PO Box 592241
San Antonio, TX 78259
210-239-9763
stephen@stephenhargrove.com
EXPERIENCE
Information Security Officer
Manager, Information Security Administration, UTHSCSA; San Antonio, TX – 2013 - Present
- Research, recommend, and assist in implementing solution to manage a full range of devices on Windows, Mac, Linux, iOS and Android platforms, from provisioning, configuration management, and security.
- Research, recommend, and assist in implementing identity automation solution.
- Implement and monitor DLP solutions, such as FairWarning and Identity Finder.
- Responsible for writing and updating institutional security policies.
- Implement and monitor the institutional private cloud.
- Oversee and manage all security related customer training initiatives.
- Ensure full compliance for all workstation and laptop operating system and third party patching.
- Secure, manage, and support mobile devices via the institutional MDM initiative.
- Implement and monitor customer-facing password reset solution.
- Oversee yearly institutional risk assessments, including PCI and HITECH Meaningful Use.
- Develop and maintain server hardening standards and secure configurations.
- Perform continuous vulnerability assessments and remediation for workstations and servers.
- Ensure full compliance for encrypting all workstations and laptops.
- Direct and implement the necessary controls and procedures to cost-effectively protect information assets from intentional or inadvertent modification, disclosure, or destruction.
- Provide guidance and direction for the physical protection of information systems assets to other functional units.
- Provide guidance to the CISO regarding effectiveness of data security and make recommendations for the adoption of new procedures and technologies.
Senior Information Security Analyst, UTHSCSA; San Antonio, TX – 2011-2012
- Assist departments in obtaining and maintaining FISMA compliance.
- Develop and maintain policies to ensure FERPA and HIPAA compliance.
- Develop institution’s social media policy and framework.
- Develop mobile device management (MDM) policies and implement supporting technology.
- Implement and manage Qualys vulnerability scanner.
- Implement and manage workstation patch management and compliance solution.
- Investigate and implement ideas to more seamlessly integrate Apple products.
Enterprise Security Analyst II, TTUHSC; Lubbock, TX – 2007-2011
- Maintain and monitor TippingPoint IPS.
- Monitor Forefront incident logs.
- Define policy and maintain McAfee ePO and VirusScan.
- Monitor network traffic on QRadar.
- Monitor server vulnerabilities with Qualys and assist with patch management.
- Assist Networking with internal and external DNS.
- Administer Juniper firewalls.
- Perform forensic examinations to ensure policy compliance.
- Review policies and usage to ensure HIPAA compliance.
- Evaluate security products for possible implementation.
Lead System Administrator, TTUHSC; Lubbock, TX – 2002-2007
- Managed and monitored Tripwire to ensure configuration/change management compliance.
- Researched, recommended, and implemented solutions for mitigating identified risks.
- Assisted Security in developing anti-virus policies for institutional servers.
- Managed and maintained Microsoft Exchange clusters.
- Monitored and managed all enterprise servers via Nagios.
- Managed and maintained VMware Infrastructure 3.
- Developed and maintained access control policies.
- Wrote and implemented disaster recovery policies and procedures for data center.
- Redesigned data center from the ground up to ensure Tier 4 compliance.
- Assisted in Samba/Active Directory integration.
- Oversaw all data center activity and work order performance.
- Maintained 99% uptime for all systems.
Stace Williams Law Firm, Lead Litigator; Lubbock, TX – 2001
- Civil litigation.
King & Gregory, Associate Attorney; Odessa, TX – 2000
- Bankruptcy.
- Civil and criminal litigation.
Solo Practitioner; Odessa, TX – 1998-2000
- Civil and criminal litigation.
- Civil and criminal appellate.
Law Office of Steven Clack, Associate Attorney; Andrews, TX – 1996-1998
- Civil and criminal litigation.
- Civil and criminal appellate.
Team Leader, Consumer Products Division, Texas Instruments; Lubbock, TX – 1991-1993
- Coded, maintained, and managed team responsible for worldwide marketing systems.
Programmer, Consumer Products Division, Texas Instruments; Lubbock, TX – 1988-1990
- Coded, maintained, and managed team responsible for worldwide accounting systems.
System Programmer, Texas Instruments; Dallas, TX – 1986-1988
- Coded and maintained accounting systems for the Defense Systems Equipment Group.
EDUCATION
- Texas Tech University School of Law, Lubbock, TX – JD, 1996
- Texas Tech University, Lubbock, TX – BBA, MIS, 1986
CERTIFICATIONS
- CISSP – 2010
Retired
- SPI Dynamics WebInspect – 2007
- GCFA – 2009
SKILLS
Programming Languages
- Perl, Ruby, Unix shells (bash and csh), SQL, PHP, COBOL, some C/C++ and Python.
Operating Systems
- OS X, Linux (Debian, Ubuntu, Gentoo, Redhat), Microsoft Windows.
Database Software
- MySQL, Postgres, MS SQL Server, Microsoft Access.
Web, Email Servers and Spam Solutions
- Apache, IIS, Postfix, Sendmail, Exchange, SpamAssassin, Greylisting, Antigen, Forefront.
Networking Services and Software
- DNS (ISC, Microsoft), DHCP (ISC, Microsoft), Microsoft Clustering and Network Load Balancing, Active Directory, LDAP, Nagios.
Enterprise Security Tools
- Qualys, Absolute Manage, Juniper Firewalls, QRadar, TippingPoint, McAfee ePO, McAfee VirusScan.
Virtualization
- VMware Infrastructure 3, VMware (Windows, Linux, Mac), Parallels Desktop for Mac.
Development and Security Software
- CVS, Sourceforge Development Management Software, Sleuth Kit, SIFT Workstation, EnCase, Nmap, SSH, Tripwire, PGP, Ethereal, Snort, Netcat, TCPDump.
REFERENCES
- Available upon request.