Serving as Sr. Information Security Specialist for Newfield Corporate and Remote Offices. Implemented Palo Alto Wildfire Malware analysis and Dynamic threat blocking. Conducted Security Awareness and Multifactor Authentication training. Developed plan and in process of implementation of 3rd party managed SEIM. Scoped RFP and sourced vendors for Information Security Pentest. Developed and implemented Vulnerability Management Program utilizing Rapid7's Insight VM.
- Sr. Information Security Specialist at Newfield Exploration
- Information Security Engineer at Academy Sports + Outdoors
- Network Engineer at Abercrombie and Fitch
- Sr. Network Engineer at Twenty First Century Communications/WEST Corp
2 years, 2 months at this Job
- Bachelor of Science
Information Security Specialist in a PCI-DSS/HIPAA/ISO 27001 environment; responsible for managing Nessus vulnerability scanning of 5K endpoints and vulnerability remediation tracking across international geographies; responsible for LogRhythm SIEM configuration, management, and monitoring; responsible for rolling policy revision and review. HGS entry-level position as agent for Prudential Financial’s Global Business and Technology Services IT help desk supporting the Prudential workforce globally.
- Information Security Specialist at HGS USA, LLC
- IT Help Desk Agent at General Dynamics Information Technology
- IT Help Desk Agent at ASAP Managed Services
- Technology Sales Representative at Image Incentives
4 years, 2 months at this Job
- Bachelor of Music
Understand the Systems Development Life Cycle (SDLC) framework and related processes, Risk Management Framework. Experienced in Security Assessment and Authorization (A&A) process formerly C&A. Sound understanding and application of Federal Information Security Management Act (FISMA) requirements. Used NIST SP 800 series (i.e. 800-37 Revision 1, 800-53 Revision 4), and FIPS 199 and 200. Experience using enterprise tools such as CSAM, and Nessus. Certification in Certification and Accreditation Professional (CAP). Security Analyst L & E GLOBAL CONSULTING LLC 2018- Present * Experience with NIST security controls, risk management, and compliance security documentation tool, the Risk Management Framework (RMF), and security compliance. * Ensure that controls are implemented correctly, functioning as intended and producing the desired results. * Work as part of a team to perform System Certification, Annual Assessment, and Continuous Monitoring. * Conduct kick-off meetings to collect system information to assist in the overall security Assessment process of the system. * Review technical, operational and management controls and conduct RMF using NIST 800-53, NIST 800-37 as a guide. * Determine assessment method (examining policies and procedures, interviewing personnel and testing technical controls), using 800-53A as guide. * Conduct security assessment on assigned systems to ensure FISMA compliance following NIST SP 800 publications especially NIST 800-53 and FIPS. * Performed a risk assessment against vulnerabilities identified during the assessment process. * Monitored controls post authorization to ensure continuous compliance in accordance to NIST guidelines in NIST 800-137 for security control continuous monitoring. * Evaluate and review System security Plan (SSP), Risk Assessment Report (RAR), contingency Disaster Recovery Plan (CDRP), security Assessment Report (SAR) per NIST 800 guidelines. * Worked with a team of security assessors and security officers to categorize, select, and implement security controls using NIST requirements. * Recommend preventative and mitigating actions through Plan of Actions and Milestones POA&M to ensure system compliance and adherence to the information system security strategy. * Document closure of items through a POA&M closure process. Verified that the recommended criteria have been accomplished in securing the system and subsequently close the item. * Coordinate and implement security policies, processes, procedures, and security control techniques. * Perform the role of Security Control Assessor by reviewing the artifacts and implementations statements provided by the ISSO on a system to determine if the security controls are yielding the desired result.
- Experienced Information Security Specialist at Information Assurance and Vulnerability Management (IAVM)
- Security Analyst/Assessor at ATRIA
1 year, 2 months at this Job
- Bachelor of science in human resource management - human resource management
-Information Security Specialist for users located in New York, Massachusetts, Florida and their main office in California; Assisted with monitoring, investigating and researching any anomalous behaviors in the network. -Investigated anomalous behavior/ anomalous network events using tools such as Carbon Black (Antivirus), Cisco FireAMP (Anti-virus), SEP (Symantec Endpoint Protection), Microsoft ProofPoint (email filtering system), Splunk (SIEM). -Teach internal users best security practices as well as clients who banked with us regarding email (Social Engineering), MFA (Multi-Factor Authentication) and other phone related scams they may have fell victim to. -Followed IR (Incident Response) procedures to any incident investigation that may occur within the business. -Utilized other tools such as Microsoft ProofPoint for email security as well as utilized Forcepoint (web security) to assist in containing any malicious emails. -Used Splunk (SIEM) to assist other technical teams to detect any inquiries they may have as well as user lockout host source inquiries. -Practice DLP implementations within the bank to protect and secure our data such as touch base with HR and Legal teams to assess any data mishandling cases that may come our way. -Utilized some powershell commands to uncover some questionable malicious file events or network activity within our environment.
- Information Security Specialist at First Republic Bank
- Technical Support Analyst level ll at First Republic Bank
- Global Service Desk Analyst at Burberry
- 6 month Internship at Amcom Software
3 years at this Job
- Bachelor's - Computer Engineering
• Drafted detailed supporting documentation for next generation 3rd party Information Systems risk assessment questionnaire.
• Aligned and updated the 3rd party Information Systems risk assessments questionnaire to be consistent with corporate policies, security frameworks, and best practices.
• Drafted new.3rd party Information Systems risk assessments model. (1) Aligned NIST Cyber Security Framework, Center for Internet Security Controls and Capability Maturity Model scoring. (2) Drafted a holistic information Assessment model with the use of the NIST Cyber Security Framework and Center for Internet Created to create a consistent approach between control objectives, advice for review and score card scoring. (3) Drafted new information assessment scoping and user software procedural documentation. Engagement: Citi Corp
- 3rd Party Information Security Specialist at Aligned NIST Cyber Security Framework
- Sr. IT Auditor at Robert Half
- Sr. IT Auditor at USTRANSCOM
- Sr. IT Auditor at Envision Consulting
11 months at this Job
- Bachelor of Science - Business Administration
- AA - Data Processing
• Dedicated "Blue Team" leader.
• Responsible for monitoring, analysing and reporting on suspicious and malicious traffic on the County's main Internet egress point, reviewing Intrusion Protection System logs recording on average 140,000 alerts daily.
• Providing analysis of network traffic, identifying malware, exploits, reconnaissance, policy violation and volume DoS attacks.
• Works in a Cyber Threat hunter capacity, proactively protecting all ten County agencies.
• Identifies, investigates and responds to information security incidents reported by County agencies and provides post-mortem analysis and remediation recommendations.
• Creates content for and presents weekly Cyber Threat Intelligence meetings for county-wide security personnel.
• Monitors and reports county-wide compliance with identified vulnerabilities and adherence to regulatory controls, i.e. NIST 800-53, PCI DSS, PII and HIPAA data.
• Participates in the evaluation, testing and selection of security applications and systems. Provides technical assistance on the impact of new solutions.
• Reviews county-wide RFIs and RFPs for adherence to security and privacy controls and recommends adjustments to align the documents to County Information Security Policy.
• Participates in writing County Information Security Policies with county-wide Internet Working Group.
• Works daily with the following security tool sets: ◦ McAfee Network Security Platform and Intrusion Detection and Prevention appliances. ◦ McAfee ePolicy Orchestrator endpoint security. ◦ Rapid7 / Nexpose ◦ McAfee Security Information and Event Management (SIEM). ◦ FireEye HX Endpoint Security Platform. ◦ FireEye NX Network Security Platform. ◦ FireEye cloud-based Email Threat Prevention. ◦ ManageEngine AD Audit Plus. ◦ Cisco Identity Services Engine (ISE).
• Carries out project management responsibilities with the Information Security Office. ◦ Deployment of McAfee and Intrusion Detection and Prevention appliances across County network infrastructure. ◦ Deployment of Cisco Identity Services Engine (ISE) infrastructure for County wide wireless connectivity.
- Information Security Specialist at Cook County Government
- Security Technical Project Manager at Cisco Identity Services Engine
- Project Manager at ALLSTATE INSURANCE
- Security Project Implementation Manager at KEMPER INSURANCE
2 years, 10 months at this Job
- B.A. - Communications
Information Security Lead for the components of the Veterans Benefits Management System (VBMS) program
• Performed software code analysis, security finding reports, infrastructure Maintenance Requests, White Papers and Design Security Assessment
• Performed Cyber Security and Risk Management assessment.
• Led bi-weekly meetings to present code security defects to developers and acted as SME in Cyber Security to find mitigations to avoid vulnerabilities
• Filed Security Impact Assessment with the Office of Software Assurance (OSwA)
• Worked on development of automation scripts for weekly scans and code analysis (Python, Jenkins, Bash script, Java and Node)
• Was a member of the Red Team, on group software penetration activities
• Delivered information security training presentations in topics such as: SAML, SQL Injection, Servlets, JSP, etc.
• HP / MicroFocus Fortify for code scanning and Kali Linux, Burp Suite, NMap, SQLmap, Armitage, Metasploit Framework and other tools, for vulnerability assessment and penetration testing
• Frameworks and standards: NIST SP 800-53, NIST 800-34, NIST 800-63, Risk Management Framework, FIPS 199, FISMA, ISO 27001, ISO 27002 and OWASP.
- Information Security Specialist at CACI International Inc
- iTunes Supervisor at Apple
- Apple Technician at Apple
- Personal Banker at Heritage Trust Federal Credit Union
1 year, 4 months at this Job
- Master of Science - Computer Science
- B.S. - Computer Science
- A.S. - Computer Science
Salary: $73,000/year * Lead Admin for implementing and writing policies via Avecto Defendpoint Privilege Management SW "least privileged" access for standard user accounts to obtain elevated access for daily operations and end-point security - enterprise wide * Perform writing/construction of security policies, policy backups, upgrades, and deployments of several application based policies through ePolicy Orchestrator (ePO); both in global and production environments wall-to-wall. * Tasked with writing NIST-853 & NIST-171customer facing documents such as lead author of our Flight Termination System Security Plan. * Lead admin for conducting and running annual IMAN/Oracle Identity Management Access Control Compliance Requirements per ISO27001 via Oracle Identity Management (OIM) SW. * Assisted in implementing application security requirements and information security / information assurance policies to support Amazon Web Services (AWS), JIRA, Confluence; along with analyzing the cost and risk bearance of IAAS services * Tasked with redesigning, simplifying, and streamlining our RSA VPN Filter Security Access Provisioning Process to improve efficiency and performance * Assisted in the deployment and configuration of Proofpoint DMARC, DKIM, Attachment Defense, and message quarantining SW. Attended regular one-on-one brown bag sessions with the Proofpoint SME; conducting hands on training for backup support to eliminate single source failure. * Work with Leidos employee learning Splunk indexing and other logging techniques and methods. Attended regular one-on-one brown bag sessions with hands on training. * Conduct quarterly iCampaign Email security testing (phishing attack email testing) companywide. * Application Whitelisting/Blacklisting (path elevation only in Avecto to mitigate the use of admin accounts) * Performed queue management of our IT incident and service request databases, both ISM and Unisys Service Now help desk ticketing systems. * Daily triage of any security events or incidents involving IT hardware and software related issues to include configuration, installation and maintenance. * Manage IT Security email box and security queue. * Have exposure to many third party products security functions (I.e. Avecto, Splunk, Proofpoint, Cybereason)
- Information Security Specialist/Engineer at United Launch Alliance
- Computer Systems Specialist Analyst I (Co-Op) at United Launch Alliance
- Unv. Alabama in Huntsville Student IT Specialist at Office of Information Technology
- Information Technology Specialist at Office of Information Technology Services
2 years, 2 months at this Job
- BSBA - Information Systems, Cybersecurity & Information Assurance
Function as part of the Compliance Team responsible for conducting the Risk Management Framework process to achieve ATO and continuous monitoring of systems ❖ Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M) ❖ Prepare A&A package documents to include SSP, SAR & POA&M in order to secure ATO for systems from the Authorizing Official ❖ Conduct continuous monitoring by identifying, assessing, responding and remediate risk. ❖ Conduct annual self assessment (1/3 assessment) after receiving ATO (NIST-800-53A) ❖ Assist System Owners and ISSO in preparing certification and Accreditation package for company's IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST ❖ Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60 ❖ Conduct Self-Annual Assessment (NIST SP 800-53A) ❖ Perform Vulnerability Assessment to ensure risks are assessed, evaluated and proper actions taken to limit their impact on the Information and Information Systems ❖ Update Trigger Allocation Log and Center Allocation Table as and when vulnerabilities are discovered and POAMs are remediated ❖ Performs walkthrough interviews and maintains communication with a variety of client stakeholders, including system personnel such as system and database administrators ❖ Requests, obtains, reviews, and analyzes a variety of artifacts to assist in executing IT controls testing such as Security Plans, SOPs, system screenshots, and system configuration settings
- Information Security Specialist at Nationwide IT Services
- Information Security Assessor at First Impression Staffing
4 years, 9 months at this Job
- BSc - Banking and Finance
Provided technical support to assist the United States Marine Corps with onsite IT support for problem
reporting and resolution for end users and the overall computing environment. Responsible for building and maintaining a secure operating environment across various IT systems.
• Performed Information Security audits against Department of Defense (DoD) clients and servers
• Utilized Nessus Scanner and McAfee ePolicy Orchestrator to maintain a secure operating environment
• Maintained 99% uptime as server and firewall administrator for several network devices to support 500+ users between 2 operational sites during a 2-month global training exercise
• Hardened and configured operating systems and servers based on DISA's Security Technical Implementation Guide (STIG) policies
• Developed plans to safeguard computer files against accidental unauthorized modification or disclosure
• Led a team in supporting 900+ users by troubleshooting separate unclassified and classified local area networks, web portals, and data infrastructures to support real world and training operations System Administrator
• Managed 1,000+ user accounts, account privileges, group mailboxes, and outlook distribution lists
• Conferred with users on issues such as systems access needs, security violations, and awareness training
• Provided on-call and after-hour technical support for C-Suite personal and over 10,000+ subordinate users related to computer systems, software, and hardware utilizing the BMC Remedy ticketing system
• Directed a computer replacement project to replace 1,300+ end of life computers
• Served as subject matter expert while troubleshooting IT related issues for 10K+ users and workstations
• Primary local support for testing the deployment of the Marine Corps Windows 10 imaging capabilities using System Center Configuration Manager (SCCM).
• Managed over 1,000+ Public Key Infrastructure (PKI) tokens for users on classified systems
- Information Security Specialist at UNITED STATES MARINE CORPS
at this Job
- Bachelor of Information Technology - Information Technology
- Associates of Science