79 Remington Lane

Aliso Viejo,

CA  92656

Phone 1 - 949-215-2883

Fax      1 - 949-767-5694

E-mail hermann@tnn.com

Objective:

To design and manage, Secure Information Management Systems, for the Health Care Industry.  Providing cost effective on-time compliance with HIPAA and ISO 17799.

Qualifications:

Over 20 years experience in all aspects of IT, specializing in Information Security, Privacy and System Interconnection.

15 years Security Network Design

Chief Consultant on most secure network in the USA, Strategic Air Command – Omaha Nebraska.   The communications centre selected as the most secure command and control center by the Secret Service. President Bush was rushed to the location aboard Air force on September 11^th.  The system includes both commercially available products and some specifically designed and manufactured for this application

• Network Design
• Firewalls Selection and Implementation
• Intrusion Detection Systems
• Routers
•  Switches
•  Hubs
• VPN’s
• Access Control
• Encryption Systems
• Fiber Optics
• Tempest

15 Years experience designing Computer Interconnection Systems

Including the design and deployment of 60,000 node GM Dealer Order Entry System. Experience in using the following Interconnectivity methodologies:

• EDI
• MAP
• Multiple Forrest Interoperations Management
• Data Transparency
• OSI Open Systems Interconnection
• ANSI X12
• X.400
• X.500
• LDAP
• XML
• .NET
• HCFA
• HIPAA

In Depth understanding of Computer Operating Systems including:

• Window NT, 2000, XP and .net (Microsoft Certified Systems Engineer)
• UNIX
• Linux
• Mainframe (IBM UNISYS CDC CRAY)
• CISCO IOS and PICS

16 Years Information Security (Design, Management, Implementation and Auditing) as describe in the International Standards Organization ISO 17799.

My Experience covers all 10 identified key areas of Information Security.

1. Business Continuity Planning

2. System Access Control

• To control access to information
• To prevent unauthorized access to information systems
• To ensure the protection of networked services
• To prevent unauthorized computer access
• To detect unauthorized activities.
• To ensure information security when using mobile computing and tele-networking facilities

3. System Development and Maintenance

• To ensure security is built into operational systems;
• To prevent loss, modification or misuse of user data in application systems;
• To protect the confidentiality, authenticity and integrity of information;
• To ensure IT projects and support activities are conducted in a secure manner;
• To maintain the security of application system software and data.

4. Physical and Environmental Security

• To prevent unauthorized access, damage and interference to business premises and information;
• To prevent loss, damage or compromise of assets and interruption to business activities;
• To prevent compromise or theft of information and information processing facilities

5. Compliance

• To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements
• To ensure compliance of systems with organizational security policies and standards
• To maximize the effectiveness of and to minimize interference to/from the system audit process.

6. Personnel Security

• To reduce risks of human error, theft, fraud or misuse of facilities;
• To ensure that users are aware of information security threats and concerns, and are equipped
• To support the corporate security policy in the course of their normal work
• To minimize the damage from security incidents and malfunctions and learn from such incidents.

7. Security Organization

• To manage information security within the Company;
• To maintain the security of organizational information processing facilities and information assets accessed by third parties.
• To maintain the security of information when the responsibility for information processing has been outsourced to another organization.

8. Computer & Network Management

• To ensure the correct and secure operation of information processing facilities;
• To minimize the risk of systems failures;
• To protect the integrity of software and information;
• To maintain the integrity and availability of information processing and communication;
• To ensure the safeguarding of information in networks and the protection of the supporting infrastructure;
• To prevent damage to assets and interruptions to business activities;
• To prevent loss, modification or misuse of information exchanged between organizations.

9. Asset Classification and Control

10. Security Policy

• To provide management direction and support for information security.

Detailed Knowledge of  Access Security Methods and User Profile management

• X.500
• LDAP
• Active Directory
• Roaming Profoiles
• Kerberos

Experience in Programming and Systems Design

• Visual Basic
• JavaScript
• JAVA
• Pearl
• FLASH
• FrontPage
• C
• CGI
• .NET
• HTTP
• ASP
• XML

20 Years Experience as an Business System Analyst and Consultant on 4 Continents using the skills of:

Business Case Development – ROI

Project Management – Microsoft Project 2000 and WEB based project management

Client Requirements Planning

Gap Analysis

Implementation Planning

Request for Proposal Generation (RFP)

Proposal Evaluation

Contract Negotiation

Data Convergence and Legacy System Integration

Project Tracking and Reporting

Testing and Production Control Testing

16 Years of  Software Experience

PowerPoint

Word

Excel

Project

Access

Visio – Enterprise

Front Page

WebTrends

SQL

Systems Expertise in applying the ISO 17799 (The International Standards Organization’s Security and Privacy Template to ensure “A comprehensive set of controls comprising best practices in information Security”) to ensure HIPAA compliance.

Proficiency in the use of the Risk Consultant set of Assessment Tools and Audit methodologies that will objectively and meticulously evaluate and explain an organization current compliance position, with respect to each section of ISO17799 and the HIPAA provisions. 

Perfected a methodology to identify procedures, policies and systems with shortcomings and provide a detailed “PROJECT PLAN and MANAGEMENT TRACKING PROGRAM” to ensure cost-effective, on-time compliance for HIPAA.

Certified Microsoft Systems Engineer (MCSE 200) with specialization in Windows 2000 Active Directory Security Design.

Cisco, Lucent and Nortel - Router and Switch - Network Designer and Security Auditor

12 Years experience in International Network and Security Consulting.

Lead presenter in International Networking and Security Seminars on 4 Continents.

History of some Past Successes

·         2001 – 2002 Designed and developed the HIPAA compliance program for Proactive Pharmacy, a division of Leggett and Platt Inc. (A Fortune 500 Company)

·         1998 -2001 Investigated and Implemented VLAN, MPLS VPN and other recent network technologies for The Jefferson County Fiber Optic Network. As chief designer, I integrated all categories of VOICE/DATA/VIDEO systems and finally cost justified the construction and deployment of a county owned, County Wide Private Fiber Optic Ethernet, which accomplished all of the design criteria for the least cost. This included the deployment of Wide Area Fiber Optic Rings, installed both above and below ground, on the all the major arteries of the county.  The County Wide project involving several hundred of schools, museums and universities and thousands of nodes, was brought in under budget and on time.

·         1982- 1999 AT&T – Implemented the strategic and technical initiatives “designed for Telecommunications executives and managers responsible for the strategic planning and implementation of networks…provide a general understating of future network technologies.  It examines the impact of technologies such as SONET and ATM in the context of increased competition and the Information Superhighway.”  

·         1990-2000 Strategic planning and technical issues assessment relating state of the art development of the BELLSOUTH strategic Network Initiative program. I was one of two consultants working with Duane Ackerman the CEO and other Senior Executives of BELLSOUTH a $40 Billion World Wide Network and Information Delivery Leader and second largest Wireless provider in the US.

·         1990-2000 Provided direction on strategic plans and technical issues relating to the more recent technical issues BELLCORE Tech Strategy for 21st Century Telecommunication Infrastructures.

·         1982-1985 Designed and developed the LANs & WANs for US Air Force - Strategic Air Command SecureNet – OMAHA Nebraska - Lead Network Architect and Information Security Consultant (details- restricted)

·         1980-1984 Designed and developed the LANs/WANs Application Design and Project Management for General Motors Dealer Order-entry Network – for a network of over 60,000 dealers.

·         1984-1999 Provided direction on strategic plans and technical issues relating to the more recent technical issues for LUCENT and Bell Labs on ISDN, SONET, ATM, MANS, 5ESS Centrex, High speed Switching and Wireless Systems like G3 and beyond.

• 1982-1997 NORTEL Implemented the strategic and technical initiatives for the Meridian and DV1 range of products to provide high speed broadband Voice and Data switching.

• 1996-1998 Department of Telecommunications of the Indian Government on behalf of LUCENT implemented the strategic and technical initiatives for G3 Wireless and Fiber Optic Infrastructures for the 21st Century – 1 Billion person sub-continent.

Most Recent Certifications

• Microsoft Certified Systems Engineer (MCSE-2000)
• Microsoft Certified Trainer (MCT-2002)
• Microsoft Certified Professional (MCP)
• Cisco Certified Network Associate  (CCNA) – (CCNP, CCIE in Progress)
• Recipient of “Early Achiever – MCSE 0n Microsoft Widows 2000” award. for completing The 3 Windows 2000 Design Courses:
1. Designing a Microsoft® Windows® 2000 Directory Services Infrastructure.
2. Implementing and Administering a Microsoft® Windows® 2000 Directory Services Infrastructure.
3. Designing Security for a Microsoft® Windows® 2000 Network

               Within 10 days of the availability of the official exam.

Recent Papers, Presentations
and Seminars:

• Information and Data Security
• LANs, MANs, and WANs: Gateways, Bridges, and Interconnection
• Network Management - The key to Customer Control
• Network Service Providers to Application Service Providers Transition Training
• Electronic Business - Profit from It Now!
• Hubs, Bridges, Switches, Routers and Gateways The building blocks for Enterprise Networks

.

References

Available upon request