CONTACT INFORMATION
James O. (Jim) Truitt 1-770-650-5705 (home)
2115 Old Forge Way http://jotruitt.tripod.com/
Marietta, GA 30068 E-mail: [EMAIL PROTECTED]
INTRODUCTION
Over twenty years experience in all aspects of the software/system
life cycle. Progressing from Software Developer, to System Integrator,
to Task Leader, to Systems Engineer, to Information Systems Security
Professional. I have been actively involved with network, computer and
information security as an Information Systems Security Professional
since 1989.
CERTIFICATION
Certified Information Systems Security Professional (CISSP)
EDUCATION
University of Florida Math Masters/Bachelors
CLEARANCE
DoD Top Secret clearance, with SBI. (last active June 1998)
SKILLSETS
security, network security, computer security, information
security, security policy, security program, security architecture,
intrusion detection, penetration testing, security plan,
security awareness, risk management, risk review, risk assessment,
assurance, security engineer, security analyst, security consultant,
security administration, security testing, security management,
biometrics, forensics, disaster recovery, business continuity,
security audit, privacy, encryption, PKI, information warfare,
information protection, information assurance, web security,
ecommerce security, security consulting, security training,
security mentoring
LAST POSITION
Worldspan
Position: Information Security Engineer
My responsibilities as Information Security Engineer included:
Providing leadership and direction for the Worldspan Information
Security Program. Facilitating and providing guidance to the
Worldspan Security Council (VPs and Directors) and the Worldspan
Security Working Group (Managers and Administrators). Establishing
policies, standards, guidelines, procedures, and controls ensuring
the security and integrity of all Worldspan computing environments,
networks, systems, and information assets. Defining and developing
methodologies, processes and procedures for penetration testing,
vulnerability scanning, log monitoring and incident management.
Working with the Development, Roll-Out and Quality groups to
incorporate security into their respective processes. Providing
support to Internal Audit in developing and conducting security
audits and reviews. Acting as liaison with the Legal Department on
matters of electronic privacy, acceptable use, terms of service and
3rd party agreements. Assisting the Regulatory Group with the annual
European Union Audit and Worldspan privacy initiatives. Providing
security consulting and expertise to all Worldspan projects.
Promoting security awareness across the enterprise with security
web pages, security presentations and security reading rooms.
Performing risk reviews, risk assessments and product reviews for
Worldspan functional groups, such as Human Resources, Finance and
Product Development. Supporting Technical Operations and Internal
Systems with the planning and design of security solutions for all
Intranet and Internet connectivity. Assisting the Marketing Group
in responding to security questions and issues that come up as part
of the proposal process.
PRIOR PROFESSIONAL EXPERIENCE
Booz-Allen & Hamilton
Position: Senior Associate
Network Security and Information Assurance (IA) task area leader
supporting the IA Branch of N5 of the National Communications
System (NCS). This Includes supporting the Network Group (NG) and
Information Infrastructure Group (IIG) of the President's National
Security Telecommunications Advisory Committee (NSTAC). Additionally
I was involved in the Firm's Information Security (IS), Information
Warfare (IW), Infrastructure Protection (IP) and IA activities.
SSDS, Inc.
Position: Security Engineer
GlaxoWellcome Firewall migration. Supporting the customer's project
to consolidate two existing firewalls (TIS Gauntlet and DEC SEAL)
into a single new firewall (TIS Gauntlet). Involved in business
development activities. Assisted in the development of security
services offerings.
General Research Corporation International
Position: Information Systems Security Engineer
Defense Investigative Service (DIS) Integration program Information
Systems Security Engineer for the integration effort. Responsible
for the integration of security controls in the overall DIS integration
effort. Responsibilities include; review of the DIS Computer System
Security Plan (CSSP), review and refine security requirements, provide
support to the test organization for developing security test plans
and procedures, define and create a Security Integration and Test
Environment (SITE), interface with customers to resolve security
issues and develop solutions for the program, work with vendors to
assess how their products may be applied as part of the DIS security
solution, assist in the development of a Continuity of Operations
Plan (COOP) for DIS.
Harris Information Systems Division
Position: Staff Engineer
National Crime Information Center (NCIC) 2000 program Security
Engineer. Total responsibility for security in the developed
system. A major component of the security effort was the
development and integration of an intrusion detection capability.
ISDN Security Program. Exposure to ISDN protocol, ISDN services,
ISDN security, ISDN Key management services, Secure Data Network
System (SDNS) security protocol. (study)
DNS team. The DNS team designed the replacement network for NASA's
back-end DNS, migrating from dedicated point-to-point communication
lines to a true networked environment using the TCP/IP protocol
suite. Tasks dealt with computer/network security issues/concerns
associated with this migration. This culminated in a 75 page
Security White Paper and four ESRs to implement the papers
recommendations.
