Christopher Lewis (CISSP) 
 
Mobile Phone: 
Secondary Phone: 424-239-0058
E-mail: [Send email using form at bottom] 
 
OBJECTIVE
To secure a challenging position within Computer Security that will capitalize
on my comprehensive knowledge of new cutting edge technologies in the areas of
Computer Forensic, intrusion detection, vulnerability assessment, penetration
testing, risk assessment, and firewall configuration, installation, and testing.
 
WORK EXPERIENCE
Senior Security Architect
8-2007 - Present
 
Rand Corporation | Santa Monica, Los Angeles, CA 
 
Government and Military
 

 
Information Security Architect IV

* Involved in developing enterprise security strategies.
* Leads Forensic security projects.
* Develops and manages security for all IST functional areas (e.g., Forensic,
data, systems, network and/or web) across the enterprise. 
* Maintains exceptional knowledge in networking, databases, systems and/or Web
operations. 
*Provides Tier 3 support to customers and IST staff for security related issues.

* Involved in the evaluation of products and/or procedures to enhance
productivity and effectiveness.
* Educates IST and the business about security policies and consults on security
issues regarding user built/managed systems.
* Coaches more junior level staff on security related technologies and
procedures.
* Other duties as assigned.
 
Sr. Security Architect
10 2006 - 8 2007 
 
Stanford University/Perot | Palo Alto, Santa Clara, CA 
 
Healthcare Services
 

 
• Gather requirements and architect technology solutions for security
environment based on requirements. 
• Design viable security solutions in accordance with the defined architecture.
Responsible for leading teams of consultants in performing INS core security
services, including risk assessments, security audits, network vulnerability
assessments, as well as security program services such as identity management,
security remediation, and patch management initiatives. 
• Test product(s) to ensure proper function. Implements product(s) in production
status. Apply vendor or internal fixes to resolve programming errors and/or
enhance functionality. Provide primary support for installed security product(s).

• Work with application development team leads to ensure application security is
aligned w/security architecture and business needs. 
• Work with key business leaders on new projects to ensure security as forefront
of each project. 
• Use Vulnerability Assessment tools such as Nessus, eEye Retina and WebInspect
and for platform and application discovery. 
• Develop procedures and/or programs to support internal departmental
objectives. 
• Manage VA compliance and enforcement for production areas and in accordance
with SOX efforts. 
• Understand impact of product changes on subsystems, users and operating
procedures 
• Perform problem diagnosis and resolution. Interfaces with product vendors if
necessary. Uses internal resources and expertise as needed. 
• Work on complex issues and use troubleshooting and incident handling skills
that require analysis of situations or data. 
• Internal and external contacts often pertain to company plans and objectives.

• Serve as consultant to management and external spokesperson for the
organization. 
• Consistently work with abstract ideas/situations across functional areas of
the business. 
• Require in depth knowledge of the functional area, business strategies, and
the company’s goals. 
• Influence policymaking. 
• Assess intangible variables, identifies and evaluates fundamental issues,
providing strategy and direction for major functional areas.
 
Manager
1 2006 - 9 2006 
 
Baylor Health Care Systems | Dallas, Dallas, TX 
 
Healthcare Services
 

 
* Oversee staff and vendors positioned and purposed to safeguard the company’s
assets, intellectual property, and information systems as well as its employees
and visitors.
* Responsible for development and management of Security Strategic planning for
Corporate IT to include People, Process, Technology and Facilities.
* Evaluation and management of existing information system’s security components
that includes policies and procedures of information systems risk management.
Review and recommend changes to policies as conditions warrant.
* Lead the development and renewal of Security Policies and Administration
procedures.
* Develop and update Security Assessment guidelines and integrate into the
Project Management Methodology.
* Responsible for conducting all Security Risk Assessments for Corporate IT.
Work with outside consultants as appropriate for independent security audits.
* Maintain relationships with local, state, and federal law enforcement and
other related government agencies. Keep abreast of changes to existing and
proposed State and Federal legislation and regulatory laws pertaining to
information systems security and privacy.
* Develop, manage, and enforce security related best practices and procedures.
* Overall responsibility for the integration of Baylor Health Care Systems
security program with Business Continuity Planning, Crisis Management and
Response, and Disaster Recovery.
* Define IT Security infrastructure for network, servers, applications, and
databases.
* Oversee the investigation of security breaches and assist with disciplinary
and legal matters associated with such breaches as necessary.
* Prepare and deliver program status and security situation briefings for senior
management and other parties designated by senior management.
* Ensure that the Baylor Health Care Systems IT organization obtains, develops,
and retains qualified and competent security specialists.
* Either serve as or appoint staff to serve as security consultant to Baylor
Health Care Systems projects involving changes to the organization’s facilities,
procedures, systems, or management practices.
* Ensure that appropriate security-related training and education are provided
to Baylor Health Care Systems IT and general business personnel as required by
regulation or organization changes.
* Maintain awareness of emerging threats, such as new viruses, hacker contests
and system vulnerabilities. Provide recommendations for mitigating risks
associated with these threats.
* Participate in the development and documentation of information security
standards, best practices and guidelines. Develop a security strategy,
architecture and appropriate policies.
 
Sr. Enterprise Vulnerability Assessment Engineer
7 2005 - 1 2006 
 
SAIC | San Diego, San Diego, CA 
 

 

 
Security Architecture Development, Content Filtering, Access Management
Develop and deploy IDS/IPS (Intrusion Detection /Intrusion Prevention Systems)
Develop and deploy SIM (Security Information Management)
Develop and deploy CSA (Cisco Security Agent)
Systems Re-engineering, Network design, WAN Troubleshooting / Desktop and
Network Support
Project Management, Training, Presentations
Intrusion Detection Deployment / Installing and securing Wireless networks
Security Investigation, Data Forensics
Business Continuity Planning /vulnerability Assessments
 
Sr. IDS/IDP Engineer
12 2004 - 7 2005 
 
Lucent Technologies | Murray Hill, NJ 
 
Telecommunications Services
 

 
Information Systems Security Professional experienced in the development of
Information Security systems architectures in large Government and Private sector
networks. Specializes in architecting advanced open and closed source Intrusion
Detection Systems and processes to effectively mitigate risk. Participates in
activities associated with the identification, prioritization, and resolution of
incidents. Coordinate activities associated with the implementation of
information security initiatives to senior business managers. Leads teams to
define and refine security processes and establish metrics. Evaluates
technologies for effectiveness and fit with corporate cultures. 
• Architected Intrusion Detection solutions to manage information security risk
for mission critical infrastructures.
• Architected Security Information Management systems. 
• Performed penetration security assessments. 
• Specified and designed firewalls, site-site and remote access VPNs, and
application authentication systems.
• Performed internal, external penetration security assessments. 
• Performed ISO 17799 audit of one of Canada’s largest communications providers.
Identified opportunities for improvement and joined efforts to align business
units with upcoming SAS 70 objectives.
 
Sr. Network Security Engineer
5 2004 - 12 2004 
 
CompuCom | Dallas, Dallas, TX 
 

 

 
Responsible for monitoring and interpreting output from intrusion detection
systems. Participate in activities associated with the identification,
prioritization, and resolution of incidents. Coordinate activities associated
with the implementation of security initiatives. Install and configure network
and host based IDS/IPS. Implement security controls and audit operating systems,
including Windows and UNIX. Audit and recommend secure firewall and router
configurations. Perform manual and automated assessments on desktops, servers,
routers, switches and firewalls. Utilize experience and understanding of IS
environment. Prepare progress reports for work performed. Act as liaison between
security and all other Compucom groups. Provide 24/7 on-call support as required.
May be required to work off-hours (including weekends) as required.

PRINCIPAL DUTIES AND RESPONSIBILITIES 
• Maintain and protect information security systems to mitigate the possibility
of dissemination of information to outside sources.
• Represent CompuCom in a professional and businesslike manner and communicate
effectively with customers and associates.
• Apply Compucom Security Policy to situations as they arise.
• Report any violation of CompuCom security policy to management.
• Accept 24/7 on-call duties by carrying a pager and a cell phone as requested.
• Accept special projects and assignments as directed my management.
• Provide system analysis and reports for management review.
• Assist in the development and improvement of policies, procedures, and
standards. 
• Interpret vulnerability / exploit alerts and implement countermeasures.
• Perform UNIX and Windows system administration.
• Escalate problems and issues to a higher level.
• Maintain appropriate documentation and procedures.
• Interface with other security personnel, operations, and customers and make
decisions on operating procedures, analytical approaches, and configuration
options.
• Operate, maintain, and install intrusion detection and scanning systems.
• Install, test, and repair IDS and monitoring system components on remote
sites.
• Perform information gathering scans on hosts and networks.
• Perform penetration tests and security audits on hosts and networks.
 
Sr. Security Engineer
6 2003 - 9 2003 
 
DevonIT | King of Prussia/PA 
 

 

 
Designing and building a new security offering that includes: 
Hardening of network operating systems, firewalls, and network devices, 
Vulnerability testing using Nessus and ISS 
Some penetration testing 
Designing and implementing a managed network monitoring service utilizing: 
The Tripwire suite to monitor data and operating system integrity 
Netsaint for Unix and NT monitoring as well as network device monitoring and
alerting 
Snort for IDS 
Private I for Cisco PIX firewall log monitoring 
Various tools for Vulnerability testing 

Responsibilities include: 
Evaluate client's current security and IT policies. 
Evaluate current security on clients LAN's, WAN's, and Internet points using a
multitude of 
tools including Nessus, ISS and NMAP. 
Recommend new policies as well as network design changes. 
Recommend, implement, and maintain operating system and network device patches.

Recommend, implement, and test firewall policy and configuration changes 
Manage client network status utilizing Tripwire, WhatsUp Gold, NetSaint, and
Snort. 
Analyse Snort alerts and TCPDump captures to determine and trace threats.
 
Sr. Network Security Engineer
10 2001 - 9 2002 
 
Department of Energy | Washington DC 
 

 

 
Responsibilities 

Deter, identify and investigate computer and network intrusions. Conduct
computer surveillance/monitoring, vulnerability assessments, and audits of
information security infrastructure and policy. Design and implement computer and
network security training. Provide computer forensic support to high technology
investigations. Duties may include evidence seizure, computer forensic analysis
and data recovery. Research and maintain proficiency in open and closed source
information security tools, techniques, procedures and trends. Convey technical
information effectively and concisely to a wide range of audiences.

Qualifications

Experienced in computer intrusion analysis and investigation, intrusion
operations and detection, computer network surveillance/monitoring, vulnerability
assessments and hacker methodology/techniques. Extensive knowledge and in-depth
understanding of network protocols, network devices, computer security devices,
multiple operating systems, secure architecture, methodologies, and tools.
Technical experience in hardware/software configurations and network LAN/WAN
system administration in support of computer intrusion operations. Knowledge of
computer network exploitation methodology and techniques. Technical
certifications in ISS RealSecure product line and Ethical Hacking.
 
Network Security Consultant
1 2001 - 10 2001 
 
NetSN | Dallas TX 
 

 

 
Installed, configured, tested, and managed WatchGuard Firewall, Check Point
Firewall-1, Gauntlet NT, Gauntlet UNIX, Cisco Pix, and other security services
for integration with existing Internet service providers within internal and
external customers. This included but is not limited to VPN’s, VLANS, ACL’s, and
BGP on both firewalls and routers. Explore, define, install, test, and maintain
new avenues of computer security including feasibility, profitability, and risks
for various Internet service providers (ISP) and companies including National
Computer Enterprises, a VAR reseller of Network Associates software. Perform
on-site customer analysis of existing firewalls and vulnerabilities. Research,
analyze, and present in-house profitable and risk-free security and intrusion
detection processes to executive management. 
(Environment included – WatchGuard Firewall, Gauntlet Firewall, Cisco Pix
Firewall, Check Point Firewall, CyberCop Scanner, ISS RealSecure, Tripwire, Cisco
routers & switches, VPN’s, VLANS on many different platforms including Windows
95-98-ME-2000, Linux, Solaris, & Novell.