Information Security

Michael J Lockett

St Paul, MN

Cell: 651-***-**** ad5vyf@r.postjobfree.com

Skill Summary

Technology audit, information security engineering – 9 years of experience

Cloud (Azure )-10 years of experience

Cloud AWS- 4 years of experience

Cybersecurity processes and concepts- 6 years of experience

Auditing, compliance, and/or risk management with Data Privacy laws, rules and regulations such as NIST, GDPR, SOX and PCI- 6 years of experience

Summary

Overall 10years+ of experience in security process framework implementation and assessment, I am a self-driven Information Security professional with a proven track record in Risk management, governance, compliance process development, and Security engineering. My expertise in Risk management, security engineering, and Threat Modeling, combined with my ability to collaborate across teams, makes me an ideal candidate for roles requiring strategic security initiatives and adherence to information protection frameworks.

Areas of Expertise:

Risk Management Professional GDPR Threat Visualization

Security Architecture Identity Management PCI Engineering

PASTA-NIST-ISO 27001 Tenable Data visualization professional

Enterprise Security SME Security Automation Cyber Security Investigations

EDUCATION & CERTIFICATIONS

●A+ Certified

●MCP Microsoft Certified Professional

●SQL Certified

Professional Experience

Client-Mier IT solutions New Hope MN

Role-Security Architect

Duration-April-2023-Febuary 2024

Developed threat models and diagrams to visualize potential attack vectors and inform risk mitigation strategies.

Experienced in ingesting, processing, and storing diverse data types, including structured, semi-structured, and unstructured data, within a data lake environment.

Perform threat modeling reviews throughout the software development lifecycle to ensure ongoing security improvements.

Provide recommendations for security controls and countermeasures to address identified threats and mitigate risks effectively.

Strong understanding of data governance principles and practices, including data quality management, security, privacy, and compliance within the context of data lakes.

Communicate technical concepts and findings effectively to both technical and non-technical stakeholders.

Participate in security architecture reviews and provide input on security design decisions.

Contribute to the development and enhancement of threat modeling tools and frameworks to streamline the analysis process.

Strong problem-solving skills in troubleshooting data lake issues, optimizing data workflows, and resolving performance bottlenecks to ensure reliable and efficient data operations.

Successfully migrated legacy security posture to cloud-based Azure Security Center and Protection for State’s multi-cloud environments.

Client-State Of Florida Fort Lauderdale

Role-Security Architect

Duration-Feb 2022- March 2023

•Led the creation of a multi-site vulnerability management program, enhancing business security initiatives.

•Implemented SOAR tools and tokenization technologies, improving security operations and governance documentation.

•Migrated Legacy security posture to cloud based Azure Security Center and Protection for State’s multi-cloud environments.

•Led process inquiries, walkthroughs, and procedure reviews to support the development of Policies and procedures.

•Assessed control language and business line procedures to ensure alignment with regulatory requirements and organizational objectives.

•Conducted control testing through observation and analysis of evidence to ensure compliance with cybersecurity processes and industry standards.

•Developed comprehensive test scripts covering validation activities for Cloud, Cyber Security, and Information Technology general controls.

•Proficient in utilizing the PASTA (Process for Attack Simulation and Threat Analysis) methodology for comprehensive threat modeling and risk assessment in information security.

•Facilitated test result discussions with business line management, identifying exceptions and recommending corrective actions.

Client- Kaiser Permanente Colorado Springs Col

Role- Security Automation Architect Biomed

Duration-10-02-2021-1-1-2022

•Successfully completed IaC project using Terraform Ansible and Azure to improve infrastructure Efficiency.

•Identified and filled gaps in security automation, contributing to the development of smart AI based response scenarios.

•Facilitated test result discussions with business line management and risk partners, identifying exceptions and recommending corrective actions.

•Developed and implemented cybersecurity policies and procedures aligned with NIST CSF guidelines.

•Collaborated with Control Owners, Risk Analysts, and subject matter experts to define evidence and populations for testing.

•Selected test samples based on internal program methodology and documented rationale for sample selection.

•Implemented a comprehensive risk management framework aligned with ISO/IEC 27001 standards, enhancing organizational security.

Client- Essentia Healthcare Duluth MN

Role- Biomed Security Architect

Duration-2/5/2021-7/08/2021

•Implemented a comprehensive vulnerability management program for IOT and medical devices.

•Collaborated with medical device vendors to mitigate risks and secure upgrades or replacements.

•Presented automation process improvement proposals to reduce the risk of control failure and enhance operational efficiency.

•Conducted peer reviews of completed testing to ensure accuracy and compliance with internal policies and industry regulations.

•Facilitated training sessions to raise awareness and promote adherence to ISO/IEC 27001 policies and procedures.

•Developed and maintained ISMS documentation in accordance with ISO/IEC 27001 standards.

•Led integration efforts between SaaS applications and existing software systems, facilitating seamless data flow and enhancing cross-functional collaboration across departments.

•Developed risk models and scenarios to simulate potential cyber incidents and estimate their financial impact.

•Led the integration of Secure SSO DUO with SML and CyberArk, fortifying security management.

Client- Cygnus Corporate (Remote) Bloomington MN

Role- Security Architect

Duration-10-2-2019-5-20-2020

Matured corporate security posture through the implementation of Beyond Trust and CyberArk.

Led the integration of Secure SSO DUO with SML and CyberArk, enhancing security management.

Conducted comprehensive assessments using NIST CSF core functions to identify gaps and prioritize improvements.

Regularly reviewed and updated security controls based on evolving NIST CSF recommendations and industry best practices.

Spearheaded SaaS software maintenance and Security update processes, ensuring optimal performance and compliance while minimizing downtime and operational disruptions for end-users.

Documented testing results in Archer platform, maintaining comprehensive records for audit and compliance purposes.

Selected test samples based on internal program methodology and documented rationale for sample selection.

Led process inquiries, walkthroughs, and procedure reviews to support the development of QA test work papers.

Conducted comprehensive assessments using NIST CSF core functions, identifying gaps and prioritizing improvements.

Developed and deployed infrastructure into Microsoft Azure and AWS, optimizing operational efficiency.

Researched and recommended security-related tools and controls, aligning with business needs and compliance requirements.

Client-Bluestem Eden Prairie MN

Duration-8-21-2018-Current

Security Architect

Lead day to day activities securing critical parts of business infrastructure PCI,RH-ISAC, ISO 27001

Worked day to day agent-upgrade issues involving insight scanners in AWS and on premises

Lead regular information security assessments and vulnerability scans to meet regulatory requirements and maintain a strong security posture using Rapid7 Insight VM and Tenable products.

Assisted in the development and deployment of our Infrastructure into Microsoft Azure and AWS.

Researched and recommended security related tools and controls to align with business needs (Mimecast)

Troubleshooting issues with missed heartbeats, FIM, duplicate guid issues within LogRhythm

Led cross-functional teams in aligning security initiatives with NIST CSF framework to achieve compliance objectives.

Creating Alerts, Dashboards, and maintaining 13 months of historical log data across multiple business.

Lead investigations into possible breach or compromise situations with LogRhythm and Splunk

Created Smart responses and automation tools to deal with continuing changing environment. (Worker Nodes) Citrix VDI.

Worked day to day investigations of alerts in Azure security center.

Worked to secure CD/CI agile environment adjusting to constantly changing directives and company vision.

Updates job knowledge by participating in educational opportunities reading professional publications maintaining personal networks and participating in professional organizations.

Used tools like umbrella to visualize VPN activity and security posture across businesses.

Collaborated with stakeholders to ensure alignment of security initiatives with CIS Controls best practices.

Experience with Continuous integration and Continuous Delivery (CI/CD) practices, GIT code Repository, Jenkins AutAutomated Kubernetes Deployments

Client-Best Buy Corporate Head Quarters Edina MN

Duration-6/17 – 8/17

Role-Security Engineer

Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.

Architect/Design a new SSO infrastructure for external access using the Ping Identity components.

Experience in both SAML based and Agent Based configurations in PingFederate.

Experienced in defining application scopes and objectives, and identifying critical assets for analysis.

Establishes system controls by developing framework for controls and levels of access recommending improvements.

Performs vulnerability testing, risk analyses, and security assessments Investigates intrusion incidents, conducts forensic investigations and mounts incident responses.

Delivers technical reports and formal papers on test findings.

Responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.

Creating polices and play books for security posture.

Created and maintained ISMS documentation in accordance with ISO/IEC 27001 standards, ensuring adherence to policies.

Client-Mier IT Solutions New Hope MN

Duration-12/16 – 5/17

Role-Security SME

Interpreted ISO 9001 controls and reviewed SLA agreements with vendors and recommended changes in policy or procedures to management

Conduct related security assessments and recommendations using frameworks such as CIS, NIST, ISO27001, PCI/DSS and similar privacy and security frameworks.

Consulted on various projects and initiatives regarding security best practices, risk mitigation, compliance obligation, and policy or process implementation.

Proficient in decomposing applications into smaller components to identify vulnerabilities and potential attack vectors.

Mentored Staff and partners on Security best practices and policy and approach.

Implemented tools like Aegis and NetIQ IDM to control privileged access to critical systems and PIM Data and to automate operational process to protect from potential Risks

Conducted risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and mitigation needs.

PCI/DSS scanning and remediation.

Define vision and roadmap to clients’ security needs and design solutions that fit clients’ needs

Web applications penetration testing

Skilled in creating architectural profiles to delineate system components, data flows, and trust boundaries

Client-Entrust Datacard Chanhassen MN

Duration-12/15 – 9/16

Role-Sr. Security Integration Engineer

Researched and recommended security solutions to various financial institutions across the United States

Evaluated service providers and payment applications for their AOC, AOV, and implementation guides, tokenization, and their service providers.

Creating risk assessment reports to minimize exposure and researched tools/solutions.

Prepared researched tools and systems for presentations to potential clients.

Conduct comprehensive system security evaluations, audits and reviews. Providing reports and recommendations on the hardening of endpoints on the network and tool research.

Developed and recommended appropriate mitigation countermeasures to aid in preventing intrusions in information systems.

Hands-on experience in full lifecycle of ISO27001 framework, SOC2 Audit and remediation

Used tools like CloudNeeti to maintain compliance for cloud-based SaaS Cardwizard and Key management instance.

Created forms to On-board companies, On-board external/tertiary users profile using PingFederate 8.0.3

Executes the PCI Data Security Standards PCI assessments for all controls, including communication of key milestones, gap remediation consulting/tracking, and guidance on compensating controls.

Worked on multi-factor Authentication integrations like RSA PingID and Yubikey and engaging in the usage of other protocols like OAuth.

Set up Pingaccess to backend apps to work alongside PingFederate for seamless integration.

Used tools like rapid7 insight VM for vulnerability scanning.

Client-Accenture Minneapolis MN

Duration-4/15 – 10/15

Role-Security DEVOPS

Worked in Agile and Waterfall Methodologies supporting large Java/J2EE

Developed and recommended appropriate mitigation countermeasures to aid in preventing intrusions in information systems.

Conducts systems security evaluations, audits, and proof of concepts.

Reviewed system security plans and assessed security events to determine business impact and implements corrective actions to ensure the addition of information security/information assurance policies, principles, and practices in the execution of IT services under TOGAF controls.

Identified the existing services that need redesign to make them part of SOA/ESB service layer

Experience in setting up SSO Environment for PingFederate, and Ping Access. [PF as Auth server and PA as Resource server protecting API]

Supported RSA integrations and configurations and daily operations like adding user disabling user token assignment.

knowledge in WebSphere Service Registry and Repository for manipulating the data like storing and managing.

Schwans Client Marshal MN

Duration-1/15 – 4/15

Role-Sr. Security Engineer

Managed pen-testing team performing vulnerability assessments and working with the Security Operations Center to identify gaps in security processes as well as vulnerabilities within the infrastructure.

Migrated Ping federation from 7.1.3 to 7.2, major challenge was to update the standard templates and styles used by Client.

Identified systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60.

Operation of SPLUNK ES including the creation of correlation, notables and alerting rules

Hands on Experience in Service Oriented Architecture (SOA)

Implemented SSO using PingFederate 6.0.3 and PingFederate 7.1 R3 for many vendors' hosted applications.

Provided POC for NetIQ IDM, App Manager and Aegis

Used tools like RSA Archer, Tenable Security Center to monitor compliance.

Integrated with third party application using SAML 2.0 protocol, OAuth and managed both IDP and SP connections using PingFederate.

Client-UnitedHealth Group Maple Grove MN

Duration-1/14 – 12/14

Role-Security Engineer/Project Manager

●Implement design and configure Elastic Search and Splunk as needed for government agencies. And internal business units.

●Designed and implemented Elastic search instance for local and remote Government clients

●throughout the US.

●Review and fine-tuned current security processes as directed.

●Worked to process interpret CVE alerts pertaining to DSS PCI compliance.

Client-Northrup Grumman Eagan MN

Duration-2/14 – 9/14

Role-Security Engineer

Design custom TA’s for Splunk log file correlation with PCI-DSS compliance constraints.

Used tools like nexus retina and system center in real-time for compliance baseline.

Used regex tools for parsing log files into Splunk.

Implemented Elastic Search for integration with Hadoop and Splunk

Utilized IDS alerts and host system logs to identify, analyze, and report events that occurred within the network.

Hands on Experience in Jboss and WebSphere Monitoring and hardening.

Client-Target Corporation Minneapolis MN

Duration-10/13 – 5/14

Role-Security Engineer

●Scanning Code with Qualys

●Use of tools, such as Splunk and NetIQ app manager for application and data analysis

●Upgraded Cisco Catalyst to Juniper switches as needed for upgrade project

●Implemented procedure to regularly update network devices with updates from vulnerability assortments.

Client-DRC Data Recognition Corporation Plymouth MN

Duration- 1/13 – 9/13

Role-Security Engineer/Data Public Trust Clearance

Developed security Standards for Company with multi control constraints ISO 27001, Nist and Diacap/Fisma.

Implemented Scanning procedures using Retina- Nessus and Ip360.

Performed DoD Information Assurance Certification and Accreditation Process (DIACAP) of mission critical systems as well as support vulnerability scans of enterprise to ensure compliance of IAVA and security configurations.

Updated from RSA DLP To Archer Lead team of three from proof of concept to production coming in 23% under budget.

Collaborated and teamed with a wide variety of stakeholders and partners and U.S. Government agencies to detect and prevent adversarial activity within DoD networks.

Developed and recommended appropriate mitigation countermeasures to aid in preventing intrusions in information systems.

●Set up new office construction with technology needs.

●Set up servers using WDS to push out desktops as needed.

●Packaged applications as needed.

●Set up and configured VPN for remote use for management.

Contact this candidate