and weekly meetings with the cybersecurity engineering and operations teams and supported knowledge transfer for other projects.
Partner and Sr. Information Security Network Architect
Security Gauntlet Consulting, LLC
Naugatuck, CT
06.2016 - 02.2020
- Reestablished the company’s business within New England and the Tri-State area as well as international work efforts within the city and states of Monterrey, Nuevo León, and Mexico, Mexico City.
- Utilized, managed, and architected various Identity and Access Management solutions such as IBM IAM, Prometric IAM (formerly Hitachi), SailPoint, CA ACF2 for mainframes and other solutions that met various customer needs and requirements. These systems were targeted to Windows, Linux and Mac OS endpoint and server systems.
Network Security Architect
Deloitte LLP
Hartford, CT
03.2015 - 06.2016
- Provided various technical security and global network, servers, and endpoint consulting that actively supported customers with security remediation issues, implementation, and architecture around reduced Advanced Persistent Threat (APT) and DOS/DDOS issues that were within their networks and other activities which came from the Internet.
- Developed SIEM solutions, customer architecture, responded to customer issues with their SIEM implementations and tuned customer’s protection solutions which fed their SIEM solutions with the correct data and allowed the customer to respond and defeat potential Zero Day events as well as several other security issues based on that customer’s threat profile.
- Answered complex RFPs related to the implementation and architecture of IBM’s QRadar, Splunk’s Enterprise Security Suite (both cloud and on premise) and other SIEM solutions.
- Mentored junior security consultants and assisted them with certification and increased their skill sets around security as a business process.
- Developed business plans, ran operational books, and processed workbooks for organizations that were utilized during normal operations and incident attacks remediation.
- Installed, implemented, tuned, and performed analysis and assisted organizations on how to perform SOC operations with Security Information Event Systems as their key processing a log aggregation system(s).
- Attended conferences where they presented information related to security solutions for global organizations and individual companies which allowed them to be more secure.
Practice Manager (Networking and Security Architecture)
Xerox Business Solutions
Naugatuck, CT
02.2013 - 01.2014
- Managed 8 Solution Design Engineers who architected networking, managed security and cloud services to large organizational projects ranging from ten million to One Plus Billion dollars and won many of these RFPs.
- Worked internationally with over eighteen data centers in India, US, Malaysia, Russia, and South/Central America and ensured that the solution designs could support an extremely aggressive Service Level Agreement (SLA) commitments within the customer agreements.
- Transformed complex segregated Network and Security towers of business into a single focused group which provided secure, integrated, and robust solutions to customers.
- Trained network and security FTEs on both networking and security best practices, technical design, integration, and overall subjects within these areas and cross trained and integrated these two teams.
- Provided security solutions to customers which included but are not limited to robust Identity and Access Management, Perimeter Security (Firewall, IPS, SIEM and Change Control, ITIL), down to the furthest endpoint of a variety of Mobile Device security and control solutions.
Senior Security Architect
Mainline Information Systems Inc.
Naugatuck, CT
03.2008 - 02.2013
- Developed a very robust and risk oriented security architecture for the deployment and installation VMware virtualization systems for two major hospital and medical practices, one in Virginia and one in Louisiana that had hundreds of physical servers with hundreds of virtual appliances all HA deployed and controlled back through VCenter Control environments. These deployments saved the Hospital over $2.5 millions of dollars in the first year.
- Taught classes to several companies on QRadar which included the sale classes for the Mainline Sales teams which positioned QRadar as an Energy and Healthcare provider verticals.
- Set up and deployed Syslog log aggregation systems within remote locations to have a single point of log feeds and reduced the amount of actionable log data that was fed to the QRadar Main Collector
- Developed the Security Practice into a Ten Million Four Hundred Thousand Dollar organization within a year which utilized only four individuals and became a cohesive portion of the sales team that used a “Solutions” based selling approach.
- Managed and was accountable for sales throughout the entire US, Brazil, and Puerto Rico.
- Performed vulnerability testing and remediation of applications in most any language with various SAST and DAST open source and commercial software solutions that performed automated and manual testing of local and GitHub applications stored.
- Performed presales Information Security (IS) engineering and security business analysis for Fortune 100 down to small businesses.
- Developed and managed complex Statement of Works for IS projects of more than three million dollars.
- Assisted in the responses for services, software, and hardware to government and private RFPs and RFQs which were more than 5.2 million dollars.
Director, Information Security Architecture and Standards
People’s United Bank
Bridgeport, CT
02.2007 - 03.2008
- Managed the development and Information Security Architecture for People’s United Bank.
- Directed and set global corporate standards for Information Security.
- Performed independent Information Security Risk Assessments of Vendors utilized or contracted by People’s Bank that ensured their security posture and set a profile security level for compliance and due diligence for the Bank.
- Developed security architecture solutions which included encryption, database Intrusion Prevention solutions and data in motions encryption methods for all banking database systems from IBM’s DB2.
- Performed vendor related on-site assessments and traveled internationally and performed these tasks with senior executive level (C-level) personnel who were responsible for their overall corporate security programs.
- Guided and architected the design efforts that met all aspects of SOX, GLB, and FFIEC compliance regulations.
Practice Principal/ Security and Infrastructure
MTM Technologies Inc.
Rocky Hill, CT
01.2006 - 09.2006
- Built a services-based Information Security Consulting Practice, which was profitable and provided a foundation for the future growth of the practice.
- Performed presales consulting and engagements for Fortune 500 and Small to Medium Business clients in the realm of Information Security and Infrastructure.
- Developed a robust Business Plan which drove revenue from less than 50K monthly to over $2 Million for the month of August.
- Wrote and developed Project Plans, Statements of Work (SOW), implementation and software Return on Investment (ROI) statements and analyzed/responded to customer RFP documents.
- Performed direct vendor management of product solutions which developed account mapping strategies and enhanced revenue generation efforts.
Chief Information Security Officer (CISO)
US Xpress Enterprises, Inc.
Chattanooga, TN
12.2004 - 12.2005
- Directed and developed Information Security related policies and procedure documents for US Xpress Enterprises and its subsidiaries.
- Managed the security of over 2700 desktop computers, 120 Windows/Unix Servers, and 2 Enterprise size AS400 servers which cost over 2.4 million dollars used to service over one hundred local and remote corporate facilities.
Chief Security Officer
Neopost Group, Mailroom Technologies Inc.
Shelton, CT
10.2003 - 12.2004
- Directed and developed five hundred plus pages of Information Security related policies and procedure documents within a 2 ½ week spam which was presented to the United States Postal Office for Accreditation of secure processing with the USPS. The US Postal service inspector noted that this was one of the outstanding documents he had seen “the best documentation of any postal franking company to date.”
- Provided security architecture solutions for all communications to a new management solution for over 800,000 devices worldwide.
Manager of Information Systems Security
Cybergenics
Trumbull, CT
07.2001 - 07.2002
- Developed detailed policies and procedures that accessed controls with LDAP, Windows 2000 Server Active Directory, and standard LAN authentication for a client base of over 20K users.
Chief Security Officer
Warnaco, Inc.
Milford, CT
03.2000 - 07.2001
ATSS and Information Systems Security Officer (ISSO)
Federal Aviation Administration
Syracuse, NY
10.1996 - 03.2000
Senior Electronic Warfare Systems Engineer
MANTECH
Ft Hood, TX
04.1994 - 10.1996
Electronic Tech, Instructor and Electronic Repair Facilities Manager
01.1978 - 03.1994
- United States Army
- Redstone Arsenal AL, Missile Command (January 1978 – September 1984)
- Warrant Officer Candidate School, Ft. Rucker, AL (March 1981 – May 1981)
- Intelligence Corp, Worldwide locations (September 1984 – March 1994)
Tempest Test Technician and Engineer (Operational Security Division)
Los Alamos National Laboratories
Los Alamos, NM
05.1985 - 12.1986
Education
Computer Sciences
Florida State College
Cybersecurity
Charter Oak State College
AAS - Engineering studies
Jefferson Community College
Skills
- Achieved enhanced security outcomes through the deployment of information security products such as Nessus and IBM Guardium Delivered effective cryptology and PKI validation processes, resulting in improved key management Optimized security assessments by leveraging both commercial and free versions of CIS Secure Suite Elevated vulnerability scanning capabilities with dynamic tool sets including Kali Security Tool Set and Rapid7 Strengthened forensic analysis through the application of tools like PW Dump 3 and DumpACL Improved database security measures with N-Stalker and IBM Rational AppScan, ensuring data integrity Enhanced web security through comprehensive evaluations using HP WebInspect and Wireshark Increased incident response efficiency by implementing SIEM architecture with QRadar and RSA Envision Streamlined endpoint management processes with Intune and Jamf, resulting in improved operational efficiency Fortified organizational defenses through the integration of Azure native security services and identity management solutions
- Achieved successful project completions by leveraging expertise in programming languages such as C, Perl, and Nodejs Delivered high-quality software solutions through effective management of development processes Enhanced system functionality and user experience through innovative coding practices
- Achieved streamlined operations through effective management of software applications such as Active Directory, VMware, and Citrix Enhanced system monitoring capabilities by implementing log aggregators and Syslog servers Improved database performance by managing IBM DB2, MS SQL, and Oracle environments Strengthened security measures through the administration of Oracle IAM Suite and directory services Optimized web server functionality, including IIS and Apache with SSL, to ensure secure communications Delivered support for graphics applications and IDEs, fostering a productive development environment
- Configured and maintained high-performance communications systems, ensuring seamless integration of multiple MPLS types and enhancing overall network reliability and efficiency
- Achieved compliance with ISO 27001 and NIST 800 series, enhancing organizational security posture Delivered comprehensive security manuals for SOC 1 and SOC 2, facilitating regulatory adherence Strengthened risk management frameworks in line with ISO 31000 and Sarbanes-Oxley Act (SOX) Advanced compliance with GDPR, HIPAA/HITECH, and PCI DSS, ensuring robust data protection measures
Certification
- Former Certified Information Systems Security Professional (CISSP) (retired)
- Former Certified Information Security Manager (CISM) (retired)
AWARDS, MEDALS, AND ACHIEVEMENTS
Army Commendation Medals w/ 2 OCL, Kuwait Liberation Medal, Army Achievement Medal w/1 OCL, NCO Professional Development Ribbons (3), Army Good Conduct Medal 4th award Southwest Asia Service Medal w/ 3 Bronze Stars, Humanitarian Service Medal, Armed Forces Expeditionary Medal
Additional Information
AWARDS, MEDALS, AND ACHIEVEMENTS
Army Commendation Medals w/ 2 OCL, Kuwait Liberation Medal
Army Achievement Medal w/1 OCL, NCO Professional Development Ribbons (3)
Army Good Conduct Medal 4th award Southwest Asia Service Medal w/ 3 Bronze Stars
Humanitarian Service Medal, Armed Forces Expeditionary Medal
Timeline
Partner and Sr. Information Security Network Architect
Security Gauntlet Consulting, LLC
04.2023 - Current
Senior Cybersecurity Engineer – Network Security
IBM
02.2020 - 04.2023
Partner and Sr. Information Security Network Architect
Security Gauntlet Consulting, LLC
06.2016 - 02.2020
Network Security Architect
Deloitte LLP
03.2015 - 06.2016
Practice Manager (Networking and Security Architecture)
Xerox Business Solutions
02.2013 - 01.2014
Senior Security Architect
Mainline Information Systems Inc.
03.2008 - 02.2013
Director, Information Security Architecture and Standards
People’s United Bank
02.2007 - 03.2008
Practice Principal/ Security and Infrastructure
MTM Technologies Inc.
01.2006 - 09.2006
Chief Information Security Officer (CISO)
US Xpress Enterprises, Inc.
12.2004 - 12.2005
Chief Security Officer
Neopost Group, Mailroom Technologies Inc.
10.2003 - 12.2004
Manager of Information Systems Security
Cybergenics
07.2001 - 07.2002
Chief Security Officer
Warnaco, Inc.
03.2000 - 07.2001
ATSS and Information Systems Security Officer (ISSO)
Federal Aviation Administration
10.1996 - 03.2000
Senior Electronic Warfare Systems Engineer
MANTECH
04.1994 - 10.1996
Tempest Test Technician and Engineer (Operational Security Division)
Los Alamos National Laboratories
05.1985 - 12.1986
Electronic Tech, Instructor and Electronic Repair Facilities Manager
01.1978 - 03.1994
Computer Sciences
Florida State College
Cybersecurity
Charter Oak State College
AAS - Engineering studies
Jefferson Community College