PO Box 592241
San Antonio, TX 78259
210-239-9763
stephen@stephenhargrove.com

EXPERIENCE

Information Security Officer
Manager, Information Security Administration, UTHSCSA; San Antonio, TX – 2013 - Present

  • Research, recommend, and assist in implementing solution to manage a full range of devices on Windows, Mac, Linux, iOS and Android platforms, from provisioning, configuration management, and security.
  • Research, recommend, and assist in implementing identity automation solution.
  • Implement and monitor DLP solutions, such as FairWarning and Identity Finder.
  • Responsible for writing and updating institutional security policies.
  • Implement and monitor the institutional private cloud.
  • Oversee and manage all security related customer training initiatives.
  • Ensure full compliance for all workstation and laptop operating system and third party patching.
  • Secure, manage, and support mobile devices via the institutional MDM initiative.
  • Implement and monitor customer-facing password reset solution.
  • Oversee yearly institutional risk assessments, including PCI and HITECH Meaningful Use.
  • Develop and maintain server hardening standards and secure configurations.
  • Perform continuous vulnerability assessments and remediation for workstations and servers.
  • Ensure full compliance for encrypting all workstations and laptops.
  • Direct and implement the necessary controls and procedures to cost-effectively protect information assets from intentional or inadvertent modification, disclosure, or destruction.
  • Provide guidance and direction for the physical protection of information systems assets to other functional units.
  • Provide guidance to the CISO regarding effectiveness of data security and make recommendations for the adoption of new procedures and technologies.

Senior Information Security Analyst, UTHSCSA; San Antonio, TX – 2011-2012

  • Assist departments in obtaining and maintaining FISMA compliance.
  • Develop and maintain policies to ensure FERPA and HIPAA compliance.
  • Develop institution’s social media policy and framework.
  • Develop mobile device management (MDM) policies and implement supporting technology.
  • Implement and manage Qualys vulnerability scanner.
  • Implement and manage workstation patch management and compliance solution.
  • Investigate and implement ideas to more seamlessly integrate Apple products.

Enterprise Security Analyst II, TTUHSC; Lubbock, TX – 2007-2011

  • Maintain and monitor TippingPoint IPS.
  • Monitor Forefront incident logs.
  • Define policy and maintain McAfee ePO and VirusScan.
  • Monitor network traffic on QRadar.
  • Monitor server vulnerabilities with Qualys and assist with patch management.
  • Assist Networking with internal and external DNS.
  • Administer Juniper firewalls.
  • Perform forensic examinations to ensure policy compliance.
  • Review policies and usage to ensure HIPAA compliance.
  • Evaluate security products for possible implementation.

Lead System Administrator, TTUHSC; Lubbock, TX – 2002-2007

  • Managed and monitored Tripwire to ensure configuration/change management compliance.
  • Researched, recommended, and implemented solutions for mitigating identified risks.
  • Assisted Security in developing anti-virus policies for institutional servers.
  • Managed and maintained Microsoft Exchange clusters.
  • Monitored and managed all enterprise servers via Nagios.
  • Managed and maintained VMware Infrastructure 3.
  • Developed and maintained access control policies.
  • Wrote and implemented disaster recovery policies and procedures for data center.
  • Redesigned data center from the ground up to ensure Tier 4 compliance.
  • Assisted in Samba/Active Directory integration.
  • Oversaw all data center activity and work order performance.
  • Maintained 99% uptime for all systems.

Stace Williams Law Firm, Lead Litigator; Lubbock, TX – 2001

  • Civil litigation.

King & Gregory, Associate Attorney; Odessa, TX – 2000

  • Bankruptcy.
  • Civil and criminal litigation.

Solo Practitioner; Odessa, TX – 1998-2000

  • Civil and criminal litigation.
  • Civil and criminal appellate.

Law Office of Steven Clack, Associate Attorney; Andrews, TX – 1996-1998

  • Civil and criminal litigation.
  • Civil and criminal appellate.

Team Leader, Consumer Products Division, Texas Instruments; Lubbock, TX – 1991-1993

  • Coded, maintained, and managed team responsible for worldwide marketing systems.

Programmer, Consumer Products Division, Texas Instruments; Lubbock, TX – 1988-1990

  • Coded, maintained, and managed team responsible for worldwide accounting systems.

System Programmer, Texas Instruments; Dallas, TX – 1986-1988

  • Coded and maintained accounting systems for the Defense Systems Equipment Group.

EDUCATION

  • Texas Tech University School of Law, Lubbock, TX – JD, 1996
  • Texas Tech University, Lubbock, TX – BBA, MIS, 1986

CERTIFICATIONS

  • CISSP – 2010

Retired

  • SPI Dynamics WebInspect – 2007
  • GCFA – 2009

SKILLS

Programming Languages

  • Perl, Ruby, Unix shells (bash and csh), SQL, PHP, COBOL, some C/C++ and Python.

Operating Systems

  • OS X, Linux (Debian, Ubuntu, Gentoo, Redhat), Microsoft Windows.

Database Software

  • MySQL, Postgres, MS SQL Server, Microsoft Access.

Web, Email Servers and Spam Solutions

  • Apache, IIS, Postfix, Sendmail, Exchange, SpamAssassin, Greylisting, Antigen, Forefront.

Networking Services and Software

  • DNS (ISC, Microsoft), DHCP (ISC, Microsoft), Microsoft Clustering and Network Load Balancing, Active Directory, LDAP, Nagios.

Enterprise Security Tools

  • Qualys, Absolute Manage, Juniper Firewalls, QRadar, TippingPoint, McAfee ePO, McAfee VirusScan.

Virtualization

  • VMware Infrastructure 3, VMware (Windows, Linux, Mac), Parallels Desktop for Mac.

Development and Security Software

  • CVS, Sourceforge Development Management Software, Sleuth Kit, SIFT Workstation, EnCase, Nmap, SSH, Tripwire, PGP, Ethereal, Snort, Netcat, TCPDump.

REFERENCES

  • Available upon request.