Project Manager Vulnerability Management
Resume:
Juan C. Barrera, MBA, MIS
**************@*****.***
PROFESSIONAL SUMMARY
Spanish-fluent Cybersecurity Leader Proven track record of securing critical infrastructure. I consistently reduce vulnerabilities (e.g., 34% at United Airlines), foster collaboration, and implement effective security strategies, ensuring compliance with PCI DSS and other standards.
SKILLS
• Spanish Fluency
• Vulnerability Management
• Security Incident Response & Analysis
• Security Compliance
• SIEM & Security Monitoring
• Security Automation
• Leadership & Communication
• Collaboration
• Problem-Solving
PROFESSIONAL EXPERIENCE
Sr. Analyst IT Security–Vulnerability Management, United Airlines, IL October 2017 – Present
● Spearheaded the deployment of 147 virtual vulnerability scanners and integrated Qualys scanners within the AWS cloud environment, achieving a 300% improvement in threat detection, remediating 34,000 critical vulnerabilities within the first six months, and ensuring PCI and non-PCI compliance for United Airlines.
● Oversaw comprehensive scanning protocols for both external and internal IPs.
● Equipped team members with the skills to generate ServiceNow reports for vulnerability remediation.
● Developed strategic vulnerability scanning plans for critical assets, aligning them with cybersecurity initiatives to minimize risk across the United Airlines environment.
● Championed standardized operating procedures (SOPs) for efficient vulnerability tracking, resolution, and consistent security practices.
● Globally coached teams on vulnerability remediation procedures to minimize security risks.
● Managed alerts from Qualys' continuous monitoring systems for external United Airlines assets, ensuring rapid response and mitigation of security threats.
● Led security analysis efforts, fostering collaboration across teams to address and remediate vulnerabilities.
● Participated in security incident meetings (data breach) and influenced decision-making for resolution.
● Collaborated with senior leadership to improve root cause analysis within the vulnerability management program.
● Supported continuous improvement efforts within the program, including identifying opportunities for automation.
Security Operations Manager / Network Operations Manager, Pampered Chef, Addison, IL October 2016 –August 2017
● Spearheaded the development of Pareto charts, a critical tool for pinpointing root causes behind network incidents.
● Investigate security incidents and spearhead the deployment of essential security components (vulnerability scanners, SIEM, endpoint scanners, network traffic monitors) across the Pampered Chef network.
● Assume the role of Security Engineer, overseeing all security monitoring systems and actively managing vulnerability remediation for critical systems, including WAF, IDS, IPS, SIEM, Qualys and Rapid7 vulnerability scanning. Reducing the number of vulnerabilities by 45% in less than 5 months.
● Skillfully manage the deployment of the Change Advisory Board (CAB), ensuring timely security patch approvals and a streamlined vulnerability remediation process.
● Spearhead the management of relationships with Splunk vendors, facilitating effective log analysis and security incident resolution.
● Lead root cause analysis, develop long-term problem resolution strategies, and pioneer effective Incident Management methods.
● Take the lead in planning and executing security and patch updates for Dev/QA, UAT, and production systems within the Pampered Chef Network. IT Security Lead, Accenture, Chicago, IL April 2015 - October 2016
• Led pivotal investigations into suspected data breaches within the Girl Scouts of America's e-commerce systems (highlighting security focus).
• Developed strategic risk management plans for Accenture's high-value clients, aligning them with cybersecurity initiatives to minimize risk across their IT environments.
• Orchestrated end-to-end vulnerability management, including deploying Qualys and Nessus scanners, overseeing security patching across diverse environments, and achieving a 34% reduction in vulnerabilities within 6 months.
• Collaborated cross-functionally with teams to remediate security issues in critical assets.
• Spearheaded the deployment of advanced security vulnerability scanners and state-of-the- art Splunk SIEM tools for Accenture clients worldwide.
• Assumed comprehensive responsibility for security monitoring systems and the meticulous vulnerability remediation process.
IT Security Senior Lead, Accretive Health, Chicago, IL June 2014 – April 2015
● Pioneered the architectural design, documentation, testing, and seamless implementation of a cutting-edge vulnerability scanning framework, instrumental in identifying security vulnerabilities across networks spanning offices in the USA and India. Reduced vulnerabilities by 34% within 7 months.
● Held the role of Security Engineer, using Qualys and Rapid7 vulnerability scanners to conduct internal vulnerability testing, analyze results, and deliver comprehensive vulnerability reports to desktop engineering and IT administrators.
● Functioned as a pivotal liaison, collaborating effectively with developers and IT administrators to address vulnerability findings and remediation requirements, meticulously adhering to NIST guidelines with an emphasis on PCI and HIPAA regulations.
Security Analyst, Trustwave, Chicago, IL, November 2012 – June 2014
● Led PCI DSS compliance efforts for a diverse global client base, ensuring adherence to rigorous PCI standards through penetration testing and appeals.
● Conducted thorough manual investigations and remediated 6,000 vulnerabilities in systems processing credit card information, adhering to PCI DSS policies within a 6- month timeframe.
● Delivered expert manual investigation services, leveraging Burp, Kali, Metasploit, and other tools to identify and address XSS, SQL injection, and other vulnerabilities. Compliance Support Analyst, Trustwave, Chicago, IL, August 2012 – November 2012
● Led vulnerability assessments for businesses processing credit cards, identifying and mitigating network and web application security weaknesses.
● Delivered comprehensive training on vulnerability identification and remediation techniques, empowering companies to achieve PCI DSS compliance.
● Empowered businesses to make informed security decisions by providing clear explanations of CVE and CVSS scores.
● Offered strategic advice on implementing robust security procedures to safeguard cardholder data, emphasizing vulnerability management best practices. EDUCATION
Master of Business Administration, February 2014
Morris Graduate School of Management, Chicago, IL GPA 3.5/4.0 Cum Laude Master of Information Systems, September 2012
Morris Graduate School of Management, Chicago, IL GPA 3.7/4.0 Cum Laude Bachelor of Science in Psychology, May 2004
Northern Illinois University, DeKalb, IL GPA 3.2/4.0 LANGUAGE SKILLS
• Bilingual: Fluent in both written and spoken Spanish and English. COMPUTER SKILLS
Operating Systems: UNIX (AIX, IBM), Linux (SuSE, Fedora, Red Hat, CentOS, Ubuntu, Debian), Windows (Windows 7, Windows 8, Windows 10/11, Windows Server 2008 - Windows Server 2016)
Application Software: Microsoft Office Suite (Word, Access, Excel, Visio, PowerPoint), Notepad++,Project Management Tools (Microsoft Project),Graphics and Design
(Photoshop,CS5), Database Management (Oracle Server,MySQL), Putty,Cygwin,JKplr,VNC Viewer,Code Analysis Tools (Burp Suite, sqlmap, sqlninja), Network Monitoring Tools
(Wireshark, FileZilla, Cisco Packet Tracer),Vulnerability Scanners (Nessus, Qualys, Rapid7), Intrusion Detection/Prevention (Cylance, QRadar, Splunk), Other Security Tools (TOR, Deed Freeze, Cain and Abel, inSSIDer, Havij),Communication and Collaboration
(TeamViewer,HipChat,Zendesk), IT Operations Management (VMware Workstation,VMware vSphere,Microsoft Hyper-V,Oracle VM, VirtualBox,ProjectWise,ServiceNow,PagerDuty,OpenDNS,PRTG,Splunk,Datadog,Wormly Web Monitoring)
Computer Languages: HTML, CSS, COBOL, XHTML, XML, SQL, and PHP MEMBERSHIPS
Member of the Illinois Technology Association, Chicago, 2011 - Present
Chicago Land Hispanic Organization of Leaders in Action, Schaumburg, IL, 2007 - Present
Contact this candidate