Yyyyyy x. yyyyyy

Xxxxxx, XXXXXX xxxxxx ￨ (xxx-xxx-xxxx ￨ abc@xyz.com

Information Security / Privacy / Compliance ￨ Risk Assessment / Management

Privacy / Data Handling Program Development ￨ Cloud / Enterprise Business Groups

Program Development / Management / Launch ￨ IT / Business / Security Consultations

Multi-Project Management ￨ High-Volume Data Handling ￨ Customer / Client Relationships

Security Design / Development ￨ Public- / Private-Sector Security Sales ￨ Team Building / Training

Highly Accomplished Information Systems Security Leader who makes sound decisions to reflect positively on globally based operations initiatives in alignment with a company s vision, value, and goals. Top Performer who is recognized as a thought leader offering solutions-centric critical thinking for insightful, change-oriented results, and who has been a key influencer across civilian and military branches of the U.S. government on the configuration and compliance of millions of personal computers. Out-of-the-Box Thinker who rises above IT challenges to improve the bottom line and achieve winning outcomes, including quickly adapting to evolving scenarios while building and managing privacy and data handling programs spanning 100+ engineering teams across Cloud and Enterprise business groups. Excellent Communicator who develops synergistic relationships with cross-geographical C-level executives, business / IT teams, stakeholders, and clients / customers, and who leads peers by example and with ethics and integrity to bring new technology to reality and optimize success.

Senior Program Manager (2012 Present)

Capitalize on the opportunity to establish and manage forxxxxxxrd-thinking General Data Protection Regulation (GDPR) projects for Skype for Business and Microsoft teams to achieve real-time communications services and maximize ongoing compliance. Serve as the go-to control owner for high-value privacy, data handling, risk management, and training provided evidence to internal / external auditors. Consolidate obligations from Microsoft Privacy Standard, Microsoft Online Services Privacy Statement, Microsoft s Online Services Terms, data regulations from multiple jurisdictions, ISO / IEC 27001, ISO / IEC xxxxxx, the Health Insurance Portability & Accountability Act (HIPAA), Service Organization Controls (SOC), and FedRAMP to define privacy and data handling policies for Enterprise Cloud services. Seamlessly translate policies into actionable engineering requirements implemented by softxxxxxxre developers, service engineers, and staff who create, manage, and support Microsoft s Enterprise Cloud services. Coordinate and manage critical privacy incident responses by actively with the team that committed the violation, as well as Legal and Corporate Affairs (LCA) and public relations staff to assess impact; stabilize situations; and create reactive and proactive communications for impacted customers. Perform as Technical Lead in the development of integral new security baselines, guidance, and tools for SQL Server 2012, and negotiate contracts with vendors and research of staff of 3 consultants.

  Co-developed security baselines and guidance for Windows Server 2012 and Windows 8.

  Created and led a dynamic security training and axxxxxxreness program for Microsoft Azure staff.

  Led security champions through risk assessment, and worked with security and compliance leaders.

  Initiated an Enterprise risk management program in collaboration with corporate risk management.

  Designed Cloud and Enterprise privacy programs as Privacy Manager to ensure softxxxxxxre / services met policies, contractual commitments, and requirements of commercial and government standards.

  Created a new process for conducting and tracking privacy and data handling reviews by developing Team Foundation Services work item template for 300+ online services and key softxxxxxxre products.

  Improved customer satisfaction through proactive oversight of customer communications via TechNet Forums, Microsoft Connect, and the team s feedback alias; averaged 75 contacts per month.

Yyyyyy x. yyyyyy ￨ (xxx-xxx-xxxx Page Two

Program Manager ￨ Sales Solutions Specialist Security ￨ Consultant (2000 2007)

Strategically steered collaborative relationship-building among lucrative agencies responsible for coordinating and managing information security policies for the U.S. government, including the Office of Management & Budget (OMB), the National Institute for Standards & Technology (NIST), the National Security Agency (NSA), and the Defense Information Systems Agency (DISA). Maximized bottom-line performance by driving sales of Microsoft security products to U.S. federal government agencies. Developed and launched the Government Systems Hardening Program (GSHP) to serve as a collaborative effort between Microsoft and globally based government agencies (i.e. NSA, NIST, DISA, DHS, NATO, Germany s BSI, UK s CESG) to create and publicize common baseline configurations for hardening Windows 2000, Windows XP, and Windows Server 2003. Spearheaded development of simplistic design for large-scale clients, including ensuring seamless client log-in performance, enhancing workstation and network server security, and building custom tools using VBScript for managing Group Policies.

  Regularly collaborated with high-profile Aetna, MassMutual, and FM Global.

  Designed, tested, and implemented Active Directory and critical Group Policies.

  Achieved project goals to optimize log-in performance and enhance network security.

  Increased security product sales revenue 100% over previous year in FY06 and by 500% in FY07.

  Authored Microsoft Security Guidance Center, TechNet, and Knowledge Base documents / articles.

  Built strategic relationships with C-level security executives across multiple U.S. government agencies.

  Conceptualized, developed, and launched Microsoft s Government Systems Hardening Program (GSHP).

Independent Consultant

Utilized broad scope of industry knowledge toxxxxxxrd serving as a resourceful Subject Matter Expert (SME) recognized for developing comprehensive knowledge and guidance available in Microsoft s Security Compliance Manager (SCM) a valuable application for viewing, updating, and exporting security baselines across diverse formats, including DCM configuration packs; SCAP; group policy; and Excel for Windows, Office, Exchange, and other products. Developed and managed Security Content Automation Protocol (SCAP) content for Windows XP, Windows Vista, and Windows 7 security baselines in support of NIST s USGCB program. Led initiatives as the Program Manager for Microsoft s System Center Configuration Manager (CCM) extensions for SCAP a suite of tools using Desired Configuration Management (DCM) feature in Configuration Manager 2007 to scan computers and generate reports in SCAP formats documenting strict compliance with FDCC mandate.

  Served as a valuable consultant for the National Institute of Standards & Technology (NIST).

  Created guidance for the federal agencies Federal Desktop Core Configuration (FDCC) mandate.

  Contributed to numerous NIST documents, including special publications between 2008 and 2012.

Senior Windows NT Platform Architect Genuity (f/k/a BBN Planet) 1999 2000

Senior Consultant Collective Technologies 1997 1999

Bachelor of Arts in History (Minor in Economics) University of Texas at Austin

Certified Information Privacy Manager (CIPM) IAPP

Certified Information Security Manager (CISM) ISACA

Certified Information Systems Security Professional (CISSP) ISC²

Information Systems Security Architect Professional (ISAAP) ISC²

Yyyyyy x. yyyyyy

Resume Addendum ￨ (xxx-xxx-xxxx ￨ abc@xyz.com

Windows Server 2012 Security Baseline, Microsoft Corporation, 2013.

Windows 8 Security Baseline, Microsoft Corporation, 2013.

Internet Explorer 10 Security Baseline, Microsoft Corporation, 2013.

Exchange 2010 Security Baseline, Microsoft Corporation, 2012.

Exchange 2007 Security Baseline, Microsoft Corporation, 2012.

The Precision Guide to Windows Server 2008 Active Directory Configuration (MCTS Exam 70-640), self-published, 2011.

The Precision Guide to Windows Server 2008 Network Infrastructure Configuration (MCTS Exam 70-642), self-published, 2011.

The Precision Guide to Windows Server 2008 Applications Infrastructure Configuration (MCTS Exam 70-643), self-published, 2011.

Windows 7 Security Baseline, Microsoft Corporation, 2010.

Windows Server 2008 R2 Security Baseline, Microsoft Corporation, 2010.

Windows Internet Explorer 9 Security Baseline, Microsoft Corporation, 2010.

Office 2010 Security Baseline, Microsoft Corporation, 2010.

Windows Server 2008 Security Resource Kit, Microsoft Press, 2008.

Windows Server 2008 Administrator's Companion, Microsoft Press, 2008.

Windows Server 2008 Security Guide, Microsoft Corporation, 2007.

Author of a series of articles on Detecting and removing rootkits in Windows at searchwindowssecurity.techtarget.com.

Contributor to many of the articles located at the Microsoft Security Guidance Center website including Selecting Secure Passwords, Enforcing Strong Password Usage Throughout Your Organization, Network Ports Used by Key Microsoft Server Products, Securing Windows 2000 Professional Clients in a Windows Server Environment, and Securing Windows XP Professional Clients in a Windows Server Environment.

Author of Microsoft Knowledge Base article Port Requirements for Microsoft Windows Server System, Microsoft Corporation, 2004.

Microsoft Security Risk Management Guide, Microsoft Corporation, 2004.

Windows Server 2003 Security Guide, Microsoft Corporation, 2003.

Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP, Microsoft Corporation, 2003.

Windows XP Security Guide, Microsoft Corporation, 2003.

Microsoft Security Solution Securing Windows 2000 Server, Microsoft Corporation, 2003.

MCSE Microsoft Windows XP Readiness Review; Exam 70-270, Microsoft Press, 2001.

MCSA Managing a Microsoft Windows 2000 Network Environment Readiness Review; Exam 70-218, Microsoft Press, 2002.

Contributing author to the SANS Institute FAQ, viexxxxxxble online at: http://www.sans.org/IDFAQ/ID_FAQ.htm.

Yyyyyy x. yyyyyy

Resume Addendum Page Two ￨ (xxx-xxx-xxxx ￨ abc@xyz.com

MCSA/MCSE Self-Paced Training Kit (Exam 70-350): Implementing Microsoft Internet Security and Acceleration Server 2004. http://www.microsoft.com/MSPress/books/8183.asp.

A+ Certification Readiness Review." http://www.microsoft.com/mspress/books/5356.asp.

MCSE Training Kit: Designing a Microsoft Windows 2000 Network Infrastructure. http://www.microsoft.com/mspress/books/4679.asp.

MCSE Readiness Review Exam Exam 70-216: Implementing and Administering Windows 2000 Network Infrastructure. http://www.microsoft.com/mspress/books/2539.asp.

MCSE Readiness Review Exam Exam 70-210: Installing, Configuring, and Administering Windows 2000 Professional. http://www.microsoft.com/mspress/books/2538.asp.

Presented Overcoming Technical Challenges in the Windows Baselines at NIST s 2010 IT Security Automation Conference.

Presented Understanding the Greatest FDCC Technical Challenges at NIST s 2009 IT Security Automation Conference.

Presented FDCC Technical Discussion at NIST s 2008 Security Automation Conference.

Participated in the FDCC Challenges: Settings and Implementation panel at NIST s FDCC Implementers Workshop, January 2008.

Presented Locking Down Windows at NIST s Security Automation Conference & Workshop, September 2006.

Presented a talk called Detecting and Removing Rootkits in Windows at the RSA Conference, February 2005.

Recorded a webcast on Detecting and removing rootkits in Windows for searchwidnowssecurity.techtarget.com, May 2005.

Presented several sessions on group policy and identity management at Microsoft TechEd in Hong Kong, China, August 2004.

Presented Using Security Risk Management to Increase Customers Satisfaction at the Microsoft Worldwide Partner Conference, July 2004.

Presented a session titled Security Risk Management Discipline at the Microsoft Global Briefing, July 2004.

Delivered chalk-talks sessions on Security Risk Management Discipline and Antivirus Defense in Depth at Microsoft TechEd in San Diego, California, May 2004.

Presented a talk called Vulnerabilities, Threats, and Countermeasures in Windows Server 2003 at the RSA Conference, February 2004.

Presented a talk entitled Securing Windows Servers and Clients and a two day seminar on securing Windows Server 2003 and Windows XP at the Microsoft Global Briefing, July 2003.

Presented Practical Security Lockdown and Hardening Techniques for IT Professionals at Microsoft TechEd in Dallas, Texas, June 2003.

Presented a talk called The Windows Server 2003 Security Guide: Many Roads to Hardened Servers at the Microsoft Federal Security Summit, June 2003.

Led a discussion panel on the future of Interactive Entertainment at the SXSW conference, March 1996.