h1

Resume

Richard McCloskey, CISSP, CISA, C|EH

E-mail: rmcclos AT gmail.com

SUMMARY

I am an information security professional with a BBA in Computer Information Systems and 15+ years of experienced in team management, auditing, program and policy development, IT Security, and general controls. I have a talent for analyzing problems and finding innovative solutions in conjunction with developing and simplifying procedures while keeping the “big picture” in mind. My experience has given me a proven ability to motivate my teams and promote partnerships with other business executives.

TECHNICAL SKILLS

Operating Systems:         Linux, Solaris 2.4 – 9, Windows NT/2000/XP, Mac OS X and Cisco IOS

Security Software: Firewall, Intrusion Detection System, Nessus, SAINT, other security tools and protocol analyzers, as well as custom self built analyzers and attack scripts.

General Productivity:     Open Office, Microsoft Office, MS Project, Visio and CAD

Hardware (major): Sun Microsystems, HP, Intel, Apple, Bay Networks Switches (Nortel), Cisco

Programming: PERL, C++, NASL (Including a script in the Nessus distribution)

PROFESSIONAL EXPERIENCE

Wells Fargo Audit and Security (WFAS) - 9/19/2005 to Present

Information Technology Audit Manager – 6/1/2007 to Present

Senior Information Technology Audit Leader – 6/1/2006 to 6/1/2007

Information Technology Audit Leader - 9/19/2005 to 6/1/2006

Using my depth and breadth of knowledge and understanding of technology, operational, financial, and regulatory functions across multiple lines of business; I build partnerships to help influence risk management and corporate policy while keeping the goals of the corporation in mind. Through leading and participating in multiple committees I contribute to identifying and explaining key organizational risks and controls, and develop training to promote understanding for other auditors.  In addition, I supervise audit leaders and their teams on a daily basis while leading multiple large audit engagements which require exhibiting appropriate judgment regarding issue notification to senior management and senior executives.

Key roles of my management position with Wells Fargo are:

  • Work with senior management to create and communicate the yearly audit cycle to IT partners.
  • Develop and review reporting to the Board of Directors Audit and Examination Committee.
  • Conduct and report on business analyses and risk assessments of corporate lines of business.
  • Provide final approval on audit documentation, results, and reporting presented to management.
  • Escalating significant risks and loss exposures appropriately.
  • Hiring, retention, training, and mentoring staff regarding required knowledge and skills.
  • Subject matter expert and investigations consultant for multiple technical areas.
  • Audit Policy Review Committee
  • Skill and Training Review Committee
  • Initiative and Change Team

As an audit leader and tester, I created and conducted hands on audit testing that technically interrogates system controls and technical infrastructure. The use of vulnerability assessment and penetration testing in conjunction with technical analysis during the audit engagement exercised my core IT knowledge of complex financial systems and application processing environments. My technical audit testing covers such areas as:

  • Web application server assessment (Weblogic, WebSphere, SunOne).
  • Hands on application vulnerability assessment and penetration testing (with and without tools).
  • Review of security architectures (Access controls, Firewalls, NIDS/HIDS).
  • Operating system configuration reviews (Windows and UNIX).
  • Source code reviews of authentication logic.

NexGen Technologies Inc. – 6/01/2004 to 9/19/2005

Senior IT Security Auditor – 10/01/2004 to 9/16/2005

IT Security Auditor – 6/01/2004 to 10/01/2004

As a Senior Security Auditor, I determined the Bureau of Land Management’s information technology compliance with the security requirements documented in the NIST SP 800 Series and verified that the minimal security controls identified in the BLM Security Plan were correctly implemented in accordance with the Department of the Interior’s guidance. I conducted and reported on testing that included functional testing, wireless network vulnerability testing, LAN/WAN/Internet penetration/vulnerability testing, risk assessment, remediation recommendations, and vulnerability analysis. Some tools used for these assessments were Nessus, SAINT, Metasploit, NMAP, and other images using VMWare.

Specifically, our testing:

  • Uncovered design, implementation, and operational flaws that criminals use to exploit IT resources and verified appropriate mechanisms and assurances were implemented to enforce security policy.
  • Assessed the degree of consistency between the IT system documentation and its implementation.

In addition, I created audit engagement reports that contain the results of testing and evaluation conducted on the IT system at the site where the system is deployed for operation to verify that the technical, management, and operational security controls are implemented correctly.

Level (3) Communications - 1999 to 2003

Global Data Center Operations Manager - 1999 to 2003

I served as the IT Global Data Center Operations Manager charged with systems implementation. Responsibilities included U.S. Data Center development from the initial planning phase through construction and turn-up as well as development for operational upgrades for data center sizes ranging from 14,000 square feet. Primary responsibility was to meet the 99.999% up and reliability expected in the industry.

Other duties included:

  • Physical security control and implementation.
  • Provide forecasting and forward-looking mechanical requirements for senior and executive management.
  • Designed network cable plant and cable management across multiple locations.
  • Created data cable architectural designs to provide a controlled and manageable environment for high scalability that resulted in a $1.5 million savings.
  • Contractor management and relations for data center development, construction, and upgrades

Security Lab Manager and Analyst, Global Security – 2002 to 2003

In conjunction with my data center management roles described above, I conducted security evaluations (written and technical) of new technology considered for corporate deployment. I organized and administered engineering interviews with group engineers planning deployments and Line of Business customers asking for the technology to ensure that the best concepts were considered and expectations for all involved were met and agreed upon. I developed ways to conduct internal investigations with network analyzers. I also maintained a mixed computing platform security-testing lab.

Information Systems Manager, University of Denver – 1998 to 1999

Manager and Lead Technologist charged with identifying and assessing business technology needs. Created and directed the development, integration, and operation of Business Intelligence Systems in the University of Denver’s Ritchie Center.

Other responsibilities included:

  • NT and Linux Server Administration. Client machine OS loading and configuration.
  • Budgeting, planning, and scheduling of all IT efforts.
  • Information Risk Management – advised in physical security system development.
  • Reviewed contracts, Requests for Information and Requests for Bids.
  • Lead contact with outside contractors charged with system development.
  • Designed, and implemented system migration from Apple based computers to PC

Cryptologic Technician (T) – Signal Analyst, U.S. Navy - 1990 to 1994

I worked in military intelligence as part of a signals and communications intelligence team.  My duties involved operating electronic monitoring and related equipment to detect electronic emissions: Conducting continuous search and monitoring of assigned portions of radio frequency spectrum, using special search or monitoring equipment. Observing video presentations and listening to signals to determine primary characteristics of monitored signals. I operated recorders to record signals. Determined azimuth from which signal originated, using direction finder procedures. Determined accurately and rapidly parameters, directional bearing, and point of origin of electronic data recorded on photographic film and magnetic tape through operation of technical laboratory analysis equipment, such as electronic parameter display consoles, oscilloscope, electronic counters and sorters, X-Y plotters, sonographs, visographs, brush recorders, video and audio playback units, complex viewers, visual projectors, and associated analog and digital equipment. In addition, I was named the Command Electronic Communications Expert and Signals Analyst.

Other Duties:

  • Maintained and operated encrypted mobile satellite Wide Area Networks.
  • Alpha-tested system equipment and software for NISE WEST, Space and Naval Warfare Systems Command (SPAWAR), General Dynamics, and Lockheed.
  • Assisted the Information Systems Security Officer (ISSO) in secure electronic data processing and collection, secure document tracking and inventory, and
  • Secure information delivery in conjunction with assisting the Intelligence Officers in real-world intelligence data collection and rapid recognition and response to items of interest.

OTHER POSITIONS

Systems and Facility Consultant in Madrid, Spain - June 2003 to March 2004

Information Technology and Telecommunications Specialist, Cyber Highway Internet Provider - 1996

Linux Systems and Lab Administrator, Boise State University - 1995 to 1998

EDUCATION and CERTIFICATIONS

Bachelor of Business Administration – Computer Information Systems, Boise State University - 1998

ISACA Certified Information Systems Auditor (CISA) - 2006

EC-Council Certified Ethical Hacker (C|EH) - 2005

ISC² Certified Information System Security Professional (CISSP) - 2004

SECURITY CLEARANCES /CLASSIFICATIONS

Position of Public Trust, 2005 – U.S. Department of the Interior (BLM): Not Current

Top Secret /SCI, debriefed 1994 – Department of Defense (DOD): Not Current

Civilian Related Classifications:

  • Intelligence Officer (DOT 193.267-022)
  • Electronic Intelligence Operations Specialist (DOT 193.382-010)