Christopher Young, Developer in Marietta, GA, United States
Christopher is available for hire
Hire Christopher

Christopher Young

Verified Expert  in Engineering

Technical Architect and Developer

Marietta, GA, United States

Toptal member since October 4, 2022

Bio

Christopher is an experienced principal consultant with a demonstrated history of working in the private and public industries. He is skilled in security, software development, enterprise architecture, operations management, IT strategy, cloud computing, and training. As a consulting professional with a business administration doctorate, Christopher focuses on information systems and enterprise resource management.

Portfolio

CalWIN
Windows, HP-UX, Linux, Java, Oracle, Microsoft SQL Server, MySQLi, HTML5...
Boston Children's Hospital - Trust
IT Security, Security, CISSP, CISO, IT Projects, IT Strategy, Leadership...
Georgia Department of Drivers Services
Windows, SQL, Hyland OnBase, .NET 4, Mainframe Systems, Architecture...

Experience

  • Security - 13 years
  • Project Management Professional (PMP) - 12 years
  • Risk Assessment - 12 years
  • IT Strategy - 12 years
  • Disaster Recovery Consulting - 10 years
  • CISSP - 8 years
  • Cloud Migration - 6 years
  • ITIL 4 - 3 years

Availability

Part-time

Preferred Environment

Cloud, Risk Assessment, Disaster Recovery Consulting, Amazon Web Services (AWS), Project Management Professional (PMP), CISSP, Application Security, Web Security, Security Audits, Security Testing

The most amazing...

...thing I've developed is a personalized security awareness program overseeing the establishment of a plan that decreases vulnerabilities in the ecosystem.

Work Experience

Principal Consultant, Enterprise Operations

2017 - PRESENT
CalWIN
  • Led oversight of all aspects of system security, including cybersecurity readiness, DR, security assessment, regulatory assessment, security incident reporting, and security training.
  • Provided architectural review to ensure adherence to functional and non-functional requirements while minimizing costs for cloud migration projects, including SAAS and IAAS offerings in both the AWS and Azure environments.
  • Managed the migration of on-premise applications to the AWS ecosystem utilizing rehosting, replatforming, and refactoring migration strategies. Supervised the development of native AWS applications to support new business functionality.
  • Led oversight of general systems, including hardware, software, operating system, configuration management, data communications, networks, and applications to ensure adherence to requirements.
  • Oversaw infrastructure-related and operational projects, including infrastructure upgrades, security remediation, ServiceNow, and cloud migration projects in AWS and Azure environments.
Technologies: Windows, HP-UX, Linux, Java, Oracle, Microsoft SQL Server, MySQLi, HTML5, Microsoft, COBOL, Disaster Recovery Plans (DRP), Disaster Recovery Consulting, Cloud Migration, System Migration, Architecture, IT Security, Cloud Security, Risk Management, Vulnerability Assessment, HIPAA Compliance, NIST, Threat Modeling, Network Security, Middleware, Software Architecture, Amazon Web Services (AWS), Project Planning, Project Management, Application Security, Security Testing, Penetration Testing, Consulting, CISSP, Program Management, Security Architecture, IT Management, IT Project Management, Technical Program Management, Web Project Management, Security Audits, Compliance, DevOps, DevSecOps, Risk Assessment, Information Security, Certified Information Systems Security Professional, Data Encryption, Database Security, Data Protection, Cybersecurity, SIEM, SAML, Security Policies & Procedures, Security Management, Vulnerability Identification, Information Security Management Systems (ISMS), ISO 27001, Business Services, Google Workspace, Gmail, VPN, Policy Development, Policies & Procedures Compliance, Data Security, Web Architecture, SOC 2, JavaScript, Networks, Transport Layer Security (TLS), OpenSSL, Amazon S3 (AWS S3), CI/CD Pipelines, Data Privacy, Privacy, International Data Privacy Regulations, Microsoft 365, SMTP, CISO, System-on-a-Chip (SoC), Web Applications, Cloud, Project Management Professional (PMP), IT Projects, IT Strategy, Request for Proposal (RFP), Leadership, Configuration Management, Stakeholder Management, IT Deployments, Cloud Architecture, Zero-day Vulnerabilities, Exploits, Amazon RDS, Amazon Athena, AWS Lambda, Amazon API Gateway, AWS CloudFormation, API Gateways, Security Analysis, Web App Security, Endpoint Security, Incident Response, Incident Management, Monitoring, SecOps, Intrusion Detection Systems (IDS), Solution Architecture, Office 365, Microsoft Defender Antivirus, Antivirus Software, IDS/IPS, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, OWASP Top 10, Vulnerability Management, Computer Security, Web Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization, FedRAMP

Security Roadmap Assessment

2022 - 2023
Boston Children's Hospital - Trust
  • Performed the NIST 800--53 Assessment for the Organization.
  • Developed a plan to address the assessment findings while strengthening the overall security architecture of the organization.
  • Architected a security roadmap to designed to ensure a sustained security architecture.
  • Identified high-risk issues that required immediate attention.
  • Presented assessment findings to senior management.
Technologies: IT Security, Security, CISSP, CISO, IT Projects, IT Strategy, Leadership, Configuration Management, Stakeholder Management, Cloud Architecture, Zero-day Vulnerabilities, Exploits, Amazon RDS, Amazon Athena, AWS Lambda, Amazon API Gateway, AWS CloudFormation, API Gateways, Security Analysis, Web App Security, Endpoint Security, Incident Response, Incident Management, Monitoring, SecOps, Intrusion Detection Systems (IDS), Solution Architecture, Office 365, Microsoft Defender Antivirus, Antivirus Software, IDS/IPS, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, Vulnerability Management, Computer Security, Web Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization, FedRAMP

Senior Technical and Enterprise Architect

2008 - 2015
Georgia Department of Drivers Services
  • Spearheaded the design and development of technical solutions for modernization projects, including REAL ID and eCommerce projects.
  • Managed the enterprise architectural design, development, and implementation of the Windows and web and mobile information systems.
  • Led and mentored the project team from technical and functional perspectives, covering database development, data architecture, integration development, requirements identifications, testing, and project management.
  • Designed architectural artifacts for external services, including Commercial Driver's License Information System (CDLIS), SR22/26, Problem Driver Pointer System (PDPS), and Digital Image Access and Exchange (DIAE).
  • Improved architecture, provided design and integration solutions, and formulated methodologies to optimize object-oriented software and database development.
  • Designed architectural artifacts for external services, including Commercial Skills Test Information Management System (CSTIMS), State-to-State (S2S) Verification Service, and Systematic Alien Verification for Entitlements (SAVE).
Technologies: Windows, SQL, Hyland OnBase, .NET 4, Mainframe Systems, Architecture, IT Security, Cloud Security, Vulnerability Assessment, HIPAA Compliance, NIST, Software Development Lifecycle (SDLC), Threat Modeling, Middleware, .NET, Software Architecture, Project Planning, Project Management, Application Security, Consulting, CISSP, Program Management, Security Architecture, IT Management, IT Project Management, Technical Program Management, Web Project Management, Compliance, Java, Mobile Security, OWASP, Octave, Risk Assessment, Certified Information Systems Security Professional, Visual Basic .NET (VB.NET), C#, Database Security, Data Protection, Cybersecurity, Security Policies & Procedures, Security Management, Vulnerability Identification, Information Security Management Systems (ISMS), ISO 27001, Business Services, Google Workspace, VPN, Policy Development, Policies & Procedures Compliance, Data Security, Web Architecture, SOC 2, Networks, Transport Layer Security (TLS), OpenSSL, Data Privacy, Privacy, Microsoft 365, SMTP, Web Applications, Project Management Professional (PMP), IT Projects, IT Strategy, Request for Proposal (RFP), Leadership, Configuration Management, Stakeholder Management, IT Deployments, Cloud Architecture, Zero-day Vulnerabilities, Exploits, Amazon Athena, AWS Lambda, Amazon API Gateway, AWS CloudFormation, API Gateways, Security Analysis, Endpoint Security, Incident Response, Incident Management, Monitoring, SecOps, Intrusion Detection Systems (IDS), Solution Architecture, Office 365, Microsoft Defender Antivirus, Antivirus Software, IDS/IPS, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, OWASP Top 10, .NET Security Model, Vulnerability Management, Computer Security, Web Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization, FedRAMP

Director of Information Technology

2005 - 2008
Georgia Therapy Associates–Methadone Clinics
  • Managed all telecommunications, software, and computer support for four centers.
  • Developed, built, and managed effective relationships with vendors and business partners and assisted with business issues and problem resolution while representing the company with integrity and professionalism.
  • Managed, maintained, negotiated, and reviewed service agreements, leases, and other expense-related technology assets and services with favorable terms and contracts to the company and recommended and made changes as needed.
  • Ensured all HIPAA and FDA requirements were met for all telecommunications, software, networking, and computers.
Technologies: Microsoft, Software QA, Disaster Recovery Consulting, Telecom Equipment & Solutions, HIPAA Compliance, Software Development Lifecycle (SDLC), Middleware, .NET, Software Architecture, Requirements Analysis, Project Planning, Healthcare IT, Application Security, Consulting, Security Architecture, IT Management, IT Project Management, Web Project Management, Java, Mobile Security, OWASP, Octave, TCP/IP, Visual Basic .NET (VB.NET), C#, Security Policies & Procedures, Security Management, Vulnerability Identification, Information Security Management Systems (ISMS), Business Services, VPN, Policy Development, Policies & Procedures Compliance, Data Security, Web Architecture, Transport Layer Security (TLS), Data Privacy, Privacy, Architecture, Microsoft 365, SMTP, Project Management Professional (PMP), IT Projects, IT Strategy, Leadership, Configuration Management, Stakeholder Management, IT Deployments, Cloud Architecture, Exploits, Amazon Athena, Security Analysis, Endpoint Security, Incident Response, Incident Management, Solution Architecture, Windows System Administration, Office 365, Microsoft Defender Antivirus, Antivirus Software, IDS/IPS, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, OWASP Top 10, .NET Security Model, Vulnerability Management, Computer Security, Web Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization

Chief Technical Architect | VP of Engineering

2004 - 2005
DirectSellingLive
  • Directed and prioritized the workload of subordinate personnel. Implemented the enterprise architecture using TOGAF principles of the Windows and web systems.
  • Developed disaster recovery plans. Established security policy for all locations, including physical and behavioral security. Led a team of seven local IT support personnel and 12 overseas resources.
  • Directed technology research and recommended information technology strategies, policies, and development by evaluating the current environment, and anticipated organizational growth.
  • Managed, maintained, negotiated, and reviewed service agreements, leases, and other expense-related technology assets and services with favorable terms and contracts to the company and recommended and made changes as needed.
Technologies: Linux, MySQLi, Web Security, Product Roadmaps, IT Projects, Software Development Lifecycle (SDLC), Middleware, Software Architecture, Requirements Analysis, Product Strategy, Application Security, Network Exploitation, Web Project Management, OWASP, Embedded C++, TCP/IP, MySQL, Business Services, Policy Development, Policies & Procedures Compliance, Web Architecture, JavaScript, Transport Layer Security (TLS), Data Privacy, Privacy, Architecture, Web Applications, IT Strategy, Leadership, Configuration Management, Stakeholder Management, IT Deployments, Exploits, Endpoint Security, Incident Response, Incident Management, Windows System Administration, Office 365, Antivirus Software, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, Vulnerability Management, Computer Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization

Senior Consultant and Architect

2000 - 2004
Invesco
  • Developed the architectural design of logical and physical models. Developed and implemented a billing application and management information system (MIS) for the finance and accounting department, together with prototypes.
  • Collaborated with directors and VPs to analyze business needs, write business requirements, create design documents for programmers, train users on the new system, and process reengineering.
  • Designed and developed several decision support systems (DSS), including profitability, billing, and pricing application using Visual Basic 6.0, .NET, ASP, HTML, JavaScript, Microsoft SQL Server, and Oracle8i databases.
  • Developed and maintained stored procedures, functions, triggers, cursors, and views using PL/SQL and T-SQL. Created and maintained business objection universes and reports using ActiveReports and BusinessObjects.
Technologies: Windows, .NET 3, Unix, Oracle, SQL, SQL Server Integration Services (SSIS), ETL Tools, Oracle Business Intelligence Enterprise Edition 11g (OBIEE), Architecture, Software Development Lifecycle (SDLC), C++, Requirements Analysis, Product Strategy, C, Embedded C++, TCP/IP, MySQL, Business Services, Policies & Procedures Compliance, Financial Services, Web Architecture, JavaScript, Microsoft 365, Web Applications, IT Projects, Configuration Management, Stakeholder Management, IT Deployments, Endpoint Security, Incident Response, Incident Management, Windows System Administration, Office 365, Antivirus Software, Group Policy, Governance, IT Governance, Data Governance, Security Engineering, .NET Security Model, Web Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization

Cloud Migration

• Created cloud computing operational procedures.
• Developed from reviewing current operating procedures and making appropriate changes.
• Reviewed cloud architecture diagrams.
• Managed SaaS and IaaS projects, including Office 365, SharePoint Online, Service Now, and security remediation projects designed to leverage newer technology while mitigating security vulnerabilities.

SPECIFIC PROJECTS
• Converted an Oracle database to AWS Aurora PostgreSQL (within the AWS environment). This project reduced licensing costs, created dynamic scalability, and increased operation efficiency by reducing maintenance and utilizing the latest hardware and software.
• Created an AWS Disaster Recovery Connection for AWS services.
• Built an Enterprise Content Management (ECM) system in AWS.
• Developed security remediation projects such as the creation of a management reporting application and the replacement of a legacy computer telephony system with AWS Connect.

Security Assessment

I was tasked with establishing a security assessment and training program in an environment with out-of-date software and hardware and over 39,000 vulnerabilities. I used NIST 800-37/53 as a basis for the assessment. The client did not see the value based on the perceived amount of time needed to establish an assessment around the NIST standard. I had numerous meetings extolling the benefits of the NIST standard, and the client finally relented. Two years later, the organization was required to have SOC audits. Because of the assessment built around NIST, we succeeded in passing the audits.

Security Vulnerability Management

Upon entry into the project, there were over 39,000 vulnerabilities. Many of the server patching levels were more than two years old. Out-of-date software and hardware, where patching is no longer available, contributed to this total. Still, a significant percentage included missing patching for the current system and application software. There were systems missing patching as far back as 2002.

I developed a plan with the goal of an N-1 patching level. We ultimately moved to monthly windows patching and quarterly Linux and bi-annual HPUX patching.
• Removed Windows 2003 and SQL 2000 servers and replaced them with a cloud application.
• Upgraded over 124 windows 2008 servers.
• Upgraded old AIX servers.
• Reduced the number of vulnerabilities in the ecosystem.
• Developed a patching plan, which required coordination with the project team.
• Established Security Awareness Training for the organization.
• Participated in SOC1 and SOC2, NIST 800-53 audits, including prep activities designed to ensure compliance.
• Managed annual review of security and disaster recovery plans.

Data Center Migration

When I started a new position, I came in the middle of a data center move. Initial waves were problematic, with issues relating to testing and support. I worked with the engineering team to develop a process to preview the dance cards and set up dedicated support after each wave. The process included checkpoints to quickly identify potential issues, including missing or incomplete test scripts and inadequate resources to support the respective waves. This helped the remaining waves to be implemented without significant issues. I also identified a lack of architecture diagrams and diagrams that were out-of-date for the ecosystem. I led the effort to update all the diagrams and developed a process to keep the documentation updated. As part of the effort, I developed job aids and provided training on the new process. The customer was highly appreciative of my efforts in this project.

Disaster Recovery Planning and Consulting

Upon entry into a new position, the organization’s disaster recovery testing efforts were highly problematic. During the annual disaster testing efforts, the organization consistently missed the Recovery Time Objective (RTO). In many cases, the organization could not start the applications during the drill. I worked with the operations teams to identify the significant issues, which happened to be replication issues. I instituted changes in the configuration change process to ensure changes in the infrastructure are replicated in the disaster recovery environment. This effort required coordination between several teams, including operations, admin, and the external disaster revoery team. Progress was immediately noticed after this effort. Although the RTO was missed during the first drill following the changes, all applications were successfully started. During the next drill, the RTO was missed by 36 minutes.

Security Awareness Training

I developed a security awareness course for the organization with placards and signage to enforce critical topics. I worked with senior management to get their buy-in for the course while also getting their feedback on its content, delivery methods, and overall logistics. The content and structure for the training program were derived from various sources, including the National Institute of Standards and Technology (800-16, 800-50), KnowB4.com, HHS.gov, and other key providers. I also included content that was specific to the organization. The efforts represented a collaborative effort between several departments within the organization, including legal, HR, marketing, operations, and the executives. In addition to developing and producing the course, I also conducted the training sessions for the 80-member staff.

Technical Program Management

I spearheaded the design and development of technical solutions for modernization projects, including REAL ID and eCommerce projects. As part of the effort, I managed the enterprise architectural design, development, and implementation of the windows, web, and mobile information systems. I developed a service-oriented architecture (SOA) approach that promoted reusable components used across the ecosystem. I also developed and implemented application-level security controls for the applications within the ecosystem.

vCISO

I served as a vCISO for a major hospital, where I performed security assessment activities on the organization's ecosystem. I leveraged NIST 800-37 and 800-53 publications as an assessment toolset. The assessment finding identified 17 projects needed to mitigate security issues within the ecosystem and build a robust security architecture. These projects included issues found in the technical, administrative, and physical controls categories. A roadmap for implementing these projects was created to ensure critical issues were mitigated in a timely manner.
2014 - 2016

Doctorate of Business Administration in Information Systems and Enterprise Resource Management

California Intercontinental University - Irving, CA, USA

1997 - 1998

Master's Degree in Management Information Systems

Mercer University - Atlanta, GA, USA

FEBRUARY 2022 - PRESENT

Google Cloud Digital Leader Certification

Google Cloud

FEBRUARY 2022 - FEBRUARY 2025

Project Management Professional (PMP)

Project Management Institute (PMI)

JANUARY 2022 - PRESENT

IT Information Library Foundations Certification (ITIL) 4

Axelos

DECEMBER 2021 - DECEMBER 2024

CISSP

International Information System Security Certification Consortium

SEPTEMBER 2021 - SEPTEMBER 2024

AWS Certified Solutions Architect Associate

AWS

AUGUST 2021 - PRESENT

Azure Fundamentals

Microsoft

Libraries/APIs

OpenSSL, React

Tools

Google Workspace, VPN, Amazon Athena, AWS CloudFormation, Oracle Business Intelligence Enterprise Edition 11g (OBIEE)

Paradigms

Web Architecture, Good Clinical Practice (GCP), HIPAA Compliance, Requirements Analysis, Penetration Testing, DevOps, DevSecOps, .NET Security Model, Structured Systems Analysis & Design Method (SSADM), Agile

Industry Expertise

Project Management, Cybersecurity, Network Security

Languages

HTML5, SQL, Embedded C++, Visual Basic .NET (VB.NET), SAML, Java, COBOL, C++, C, Octave, C#, JavaScript

Platforms

Azure, Windows, HP-UX, Linux, Amazon Web Services (AWS), Google Cloud Platform (GCP), AWS Lambda, Oracle, Microsoft, Unix

Storage

MySQLi, Database Security, Amazon S3 (AWS S3), Google Cloud, Microsoft SQL Server, SQL Server Integration Services (SSIS), MySQL

Frameworks

.NET 4, .NET 3, COBIT, .NET, Django

Other

Web Applications, Cloud, Risk Assessment, Project Management Professional (PMP), CISSP, IT Projects, Security, IT Strategy, Projects, Software QA, Disaster Recovery Plans (DRP), Architecture, IT Security, Risk Management, Vulnerability Assessment, Security Architecture, Web Security, Software Development Lifecycle (SDLC), Project Planning, IT Management, IT Project Management, Web Project Management, Compliance, Information Security, Certified Information Systems Security Professional, Security Policies & Procedures, Security Management, Vulnerability Identification, Information Security Management Systems (ISMS), Business Services, Gmail, Policy Development, Policies & Procedures Compliance, Transport Layer Security (TLS), Data Privacy, Privacy, Leadership, Stakeholder Management, IT Deployments, Cloud Architecture, Zero-day Vulnerabilities, Exploits, Security Analysis, Endpoint Security, Incident Response, Incident Management, Monitoring, Solution Architecture, Antivirus Software, Governance, IT Governance, Data Governance, Security Engineering, Vulnerability Management, Computer Security, Asset Management, GRC, Documentation, Business Continuity Planning (BCP), Communication, Organization, Disaster Recovery Consulting, SOC 2, Cloud Migration, Identity & Access Management (IAM), NIST, PCI, IT Audits, Threat Modeling, Middleware, Software Architecture, Product Strategy, User Authentication, Application Security, Security Testing, Consulting, Program Management, Security Audits, Mobile Security, OWASP, Data Encryption, Data Protection, SIEM, Single Sign-on (SSO), ISO 27001, Data Security, Networks, CISO, Microsoft 365, SMTP, System-on-a-Chip (SoC), Request for Proposal (RFP), Configuration Management, Amazon RDS, Amazon API Gateway, API Gateways, Web App Security, SecOps, Intrusion Detection Systems (IDS), Windows System Administration, Office 365, IDS/IPS, Group Policy, OWASP Top 10, FedRAMP, IT, ITIL 4, Microsoft Azure Cloud Server, Hyland OnBase, Mainframe Systems, Telecom Equipment & Solutions, System Migration, ETL Tools, Cloud Security, Product Roadmaps, Healthcare IT, Public-key Cryptography, Cryptography, Network Exploitation, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Infrastructure, Patch Deployment, IT Operations Management (ITOM), Risk Analysis, Operational Risk, IT Infrastructure, Server Infrastructure, Security Awareness Training, Technical Program Management, TCP/IP, IoT Security, Financial Services, CI/CD Pipelines, International Data Privacy Regulations, Microsoft Defender Antivirus

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring