Russell Thomas Home Page

Download in Word or Download in Adobe

Notice: If you wish to request my services for full time or long term contract employment I am  available within the Denver, Colorado metro area only. I can only travel for short-term engagements of no more than 2 weeks contiguous time. Thanks for looking!

 

Introduction

A thirteen year veteran to Information Technology and Information Security primarily within financial services and health care industries. He has worked as an employee and consultant to some of the largest companies nationwide and served as lead architect and liaison for U.S. government agencies. His experience and expertise are both technical and managerial with a focus on forensics investigation, security assessment, development of secure network architectures, risk management programs, security governance initiatives and managing regulatory compliance.

Summary Of Qualifications

• Excellent organizational skills and ability to manage staff and multiple requests under deadlines with close attention to detail and organization;
• Professional demeanor possessing the ability to communicate technology and security related issues with executive management, IT staff, partners, customers and vendors;
• Control costs, particularly in an environment of a rapidly growing user base and expanding functionality;
• Develop financial forecasts that improve long-range productivity and reduce operating expenses;
• Develop and document complex business cases to assist in gaining the necessary internal support to implement security solutions in line with business objectives;
• Management of risks associated with regulatory compliance, internal policies, and third party vendors;
• Extensive knowledge of security assessment techniques, authorization methodologies, and authentication technologies and security attack pathologies; and
• Experienced in designing, implementing and maintaining security architectures for enterprise corporations.

Summary Of Experience

Information Technology	13 Years
Information Security	9 Years
Financial Services	5 Years
Health Care	3 Years
Management	3 Years

Industry Certifications

CISM	Certified Information Security Manager (ISACA)	2005
IEM	National Security Agency (NSA) InfoSec Evaluation Methodology	2004
IAM	National Security Agency (NSA) InfoSec Assessment Methodology	2002
CCNA	Cisco Certified Network Associate	2001
CISSP	Certified Information Systems Security Professional #20363 (ISC2)	2000
CCSE	Checkpoint Firewall Certified Security Engineer 4.x	2000
NNCSE	Nortel Networks Certified Support Expert	1999
MCSE	Microsoft Certified Systems Engineer 4.0 & MCP+I	1998
A+	CompTIA A+ Certification for Computer Repair	1995

REFERENCES

View my complete professional profile and see all recommendations from colleagues with LinkedIn.

www.linkedin.com/in/russellthomas

Employment History

Trusted Facility 2005 to Current

Owner and Principal Security Consultant

As an Information Technology consulting firm, Trusted Facility specializes in secure information systems and risk management for enterprise companies as well as small and medium businesses. Engagements may be recurring or temporary, usually lasting several months. The most notable engagements are listed below:

Barclays Bank, Wilmington, DE

• Currently working with Barclays Bank U.S. credit card division directing the development of a new risk management program to support all U.S. credit issuance operations.
• Providing consultative expertise related to secure network architecture development and compliance with regulatory requirements of PCI DSS, FFIEC, Sarbanes Oxley and GLBA.

Great West Life, Greenwood Village, CO

• Development of the information security program and all associated ISO17799:2005 compliant policies with a focus on rewriting policies, standards, and procedures for regulatory compliance with HIPAA, GLBA, and Sarbanes Oxley.
• Development of risk analysis, compliance and management practices utilizing technology to automate compliance assessment and risk management.

IT Personnel Solutions, Houston TX

• Directed a forensics engagement working with the Souther Ute Tribe in Durango, CO and lead Encase engineers to investigate malicious internal activity within the organization, their casinos, and city infrastructure. The engagement was a huge success, identifying internal employees as the source and providing extensive proof to local law enforcement and the F.B.I.

Unison Systems Inc., Denver, CO

• Design, implementation and support of a small business information system consisting of Microsoft servers and workstations including Exchange, SQL Server, SharePoint, IIS, accounting applications, remote access, Blackberry Enterprise Server, Netscreen firewall, Cisco router, wireless and VOIP.

CNT Group Inc, Denver, CO

• Through a consultative partnership, the CNT Group outsourced IT engagements with many small and medium businesses including Braddock Financial, Thomas Taber Drazen, and the St. Julien Hotel.

First Data Corporation, Greenwood Village, CO 2001 to 2005

Senior Security Analyst and Government Liaison

• Established the Information Security Governance Group in response to growing needs for regulatory and internal security compliance.
• Development of ISO17799 security policies compliant with regulatory requirements for Payment Card Industry (PCI), GLBA, HIPAA and Sarbanes Oxley.
• Management of all personnel and operations related to regulatory compliance, policy development and application of security standards across the enterprise.
• Responsible for communications, risk management and compliance for the U.S. Department of the Treasury’s Electronic Federal Tax Payment System (EFTPS), and California State Disbursement Unit.
• Architected the renovation of EFTPS information systems that led to a successful bid in 2004 for a contract to maintain 100% of U.S. Treasury tax processing operations.
• Directed Certification and Accreditation (C&A), Subject Test and Evaluation (ST&E), security planning, risk mitigation, government communications, and all compliance activities.
• Project manager and architectural lead in the development of U.S. Government secure remote access, encrypted communications, and infrastructure redesign for all Federal information systems.
• Administration and implementation of over 50 firewalls, 2-factor authentication systems, eCommerce systems architecture, VPN/remote access services, security assessment practices, network protocol analysis, system hardening, and training.

Netigy Corporation 2001 to 2001

Senior Information Security Consultant

• Managed large consultative engagements including personnel, budgets, sales and proposals for the implementation and assessment of secure information systems for several Fortune 500 companies within technology, finance and health care industries around the nation.
• Consulted companies in HIPAA regulatory compliance, risk mitigation and the implementation of secure solutions designed to meet requirements and maintain compliance.
• Conducted vulnerability and risk assessments, penetration testing, and policy compliance reviews in relation to regulatory compliance and security best practices.
• Generated alliances with major business partners in order to generate sales leads to open new channels of revenue for existing and newly combined services.

Rush Creek Solutions 1998 to 2001

Senior Security Engineer

• Founded and managed the Rush Creek Security Solutions Team comprised of six security consultants and responsible for all Information Security engagements. Consultative revenue increased more than 50% with the introduction of security focused services.
• Simultaneously managed the Security Solutions Team and over 50 business accounts supporting network infrastructure, design, security, and systems administration.
• Implemented WAN and LAN solutions, including remote access, authentication and tiered firewalls, utilizing Cisco, Checkpoint and Nortel hardware and Microsoft operating systems and applications.
• Led the development of policies, procedures and methodologies related to security assessments, risk analysis, network design and implementation for all client engagements.

Sunrise Medical Corporation 1997 to 1998

Technical Manager

• Managed a team of five network, systems and security support engineers coordinating client/server support, information security, and enterprise systems architecture development.
• Designed and implemented a worldwide secure network infrastructure for this 5000+ employee company in less than one year from project assignment. The design produced a secure, remotely accessible network with layered architecture segmented by proxy-based firewalls, activity monitoring and alert management that was years ahead of the industry at that time.
• Responsible for network security operations, remote connectivity, secure remote access, network documentation, management reporting, intranet design, and budgeting.

Technology Now Inc. 1994 to 1997

President

• As the founder of the company, Russell and his growing staff of engineers worked with consumer and small and medium business markets performing computer repair services and the development and support of local area networks and business applications. The company was later sold to pursue opportunities within management of large corporate information systems and security systems.

Education

Metropolitan State College of Denver	Current
Currently completing a bachelor’s degree in Computer Information Systems and Business Management. With only seven classes remaining Mr. Thomas is expected to graduate in May of 2008.

-

Additional Training
National Security Agency InfoSec Assessment and Evaluation Methodology	Health Insurance Portability and Accountability Act (HIPAA) Security Compliance Training
Business Accounting and Budget Management	Project Management Methodologies
Black Hat/Defcon 2002-2005 Information Security Conference and Training	Applied Hacking, Countermeasures and Forensic Analysis Techniques
Checkpoint Advanced Firewall-1 and VPN-1	Advanced Network Security and Firewall Administration
Qualified eProved Solutions Architect and Consultative Sales and Engineering Training	Cisco Systems Routing, Switching, and Remote Access

Professional Affiliations

ISC² - International Information Systems Security Certification Consortium

ISSA - Information Systems Security Association

ISACA - Information Systems Audit and Control Association

Blackhat and Defcon - Volunteer staff member for Blackhat/Defcon security

Microsoft Certified Partner (MCP) - Trusted Facility is a Microsoft Certified Partner company

Technical Skills

Operating Systems	Exceptional skills with all Microsoft products, including Windows 2000/2003, XP, Vista, Active Directory, Exchange Server, IIS, SQL Server, Terminal Server & Citrix, SMS, enterprise (group) policies, and MS Clustering services. Proficient with Cisco, Sun, BSD, and Linux Operating Systems. Experience with high-availability and high volume e-commerce systems
Security Specific	Firewalls (Checkpoint/Nokia, Cisco PIX, Symantec, and Netscreen/Juniper), Authentication Systems, Vulnerability Assessments, Penetration Testing, Protocol and Network Analysis, Risk Analysis, Risk Management and Encryption. ISO17799:2005 compliant security policy development NIST, DISA, NSA, FIPS, OMB, FISMA Sarbanes Oxley, HIPAA, GLBA, Payment Card Industry (PCI DSS)
Networking	Cisco/Nortel Routing, Switching, Remote Access and Enterprise Architecture.
Other	Technical Documentation, Database Management/Design (Oracle, MSSQL), Web Programming (VB.net/ASP, HTML, SQL ), C++, Basic Scripting (PERL, Basic)