SUMMARY:

To leverage my leadership, skills, and expertise in the Information Cyber Security field

WORK EXPERIENCE:

Cyber Security Tester

Confidential

Responsibilities:

• Designed and set up processes for the Confidential to set security hardening and baselines for Windows desktops, Cisco Routers, and develop reports and strategies for remediation of 3 rd party applications.
• Devices included Unix servers as well as agencies desktops.
• Consulted with Confidential on Federal Audit remediations for various State Agencies.
• Analyzed and made recommendations to Confidential on SSAE18 SOC Reports.

Enterprise Security Officer

Confidential

Responsibilities:

• Oversee day to day cybersecurity operations for Confidential .
• Responsible for cyber security of all Infrastructure and Perimeter security devices for 12,000+ people.
• Devices include, firewalls, IDS/IPS, Web Application Firewalls, Remote Access, Data Loss Protection as well as SEIM, and centralized Anti - virus, malware protection.
• Provide oversight of Confidential vulnerability testing on infrastructure components as well as Web Applications and Services.
• Help develop cybersecurity policies, practices and procedures and guidance for State Cybersecurity Program.
• Worked with various Security Audits, State Auditor’s Office, Federal Regulatory Audits (HIPAA, CJIS, IRS1075, PCI, SSAE16, etc.) and outside consultants as appropriate on required security assessments and audits.
• Oversee general employee cybersecurity education. Administer internal phishing campaigns to increase employee security awareness
• Keep abreast of security incidents and act as security control point during significant information security incidents. Coordinate between state and federal agencies.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Examine impacts of new technologies on the Institution's overall information security.
• Establish processes to review implementation of new technologies to ensure security compliance . Oversee evaluation and selection of new technologies, used in cybersecurity for Confidential .

Senior Security Analyst

Confidential

Responsibilities:

• Test infrastructure network devices to identify vulnerabilities using vulnerability assessment tools.
• Perform network penetration testing for clients with Metasploit, and Backtrack/Kali Linux tool suite.
• Perform penetration testing of Web applications and services with tools such as Appscan and OWASP tools, such as ZAP. Maintain asset lists of all devices to be scanned.
• Maintain scan engines. Develop and generate vulnerability assessment reports.
• Meet with UNIX and Windows support teams with monthly scan findings and present recommendations for remedial and mitigation steps. Work with Windows and UNIX teams to eliminate false-positives, developed exclusion lists.
• Prepare and deliver monthly security briefings with status and recommendations to extended management teams.
• Perform and analyze security testing of Web applications on the state network, provide reports with recommendations to customers.
• Work with Windows and UNIX support to develop security hardening templates for Windows and UNIX Servers.
• Test and recommend approval security status of all web applications through Deployment Certification
• Serve in acting capacity as Enterprise Security Officer for the Confidential, from June 2014 to Sept 2014. Responsible for security of the Confidential infrastructure, State and vendor software applications as well as physical security.

Senior Information Systems Support Specialist

Confidential

Responsibilities:

• Set up and performed vulnerability assessment scans of network devices in support of Confidential Security Policy.
• Performed forensics analysis of hard drives and provided results to Human Resources for action.
• Led and managed project to install full disk encryption of laptops statewide.
• Set up administrative processes to manage laptops, set up two factor authentication and trained support staff.
• Presenter in Confidential DevCon, on Application Security, Infrastructure Security Assessment tools, and Hacker methods. Researched and recommended security tools for use to test Confidential Assets.

Senior Information Systems Support Specialist

Confidential

Responsibilities:

• Deployed, configured and administered Exchange 4.0 Mail, Novell File and Print, Microsoft AD, and various Application and Web Servers for Department of Health and Human Services.
• Designed, deployed, maintained WIC servers that were deployed in 20 offices statewide.
• Built, deployed and supported Public Nurses Carefacts system used to support Nursing program statewide. Sized, ordered, built, configured, and maintained support for over 30 servers.
• Backed up and recovered mailboxes, files and folders, using commercial backup software (mail servers). Harden Windows 2003/2000 servers from vulnerabilities.
• Provide Windows user helpdesk and direct desktop support.
• Managed and led conversion effort at DHHS for conversion of Exchange 5.5 over to State's consolidated Exchange Mail system, converting ~ 3000 users' mail accounts, and client modifications.
• Provided forensic desktop support in response to Human Resource and processed Departmental technical FOIA requests.