JOSEPH M.

SNOW
4708 Mill Crossing W.
Colleyville, TX 76034
817-705-9374 js11241d0@westpost.net
SUMMARY
Innovative Information Security professional who has managed a variety of enter
prise wide projects, developed security awareness and training programs, and led
other professionals to carry out cost saving security programs. Strong busines
s and technical qualifications with an expanding track record in the field of in
formation security and privacy. Entrepreneurial business experience as well as
successful performance within varied corporate structures. Motivational speaker,
trainer, and leader with accomplished presentation skills. Critically analyzes
an organization's security and business requirements, identifies deficiencies an
d potential opportunities, and develops innovative and cost-effective solutions
for infrastructure, secure systems, and business process.
AREAS OF EXPERTISE
* Information Security: Database, Email, Encryption, Networks, Wireless, Vulnera
bility, IDS, IPS.
* Project Management: Experience with NP&SI - gated process, Nexprise, Primavera
, and SDLC tools.
* Leadership: Ability to motivate teams, negotiate, and manage projects through
difficult stages.
* Presentation: Accomplished written and oral skills: Speaker, Trainer, and Ins
tructional design.
* Compliance: COBIT, SAP/Visiprise, ITGC, ISO27002, HIPAA, PCI, ITAR/EAR, SAS 7
0, SOX.
* Privacy: GAPP, Safe Harbor, PCI and HIPAA
* Risk Management: FEMA, NIST, FAIR, GRC
* Engineering: Technological acumen, problem solving, and an ability to learn qu
ickly.
* Financial Acumen: Business development and process, fundraising, investing fun
damentals.
* Problem Solving: IT, Info Sec, and business process troubleshooting skill.
PROFESSIONAL EXPERIENCE
SNOW CONSULTING SERVICES, LLC Sept 2008 - Present
President - Owner
SCS is a Professional Services firm which supplies both security and privacy co
nsulting across a wide spectrum of information security and technology disciplin
es: Security Awareness program development, Risk Assessments, Policy and Procedu
res development, compliance assessments, privacy and business impact assessments
, technical and process control development from COBIT, NIST, ISO27002 and other
frameworks.
BELL HELICOPTER [TEXTRON] - Hurst, TX May 2007- 2010
Senior Security Team Lead & Compliance Consultant - BSM
Information Security and Compliance Team Lead for two complete Software Developm
ent Life Cycles.
(Release One GoLive: 06/18/2008; Release Two GoLive: 09/07/2010). Security Lea
d for eWIN (Electronic Work Instructions) - Enterprise project to move the manuf
acturing system from paper to electronic production orders. Designed process co
ntrol frameworks and controls according to regulatory guidelines for pre-audit c
ompliance.
Currently - BSM Compliance Team member working on Releases 3-5 with major respon
sibilities for Interface Control Reviews, Interface Control Frameworks, and both
separation of duties analysis and process control frameworks in the areas of MR
P, Tooling, Planning, Plant and Asset Maintenance, and Shop Floor Production. (P
rocesses are being migrated from legacy applications to SAP, Visiprise, Enovia,
and Kronos.).
* Designed the security structure, provisioning schema, and administration proce
dures for migration from legacy systems to ERP modules for Planning, Shop Floor
Management, and Quality Assurance.
* Transformed the design of Visiprise security to coordinate roles, permission s
ets, and profiles, in order to prepare the software implementation of the Indent
ify Management system. (Failure to recognize this design requirement would have
caused costly rework.)
* Administered access and security roles during migration of shop floor operati
ons from paper to electronic work instructions. The migration to eWIN created th
e potential for reduced headcount, and 40 % work efficiency.
* Envisioned and developed an automated method to provision all new users for a
ll three modules of SAP/Visiprise software. This design will save Bell over $10
0,000 in development fees by project end.
* Developed and validated the testing of IT General Controls, Process Controls,
Interface Controls, Separation of Duties analysis. Controls were based on AS910
0,Cobit 4.1, industry best practices and all laws and regulatory guidelines for
FAR, DFAR, MMAS, GAAS, GAAP, SOX, ITAR/EAR, and FAA.
* Served in a dual role of security administrator and compliance consultant duri
ng Release One. (Ultimate contract savings for Bell was over $100,000.

* Utilized Gated project management [NP&SI] and Agile Development Methodology to

work in collaboration with design teams and IT leadership.
* Partnered with BI to develop Business Object reports for mitigating high level
security controls.
* Consulted with the CISO, Director of Compliance, Textron Audit Services, and C
hief Legal Officer on information security and compliance issues.
CVS/CAREMARK - Irving, TX July 2002 - May 2007
Information Security Advisor
Information Security leader, responsible for Security Awareness, Email Security
, Email Encryption, Laptop Security (Encryption and HIPS), Data Security, Audit
Logging & Monitoring, and Compliance/Security Training. Policy and Procedure cr
eation and maintenance, and Incident Response team assistance.
* Director of Security Awareness: Developed new program which included a Bi-Week
ly Information Security Forum, Weekly security articles, CareTV ads, brochures,
posters, and a quarterly newsletter. (Provided in-house creative talent and trai
ning expertise which saved Caremark over $100,000 in costs).
* Co - Developed an enterprise wide training course for HIPAA to meet complianc
e requirements.
* Project Manager: Enterprise Laptop Encryption - Guardian Edge (From RFP to G
o-Live. (Negotiated lower fees for software and maintenance - saving Caremark $1
00,000 during contract).
* Project Manager: Enterprise Data Export Security solution - EP Secure Export
. HIPAA risk assessment uncovered the need to implement strong controls for pot
ential data loss. Performed RFP for Data Export solution, redesigned controls, d
eployed solution and trained users. (Saved a potential loss due to this vulnera
bility of millions in fines and loss of reputation.)
* Project Manager /Technical Lead/ System Administrator for email encryption, DL
P solution, and laptop encryption.
* Designed email encryption solution for compliance with 45 CFR Parts 160, 162,
and 164-HIPAA Security Standards & SOX. (No unencrypted laptops lost or email da
ta breach on my watch).
* Collaborated with Executive leadership and Legal Department in the development
and management of Security and Privacy Policies and Procedures. Served as manag
er of Stellent approval process and as content expert within security departmen
t. Brought policies and procedures of affiliates into compliance with corporate
guidance.
* Designed and deployed new email security audit for protection of high privileg
ed executive accounts. (Saved the company from compromise of executive level ele
ctronic correspondence. )
* Exchange SME for deployment of Email Extender - Caremark's email archiving dep
loyment.
* Provided security access and role based authentication for AS400, Tandem, SAP,
VPN, Cyclone (Axway), UNIX applications, and numerous custom web applications.
* Partnered with IT to aid in the deployment of laptop Host Intrusion Protection
Software from McAfee.
* Assisted Caremark's cyber investigation unit during incident response.
SIEMENS - Orlando, FL April - July 2002
Sr. Microsoft Exchange Consultant (contract)
* Conducted comprehensive RFP processes for new email security solutions and per
formed testing and QA
for software development.
* Provided Senior level Exchange Administration support for employee on short te
rm disability.
( Offered the position of Sr. Exchange Administrator when employee could not re
turn.)
SENSE OF HUMOR DRIVING SCHOOL , Hurst, TX February - March 2
002
Network Security Consultant (contract)
* Designed and installed new infrastructure: server, workstations, email, web se
curity, backup solution.
* Trained users on new system and new software.
* Increased productivity by over 50% with new system and processes.

VITRIA , Sunnyvale, CA
Senior Exchange Administrator August, 2000 - January,
2002
* Consistently provided 99.95 % availability at the enterprise level for the Exc
hange production environment.
* Provided email and communication support for over 1500 desktops and 350 mobil
e users.
* Collaborated with Information Security and AD Consultants as SME for design &
implementation of Active Directory and Exchange 2000.
* Project Manager for revision of corporate structure for all distribution list
s and use of Public Folders.
* Monitored Anti-Virus solution and collaborated with IT team on patch managemen
t and remediation.
* Served as Assistant-Systems Administrator for the Dallas office, assisting wit
h daily issues in the absence of the Systems Administrator.
SOFTWARE SPECTRUM - Garland, TX July, 1999 - August, 2000
Microsoft Exchange Administration Support
Partnered with Microsoft Technical Support to provide Exchange support to Admini
strators and Consultants in all major areas: disaster recovery, directory replic
ation, database repairs, anti-virus, directory maintenance, server installation,
database backup/restoration issues in multiple software platforms, and client i
ssues. Resolved over 1000 separate Exchange server disaster recovery and install
ation issues which resulted in reducing downtime for the clients by 90%.

COMPUTER SKILLS
* Operating Systems: Windows, Unix, Linux, Mac OS,
* Applications: Exchange, Microsoft Office Suite, Visiprise, SAP, SharePoint, Vi
sio, Primavera, Nexprise, Test Director, HP Quality Center, Authentica, Lotus N
otes, Encryption Anywhere, EP Secure Export, Cyclone, Aveska, Macro Scheduler,
PageMaker, PhotoShop, Panorama.
* Databases: Exchange, SQL, MS Access, Lotus, Oracle.
* Security Tools: BindView, FoundStone, BlueCoat, Nessus, OpenVas, Snort, McAfee
- ePO, NetIQ.
* Infrastructure: Servers, Networks (routers, switches, firewalls, TCP/IP), PC.

EDUCATION
BS, Mechanical Engineering - Texas A&M University - College Station, TX
Masters and Doctorate - Southwestern Seminary- Fort Worth, TX

CERTIFICATIONS & TRAINING

CISSP - Certified Information Systems Security Professional - 2005
CISA - Certified Information System Auditor - 2006
CISM - Certified Information Security Manager - 2007
CIPP - Certified Information Privacy Professional - February 2011
MCSE - Microsoft Certified Systems Engineer - (NT 4.0)
Active Directory and Exchange 2000 Training
Exchange 2000/2003 Training
McAfee Certified Intranet & Perimeter Defense Specialist
Network Security I & II