Daniel B. Holzman-Tweed, CISSP, QSA

Certifications and Professional Affiliations

CISSP # 27329, awarded December 2001
NSA IAM certification awarded July 2002
PCI QSA certification awarded January 2006

Member of CSI since 2000
Member of ISSA since 2003

Key Accomplishments

An IT career spanning 19 years, 12 of them in security featuring:

Creation of production corporate and e-commerce architecture, corporate security policies, secure data centers, and.
Execution of data center build-outs invisibly to the user community.
Reduction of personnel requirements through automation of critical security functions.
Consolidation of under-used resources.
Project management.

Education

2007: M.S. in Information Techology from Capella University, Minneapolis, MI
1990: B.S. in Physics from Antioch College, Yellow Springs, OH

Experience

2004 - present: Jefferson Wells

99 Park Ave.,
New York, NY 10016
Position: Professional

Designed, managed, and performed audit projects to meet evolving customer needs in the following areas:

Electronic & Internet banking
PCI Data Security Standard
Information security
Outsourced Labor Controls

Database and application securityty
E-mail and interprocess messaging
Sarbanes Oxley IT compliance

Vulnerability Assessment
Risk Assessment
General Computer Controls

2001 - 2004: Sony Electronics, Inc.

123 Tice Blvd
Woodcliff Lake, NJ 07675
Position: Network Security Specialist

Reduced personnel requirements through secure automation of: virus detection, validation, and response; management of security change requests; corporate credit card transaction clearing; customer and reseller order processing.
Reduced maintenance costs through consolidation of legacy firewall, proxy, and VPN, and other internet service architectures.
Provided security awareness and training to business unit IT managers.
Increased security level through design and implementation of multi-layer network security architectures for regional infrastructures.
Implemented security and business measures resulting in elimination of web defacements.
Coordinated corporate anti-virus effort, with operational groups managing distributed LANs, WANs, and NOCs matrixed to report to me.
Project management and development of security measures for North and South American B2B and B2C architectures; security assessments for regional and partner architectures; development of secure global outsourcing architecture for the enterprise customer call center; and regional security policy development.

1999 - 2000: Parus Interactive (was Webley Systems), Inc.

570 Lake Cook Rd.
Deerfield, IL 60015
Position: Senior Security Administrator

Created the company's initial security policy and procedure structure with minimal disruption of the corporate culture.
Created corporate internet and extranet services upon separation from the parent company.
Expanded corporate disaster recovery plan as the company grew.
Established technical and cultural anti-virus defenses.
Implemented Network Intrusion Detection Systems.
Designed and implemented multi-layer security architecture for corporate and production networks.
Successfully promoted security consciousness among the firm's employees.
Administer security services such as firewalls, PKI, and VPN.
Conducted physical, host, and network security assessments.
Provided incident response and forensic analysis of security events.
Researched emerging technologies and identified opportunities for the company to improve its security.
Report state of security to senior management.

July 1996 - November 1999: Goldman Sachs (was The Hull Group)

11 S. Wacker Drive, Suite 1400
Chicago, IL 60606
Position: Systems Administrator

Planned and supervised a secure data-center expansion conducted with total invisibility to our customers.
Perform Y2K compliance projects for security and e-mail system audits and remediation transparently to the users.
Implemented migration of corporate e-mail to an SEC compliant solution.
Developed an 8-hour recovery plan.
Designed, installed and administered electronic trading systems between Hull and various counterparties throughout the system's entire life-cycle.
Project management of Y2K compliance project auditing production trading systems and code-base.
Enforced corporate acceptable use policies.
Administered network security architecture.
Provided incident response and forensic analysis of security events.
Mentor junior systems administration staff.

April 1995 - June 1996: G-Bar Limited Partnership

440 S. LaSalle, Ste 2900
Chicago, IL 60605
Position: Systems Administrator

Designed and performed a complete redesign of the network, migrating from Thinnet to Twisted Pair wiring, and upgrading obsolete network hardware.
Designed, installed, and administered the company's Internet connection and firewall security system.
Specified architecture for remote access systems for developers and support personnel.
Administered a Macintosh, PC, and Sun WAN and LAN to meet or exceed the uptime requirements of live options trading.
Performed server and network monitoring and capacity planning.
Managed network security services.

August 1993 - April 1995: Practi-Col Services

823 Emerson St.
Evanston, IL 60201
Position: MIS Manager

Planned and performed migration from a single-server to LAN architecture.
Implemented EDI procedures, cutting revenue collection times and overhead costs.
Designed and installed distributed computing architecture and procedures permitting account managers to use their PC workstations tools such as Excel and Paradox, for better reporting, analysis, and presentation capabilities than provided by the database server application.
Administered the firm's core business, a medical billing database.

January 1993 - July 1993:Self Employed

Clients included a mass transit company and a nationwide consulting firm. Projects included programming (using C and embedded SQL), Oracle screen design, hardware and software testing, and writing software documentation.

May 1991 - December 1992: Fermilab

500 Batavia Rd. Batavia, IL 60610
Position: Software Librarian and System Administrator

Organize, create and distribute over 100 software libraries (including ongoing upgrades) to the D0 experimental collaboration (over 30 laboratory and university VAX and Unix nodes worldwide). Manage security of the libraries. Provide helpdesk and system administration support for local users. Supervise library distribution operators. Key accomplishments include rewriting the distribution software for increased efficiency and ease of later modifications.

September 1986 - October 1990: Cooperative Education

As a requirement for graduation, Antioch students must successfully complete a minimum of six quarters of work experience in the cooperative education program; I completed seven. My employers were:

Bellevue Hospital (New York, NY)
InfoWorld Magazine (Menlo Park, CA)
Lamont-Doherty Geological Observatory of Columbia University (New York, NY)
Nevis Labs (Ardsley on Hudson, NY)
Fermilab(Batavia, IL)

Duties varied widely throughout these positions and included database management, help desk support, hardware and software testing, program development (using C and Pascal), database development, and software conversion between operating systems. Projects were consistently completed under deadline.

Key accomplishments include:

Single-handedly performing a product review for InfoWorld normally assigned to an entire technical team.
Establishing proper data collection procedures in a hospital setting.
Developed of a PostScript compiler/decompiler in the Macintosh environment. Improved data storage algorithms for Nevis Labs, saving them $10,000 in hardware costs.
Develop a cross-platform GUI for character-based terminals.