A photo archive of recent vacations.
Presenting my written resume.

Rich Clayton, CISSP, QSA

INFORMATION SYSTEMS SECURITY PROFESSIONAL

SUMMARY

An accomplished IT management professional with over 20 years of progressive technical and management experience consulting, implementing, and administering secure IT operations within complex working environments.

EXPERIENCE

  • Experienced foundational knowledge with Enterprise Infrastructure technologies and products across all types of WAN/LANs in multiple verticals. Financial, Health Care, Gaming, Retail, and Government.
  • Enterprise/Hybrid/Cloud based systems/networks and infrastructures including development/migration of on-premises to cloud systems.
  • Desktop lifecycles/management/application distribution/security for large enterprises
  • In depth expertise of all commonly used Operating systems, including Microsoft Windows, dozens of linux flavors, Macintosh, UNIX, and Novell.
  • Internal/External penetration and vulnerability testing and assessment scanning.


Novacoast Inc., Senior Security Engineer for North America

August 2012 to Present

    Security Consultant to medium and large organizations.
  • Staff Augmentation Director of Engineering, Architecture, and Incident Response for amazing, large Hospital System, Columbus Ohio. Management and Corporate responsibilities, Engineering Implementation management and direction, Security Consulting on all aspects of security program and interdepartmental engagement.
  • Staff Augmentation Information Security Manager for Regional Hospital System, Santa Barbara CA. Ground up security program initialization and implementation. Staff and Consultant management over several initiatives.
  • Incident Response Team Leader for organizational Breach Response and Virus Outbreak events in several verticals
  • Security Program audit and development for PCI regulatory compliance.
  • PCI-DSS QSA Audits and GAP Analysis. SAQ, ROC, and AOC documentation and review.
  • LogRhythm SIEM, Threat Intelligence Implementation and customer support. LCDE Certification.
  • Cloud Security Assessments and best practices consulting. Virtual network implementations.
  • Data Loss Prevention enterprise wide implementations and consulting in several business verticals.
  • Technical Risk Assessments including Vulnerability Management and Analysis, and Red Team Penetration Testing.

Recent Consulting Projects

    Staff Augmentation

  • Director of Engineering, Architecture, and Incident Response - Large Ohio Based Hospital System
  • Information Security Manager - Regional Santa Barbara Based Hospital System

    Security Assessment and Penetration Testing

  • Security Assessment and Consulting for 3 of the top 10 banks in the world.
  • Large Movie and Media company Incident Response to State Sponsored Breach
  • Large Gulf Coast Casino: Internal Security Assessment/Penetration Test, and PCI Gap Analysis.
  • Large West Coast Travel Agency: Internal Security Assessment/Penetration Test, and PCI Gap Analysis.
  • Regional Hospital: Internal Security Assessment/Penetration Test, and HIPAA Gap Analysis.
  • Large Las Vegas based Casino successful Penetration Testing
  • Symantec Data Loss Prevention

  • Federal Department DLP Implementation and Tuning, Washington DC
  • Nationwide Health Insurance DLP Implementation
  • Nationwide Retail: Symantec DLP Risk Assessment and PCI Gap Analysis
  • Fortune 100 Retail: Symantec DLP Internal Risk Assessment and Internal Proof of Concept
  • Multiple Demos/Proofs of Concept for DLP
  • LogRhythm Security Information and Event Management (SIEM)

  • Large Regional Hospital Implementation
  • Large Casino Implementation and Support


Santa Barbara Bank & Trust, Senior Security Engineer / Identity Management Administrator

July 2007 to April 2013

Interfaced with key business owners and project leads to ensure rapid and secure implementation of internal banking applications with minimal risk. Engineered and implemented new security solutions to improve security posture.

  • Vulnerability Assessments: Participated in the design and execution of network and application vulnerability assessments and infrastructure scanning, manual exploitation of known vulnerabilities (with OWASP top 10 and SANS 25 in mind), security audits and remediation activities.
  • Penetration Testing: Infrastructure and application penetration testing (internal and external perspectives), security research, protocol analysis, password cracking, social engineering methods, OS hardening, infrastructure devices, wireless security, implementation of encryption and authentication methods.
  • Intrusion Detection (IDS): Identified, investigated, and resolved potentially malicious network traffic detected by IDS systems and vulnerabilities detected by scanners. Tracked and manually remediated such events. Documented via ticketing systems, and remediated via incident response procedures and investigations.
  • Regulatory Compliance: Experience in using and/or implementing the generally accepted Information Security control frameworks (i.e., ISO 27001, COBIT, ITIL, and NIST) Experience conducting information security engineering activities in a regulated environment (e.g., FFIEC, SOX, GLBA, PCI, HIPAA)
  • VMWare: Administer 35+ Windows/Linux guests and 4 ESXi5 Hosts in support of the Enterprise Security Department using vCenter and multiple tools (Veeam, VMMA, VUM) Automated staging, backup, remediation at host level. Fault Tolerance, High Availability, and automated distributed failover to shared storage.
  • Linux/Windows System Administration: Scripted automation of windows, sysprepped imaging, Puppet, LAMP/WAMP servers, Backtrack, Netvision, Novell eDirectory, Identity Manager.
  • Real Time Network Monitoring & Alerting: Monitor enterprise servers / users / workstations / applications / events with Splunk, Snare, Netvision, Nagios, syslog, SNMP, WMI, vCenter, and custom correlation/scripting for automated alerting. Created real time automated secure dashboard for entire department.
  • Identity Management: Manage and administer automated XML framework and processes for provisioning users and password replication across several heterogeneous systems automatically; including AIX/Linux Local Users, DB2/MSSQL/MySQL Databases, and Active Directory.
  • PHP/MySQL/HTML/CSS: (LAMP/WAMP) Implemented real time dash board for single information point of logs and databases by integrating Novell Identity Manager and MySQL.


Novacoast Inc., Practice Manager & Sales Engineer

June 2002 to July 2007

Project Manager, Field consultant and Pre-Sales/Post-Sales Engineer with broad experience base and skillset with large network infrastructures; Microsoft, Novell, and Linux based products. Specializing in Netvision’s NVMonitor, ZENworks, Identity Manager, Novell Audit and Sentinel. Created a security practice around monitoring products:
  • Organized and supervised teams of engineers on software implementations while managing client expectations throughout both the sales and engineering/implementation processes.
  • Developed NVPAR (Netvision Packaged Auditing and Reporting) Security Practice providing initial virtual sales demos and virtualized proofs of concept to implementation, documentation, training, and support.
  • Pre-Sales and Post-Sales implementations of large scale desktop OS, application packaging and rollout efforts.
  • Implemented Novell DirXML for large scale Active Directory and eDirectory synchronizations.
  • Maintained vendor and partner relationships; Netvision, Novell, Symantec, and supported their sales representatives on sales calls nation-wide and numerous trade shows and conferences.
  • Routinely assisted client/sales executives on sales calls and took part in the overall relationship with the client.
  • Commissioned Engineer averaging $20,000 a month in billable service and support time.


Commission Junction, System Administrator

June 2000 to July 2001

At Commission Junction I was an administrator of 6 servers and 200 workstations. Here I achieved my MCNE from Novell, (Master Certified Novell Engineer) and was responsible for the Microsoft and Novell Infrastructure.
  • Supervised/mentored team of 4 engineers responsible for daily IT helpdesk, desktop, and internal server support.
  • Administrator of 6 servers and 200 workstations. Responsible for the Microsoft and Novell Infrastructure: Administrator of Novell Groupwise, eDirectory, and ZENworks, Microsoft Active Directory, Symantec Anti-Virus, SMTP Mail Gateway, and Veritas Backup solutions.
  • Security policy development. Documented policies and procedures, baselines, and systems configurations.


Novacoast Inc., Sales and Implementation Engineer

June 1997 to July 2000

  • Managed team of 4-6 contractors in desktop and server support for large government organization of 35+ locations for 18 months. Participated in interviewing, onboarding, and terminations of vendors and contractors.
  • Pre-Sales/Post-Sales Engineer focused on Apple, Microsoft, and Novell core technologies/server operating systems and applications including desktop management lifecycles, directory technologies, databases, email, and more.
  • Local onsite technical support engineer for numerous client, both Microsoft, Apple, and Novel technologies.


University of California at Santa Barbara
Institutional Advancement
, Computer Resource Specialist

June 1994 to June 1997


OTHER WORK EXPERIENCE

Clayton Solutions, Sole Proprietor (June 1997 to Present)


EDUCATION & CERTIFICATION

  • Palo Verde High School, Blythe California 1988-1992
  • University of California at Santa Barbara 1992-1997
  1. Certified Novell Administrator 5 (CNA5)
  2. Certified Novell Engineer 5 (CNE5)
  3. Novell Specialist: Border Manager
  4. Master Certified Novell Engineer (MCNE)
  5. Microsoft Certified Professional 2000 (MCP)
  6. Certified Novell Engineer 6 (CNE6)
  7. Microsoft Certified System Administrator 2000 (MCSA)
  8. Citrix Certified Administrator (CCA)
  9. CompTIA Linux+ (Linux+)
  10. Certified Information Systems Security Professional (CISSP)
  11. Certified Ethical Hacker (CEH)
  12. Microsoft Certified Technical Specialist: (MCTS) Windows 7
  13. Tenable Certified Nessus Auditor (TCNA)
  14. VMware Certified Professional (VCP5)
  15. VMware Certified Associate (VCA-WM)
  16. VMware Certified Associate (VCA-Cloud)
  17. VMware Certified Associate (VCA-DCV)
  18. Symantec Sales Expert
    Symantec Control Compliance Suite (CCS)
    Symantec Data Loss Prevention (DLP)
    Symantec Endpoint Protection (SEP)
    Symantec Critical System Protection (CSP)
  19. Symantec Sales Expert +
    Symantec Control Compliance Suite (CCS)
    Symantec Data Loss Prevention (DLP)
    Symantec Endpoint Protection (SEP)
  20. Payment Card Industry Qualified Security Assessor (PCI-DSS 3.0 QSA)
  21. Payment Card Industry Professional (PCI-P)
  22. Logrhythm Certified Deployment Engineer (LCDE)