Olanrewaju Olatunde

ad3j4u@r.postjobfree.com

304-***-**** Detroit, MI

PROFESSIONAL SUMMARY

A results-driven information security professional with many years of progressive hands-on experience in various cybersecurity domains such as system administration, security compliance, and incident response management. Strong knowledge of network architectures, operating systems, and cybersecurity tools paired with outstanding troubleshooting, problem-solving, and documentation abilities and skilled in working under pressure and adapting to new situations and challenges. A meticulous and detail-oriented team player committed to working to identify and resolve security vulnerabilities and weaknesses affecting digital assets and computer networks. Confident and communicative professional proficient in Bash, Python, and PowerShell scripting paired with familiarity with Unix and Windows SKILLS

Incident Response Management • Penetration Testing • Vulnerability Management • MITRE ATT&CK

• OWASP • OSINT • Virtual Private Network (VPN) • Document Management Systems (DMS) • Python

• PowerShell • IT General Controls • Risk Mitigation • Audit Reporting • SOX (Sarbanes Oxley Review

• Cyber security risk and compliance • Network Security • PCI DSS • ISO 27001/27002• NIST 800-53• NIST CSF• COBIT •privileged access principles, Internal control• HIPAA • SOC • SIEM • Power BI

• Server Virtualization • SAN storage systems • Document Management Systems (DMS) • Threat Intelligence Analysis • SOC • SIEM • Malware Identification and Analysis • Digital forensics• NMAP • Wireshark.• SNORT • ITIL •

PROFESSIONAL EXPERIENCE

Information Security Specialist

NTT DATA / Oct 2021 – present

• Utilize the Nessus Vulnerability Management solution to evaluate vulnerabilities in system and web applications, conducting thorough tests, and interpreting the results through CVE scoring.

• Engage in evaluating cybersecurity threats and overseeing risk management procedures within both human-related, procedural, and technology domains encompassing IT and OT environments.

• Hold presentation sessions to obtain approval on the assessment reports, findings, risks identified, and controls required to remediate the risks.

• Use IAM (BeyondTrust) in managing digital identities throughout their life cycle, managing access rights to enterprise resources and auditing of user access rights, use and misuse of digital identities

• Provide IT security support such as SIEM, EDR and firewall configuration, IPS implementation, Vulnerability, and Patch Management in alerting against vulnerabilities and providing remediation on time as at when needed.

• Configure PAM (BeyondTrust) solution to protect my organization against cyber threats by monitoring, detecting, and preventing unauthorized privileged access to critical resources

• Engage in the planning, execution, and assessment of information security initiatives, and goals, as well as the development and review of policies and procedures.

• Perform penetration tests to uncover vulnerabilities in systems and applications.

• Develop and maintain incident response protocols to mitigate damage and liability during security breaches.

• Work in conjunction with development, infrastructure, cloud, and cybersecurity teams to integrate security measures during the design phase.

• Contribute to the implementation of training programs and initiatives focused on Information Privacy and Security

• Create cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.

• Analyze security policies for usefulness and value to suggest security policy improvement.

• Oversee and sustain security monitoring tools and related databases, compiling reports and creating presentations that highlight metrics and trends in risk.

• Work collaboratively with fellow Information Privacy and Security professionals to advocate for security best practices.

• Contribute to the creation and delivery of comprehensive security education and training materials, extending corporate-wide outreach to staff, physicians, clinicians, management, and external customers.

• Actively address security breaches promptly and contribute to post-event analyses.

• Create comprehensive security architecture assessment reports that identify root causes and remediation strategies.

• Lead information security investigations and manage breach incidents, employing authorized methodologies and techniques for conducting electronic audits, analyzing security logs, and procuring forensic evidence.

• Engage in security, vulnerability, and risk assessments about the information security aspects of systems, networks, and associated administrative functions.

• Keep a vigilant eye on security alerts produced by monitoring systems, interpreting them to guarantee a prompt and fitting response to incidents related to security.

• Utilize sharp problem-solving skills to scrutinize intricate information, managing and investigating security incidents. Develops comprehensive reports, formulates action plans, and communicates response strategies for mitigation.

• Utilized security security-related tools such as Maven, Jenkins, Docker, Kubernetes, Kubvela, and others.

Information Security Analyst

Computer Upgrading Specialist Limited

• Provided IT security support such as Vulnerability and Patch Management for alerting against vulnerabilities and providing remediation on time as when needed.

• Investigated endeavors to compromise security protocols and proposed appropriate solutions.

• Engaged in various functions, including event triage, threat hunting, intelligence, and detection engineering.

• Engage in evaluating cybersecurity threats and contributing to risk management procedures within the realms of personnel, processes, and technology in both IT and OT environments!

• Administered the corporate firewall and implemented relevant encryption techniques

• Help in setting up IDS/IPS to monitor our network, identify possible incidents and log information about them, stop the incident, and report them to the security administrator.

• Proactively seek personal advancement in cybersecurity expertise and understanding, commit to ongoing learning and training to remain well-versed in emerging threats and technologies.

• Generated information security documentation pertinent to the work area and fulfilled requests in alignment with company specifications.

• Used MITRE ATT&CK framework for vulnerability assessment.

• Performed thorough research and analysis on present and evolving cyber threats, encompassing attack vectors, malware behavior, and procedural tactics, techniques, and procedures.

• Deployed and managed information security controls through the utilization of software and security systems provided by vendors.

• Assisted internal and external audit procedures to ensure compliance with pertinent regulatory standards, encompassing PCI-DSS, CCPA, SOX, HIPAA, and SOC2

• Evaluated incoming threat intelligence and took appropriate actions. Scrutinize logs, network traffic, and other data sources to pinpoint the origin of the incident.

• Ensured that appropriate IT general controls (ITGC) and security controls were applied during project delivery.

• Supported third-party due diligence process and played a role in shaping comprehensive initiatives for managing third-party risks.

• Collaborated with the user community to grasp security requirements and establish protocols to meet those needs. Ensured that the user community comprehends and follows the required procedures to uphold security.

• Developed detailed assessment report leveraging firm standard reporting templates and capturing both business and technology system/application details, security controls implemented, control risks identified, and mitigation approaches.

• Delivered updates on security affairs to formulate scenarios for security risk analysis and response procedures.

• Researched security security-related tools such as Maven, Jenkins, Docker, Kubernetes, Kubvela, and others

IT Security Analyst

Rio Tinto Alcan / Sep 2019- Dec 2019

• Assisted with routine compliance and audit functions to satisfy regulatory scanning requirements.

• Provided input to leadership for enhancing the vulnerability management strategy.

• Used IAM tools to manage the life cycle of user accounts in scope for job responsibilities and use manual provisioning methods where necessary.

• Assisted in gathering access-related information relative to information security audits or investigations, and privacy investigations.

• Provided support via email when necessary to investigate possible compromise of user accounts and audit admin accounts for access management.

• Provided an IT orientation and cyber security awareness training to new employees explaining phishing activities, access profiles, network guidelines, and security best practices.

• Worked under the supervision of the senior IT Risk and Security analyst to provide timely delivery and support to the Information Security Operations team, as assigned to ensure control effectiveness for applicable processes.

• Documented cyber security scope for planned phishing exercise and analyzed key metrics. Information Security Analyst

Huawei Technologies Co / Aug 2016 – Aug 2018

• Performed vulnerability scanning and identified the root cause of the vulnerabilities using Nessus.

• Worked with ISO to maintain and coordinate testing of Incident Response Plans

• Researched relevant cyber-intelligence feeds and contextualized findings for specific vulnerabilities.

• Used data analytics techniques as part of IT audits and reviews to detect errors and possible fraud by identifying unusual or abnormal transactions and providing analysis of data to support management decision-making.

• Maintained proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, network security, and encryption.

• Took proactive steps to mitigate potential security issues and maintained effective cybersecurity. monitoring and alerting framework.

• Implemented and maintained a DLP system to prevent the exfiltration of data in the organization by the attackers.

• Worked with ISO to ensure all security and Compliance requirements were met including conducting risk assessments.

• Provided support activities to strengthen the Cybersecurity Program with emphasis on developing risk management policies and frameworks and assisting with risk mitigation strategies.

Network and System Administrator

Huawei Technologies Co / June 2014 – Jul 2016

• Participated in various cyber security program initiatives including phishing exercises, vishing, vulnerability scans, configuration, and patch management.

• Documented and tested how the business unit meets the requirements of Enterprise Risk Management and Regulatory Compliance policies and frameworks.

• Performed network performance evaluation through analysis of reports from monitoring tools and device logs and made recommendations/configuration changes as required.

• Supported and configured Active Directory, Server, Group policies, and VMs.

• Created o user profiles, manage user permissions, maintain User & File System quota on SUSE and Red Hat Linux

• Worked on installation, configuration, and maintenance of RedHat, and CentOS Servers at Data Centers

• Automated System checks that resulted in accurate performance and reduced reporting effort.

• Performed upgrade of Symantec antivirus backbone infrastructure

• Maintained customer database and assisted in account management of over customers.

• Used Bash Shell scripting to schedule and automate processes including full and incremental backup.

EDUCATION

University of Leicester UK 2014

MBA (Information Technology Management)

Ladoke Akintola University of Technology, Ogbomosho Bachelor’s degree in Electrical and Electronics Engineering 2002 CERTIFICATION

Certified Information Systems Security Professional (CISSP) ID# 1110813 Certified Information Systems Auditor (CISA) CN# 20168039

Contact this candidate