Home

Thomas Maika, B.Sc. - Program Manager

[email protected]

Location: Chattanooga, Tennessee, USA

Relocation:

Visa: USC

Thomas Maika, B.Sc. Program Manager 713-594-2442 [email protected] Chattanooga, TN USC Work authorization: US Citizen, US Gov't Clearances: Inactive Secret Clearance, inactive Public Trust years: 2011-2022. No issues in reinstating any US Gov t Clearance. SUMMARY Director, SVP, Strategic-level Banking Information Technology Professional with broad-based experience in Public Cloud design /administration, Cybersecurity, SIEM, SOAR, Digital IT audit / Risk / compliance and CVE threat / vulnerability management. PROFESSIONAL EXPERIENCE Permanent Data Regime Co., Chattanooga, TN March 2017-present Founder, Pen Testing, Digital IT Program Manager, SME CVE / VM and SME AppDevSec Working with and traveling to clients: Banking: IDB Development Bank, Citibank, Mizuho Bank, Utilities: Entergy Inc., NewEra FPL, SAAS, MSSP: Lumens-CenturyLink, ClearAvenue LLC, others 80% hands-on technical, 20% managerial Cybersystems Leadership and Relevant Platforms Expert First Lines of Defense: Management Control, Risk Management, IT Security services. Lead Cybersecurity engagements, SME in Cybersecurity Vulnerability and Threat posture, S.T.R.I.D.E model, determining Data Governance and Privacy, Risk Appetite and Risk Management Program Development. Standards with ANSI, ITU-T, FFIEC, SEC, FDIC, NIST, HIPAA, CMMS, NERC, FERC, ISO/IEC 27001, 27002, NIST-800-53. With Financial Services clients, I operate and maintain System Admin level Privileged Access Management and Secrets Management platforms. Study and research and administer relevant business use cases, and remediation of gaps. Lead the provisioning of in-depth technical leadership in business application development team to ensure safety, soundness, security in all phases of the development of client application systems. Have supported Broadcom product offerings including CAPAM, high-speed internet, email O365 conversions from Lotus Notes and Exchange Server. Have beta tested HashiCorp Vault and other competing systems for operability, access controls, API encryption keys, passwords, certificates. Tested HashiCorp Vault with container security involving Kubernetes authentication methods including service account token. Multiple clusters involved. Application Development Security AppSecDev Work with security and OT architecture, security tools implementation and engineering of IAM credentials with PingFederate IAM tech tools. Employ Web proxy management, updates and patching. AppDevSec with P.A.S.T.A. security configuration. Administer BlueCoatSG Web proxies, Auditing and Maintenance, performance enhancement. Currently working on IT Security issues and Programs, IT Audit Engagements, Endpoint Security, EDR, DLP, and IAM with AppDevSec as a priority. Tools: Jenkins, BlackDuck, Ruby, Puppet, OAuth, Salt. Provide in-depth technical support for CyberArk PAM, HashiCorp Vault, Broadcom CA PAM, and Vintela platforms. Performance of related duties as assigned or requested. Cybersystems and Banking Financial Services Employed for 18 years in Banking - Financial Services for entities Mizuho, InterAmerican Development Bank, Citibank, Wells Fargo and multitudes of Thrift Institutions in NYC, NJ, CT Metro. Configured Vintela VAS platforms; SHI single sign-on, MS Active directory to give properand secure operations for UNIX and Linux systems. Leader and SME in threat modeling, vulnerability remediation, IDS, IDR, IPS and EDR Threat response teams, S.T.R.I.D.E. modeling. Worked over 8 years in the planning, deploying and maintenance of Sophos and McAfee EDR, DLP, EPO products and services. Currently, administer and oversee of CyberArk PAM, threat analytics management, Password vault PVWA, SSH key vault, Privileged Session Manager-SSH, Web, others as needed. Compliance, Legal, Internal Audit, IT Audit Editor of policies, procedures, surrounding the McAfee contracts with legal & compliance as it affects the Banking Production enclaves in alerts, action, response, patching, remediation, and documentation of follow-up with OWASP. SME and Banking Industry pioneer in cybersecurity, BCP, AI, IAM, DLP, and an active participant in forums, CVE knowledge, cutting edge Industry information, LANDWARNET attendee and consultant to my Peers. Apply troubleshooting skills. Skilled with RHEL, CentOS, Ubuntu Linux, IBM ZOS Mainframe. Certified in Rapid 7 VM, IDR, IDS, IPS, APP SEC, Web Spider, Metasploit, Postgres, RHEL Linux to support cybersecurity, pen testing and SIEM efforts in a 38 endpoint worldwide decentralized network. Perform scheduled, adhoc scans and penetration tests. Administer single sign on using SAML, OAuth2, OIDC and Federation SAML OAuth Meet to collaborate with tech SMEs to implement Okta, Azure, AD, Active Directory, Beyond Trust, Tripwire, Rapid7 VM IDR IDS IPS, MFA, EERS, CyberArk, Kerberos containers, Aqua scanning, Metasploit scanning. Perform FAIR Risk Management practices to enhance cybersecurity posture. Factor Analysis of Information Risk is key in Risk Appetite, Mitigation, RSI tools usage and Impact. Have 18 years of knowledge in Information Security, cybersystems, key vendor management, ISP configurations with ATT, Verizon, Broadcom, and other proxy vendors offering secure gateways. Web gateway services with Sophos, Broadcom, McAfee, ProofPoint and other key cybersecurity vendors. SIEM, EndPoint Security, Anti-Virus OT-Level Configured SWG to enhance filters optimally for performance and security on brands: Sophos SWG, Fortinet, Dashlane, Zscaler, IBM, Insight Rapid 7, Darktrace, Okta, Broadcom, Microsoft and others. Work with operation and maintenance of Cyberark and Beyond Trust applications. Increased skills in modules Password Vault, Endpoint Privilege Management EPM, Privilege Access Management PAM Elevated Accounts, Thycotic, Central Policy Manager, Privilege Session real-Time screen view manager, others. Earned Admin status with Splunk in configuring indexers, databases and key dashboards. Utilized custom dashboards with Splunk to glean key data for forensics and restoration after a network fail, heavy traffic, malware, Ddos attacks or ransomware security incidents. Participate in cloud proxy migration effort from Websense to Bluecoat other pre-tested tools. Worked to secure a low fail rate with secure SWG and other endpoint security tool Cisco secure endpoint fka Cisco AMP. Enhanced threat protection scripts to instantly identify bots, advanced threats in defending network, firewalls, workstations from Ddos and other common cross-site scripting attacks. Tested product's security posture with traffic heartbeat, call-home protection firewall policies, traffic pattern indicators, user identity and blocking-blacklisting - whitelisting. AI, Automation Programs Continually interacting with key stakeholders for IT security and UI Path and RPA automation. AppDevSec: Manage 200 apps and track AppDev Managers and subordinates with enhanced security initiatives involving credential management/privilege access management (IAM,PAM). Perform automation of processes with Terraform, Javascript, Powershell, Python scripting. AppDevSec duties include application deployment BlackDuck, Jenkins knowledge. Maintain, develop and administer cybersecurity, data security policies for division. Cyberark Password vault utilized Cyberark, Hashicorp, password vault modules. Administer cybersecurity and contract clauses with AWS Lambda, Kubernetes, Azure, Google GCT cloud services. Risk Management Programs Focus IT Cybersecurity and Risk Management (FAIR, Lean SIGMA) for Financial Services Banking, SAAS, MSSP Clients, US Government, Oil Patch and Energy Transmission. Evolved company to dot. TECH, .NET, .US, .COM web presence. Plan and implement cybersecurity projects involving Data Privacy, Data Security, Crowdstrike, SailPoint, UiPath RPA, AWS Lambda, API, IDAM concepts, Kubernetes AppSync, EC2, and other robotics, container, and repeatable task technology. Google Cloud Platform (GCP) Google Cloud Management, Sentinel, IOT, cloud storage, Security, Delinea fka Centrify Delinea-Thycotic, Cyberark PAM, Beyond Trust, Microsoft E5, Terraform. Penetration Testing Management Design simple to complex pen testing methods involving discovery scans, database access, data loss prevention, website access, web presence and exposure, password analysis. Pen testing with tools: Burpsuite, OWASP, Metasploit, Kali linux, social networking, shoulder surfing, physical security, AppScan, AppSec and others. Plan and execute SIEM tools and methods, orchestration integration with Rapid 7 SOAR Connect and Tufin products, Rapid 7 vulnerability management, threat remediation, Postgres Administration, RHEL Linux, CentOS, R7 IDS/IPS, Amazon AWS Cloud security, Google Cloud security, Saviynt App IGA connectors, vendor risk vetting assessments, penetration testing, API web application and mobile technology vulnerabilities. Leading a SOAR orchestration project involving use-cases, plug-ins and UBA user behavior analytics. Alternated vulnerability scanning and analysis with Tenable Nessus, Beyond Trust Retina-US Navy Tricare, Beyond Trust PAM, Tripwire Enterprise, UpGuard, IBM Guardium, Qualys, Wireshark, Insight AppSec, InsightVM, Metasploit, Aqua container scanning, Aircrack-ng, NMAP www.cvedetails.com and others. Define, decide upon and direct IT security efforts with SIEM tools including Soft token technology, Okta, SailPoint administration, Delinea Centrify Thycotic, IBM Qradar and threat vulnerability management efforts, remediation with key Vendors, internal Application development, producing IDS/IPS metrics using Cisco AMP, ESA, InsightVM Rapid 7, Venati, Amazon AWS cloud, API, Lambda, AppSync as well as MS Azure cloud services, Google GCP, Sentinel, Thycotic, Beyond Trust, Cyberark, Terraform, New Relic One.Soft Platform as a Service, PAAS, Software as a Service, SAAS, Management as a Service MAAS, Programs Define PaaS and SaaS bid proposals and contracts to perform active IT security operations, 24/7 event log monitoring and response, Tanium endpoint security, ManageEngine Applications Manager, Identity Access Management IAM, cybersecurity solutions. Administrator-level duties include: Qradar IDS/IPS, Splunk-Cloud, Tripwire Enterprise, Solarwinds, Azure AD, Amazon AWS API, SAML WS FED Ping Federate, Saviynt IGA, Cisco AMP, Cisco ESA, Symantec and SOPHOS Endpoint security, McAfee EPO Enterprise, Symantec Enterprise anti-virus and Thycotic, Beyond Trust, Cyberark ver 10.7. Performed recent upgrades on SIEM Rapid 7 to include better functionality in reports and metrics reporting. Research and debate modern methodologies to secure corporate assets involving standards: UiPath, RPA, ISO / IEC 27001:2018, FFIEC, NIST 800-53, HIPAA 164.310, GDPR, UEBA, PMP PMBOK, SOX section 4, SAP ERP 6.0, NERC, FERC CIP v6. Help to identify, act and close common vulnerabilities and exceptions CVE threats and vulnerabilities with various scanning tools based upon contract and enclave. Actively reference and manage IT Security, Identity Management Access Controls, IAM, PDR design requirements, Service Now CMDB, JIRA CMDB, Beyond Trust, CyberArk, Syslog, and content filtering firewalls with WebSense, Palo Alto, Juniper, Checkpoint and Bluecoat Proxy SG firewalls. Administer and support Beyond Trust with activities involving password vault, elevated privileged access mgt., identity access mgt., HSM hardware security manager and Tanium EP. Work with team to perform hands-on work with UiPath RPA robotic process administration, UI Path robotics, EC2, Kubernetes, load-balancers and firewalls. Cybersecurity study on Autonomous Haul projects, and audited vendor providing PaaS and SaaS. Built queries and reports for Tenable Nessus, Rapid 7 VM CVE scans. Perform analysis with existing Juniper, Cisco and Meraki firewalls via Firewall Assurance Network Topology and Administration. Edited scripts; Java, Java Scripts, and Python. Security engineer assigned to work to help build RPA Robotics Process Automation system intended to speed transactions via UI Path robotics vendor, hived SQL server farms, virtual machines, orchestrators, load balancers and dedicated VPN tunnels with a repeatable process. Enforced the separation of duties within Business Units: Strategic Management, Production Environment, Application development, Network operations, Internal audit and Cybersecurity. Work to establish Cybersecurity methodology and processes to include SDLC, AGILE / SCRUM. Active hands-on cybersecurity operations within SIEM tools Qradar, FireEye, Bit9 Carbonblack, CoreImpact and CISCO App Dynamics. Implemented security services with multiple entities involving Security Portal management involving Amazon Web Services AWS, Amazon AMI, AppSync, Lambda, MS Azure with Oracle. Utilized Bit9 Carbonblack endpoint security, Syslog DTLS. Experimenting with robotics to assist in security reporting, UEBA , SCADA controls and design Amazon AMI machine images and AppSync. Industry Compliance: NIST, ISO/IEC, FERC, NERC, FFIEC, CMMS Subject Matter Expert SME involving audits and governance involving CJIS, NERC, FERC, CIPv6, v7, FFIEC, NIST 800-53, GLBA, PCI/DSS, ISO/IEC 27001, 27018, HIPAA, DISA/STIGS, Cybersecurity: Author and develop Policy, Standards and Procedure statements to mirror cybersecurity initiatives and existing IT operations. Evaluation of proposed SAP R3 documentation system. Writing specs for Treasury SCADA application study. Contracted - ITC Technical Svc, APEX inc., San Francisco, CA Oct. 2016 Feb. 2017 Program Manager Information Security Engineer, IT Auditor, GRC Risk SME Working with and traveling to clients: United Healthcare OPTUM, WellCare Healthplans 90% hands-on technical, 10% managerial Provided guidance, direction and oversight for 3rd party assessments, internal audit engagements, baseline security standards, delivery and remediation of IT security and compliance issues surrounding HIPAA, risk standards CMS compliance, PAN data, PCI-DSS ver. 3.2 compliance, FFIEC directives, NIST 800-53, Sarbanes-Oxley SOX, ISO/IEC 27001:2013, ISO/IEC JTC 1, NERC-CIP 007 R2, and DISA/STIGS data standards. Year End work completed on a 3-month contract assignment only. Performed Qradar IDS/IPS on reporting and metrics involving intrusion prevention, malicious emails blocked, percentage of assets patched. Worked Cyberark PAM privileged access management, Password Vault, IAM module. Defined risk management to perform root cause analysis, enterprise-wide governance risk compliance and dollar-value calculation of risk impact. Provided direction surrounding CyberArk IAM identity access manager, IDM application identity manager, EPV electronic password vault, PSM privileged session manager. Proficient with Tripwire Enterprise, Proofpoint, Bit9, RedSeal, IBM QRadar, Core Impact, Carbon Black, FireEye, Tenable Nessus, InsightVM Rapid 7, Computer Associates Kerberos, Palo Alto, Juniper, Checkpoint, JIRA and ServiceNow content, AWS Kubernetes, Lambda, Google Cloud Platform GCP, Security Services, IOT, GCP cloud storage elements. Content filtering firewall analysis with WebSense, Bluecoats, and Cisco Meraki. Worked to provide technical oversight involving SIEM, HSM, Venati, SCADA controls, UBA, and OWASP for application development. Supported IT Audit efforts via SOC2, SOC3, and Sarbanes Oxley testing, PCI-DSS 12.3, NERC-CIP, HIPAA, writing of controls, and remediation. Permanent - Performant Financial Recovery Corp., Livermore, CA April 2016 - October 2016 Program Manager, IT Auditor SME and Risk SME 90% hands-on technical, 10% managerial Helped to manage governance risk compliance eGRC efforts in the business with projects involving cybersecurity, NERC-CIP, vulnerability, threat assessment , risk posture, risk assessment, security architecture and Cybersecurity. Researched and administered ways to secure corporate IT assets involving security patching and application of baseline standards ISO / IEC 27001:2018, FFIEC, NIST 800-53, HIPAA 164.310, PMBOK, GLBA, SOX section 4. Provided direction for cybersecurity within a 1,100-user network involving threat posture, secure application development practices, gap analysis and risk posture. Security tools utilized: IBM QRadar, CyberArk, PAM privileged access management, Password Vault module, DLP data loss prevention, Skybox Platform with Firewall, Network Assurance with Threat and Vulnerability Controls, Splunk, Syslog DTLS, Tenable Nessus 6.7, SIEM, Java scripting, Nexpose Rapid 7, Tripwire Enterprise 8.5.0, FireEye, Bit9 Carbon Black, Kerberos, Sophia, RedSeal, Proofpoint, WebSense, UEBA, Palo Alto, Juniper, Checkpoint, Bluecoat Proxy firewalls, Wireshark analyzer and other tools for intrusion detection and SIEM efforts. Provided IT Audit and Information Security guidance through standards: CoBIT 5, COSO, DISA STIGs, NIST 800-53, PCI / DSS 3.2 compliance and SCADA. Authored Programs in risk avoidance, risk transfer, factor analysis of information risk FAIR, suspicious activity reports, technical writing of policies, security plans and intrusion detection. Proficient with PGP, RedSeal, QRadar, CyberArk, Tripwire Enterprise, Nexpose Rapid 7, Nessus 6.7, Sophos AV, Proofpoint, Bluecoats, Bit9-Carbon Black, Snort, Splunk, Syslog, Scrum, Agile, SDLC, SIEM and Symantec Enterprise anti-virus. Provided IT Audit expertise involving Governance Risk Compliance GRC involving Capability Maturity Model CMM, ISO/IEC standards, OCTAVE, FAIR, TARA, OWASP top 10 controls, CoBit, NIST, FFIEC controls and Centers for Medicaid/Medicare CMS standards. Robotics study as it relates to Cybersecurity and SCADA controls and methods. Contracted Prodapt North America Inc., Glendale CA Oct. 2015 Apr. 2016 Technical Program Manager, Information Security, IT Audit/Risk SME Working with and traveling to client: Spectrum, Bright House Networks, Charter, Time Warner Cable during merger 75% managerial 25% hands-on technical Oversaw Active Directory Project involving 20 persons using PCI-DSS 12.3, Tripwire Enterprise, a risk management plan, analysis of risk for critical processes, risk probability and risk impact. Methodologies: OCTAVE, FAIR and TARA. Directed business processes, product requirements and utilized CSIRT and use OWASP to baseline SIEM event trends and attack patterns and vectors. NERC-CIP 007 R2, DIARMF, SCADA cybersecurity, anti-virus efforts with Symantec Enterprise, PAN data analysis, Amazon Web Services AWS cloud, SCADA Robotics study for future merger with Charter Communications and ultimate formation of SPECTRUM. Developed and executed PMBOK defined and led project plans, with dependencies, milestones based on backlog, story points and velocity to establish reachable targets. Cybersecurity role with Carbon Black, Proofpoint, QRadar, patch mgt., Amazon Web Services, Google Cloud Platform (GCP), Tripwire Enterprise, Tenable Nessus 6.7, Nexpose Rapid 7, Agile-Scrum, Splunk, Syslog, UEBA and Skybox Platforms including Threat and Vulnerability Management, SIEM CVE, Nexpose Rapid 7 scans and remediation. Oversaw a 3000+ computer group and a CAT 1 Network threat / vulnerability project. Coordinated remediation efforts. Qradar CyberArk PAM privileged access management, Password Vault, DLP data loss prevention, 9.2 beta tested platform for ID of privileged accounts, access control lists, audit trails and password analysis. SAP ERP pillar analysis, provisioning and access granting, SAP process control. Created and implemented a FAIR TARA risk management plan. Identified project related risks and triggers. Permanent - Data Regime Co., Naples, FL, Sea Bright NJ May 2007 - October 2015 Director, Consulting Operation Owner, CISO, CTO Program Manager, BASAL Accord and Banking Industry Cybersecurity SME Working with and traveling to clients: Hemisphere Holdings Corp., Bayview Financial Inc., Pamrapo Bancorp Inc., Microware Inc., BlueCross BlueShield Affiliates, Partsfleet II, Advance Auto Corp. 70% hands-on 30% managerial In charge of 3 persons involving the Planning, Organization and Direction of small, medium and high value Financial Services, CMS governed Health Insurance Industry, Pharmaceutical audits. Point of contact for business projects and risk assessments involving Project Management Body of Knowledge PMBOK / PMI standards, IT Audit internal controls, SCADA Cybersecurity, GLBA, SOX, HIPAA, SIEM, CVE, NERC, FERC, CIPv3, application development. Subject Matter Expert to Banking and Financial Services involving Vendor Risk and Cybersecurity. Administered and improved Splunk and Syslog security intelligence platform, Amazon Web Services, Golang, CyberArk Identity Access, Node.js Java scripting, Tripwire Enterprise configuration management, Symantec Enterprise anti-virus and McAfee Enterprise EPO. Provided support and administration of Qradar involving Service Level Arrangement SLA with IBM, functionality of reports, malicious activities and reconciliation to existing internal System inventories. Strategic level Authoring of Policy and Threats to the organization with solid results for mitigation. Active role in Information Security with POA&Ms, SCADA, FISMA, FFIEC, UVBA, ISO IEC 27001, 27018. Secured IT operations surrounding a FFIEC rework of application access controls, POA&Ms, eGRC, OWASP top ten, SSAE-16 audit compliance, Palo Alto, Checkpoint. Performed SDLC development of application technical requirements, system design, quality assurance, user acceptance testing, and testing of application analysis for operations using Amazon AWS Cognito and Lambda. Built an IT Audit case, information gathering, access / exploitation, and reporting of findings with Tenable Nessus 5, Proofpoint, Qradar, Nexpose Rapid 7, Tripwire Enterprise. IT Auditor for Financial Services and Banks to perform IT work involving SSAE-16, IT security assessments, Risk Assessment, FFIEC, FDIC, BASEL II Accord and SEC compliance. Permanent - Mizuho Corporate Bank, Ltd ., Tokyo Japan, New York, NY April 2004 - May 2007 Bank Officer, Vice President, BASEL Accord Risk Program Manager SME 100% managerial Oversaw 24-person team involving identifying risks, planning projects, managing milestones. BASEL II Accord principles utilized in key risk definitions. Addressed senior management involving Japanese FSA directives and US Banking policy. SME on Banking Operations in back office, middle office and front office. Identified potential risk impact regarding a key controls and mitigated a $30 million exposure. Provided ITIL v2, COBIT, FFIEC, FDIC, and OWASP project analysis for Bank Security enhancements. Wrote key controls and inputs for Business Impact Analysis BIA and BCP disaster recovery plan. Provided expert analysis involving ISO /IEC 27001, BASEL II accord, GLBA, SOX, FFIEC directives. Built PMBOK, NIST information quality, and ISACA COBIT standards into IT key controls. $1 million budget, oversaw 14 staff, made recommendations to help direct IT operations. Permanent - Baker Tilly LLP, (fka Radics & Co., LLC) Pine Brook, NJ January 1997 - April 2004 Manager Level - IT Manager, IT Auditor, Lead FFIEC Engagement Manager, Banking IT SME 70% managerial, 30% hands-on technical Manager oversaw 3 persons involving the Authoring of risk assessment plans and IT Audits. Frequently addressed boards of directors involving Information Security initiatives and IT operations. Created audit program for EDS - Hewlett Packard web banking application. Led over 200 IT-FFIEC, SAS70 and SSAE4302 audits for 60+ clients including service bureaus. Industry and SME with NIST 800, CJIS, FDIC, FFIEC safety and soundness security and risk assessment. Promoted best practices referencing ISACA COBIT, ITIL, BASEL II, FFIEC, GAAP and OTS guidance. $500k budget, oversaw 3 staff. Earlier Roles with Interpublic Group (Fka William Douglas McAdams) New York, NY 1994 - 1997 Senior Network Administrator US DOD Lockheed Martin (Fka GE Aerospace), Thomson Consumer Electronics, S.A, UTC Carrier Corp. Syracuse, NY 1989 - 1994 Risk Manager, Systems Analyst EDUCATION B.Sc.., Business Administration, Management Information Systems - Franciscan University May 1989 Coursework: Junior AppDevSec and Coding Java, JavaScript, Python, Node.js March 2021 - present Certification: InfoSec Rapid 7 CVE Vulnerability Management, IDR, AppSec, Web Spider August 2018 Certification: CENTURYLINK SOC Bonding and Grounding Policy Review July 2017 Certification: CENTURYLINK DC-SOC Telecommunication Power Maintenance Competency July 2017 Certification: CENTURYLINK SOC2, SOC3 IT Audit Competency July 2017 Certification: CENTURYLINK, ISO/IEC 27001, 2 IT Audit Competency July 2017 CERTIFICATE PROGRAMS: CISSP, CEH course certificate with Infosec Institute July 2006 (fka Vigilar) additional testing with new CISSP modules and CEH, Security + April 2022 ITIL (Information Technology Infrastructure Library) & ITSM (Information Technology Service Management), Insight 2012 Managerial Cost Accounting, Onondaga Community College, Syracuse, NY 1993 AT&T Network Administration, AT&T Valhalla, NY 1997 Diploma: NY State Regents, Spanish, foreign language, NY State Regents, Mathematics INDUSTRY MEMBERSHIPS / AFFILIATIONS GARP Global Association of Risk Professionals, ISACA Information Systems Audit and Control Association, FFIEC Federal Financial Institutions Examination Council, THEIIA Institute of Internal Auditors, RMA Risk Management Association, NERC North American Electric Reliability Corp., FERC Federal Energy Regulatory Commission PROFESSIONAL REFERENCES John Thomas, CFO, Indus American Bank, Iselin NJ 732-603-8200 Raghu Gupta, CPA, Board Member Indus American Bank 732-603-8200 Richard Will, Broker Hemisphere Holdings Corp 315-472-3000 Javier Gomez, Mgr. Entergy Inc. 281-297-3382 Arun Swaminathan Spectrum Inc. 314-814-2824 Keywords: artificial intelligence user interface javascript active directory rlang information technology trade national microsoft California Colorado Connecticut Florida Idaho New Jersey New York South Carolina Tennessee