Carl Brown
Verified Expert in Engineering
Security Architect and Developer
Tampa, FL, United States
Toptal member since November 30, 2021
Carl is a senior security architect with multiple decades of experience building security standards, developing security solutions, and ensuring the appropriate security controls are in place and functioning as designed before a project and infrastructure move into production. Principal security solutions and policies include ITSM ServiceNow, GRC Archer, MS O365, ERP/Billing systems, legal obligations solutions, damage claim app, and QR mobile applications projects.
Portfolio
Experience
Availability
Preferred Environment
Amazon Web Services (AWS), Azure, NIST, ITIL V3 Foundation Certified, Platform as a Service (PaaS), Infrastructure as a Service (IaaS), SaaS, SSP, ITAR, Risk Assessment
The most amazing...
...security document that I created was the project security sign-off document that meets all the NIST control requirements for every current and future project.
Work Experience
VP/PM/Business Development/IT Security Consultant
iTechnologies Inc.
- Acted as a consultant for NIST/CMMC such as NCSF, NRMF, CMMC, 800-53, NIST 800-171. I created or updated policies and procedures, system security plans, and POAMs; scope customer environment. I also prepared for and conduct gap, risk, and readiness assessments.
- Sought new opportunities in IT by providing strategic vision and planning for production systems deployments with attention to cost-effectiveness, efficient scaling, and adaptability to diverse service offerings using ITIL and PMP best practices.
- Served as an IT security risk management consultant that created, delivered oral and written technical SME for the companies’ responses to the “meaningful use”, HIPAA Security Administration Safeguard for 13 of 14 community health centers.
- Provided four technology leadership approaches that include collaboration, access, alignment and securing, and improving core enterprises' services.
- Kept abreast of software and hardware innovations and regularly apply them to increase the availability and reduce costs of service offerings. Also, I orchestrated accountability and solid performance in an environment that is not ITIL or PMP-driven.
- Led and oversaw the management of the team responsible for installing, supporting, and maintaining high-performance, high-transaction, high-availability production systems servicing dozens of customers with thousands of users.
- Researched vendors and proposed a solution that would save extensively by leveraging existing technologies with security concepts and principles. In addition, I proposed a project plan and transferred knowledge for implementation.
- Established plan-do-check-act and milestones to remediate security fixes and resolve a substantial backlog of unapplied fixes in a compressed timeframe.
- Facilitated and encouraged a culture of innovation and controlled security risk to gain and maintain a competitive advantage.
Cyber Security Architecture Senior Consultant
Eversource Energy
- Developed, designed, and recommended cyber-security technology strategies for multiple application, data, and infrastructure projects; coordinated and resolved complex technical security problems and challenges.
- Provided security recommendations and functional requirements to internal business groups, solution architects, and project managers to ensure appropriate and effective new and current security controls are in place for new and prior initiatives.
- Created and implemented project security sign-off document that includes corporate information security risk assessment questioner, policy exception request, due diligence questionnaire, vulnerability, and application penetration test.
- Implemented Eversource Security Risk Assessment process (RMF and CSF) to evaluate all multiplatform projects and used Eversource standards to mitigate risk levels to an acceptable level ensuring NIST, CIP, and SOX's security controls are in place.
- Created, identified security design gaps, and promoted security policies for ITSM ServiceNow, GRC Archer Security, O365, ERP and billing systems, legal obligations solution, customer portal and management system, and QR mobile applications projects.
Global IT Cybersecurity and Infrastructure Architecture Consultant
Pratt & Whitney
- Managed all IT National Institute of Standards and Technology (NIST)/DFARS issues for Pratt & Whitney military engines programs that include ATEC, F135, F-22/119, and HPW3000 to assess, plan, and communicate to business partners and stakeholders.
- Acted as a primary point of contact to Pratt & Whitney IT infrastructure resource for the Safeguarding DFARS clause for CUI and NIST Special Publication (SP) 800-171 guidance for all 14 security control families.
- Developed resource plans, project plans, mitigation plans, and system security plan (SSP) to meet DFARS/NIST requirements.
- Authored IT security supply chain survey ensuring safeguard procedures that address security control areas, including data protection, export, access and internal controls, physical security, web access, operational and recovery management, and incident response.
- Acted as a cloud integration project manager and business partner to aid execute a plan, build, and run environment in an ITAR and Non-ITAR environment.
- Served as a technical subject matter expert for system transitions, migrations, consolidations, technical assistance to IT support staff, and consulted project management activities for a cloud environment, including IaaS, PaaS, and SaaS, and SAP enterprise app re-platform.
Assistant Director | Director of Infrastructure
State of Maryland, Department of Labor, Licensing and Regulations
- Oversaw all aspects of DLLR’s IT department's operations that include IT infrastructure, correctional IT facilities, communication, including LAN, WAN, and security, production application, FTP, database, backup recovery, and regulatory compliance.
- Managed the day-to-day operations of the IT group including downtime, reporting service levels, defining and tracking IT operational metrics, and provided status and briefings to CIO, unemployment (UI) director, and State of Maryland secretary.
- Developed and managed relationships with vendors in support of system augmentation. I managed the overall capacity utilization of the server and hardware environment ensuring it is optimized to meet business requirements.
- Planned, budgeted, forecasted, developed, and implemented hardware and software standards for the network, virtual servers, databases, wireless technology, and data retention.
- Managed, set up configuration, and supported DLLR’s development, testing, and production environments that incorporate web, database, e-mail, including Microsoft and Google, and application servers, and including code move-ups.
- Managed, set up configuration support and administration for the Department's internet and intranet sites, SFTP, and SAN storage. Also, I supported and managed DLLR’s infrastructure and the entire occupants of N. Calvert St., N. Eutaw St., and 5 UI Field Offices.
- Provided technical on hands leadership Windows Server Active Directory (AD) network directory services framework that includes correcting audit findings and improving security requirements throughout the infrastructure.
- Provided data center audit for Health Insurance Exchange (HIX) systems to verify that the data is confidentially protected and secure. I architected and implemented a new SMART Board technology conference room.
- Created, submitted, and awarded multiple proposals to improve DLLR UI infrastructure that included disaster recovery, staffing services, and project management. I proposed, deployed, and managed Veeam Backup & Replication.
- Provided WBS technical management leadership for VDI and GED rollout to 13 correctional facilities. I also managed staff members in their daily activities, supported all infrastructure projects, and provided quarterly internal project reviews (IPRs).
Program Manager | Technical Architect Consultant
FASTech Inc
- Directed accountability for acquiring and managing IT programs for the firm and providing technical subject matter expertise to the organization.
- Provided technical and managerial oversight and counsel pertaining to the design, development, implementation, and vendors evaluation to multiple intra and inter-company technical projects and initiatives of strategic and tactical importance.
- Proposed program manager that provided complete supervision, oral and written technical expertise for the company responses to the US Department of Commerce (DOC) International Trade Administration (ITA) RFP.
- Provided technical architect and subject matter expert that provided oral and written technical expertise for the company responses to the Transportation Security Administration (TSA) ITIP RFP.
Infrastructure SDLC Program/Project Manager Consultant
Spherion
- Led infrastructure management team for Fannie Mae MF/Housing Community Development technical environments to ensure operational excellence regarding system upgrades, migrations, architecture, engineering, design, and new applications implementations.
- Developed project charter, work plans, change control process, risk management, communication, system boundary documents, financials, and resource planning.
- Performed quality control, including monitoring, reporting, and trending for all server environments, release management, compliance management to meet SOX and PCI requirements. I completed a project audit.
Senior Consultant | Operation Manager
TSA / Unisys / KForce
- Promoted to the manager, with accountability for devising strategies to improve operational efficiency, efficient scaling, and service availability for DHS Transportation Security Administration (TSA).
- Managed 75+ SMEs to deliver 24/7/365 Tier 3 and 4 operations and engineering support in two-domain Exchange, Windows, EMC SANS, AD environment, backup, and disaster recovery with 500+ servers and 75,000+ users in 300+ sites nationwide.
- Guided engineers on improving cluster configurations across eight core infrastructure clusters, patch rollout to 500 servers, and enterprise deployment of NetIQ Monitoring.
- Managed dashboard reviews of critical systems with weekly, monthly, quarterly, and yearly aggregate data rollups for executive management business planning.
- Led lengthy AD cleanup project to remove 30,000+ accounts and email consolidation mailbox rebalancing project spanning 25,000 mailboxes.
- Directed smooth migrations of VoIP, mobile device projects, and threated management system into operations management.
- Acted Unisys CRM on occasion, requiring VIP support, executive project presentations, negotiating, staff acquisition, and staff resource allocation.
Network System Manager
Department of Defense Modeling and Simulation Office | SAIC
- Maintained, configured, and troubleshot Sun Solaris, Linux, Cisco 3640 Router, Catalysts 2948G Switches, Symantec Raptor firewall 7.0, and anti-virus. I also supported connectivity with NIPRnet via Ft. Belvoir.
- Acted as a Windows 2000 server administrator, working on maintenance, server and workstation backup. I also met the maker administration.
- Worked on software testing, workstation deployment, LAN help desk and end-user support, standardization, expansion, training, HW/SW configuration, and upgrades. I also did phone/voice mail maintenance and recommended equipment purchases and system modifications.
- Led conference support planning and execution for both on and offsite conferences, audio-visual, dial-in conferences. I also worked on procurement and budget planning, purchasing recommendation, asset management, and property control.
- Created administration and maintained the user server and electronic mail accounts, FTP sites; automatic mailing lists, installation and configuration of the web server, and all networks to include firewall and security hardware and software.
- Solved all hardware and software configuration problems, information security to include intrusion detection; monitored internet communications equipment; data protection, and archiving.
Senior Security Engineer
NASA GSFC | Performance Network Engineering | QSS Group, Inc
- Served as a security engineering specialists consultant in a role as a member of the system engineering team on the Control Center System (CCS) project for Hubble Space Telescope (HST).
- Provided information technology security engineering design and implementation support to the NASA HST Vision 2000 reengineering project. Acted as a chair of the CERTS team for NASA IT Security.
- Promoted a system and security philosophy of risk mitigation through proactive security awareness training, cost-effective security countermeasures, host-level security, and security planning and integration at the earliest design phases.
- Provided systems security engineering support involving the integration of commercially available software and hardware security products. I also provided deployment leadership for government agencies.
- Identified enhancements to existing network security countermeasures such as firewalls, security policy, system design, risk mitigation, vulnerability assessments, and developing white papers and other security-related IP-transition activities.
- Developed security, test, and evaluation (ST&E) plans for internal and external penetration testing to ensure that the firewall and authentication mechanisms are functioning according to the established security requirements.
- Developed special studies and technical analysis of end-to-end architectural options that have cryptographic and communications and information systems. I also conducted vulnerability assessments of HST support systems at GSFC-managed facilities using ISS.
- Defined HST CCS network security architecture, including identification of TCB components and access control devices. I coordinated ST&E, security plans, access control policy, and firewall policy associated with HST development efforts.
- Performed technology assessments to assess cryptographic systems and communications and information systems security capabilities such as the integration of Routers, ATM switching, virtual LANs, VoIP, WLAN, and second-generation firewall products.
- Integrated security infrastructure with VLAN and ATM technologies to meet higher data throughput requirements. I conducted VPN, WLAN, and VoIP risk assessments for the HST network. In addition, I coordinated multiple tasks included the secure web server development project.
Experience
Enterprise Safety Information Systems QR Code Security Findings
It was recommended to use a QR code to gain access to the system. If using a user-specific QR Code and logging off the mobile application, you will need to go back into the SIMS solution and get another QR code.
This means that if a user logs into the mobile application with a user-specific QR code and logs out when out in the field, they will be unable to access the application until they get a new QR Code. The user would have to log into the SIMS solution via VPN on a company device to get another QR code. There is no “time out” in the mobile application, so users stay logged in until they manually log out.
If a mobile device is stolen, the user would have to immediately contact the IT corporate support desk to disable their access because they could still be logged into the mobile application.
Due to the risk and proposed mitigation, the stakeholder decided not to release the mobile version until these issues were fixed.
I recommend leveraging their Microsoft Azure to authenticate and access applications when the user is off the network.
Skills
Tools
Microsoft Excel, Microsoft PowerPoint
Languages
SQL
Platforms
Amazon Web Services (AWS), Azure, Microsoft, Linux
Paradigms
ITIL, HIPAA Compliance
Storage
Databases
Industry Expertise
Network Security
Other
Security, NIST, ITIL V3 Foundation Certified, Platform as a Service (PaaS), Infrastructure as a Service, SaaS, SSP, ITAR, Multiple Factor Analysis (MFA), IT Projects, Vulnerability Management, Risk Assessment, Solution Design, IT Infrastructure, LAN, SANs, SFTP, Virtual Desktop Infrastructure (VDI), Work Breakdown Structure, Ads, Networks, Disaster Recovery Plans (DRP), Backup & Recovery, WAN, Compliance, Scripting, SAP, Supply Chain, Application Security, Vulnerability Assessment, Mobile Security, Program Management, Consulting, IT, RFPs, Release Management, SOX Compliance, PCI, IT Operations Management (ITOM), Servers, Security Operations Centers (SOC), Network Operation Centers (NOC), Cisco, IP Networks, Cryptology, System Administration, IT Security, Networking
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring