Carl Brown, Developer in Tampa, FL, United States
Carl is available for hire
Hire Carl

Carl Brown

Verified Expert  in Engineering

Security Architect and Developer

Location
Tampa, FL, United States
Toptal Member Since
November 30, 2021

Carl is a senior security architect with multiple decades of experience building security standards, developing security solutions, and ensuring the appropriate security controls are in place and functioning as designed before a project and infrastructure move into production. Principle security solutions and policies include ITSM ServiceNow, GRC Archer, MS O365, ERP/Billing systems, legal obligations solutions, damage claim app, and QR mobile applications projects.

Portfolio

iTechnologies Inc.
ITIL, HIPAA Compliance
Eversource Energy
Microsoft Excel, Microsoft PowerPoint, IT Projects, Vulnerability Management...
Pratt & Whitney
NIST, SSP, IaaS, Platform as a Service (PaaS), SaaS, SAP, ITAR, Supply Chain...

Experience

Availability

Part-time

Preferred Environment

Amazon Web Services (AWS), Azure, NIST, ITIL V3 Foundation Certified, Platform as a Service (PaaS), IaaS, SaaS, SSP, ITAR, Risk Assessment

The most amazing...

...security document that I created was the project security sign-off document that meets all the NIST control requirements for every current and future project.

Work Experience

VP/PM/Business Development/IT Security Consultant

2009 - PRESENT
iTechnologies Inc.
  • Acted as a consultant for NIST/CMMC such as NCSF, NRMF, CMMC, 800-53, NIST 800-171. I created or updated policies and procedures, system security plans, and POAMs; scope customer environment. I also prepared for and conduct gap, risk, and readiness assessments.
  • Sought new opportunities in IT by providing strategic vision and planning for production systems deployments with attention to cost-effectiveness, efficient scaling, and adaptability to diverse service offerings using ITIL and PMP best practices.
  • Served as an IT security risk management consultant that created, delivered oral and written technical SME for the companies’ responses to the “meaningful use”, HIPAA Security Administration Safeguard for 13 of 14 community health centers.
  • Provided four technology leadership approaches that include collaboration, access, alignment and securing, and improving core enterprises' services.
  • Kept abreast of software and hardware innovations and regularly apply them to increase the availability and reduce costs of service offerings. Also, I orchestrated accountability and solid performance in an environment that is not ITIL or PMP-driven.
  • Led and oversaw the management of the team responsible for installing, supporting, and maintaining high-performance, high-transaction, high-availability production systems servicing dozens of customers with thousands of users.
  • Researched vendors and proposed a solution that would save extensively by leveraging existing technologies with security concepts and principles. In addition, I proposed a project plan and transferred knowledge for implementation.
  • Established plan-do-check-act and milestones to remediate security fixes and resolve a substantial backlog of unapplied fixes in a compressed timeframe.
  • Facilitated and encouraged a culture of innovation and controlled security risk to gain and maintain a competitive advantage.
Technologies: ITIL, HIPAA Compliance

Cyber Security Architecture Senior Consultant

2017 - 2021
Eversource Energy
  • Developed, designed, and recommended cyber-security technology strategies for multiple application, data, and infrastructure projects; coordinated and resolved complex technical security problems and challenges.
  • Provided security recommendations and functional requirements to internal business groups, solution architects, and project managers to ensure appropriate and effective new and current security controls are in place for new and prior initiatives.
  • Created and implemented project security sign-off document that includes corporate information security risk assessment questioner, policy exception request, due diligence questionnaire, vulnerability, and application penetration test.
  • Implemented Eversource Security Risk Assessment process (RMF and CSF) to evaluate all multiplatform projects and used Eversource standards to mitigate risk levels to an acceptable level ensuring NIST, CIP, and SOX's security controls are in place.
  • Created, identified security design gaps, and promoted security policies for ITSM ServiceNow, GRC Archer Security, O365, ERP and billing systems, legal obligations solution, customer portal and management system, and QR mobile applications projects.
Technologies: Microsoft Excel, Microsoft PowerPoint, IT Projects, Vulnerability Management, Risk Assessment, Solution Design, Security

Global IT Cybersecurity and Infrastructure Architecture Consultant

2015 - 2017
Pratt & Whitney
  • Managed all IT National Institute of Standards and Technology (NIST)/DFARS issues for Pratt & Whitney military engines programs that include ATEC, F135, F-22/119, and HPW3000 to assess, plan, and communicate to business partners and stakeholders.
  • Acted as a primary point of contact to Pratt & Whitney IT infrastructure resource for the Safeguarding DFARS clause for CUI and NIST Special Publication (SP) 800-171 guidance for all 14 security control families.
  • Developed resource plans, project plans, mitigation plans, and system security plan (SSP) to meet DFARS/NIST requirements.
  • Authored IT security supply chain survey ensuring safeguard procedures that address security control areas, including data protection, export, access and internal controls, physical security, web access, operational and recovery management, and incident response.
  • Acted as a cloud integration project manager and business partner to aid execute a plan, build, and run environment in an ITAR and Non-ITAR environment.
  • Served as a technical subject matter expert for system transitions, migrations, consolidations, technical assistance to IT support staff, and consulted project management activities for a cloud environment, including IaaS, PaaS, and SaaS, and SAP enterprise app re-platform.
Technologies: NIST, SSP, IaaS, Platform as a Service (PaaS), SaaS, SAP, ITAR, Supply Chain, Security, IT Infrastructure

Assistant Director | Director of Infrastructure

2012 - 2015
State of Maryland, Department of Labor, Licensing and Regulations
  • Oversaw all aspects of DLLR’s IT department's operations that include IT infrastructure, correctional IT facilities, communication, including LAN, WAN, and security, production application, FTP, database, backup recovery, and regulatory compliance.
  • Managed the day-to-day operations of the IT group including downtime, reporting service levels, defining and tracking IT operational metrics, and provided status and briefings to CIO, unemployment (UI) director, and State of Maryland secretary.
  • Developed and managed relationships with vendors in support of system augmentation. I managed the overall capacity utilization of the server and hardware environment ensuring it is optimized to meet business requirements.
  • Planned, budgeted, forecasted, developed, and implemented hardware and software standards for the network, virtual servers, databases, wireless technology, and data retention.
  • Managed, set up configuration, and supported DLLR’s development, testing, and production environments that incorporate web, database, e-mail, including Microsoft and Google, and application servers, and including code move-ups.
  • Managed, set up configuration support and administration for the Department's internet and intranet sites, SFTP, and SAN storage. Also, I supported and managed DLLR’s infrastructure and the entire occupants of N. Calvert St., N. Eutaw St., and 5 UI Field Offices.
  • Provided technical on hands leadership Windows Server Active Directory (AD) network directory services framework that includes correcting audit findings and improving security requirements throughout the infrastructure.
  • Provided data center audit for Health Insurance Exchange (HIX) systems to verify that the data is confidentially protected and secure. I architected and implemented a new SMART Board technology conference room.
  • Created, submitted, and awarded multiple proposals to improve DLLR UI infrastructure that included disaster recovery, staffing services, and project management. I proposed, deployed, and managed Veeam Backup & Replication.
  • Provided WBS technical management leadership for VDI and GED rollout to 13 correctional facilities. I also managed staff members in their daily activities, supported all infrastructure projects, and provided quarterly internal project reviews (IPRs).
Technologies: LAN, SANs, SFTP, IT Infrastructure, Virtual Desktop Infrastructure (VDI), Work Breakdown Structure, Ads, Networks, Disaster Recovery Plans (DRP), Backup & Recovery, WAN, Security, Databases, Compliance

Program Manager | Technical Architect Consultant

2007 - 2010
FASTech Inc
  • Directed accountability for acquiring and managing IT programs for the firm and providing technical subject matter expertise to the organization.
  • Provided technical and managerial oversight and counsel pertaining to the design, development, implementation, and vendors evaluation to multiple intra and inter-company technical projects and initiatives of strategic and tactical importance.
  • Proposed program manager that provided complete supervision, oral and written technical expertise for the company responses to the US Department of Commerce (DOC) International Trade Administration (ITA) RFP.
  • Provided technical architect and subject matter expert that provided oral and written technical expertise for the company responses to the Transportation Security Administration (TSA) ITIP RFP.
Technologies: Program Management, Consulting, IT, RFPs

Infrastructure SDLC Program/Project Manager Consultant

2006 - 2007
Spherion
  • Led infrastructure management team for Fannie Mae MF/Housing Community Development technical environments to ensure operational excellence regarding system upgrades, migrations, architecture, engineering, design, and new applications implementations.
  • Developed project charter, work plans, change control process, risk management, communication, system boundary documents, financials, and resource planning.
  • Performed quality control, including monitoring, reporting, and trending for all server environments, release management, compliance management to meet SOX and PCI requirements. I completed a project audit.
Technologies: Release Management, SOX Compliance, PCI

Senior Consultant | Operation Manager

2003 - 2006
TSA / Unisys / KForce
  • Promoted to the manager, with accountability for devising strategies to improve operational efficiency, efficient scaling, and service availability for DHS Transportation Security Administration (TSA).
  • Managed 75+ SMEs to deliver 24/7/365 Tier 3 and 4 operations and engineering support in two-domain Exchange, Windows, EMC SANS, AD environment, backup, and disaster recovery with 500+ servers and 75,000+ users in 300+ sites nationwide.
  • Guided engineers on improving cluster configurations across eight core infrastructure clusters, patch rollout to 500 servers, and enterprise deployment of NetIQ Monitoring.
  • Managed dashboard reviews of critical systems with weekly, monthly, quarterly, and yearly aggregate data rollups for executive management business planning.
  • Led lengthy AD cleanup project to remove 30,000+ accounts and email consolidation mailbox rebalancing project spanning 25,000 mailboxes.
  • Directed smooth migrations of VoIP, mobile device projects, and threated management system into operations management.
  • Acted Unisys CRM on occasion, requiring VIP support, executive project presentations, negotiating, staff acquisition, and staff resource allocation.
Technologies: IT Operations, Servers, Security Operations Centers (SOC), Network Operation Centers (NOC)

Network System Manager

2002 - 2003
Department of Defense Modeling and Simulation Office | SAIC
  • Maintained, configured, and troubleshot Sun Solaris, Linux, Cisco 3640 Router, Catalysts 2948G Switches, Symantec Raptor firewall 7.0, and anti-virus. I also supported connectivity with NIPRnet via Ft. Belvoir.
  • Acted as a Windows 2000 server administrator, working on maintenance, server and workstation backup. I also met the maker administration.
  • Worked on software testing, workstation deployment, LAN help desk and end-user support, standardization, expansion, training, HW/SW configuration, and upgrades. I also did phone/voice mail maintenance and recommended equipment purchases and system modifications.
  • Led conference support planning and execution for both on and offsite conferences, audio-visual, dial-in conferences. I also worked on procurement and budget planning, purchasing recommendation, asset management, and property control.
  • Created administration and maintained the user server and electronic mail accounts, FTP sites; automatic mailing lists, installation and configuration of the web server, and all networks to include firewall and security hardware and software.
  • Solved all hardware and software configuration problems, information security to include intrusion detection; monitored internet communications equipment; data protection, and archiving.
Technologies: Microsoft, Linux, Cisco, IP Networks, IT Infrastructure

Senior Security Engineer

1999 - 2003
NASA GSFC | Performance Network Engineering | QSS Group, Inc
  • Served as a security engineering specialists consultant in a role as a member of the system engineering team on the Control Center System (CCS) project for Hubble Space Telescope (HST).
  • Provided information technology security engineering design and implementation support to the NASA HST Vision 2000 reengineering project. Acted as a chair of the CERTS team for NASA IT Security.
  • Promoted a system and security philosophy of risk mitigation through proactive security awareness training, cost-effective security countermeasures, host-level security, and security planning and integration at the earliest design phases.
  • Provided systems security engineering support involving the integration of commercially available software and hardware security products. I also provided deployment leadership for government agencies.
  • Identified enhancements to existing network security countermeasures such as firewalls, security policy, system design, risk mitigation, vulnerability assessments, and developing white papers and other security-related IP-transition activities.
  • Developed security, test, and evaluation (ST&E) plans for internal and external penetration testing to ensure that the firewall and authentication mechanisms are functioning according to the established security requirements.
  • Developed special studies and technical analysis of end-to-end architectural options that have cryptographic and communications and information systems. I also conducted vulnerability assessments of HST support systems at GSFC-managed facilities using ISS.
  • Defined HST CCS network security architecture, including identification of TCB components and access control devices. I coordinated ST&E, security plans, access control policy, and firewall policy associated with HST development efforts.
  • Performed technology assessments to assess cryptographic systems and communications and information systems security capabilities such as the integration of Routers, ATM switching, virtual LANs, VoIP, WLAN, and second-generation firewall products.
  • Integrated security infrastructure with VLAN and ATM technologies to meet higher data throughput requirements. I conducted VPN, WLAN, and VoIP risk assessments for the HST network. In addition, I coordinated multiple tasks included the secure web server development project.
Technologies: Network Security, Cryptology, IT Security, System Administration, Security, Networking, SANs

Enterprise Safety Information Systems QR Code Security Findings

I coordinated security mitigation for using a mobile device to collect data in the field and information aggregation capabilities.

It was recommended to use a QR code to gain access to the system. If using a user-specific QR Code and logging off the mobile application, you will need to go back into the SIMS solution and get another QR code.

This means that if a user logs into the mobile application with a user-specific QR code and logs out when out in the field, they will be unable to access the application until they get a new QR Code. The user would have to log into the SIMS solution via VPN on a company device to get another QR code. There is no “time out” in the mobile application, so users stay logged in until they manually log out.

If a mobile device is stolen, the user would have to immediately contact the IT corporate support desk to disable their access because they could still be logged into the mobile application.

Due to the risk and proposed mitigation, the stakeholder decided not to release the mobile version until these issues were fixed.
I recommend leveraging their Microsoft Azure to authenticate and access applications when the user is off the network.

Other

Security, NIST, ITIL V3 Foundation Certified, Platform as a Service (PaaS), IaaS, SaaS, SSP, ITAR, Multiple Factor Analysis (MFA), IT Projects, Vulnerability Management, Risk Assessment, Solution Design, IT Infrastructure, LAN, SANs, SFTP, Virtual Desktop Infrastructure (VDI), Work Breakdown Structure, Ads, Networks, Disaster Recovery Plans (DRP), Backup & Recovery, WAN, Compliance, Scripting, SAP, Supply Chain, Application Security, Vulnerability Assessment, Mobile Security, Program Management, Consulting, IT, RFPs, Release Management, SOX Compliance, PCI, IT Operations, Servers, Security Operations Centers (SOC), Network Operation Centers (NOC), Cisco, IP Networks, Cryptology, System Administration, IT Security, Networking

Languages

SQL

Tools

Microsoft Excel, Microsoft PowerPoint

Platforms

Amazon Web Services (AWS), Azure, Microsoft, Linux

Paradigms

ITIL, HIPAA Compliance

Storage

Databases

Industry Expertise

Network Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring