Resume of Joseph W. Folk

Joseph W. Folk, CISSP 4539 Beacon Hill Drive Cell: (404) 245-4630 Lilburn, GA 30047 [email protected]

A broadly skilled, business-focused Information Technology Security Professional with almost 20 years of experience demonstrating highly-visible achievements and numerous successes. Has built and run multiple, highly-successful teams of professionals. Proficient in numerous aspects of corporate and government Security Operations Center management, IT architecture design, and much more, including:

Security Architecture Design IT Crisis Management Internet Security Administration Personnel and Team Management Security Policy Management Virtualization Server Design Hardware and Software Evaluation Sarbanes-Oxley (SOX), PCI Compliance Business Process Optimization Network Security System Intrusion/Protection Techniques Project Management Presentation and Public Speaking Operating Systems: Unix, Windows, Linux

Professional Director, Security & Network Operations August 2011 to Present Experience Fiserv – Enterprise Technology Group (ETG), Atlanta, Georgia

Director of Security Operations and Network Operations teams in the Command Center  Tapped as a leader in the development and creation of the Command Center model for ETG Incident Response including team interaction, shift scheduling, and staff planning.  The rapid success of the first Fiserv Command Center led to the creation of a second center, in which I was tapped to lead the NOC and SOC teams as well.  Responsible for hiring, training, and supervising the 24x7x365-staffed SOC and NOC teams.  The SOC team is responsible for the operations and management of a multi-vendor security infrastructure including IP firewalls, XML firewalls, VPNs, web proxy/filtering servers, IDS/IPS servers, Radius authentication, and SIEM management.  The NOC team is responsible for the operations and management of a multi-vendor, multi-ISP network infrastructure including switches, routers, load balancers, route management systems, distributed sniffer infrastructure, data-center LAN, WAN and VPN connectivity.  Both teams are responsible for the monitoring, response, and support of infrastructures in multiple data centers. Improved incident response and reducing Mean Time To Restore are prime objectives for the Command Center.  Charged with “operationalizing” the network and security infrastructure in multiple ETG data centers including installation or tuning of network and security monitoring tools, improvements to various sniffer technologies, and deployment of enhanced device logging.  Led the Fiserv DDoS Mitigation Incident Response including incident control, subsequent Executive client relationship follow-ups, and DDoS vendor relationship management.  Participated in PCI DSS audits and response generation to maintain multiple Business Unit PCI ROCs.

Director of Perimeter Security Operations (PSO)  Responsible for hiring, training, and supervising the 24x7x365-staffed PSO team who are charged with the operational uptime and management of a very large, distributed, and redundant shared-BU security infrastructure. Responsible for IP firewalls (Checkpoint, Cisco, and Juniper), XML gateways, VPNs, web proxy/filtering servers, IDS/IPS servers, SSL certificate management, Radius authentication, and SIEM management. The PSO team also provides Business Unit Disaster Recovery support, change management review and implementation, multi-team incident support, and client technical support.  Developed and led the Fiserv Enterprise DDoS Mitigation Incident Response including incident control, subsequent Executive client relationship follow-ups, and DDoS vendor relationship management.  Grew the PSO team from a staff of 6 to 12 including international staffing in India and Costa

of 5 Joseph W. Folk, CISSP 4539 Beacon Hill Drive Cell: (404) 245-4630 Lilburn, GA 30047 [email protected]

Rica and took on additional Business Unit’s security operations work.  Fostered improved relationships and collaboration with Enterprise Architecture, Engineering, and Business Unit leadership in order to align operational initiatives with strategic security goals.  Participated in PCI DSS audits and response generation to maintain multiple Business Unit PCI ROCs.

Manager, CSIRC Security Operations Center November 2010 to August 2011 Chickasaw Nation Industries (CNI) contracted to the United States Department of Health & Human Services (HHS), Computer Security Incident Response Center (CSIRC), Atlanta, Georgia

Directly supervised a team of 14 Security and Data Analysts staffing a 24x7x365 Security Operations Center. Responsible for personnel resource management and leadership, including scheduling, utilization, motivation, conflict resolution, and acknowledgement of team members. Other duties include organizing, directing, and coordinating the planning and production of all activities associated with assigned deliverables to contract requirements, as well as maintaining effective communications with the Department leadership and the leadership of the eleven departmental Operating Divisions.

During my tenure in the CSIRC, I led the following initiatives: Development and implementation of formal Standard Operating Procedures (SOPs) covering SOC operations, deliverables, timelines, threat analysis and response plan development, Quality Assurance procedures, and training all in compliance with NIST and FISMA guidelines. Development, architecture design, and deployment of an internal solution to utilize pooled licenses and Microsoft RemoteApp services to deliver NetWitness sessions to Security Analysts’ desktops saving hundreds of thousands of dollars in additional licensing fees.

Duties of the SOC included: Continuously monitoring the deployed security sensors and tools to detect unauthorized access in any form, and to prevent and manage security-related incidents using documented process and procedures including communications with the CSIRC leadership and Operating Division Incident Response Teams. Aggregating, correlating, analyzing and characterizing the events found through deployed security tools to determine their overall impact to the Department’s security posture. Responsible for the 24x7x365 monitoring and alerting of critical HHS and CSIRC security infrastructure (Cisco routers, Juniper firewalls, Websense proxy servers, TippingPoint IDS/IPS system and sensors, ArcSight SIEM system, NetWitness network threat analysis system, RiskVision Incident management system, Windows Active Directory infrastructure, etc.) Engagement of the CSIRC Data Forensics Team for deeper analysis of detected malware.

Security Architect December 2009 to July 2010 SITA – Security Engineering & Architecture, CISO organization, Atlanta, Georgia

Initially contracted for a two month engagement to lead the deployment, configuration, troubleshooting, and management of a refresh of SITA’s global security hardware infrastructure (Cisco, Websense, AirDefense, Snort). During the deployment and configuration phases, my past experience with Security Architecture Design and Security Operations helped me provide valuable input and optimization of the infrastructure designs. After successful completion of the project, which required communication and coordination with multiple vendors and internal company resources spread across the globe, my contract was extended and my responsibilities expanded to include:

 Ongoing support of the operations of the security infrastructure including monthly security

metrics reporting, performing automated and manual vulnerability scans against internal and developmental websites and infrastructure components, responding 24x7 to firewall outage notifications, participating in network and firewall troubleshooting conference calls with internal teams, management and optimization of the firewall rulebases, and working with vendors for product support and sub-project outsourcing  Responsibly for the creation of the corporate Enterprise Firewall Management policy  Security architecture reviews of multiple SITA internal projects providing feedback and input to internal project architecture teams, consistent with industry best practices, SITA security policies and documented standards.  Providing assistance to the Security Incident Response manager with forensic investigations, security incident response coordination, and enterprise patch reporting and communications.  During the company’s critical PCI Audit, I contributed to Security’s response to the external Qualified Security Assessor’s assessment.  Working with the Desktop team to perform security audits of the SITA Windows corporate workstation and server images, configuration of the corporate anti-virus solution, tuning of the Active Directory security profiles, investigation of a corporate hard-drive encryption solution, and development and testing of a roaming employee backup management solution to ensure that new desktop, laptop, and server assets are deployed with the most secure image possible.

Senior Technical Integration Architect October 2005 to July 2008 BellSouth/AT&T - Architecture, Infrastructure & Operations Group, Atlanta, Georgia

Led a team of Technical Integration Architects (TIAs) which was responsible for the designs of the BellSouth Network business unit, the largest. The TIA role involved participating in all aspects of a project’s lifecycle including planning, budget estimation, system and network design, plus project implementation support. With my background in operational information security and CISSP certification, I typically handled projects that required heightened security sensitivities and functioned as the TIA group’s Security Subject Matter Expert (SME).

Accomplishments:  Created standards-compliant system designs driven by customer requirements for system availability, disaster recovery capability, testing, development, and performance needs.  Worked on multiple simultaneous design projects honing a strong set of multitasking, time management, and project delivery skills. Designed and oversaw implementation of more than 60 major projects with budgets of up to $20M in network and server costs.  Represented the Network Services architecture organization on the Security Steering Committee. This committee worked to ensure that TIA design decisions comply with BellSouth Security Standards. As well, TIA organization suggestions on strategy directions, product selections, and modifications to the Security Standards were brought before the Steering Committee.

IT Security Lead – Cyber Response Team August 2003 to October 2005 BellSouth - Architecture, Infrastructure & Operations Group, Atlanta, Georgia

Led multiple sub-teams of BellSouth’s Cyber Response Team. The Cyber Response Team was responsible for oversight of multiple initiatives to strengthen BellSouth’s computer defenses. The Team was successful in raising BellSouth’s patch deployment metrics for all servers and desktops from 37 percent to over 97 percent in less than two years. The team also developed statistical patch reporting processes, developed a formal response program to respond to enterprise cyber threats, participated in the selection and deployment of an enterprise-wide patch monitoring and deployment infrastructure, and identified all IT computing assets on BellSouth’s internal networks.

Accomplishments:  Developed, implemented, and led the Cyber Incident Management Team which directed the corporate-wide response to electronic threats against BellSouth’s computing environments.  Developed and produced the Cyber Incident Playbook which describes multiple groups' responses to various threat scenarios. The Incident Management processes that were developed were identified as one of BellSouth's Sarbanes-Oxley controls and passed both internal and external SOX audits with no findings. During the two years I led the team, I managed the corporate response activities to multiple, major-impact cyber threats. Each incident required daily reporting to the BellSouth CIO, CISO, and Business Unit Executive Leadership Teams.  Developed, implemented, and led the Cyber Inventory Team which identified and gathered key information on over 2,400 servers and over 70,000 desktops on the BellSouth network.  Coordinated the modification of key business procurement and implementation in order to gather and maintain IT inventory information. Identified and implemented data linkages between new and existing IT Asset databases. Designed and oversaw development of a web- based front end for the Cyber Inventory database allowing Business Units to easily add or change real-time inventory information.

Strategic Technical Architect – Planning & Resource Management October 2002 to August 2003 BellSouth - Architecture, Infrastructure & Operations Group, Atlanta, Georgia

Managed a small staff of contractors as we implemented an innovative, enterprise-wide program to proactively identify potential delivery resource constraints early in the project pipelines. Issues identified were then solved by coordinating with all responsible delivery organizations and Business Units. This program resulted in maximizing the efficiency of the project delivery pipeline of over 650 projects through all organizations involved in IT delivery allowing for more accurate budget forecasting and an increase in the overall number of projects delivered in a year.

Senior Security Manager – Internet Operations Center March 1999 to October 2002 BellSouth - Enterprise Information Security Group, Atlanta, Georgia

Built and led a team of 10 Security Analysts responsible for the security and management of the BellSouth Internet Operations Center. The IOC housed all corporate, Internet-facing systems and provided secure and reliable hosting of revenue-generating, long-distance, and customer-interfacing applications to retail, business, and CLEC customers. The Security Team also managed the proxy, news, and ftp servers plus designed, built, and ran the firewall logging infrastructure.

Accomplishments:  Developed and managed a 24x7x365 Tier-2 and Tier-3 support team for all Internet firewall support issues.  Designed and deployed over 14 pairs of Checkpoint firewalls in redundant, highly-available clusters. Responsible for budgeting and successful deployment of this infrastructure project.  Provided security direction in all phases of project implementation at the IOC: pre-planning, architecture, development, testing, implementation and continued improvement.  Developed and implemented a real-time and trend monitoring firewall analysis tool system to provide both reactive and predictive alarming of the critical firewall infrastructure.

Network Analyst – Internet Management Group August 1997 to March 1999 BellSouth - Transport Organization, Birmingham, Alabama

Responsible for management and security of the BellSouth Telecommunications' Internet firewalls, Internet proxy, news, and external mail servers. Responsible for corporate Security Policy enforcement,

Intranet web server development in Apache and Netscape Web Server, and Project Architecture Security Design & Implementation. Designed and built a statistical data gathering, scripting, and reporting system for the proxy infrastructure to improve efficiency by tuning and increasing the efficiency of the existing proxy environment. Avoided the planned purchase of additional proxy infrastructure, saving over $150,000 in servers and licenses.

Network Administrator October 1995 to August 1997 Vanderbilt University Medical Center - Network Computing Support Department Nashville, Tennessee

Education Auburn University, Auburn, Alabama Bachelor of Science in Computer Engineering, 1995

Certifications Department of Defense Secret Clearance, Active Obtained in February of 2011

Certified Information Systems Security Professional (CISSP) Earned in December of 2003, Renewed in 2006, 2009 & 2012

Information Technology Infrastructure Library (ITIL) Foundation v3 Certified Earned in October of 2011

Check Point Certified Security Administrator (CCSA) and Certified Security Expert (CCSE) Earned in October of 1999 and May of 2000 (both expired)