• I was tasked with performing a PCI compliance audit in preparation for the company's PCI-DSS 3.2.1 assessment.
• As an Information Security Consultant, I was responsible for:
• Performing internal testing of controls to support PCI-DSS 3.2.1 assessment
• Collect evidence to support security controls and perform analysis on evidence to ensure compliance with existing IT controls
• Generate compliance status reporting
• Report findings for each Control in accordance with the guidelines prescribed for the Report on Compliance (ROC)
• Maintain the IT compliance documentation repository (Service Now, GRC)
• Track and manage action plans for the resolution of issues identified during the audit. Perform analysis and reporting of compliance gaps
• Provide expert support and mentoring on maintaining and creating information security policies and procedures
• Provide internal consulting on security technologies and design
- Information Security Consultant at TOMS Shoes
- IT Director of Security and Service Management at US AutoParts
- Director, Information Technology at Damco Distribution Services, Inc
- Project Manager/IT Director at Wood Data Communications, Inc
1 month at this Job
Information Security Manager (Audits, Compliance, CA Privacy and Controls) Infrastructure Analyst/Compliance CSAA Technology Operations
- Information Security Consultant at AAA
- Bus. Systems Consultant 6 at Wells Fargo
- Sr. Business Systems Analyst at American Express
- Lead Technical Writer at First American Title
2 years, 9 months at this Job
- - IT and Excel Management
• Risk Management - Program Manager. Assisted in development of a multi-tier risk management process based on NIST 800-53, ISO 27001 and ISO 31000 standards; led stakeholder engagement to assess and treat risks across international regions; educated stakeholders about the information risk management process; documented, analyzed and compiled risk assessment results; tracked risk treatment solutions.
• Project Management - Created technical requirements for data migration from SharePoint to SaaS Platform for efficiency and automation; developed use cases for multi-tier risk management database; planned and managed projects related to gap analysis, risk management, vendor management and security audits; scheduled and led meetings with internal and external stakeholders; recognized process improvement opportunities and implemented solutions.
• ISO 27001 Compliance - Conducted gap analyses of information security controls and documented the results; led the remediation of compliance gaps with internal stakeholders; analyzed vendor information security qualifications; reviewed standards and policies to verify compliance with ISO 27001.
• Information Security Audits - Planned internal and external audits of company's information security management system; coordinated with internal and external auditors; monitored progress and completion of audits; prepared corporate business unit teams by collecting ISO 27001 Annex A control related evidence for multiple audits.
• Information Security Management System - Information Security (ISMS) Manager. Led the planning, deployment and administration of a holistic information security management system; served as subject matter expect on information security and ISO 27001 compliance; developed executive-level risk reporting and metrics.
- Senior Information Security Consultant at Avanade Inc
- Intelligence Specialist at U.S. Navy
1 year, 10 months at this Job
- Bachelor of Science in Cybersecurity - Cybersecurity
Currently spearheading the development and execution of a full spectrum of IT security standards, which includes implementing comprehensive IT security risk assessments and instituting methods on addressing security incidents. Deliver support in the monitoring of IT Information Security programs and development of business continuity plans. § Act as a subject matter expert by architecting strategic cybersecurity awareness programs and security plans; guiding stakeholders on handling threats; and establishing a successful process for security incident reporting. § Continuously exhibit analytical abilities by reviewing IT security exceptions, mitigating controls, and exit strategies, as well as monitoring security vulnerabilities and hacking threats across network and host systems. § Successfully performed HIPAA IT security risk assessments for 12+ prominent healthcare clients.
- Information Security Consultant at DIGETECH INC
- Senior Information Security Executive at Cp Corp
- Professor and Researcher at UNIVERSITY OF PUERTO RICO AT MAYAGUEZ CAMPUS
6 years at this Job
- Ph.D - Information Technology
- Master of Science - Information Technology
- Bachelor of Science
Independently manage and execute information security consulting, including but not limited to: Chief Information Security Officer (CISO) services, cybersecurity services, and in-depth vulnerability assessments with Plan of Actions & Milestones (POA&M) execution resulting in more efficient client operations and a stronger security posture. § Proactive information security project and staff management with a high level of client success and satisfaction. § Implementation of industry best practices including, but not limited to: NIST CSF, NIST 800-37 (RMF), NIST 800-53, ISO 27000, and FISMA.
- Senior Information Security Consultant at PARAGON CYBER SOLUTIONS
- Chief Security Officer (CSO) / Facility Security Officer (FSO) / Cyber Program Manager at OMNI TECHNOLOGIES
- Senior Information Assurance Engineer at CACI International Inc
- Information System Security Manager/Senior Information Assurance Engineer at DATA TACTICS CORPORATION
2 years, 9 months at this Job
- Master of Science in Information Security and Assurance - MSISA
- Bachelor of Science in Business - Business/IT Management
Industries include: Financial services and regulation, healthcare, SCADA, & software development firms.
• Worked with executive management to align business objectives with those of the information security department.
• Developed relationships with business leaders through networking events to obtain new leads for security projects.
• Assisted with and perform duties required to set budgets and acquire security technologies including obtaining quotes and assessing technologies.
• Performed and assisted with design of network and security architecture and controls to meet business and security objectives.
• Created a security awareness training program.
• Reviewed cloud migration projects for security flaws and concerns.
• Performed risk assessments and provided mitigation recommendations.
• Acted as a subject matter expert for SIEM, and malware protection systems, cloud security and policies.
• Provided incident response, forensics and post incident remediation.
• Lead Security Information and Event Management deployment and coordinated the effort across the enterprise.
• Evaluated the network and server/workstation systems for security flaws and recommended risk mitigation controls.
• Assisted members of the organization with security related questions or issues.
• Provided information security subject matter expert consulting to business and project teams.
• Ensured PCI compliance though gap analysis and advised client on suggested controls.
• Evaluated Statements of Work (SoW), Request for proposals (RFPs) for key deliverables related to cyber security and data loss prevention initiatives.
• Performed information security analysis and assessments on new systems, network devices, and applications with recommendations and assessment.
• Deployed network access controls and ensured infrastructure devices enforced polices for non-compliance.
• Integrated network switches to the NAC through network scanning and network logical and physical topology feedback from clients.
• Developed custom Python scripts to leverage automation for efficiency.
• Investigated incidents of potential compromises and directed remediation efforts.
- Information Security Consultant at Incurvo Inc
- Senior Security Analyst, IPC - Governance Information Technology & Risk at Management Department
- Security Analyst, Tier III/II at Sentry Metrics Inc
- Firewall Support Analyst at
4 years, 2 months at this Job
- - Business Administration
Tests, assess, and document security control effectiveness Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls
● Employ NIST SP 800-60 and FIPS 199 to categorize information and information systems to Low, Moderate or High in order to determine the potential adverse impact for each security objective (CIA).
● Use Risk Management Framework (NIST 800-37 rev1) to help different system stakeholders to develop and maintain Authorization to Operate (ATO) packages for their information systems such as SSPs, SARs & POA&Ms
● Create and review security artifacts such as Contingency plans (CP), Contingency Plan Tests (CPT), Configuration Management (CM), Privacy Impact Assessment (PIA), Incident Response (IR) etc., per NIST 800 guidelines for various agencies.
● Monitor controls post authorization to ensure continuous compliance with the security requirements by regularly reviewing the Nessus scan results and collaboration with the IT team for mitigation actions.
● Develop and maintain effective continuous monitoring program that is capable of managing, controlling and documenting changes to information system and its environment of operation.
● Trained and guide clients using (NIST 800-37 rev1) on the process of obtaining and maintaining Authorization to Operate (ATO) and the required security documentation.
● Conducted meetings with the CISO and system stakeholders prior to assessment engagement.
● Conducted kick off meetings with assessment stakeholders to discuss the assessment scope, timelines as well as roles and responsibilities of involved parties.
● Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security related policies.
● Perform information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
● Document and finalize the Security Assessment Report (SAR) based on the findings discovered from the Security test and Evaluation (ST&E).
- Information Security Consultant at Douala IT
- Cyber Security Analyst at Baltimore County Public School
- Administrative/ Office support duties at Community College of Baltimore County
3 years, 8 months at this Job
- Bachelor of Science
India Responsibilities: ◦ Perform regular network vulnerability testing, risk analyses, and cyber security assessments; interpret and document results, recommend and implement corrective actions ◦ Provided review and analysis of vulnerability scan results from tools such as Nessus, Qualys, WebInspect, IBM AppScan, Burp Suite, etc. ◦ Reviewing vulnerability scanner results and ensuring vulnerabilities have been remediated ◦ Working with code scanning products to triage potential vulnerabilities ◦ Design, implement and monitor security measures for the protection of web sites, networks and information privacy. ◦ Experience in analyzing high volumes of logs, network data (e.g. Netflow, FPC) and other attack artifacts in support of incident investigations ◦ Keep up with intrusion detection and logging alerts and determine their impact on the environment ◦ Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis to analyze and triage cyber security events e.g. SIEM (QRadar, Splunk) IDS, IPS, firewall, etc. and perform continuous hunt activities across the environment. ◦ Source Code review by using automated tools like IBM app Scan, Fortify, Web Inspect. ◦ Conducting Risk Assessment and Threat Modeling to find flaws in an Application. ◦ Analyze test findings and of security vulnerabilities found and collaborate with engineering and development teams to provide mitigation steps to reduce the vulnerabilities. ◦ Reporting correlating events across multiple systems and areas of the network that identify a potential security incident, initiating the security incident response process to ensure that the situation is contained and addressed accordingly. ◦ Develop the Queries in Qradar Log Manager Tool to check the integrity of event and flow logs to determine if the logs were modified. ◦ Perform QRadar Incident Forensics. which helps to search, verify that an incident occurred, determine the severity, reconstruct the event, review it, determine the root cause, and take corrective and preventative action. ◦ Developed tools and techniques to conduct static and dynamic analysis of malware, including building a lab environment ◦ Use honeypots to acquire live malware committing impression fraud and analyze its activity ◦ Developed Websites for CTF, IP scanner and Malware Scanner using Ruby on rails. ◦ Presented high quality reports of the identified vulnerabilities to the senior management of the assigned clients along with the steps, overflow and timelines for fixing vulnerabilities. Environment: Unix/Linux/Windows, Qualisys, QRadar, Burp Suite, Metasploit, Splunk, Snort, Nessus, Nmap, Wireshark, VMware, IDA pro, GDB, WebInspect, Fortify, AppScan, Python, Assembly, Bash, Cuckoo, SQL, Ruby on Rails, Git, SQLmap.
- Information Security Consultant at Defence Research and Development Organisation
- Jr. Security Engineer at Hicubes PVT.Ltd
2 years, 4 months at this Job
- Master of Science - Cyber Security
Deliver virtual CISO professional services consulting company executives, developers and project management teams to develop, manage, review and audit information security policies for on-premises, cloud and virtual environments.
• Deliver risk assessments for companies providing an analysis of overall security posture, business process improvements and risk treatment options.
• Applied CIS Critical Controls, NIST-CSF and ISO 27001 standards for system hardening, security program management, policy implementation and research.
• Perform security audit assessments and campaigns utilizing trusted industry tools (e.g., Qualys, Burp Suite, LUCY, Kali Linux, Metasploit, Nessus and manual security tools).
• Conduct SOC 2 and GDPR readiness assessments for SaaS companies working with FICPA Board member service auditors.
• Experience conducting pre-sales and RFP information security consulting and preparation with business partners to enhance service delivery for potential clients.
• Provide systems administration services and security solutions to configure, deploy and manage AWS, VMware and on-premises environments.
- Information Security Consultant, Owner at PLANCKSEC CONSULTING LLC
- Senior Systems Administrator at CRITERION SYSTEMS
- Senior Systems Administrator at DIGITAL MANAGEMENT INC
- Systems Integration Analyst / Systems Administrator at SAIC
3 years, 6 months at this Job
- M.S. in Cybersecurity - Cybersecurity
- - Electronic Systems Technology Management
Established GDPR policies achieving business compliance with EU regulations Developed best practices and security standards using NIST to safeguard business assets Increased employee compliance through awareness training using behavioral theories Advanced employee knowledge about phishing and secure passwords by developing safe use guidelines Increased device and data security using device encryption and VPN connection Successfully rolled out and managed the organization’s Information Security Management Plan Established the organization’s Information Security Governance including its Data Classification Policy Incident Response, Access Control, and other critical security standards. Analyzed and evaluated risk management reports and vulnerability scans Interviewed organizational executives and key staff to discover current security practices
- Information Security Consultant at Willworth International Ltd
- Manager at Papa John's International
- Manager of Operations at Rish's Building Company
2 years, 7 months at this Job
- Master of Science - Information Systems
- Bachelor of Arts - Psychology