Post Job Free
Sign in

It Specialist Vulnerability Management

Location:
Shreveport, LA
Posted:
August 27, 2024

Contact this candidate

Resume:

Barbara Tallent

Zoom 674-***-****

MSCS, BSCIS, AIT, AAS, AD.

Skype ID live: cid.ca56ea8ac361d50b

318-***-**** Cell

***************@*****.***

www.linkedin.com/in/barbara-tallent-18a97294

**** **kefield Avenue, Bossier City, LA 71111

430-244-3234ylie, T430exas

Professional Summary:

Barbara has over twelve years of educational coursework and two years of practical experience as a cybersecurity and IT specialist, indicating a high degree of professional competence in the subject. Understanding complexity theory allows for evaluating project success in complex situations. The emphasis is on multidisciplinary ideas and applications, as well as the development of professional, consultative, and leadership abilities. The course also covers a variety of other topics, including performing qualitative and quantitative research, practicing methodologies, identifying strengths and weaknesses, and employing technology. The course also tailors methodologies for vulnerable populations.

We are conducting threat simulations and research to enhance our proficiency in threat-centric adversarial testing. Key talents include penetration testing, vulnerability assessment, incident response, network security, and coding. These skills allow professionals to simulate threats, detect vulnerabilities, respond to incidents, and protect networks and systems from possible attacks.

Technical discoveries might assist businesses in prioritizing actions to address identified vulnerabilities. A risk-based strategy assesses the significance of each vulnerability and prioritizes remedial efforts. A vulnerability management system monitors and assigns vulnerabilities to the appropriate teams. Implementing a vulnerability disclosure program encourages external researchers to report vulnerabilities, which provides a comprehensive perspective on security posture, identifies and remediates vulnerabilities, and fosters stakeholder trust.

Organizations require knowledge in certain security areas, such as network, application, data, physical, and cloud security, in order to safeguard assets and manage risk. Penetration testing, vulnerability scanning, and security code reviews are common testing approaches used in production enterprise environments. These methods assist in evaluating the efficiency of security measures and identifying areas for improvement. By resolving potential issues, organizations can improve application security and lower the risk of unauthorized access or data breaches.

Python scripting and tool creation skills are applicable in a variety of areas, including data analysis, web development, scientific research, and content management systems. Python frameworks such as Django and Flask enable the development of solid, scalable CMS platforms that allow users to manage and publish content on websites, much like building a stable and efficient structure.

Vulnerability management and cyber operations. Vulnerability scanners examine networks and systems for known vulnerabilities, whereas security information and event management (SIEM) solutions collect and analyze security event data from a variety of sources. Penetration testing and patch management are two common methods for identifying and fixing vulnerabilities in an organization's infrastructure.

The process involves designing, implementing, and managing vulnerability management programs. There are numerous key steps in creating a vulnerability management program. First, conduct a thorough review of the organization's infrastructure to identify any potential flaws. Next, prioritize the vulnerabilities based on their severity and likely impact. Then, deploy and configure proper technologies, such as vulnerability scanners and SIEM systems, to constantly monitor and discover problems. Regularly perform penetration testing and patch management to detect and address vulnerabilities. Finally, create policies and processes for reporting, tracking, and resolving vulnerabilities to ensure that security activities are well-managed.

Experience with other tools such as Rapid7 Insight/Nexpose, Nessus, and Tenable.io is beneficial.

For example, Qualys Vulnerability Management (VM) is a cloud-based vulnerability management system that provides companies with a comprehensive view of their security posture. Qualys VM allows users to quickly identify, prioritize, and remediate vulnerabilities, reducing the risk of a successful attack.

Frameworks for prioritizing vulnerabilities (e.g., CVSS). Patch management is crucial for vulnerability remediation because it keeps software and systems up-to-date with the latest patches and upgrades. This strategy comprises routinely assessing and implementing updates offered by software vendors to address identified vulnerabilities. By adopting these updates as quickly as feasible, businesses can successfully lower the risk of exploitation while also strengthening the overall security posture of their infrastructure. Patch management also includes testing fixes in a controlled environment to ensure compatibility and avoid system downtime.

A firewall, intrusion detection system, and intrusion prevention system (IDS/IPS) are all used in our network security processes.

Before installing patches on a production machine, they should first undergo effective testing on a test machine.

Working collaboratively with IT and development teams in a cross-functional environment. Testing patches in a controlled environment requires creating a separate testing environment that closely resembles the production environment. Working with IT and development teams on patch management leads to a more comprehensive and efficient approach. IT and development teams have an extensive understanding of the organization's systems and software, allowing them to provide valuable insights and capabilities while testing changes and assessing their impact. This collaboration also enhances team communication and coordination, which leads to faster patch implementation and a lesser risk of system outages. We apply patches to a test computer in this environment to assess their compatibility and functionality. The testing technique includes verifying that the upgrades do not interfere with or conflict with any existing software or systems. After being adequately examined and declared safe, the upgrades can be installed on production equipment.

The ability to examine and solve problems is crucial for patch management. Patch management requires analytical and critical thinking abilities. These abilities enable IT and development teams to identify potential risks, assess the impact of patches, and resolve any issues that arise during testing or installation. These teams can use their analytical and critical thinking abilities to guarantee that the patch management process is comprehensive, efficient, and effective in strengthening the overall security posture of the organization's infrastructure.

• A seasoned cybersecurity and IT expert with over six years of professional experience in both school and industry.

• Proficient in complexity theory and assessing project success in intricate situations.

• Skilled in performing qualitative and quantitative research, employing many methodologies to identify strengths and weaknesses.

• Possess strong leadership and consultative abilities, allowing you to provide professional advice and support to teams.

• Profound comprehension of diverse interdisciplinary theories and their pragmatic implementations in the fields of cybersecurity and IT.

Work History: Cybersecurity and IT Specialist at Netherland Chiropractic Clinic from 2012 to 2014, at West Computers from 2014 to 2015, at UTI Healthcare Hospital from 2020 to 2021, and at Kelly Services from 2017 to 2020.

• developed and executed cybersecurity plans and protocols to safeguard firm systems and data from potential threats.

• Performed risk assessments and vulnerability scans to identify potential security vulnerabilities and suggest appropriate remedial measures.

• Worked with interdisciplinary teams to evaluate and resolve security events, ensuring timely resolution and minimum disruption to operations.

Summary of Qualifications:

I am an experienced office manager with sound information technology knowledge.

• Word, Excel, PowerPoint, Quick Books, Accounting, Payroll, Schedules, Dispatches, and Bookkeeping With expertise in a wide range of software applications and administrative tasks, I am able to efficiently handle tasks such as document creation and editing (using Word, Excel, and PowerPoint), financial management (including QuickBooks, accounting, and payroll), scheduling, dispatching, and bookkeeping.

• FERPA, Cloud, IOS, Compliance, Laws, Executive Orders, SOX, MAC, DAC, RBAC, and more. In addition to my ability in various software applications and administrative tasks, I am well-versed in FERPA regulations, cloud computing, IOS operating systems, compliance with laws and executive orders, as well as SOX, MAC, DAC, and RBAC protocols. This comprehensive knowledge allows me to effectively navigate and ensure adherence to relevant regulations and security measures in the workplace.

• I completed an Associate of Applied Business degree in Information Technology and recently completed an Associate of Applied Science degree in Medical Billing and Coding.

• Audit, Assessment, In, Assessments, Infrastructure, Compliance Computer Project Management, NIST With my background in IT and project management, I have experience in conducting audits and assessments, particularly in evaluating infrastructure compliance with NIST standards. My ability enables me to manage computer projects effectively and keep compliance throughout the process. Knowledgeable about ICD-9, ICD-10, CPT-2013, and HCPCS coding, as well as medical terminology, medical law, and anatomy and physiology

• Knowledgeable of all types of insurance, including Medicare, Medicaid, and third-party payers.

• Proven ability to accurately interpret medical records and bills for payment.

I have strong interpersonal and communication skills, superior customer service, am meticulous and organized, and have excellent prioritization and multi-tasking skills. FERPA, SOX, and other compliance laws are crucial for an office manager with information technology knowledge. These laws ensure the protection of sensitive information, such as student records (FERPA), financial data (SOX), and personal information (HIPAA). Understanding and adhering to these laws is essential for keeping confidentiality, privacy, and compliance within the organization.

Computer Proficiencies: Microsoft Office Suite (Word, Excel, PowerPoint, Outlook, Access); Beginner Level Java; Windows Office 365; Windows 2013; Unix; Linux; Cisco; WAN/LAN; TCP/IP These proficiencies are important because they allow the individual to be proficient in the most commonly used computer programs. Additionally, the advanced level of Java ability allows the individual to create custom software, and the Unix and Linux skills help the individual develop and keep complex networks.

Cisco OS software for phones and security Admin rights, policies, and emergency guidelines. We design and build database systems for business intelligence. Cisco OS software plays a crucial role in keeping security within an organization. It allows administrators to manage and control access rights, set security policies, and enforce emergency guidelines. Organizations can safeguard their network infrastructure against unauthorized access, data breaches, and other security threats by using Cisco OS software. Additionally, it provides advanced monitoring and reporting capabilities, enabling administrators to find and address any potential vulnerabilities in real-time.

Troubleshooting, DNS and IPV4-6 server configuration of Linus OS and Windows OS, NoSQL, SQL, limited programming language, waterfall design, SDLC lifecycles, Chen notations, and I: M, I: I, M: N relationships on Linux/Unix. Database systems play a critical role in business intelligence (BI) by storing and organizing vast amounts of data from various sources. They enable companies to collect, analyze, and extract valuable insights from this data, helping them make informed decisions and drive business growth. With the ability to query and manipulate data, BI professionals can create reports, dashboards, and visualizations that offer a comprehensive view of the organization's performance and find trends, patterns, and opportunities for improvement. In essence, database systems serve as the foundation for effective BI implementation, enabling companies to use data-driven insights for strategic decision-making.

I can configure and troubleshoot Android, iOS, tablets, notepads, and smartphones.

• Mentorship

• Theoretical and statistical mathematics Common configuration and troubleshooting issues on Android, iOS, tablets, notepads, and smartphones include connectivity problems, such as Wi-Fi or Bluetooth not working, app crashes or freezes, battery drain issues, device overheating, slow performance, and screen unresponsiveness.

• Access Control NIST Mentorship plays a crucial role in resolving configuration and troubleshooting issues on Android, iOS, tablets, notepads, and smartphones. By having an experienced mentor guide and support individuals, they can gain valuable insights, learn best practices, and receive personalized aid in tackling specific problems. This mentorship relationship helps to accelerate the learning process, enhance critical thinking skills, and ultimately improve the effectiveness and efficiency of resolving technical issues.

• Infrastructure design (WAN, WLAN, VLAN)

• Team Lead

• Technical writing skills are essential for a team leader. Clear and concise communication is vital for effectively conveying complex technical information to team members and stakeholders. Additionally, strong technical writing skills ensure that documentation and reports are correct and easily understandable.

• Microsoft Database Design; • Microsoft SQL Server Management Studio; • Microsoft SQL Server Integration Services.

• Excel; • Microsoft Access; • Microsoft Visual Studio.

• Disaster management plays a critical role in the context of technical work. It involves proactively finding potential risks and implementing measures to mitigate them, ensuring business continuity, and minimizing the impact of unforeseen events. In the realm of database systems and BI implementation, disaster management includes strategies such as regular data backups, redundancy measures, and disaster recovery plans to safeguard data integrity and ensure uninterrupted access to critical information.

• LIFO, Weighted Average, FILO In the realm of technical work, potential risks include system failures, data breaches, and human error. We can mitigate these risks by implementing robust cybersecurity protocols, conducting regular backups and data recovery tests, and providing comprehensive training to employees to minimize human error. Additionally, having a disaster recovery plan in place can help ensure business continuity if unforeseen events.

• Tech audits and controls Tech audit and control are crucial aspects of keeping the security and integrity of technical systems. It involves regularly assessing and checking the organization's technology infrastructure, finding vulnerabilities, and implementing proper controls to mitigate risks. By conducting thorough audits and enforcing strong control mechanisms, businesses can ensure compliance with regulations, protect sensitive data, and prevent unauthorized access to or misuse of technology resources.

• MGT. Info Systems Management Information Systems (MIS) play a critical role in supporting and enhancing the efficiency of technical work. They provide the tools and frameworks necessary to collect, store, analyze, and present data and information, enabling informed decision-making and strategic planning. With the integration of MIS into technical workflows, teams can streamline processes, improve collaboration, and perfect resource allocation for better overall performance.

• Database management system Database management systems (DBMS) are essential for organizing and managing structured data in technical work. They provide a centralized platform for storing, retrieving, and manipulating data, ensuring data integrity and efficient data processing. DBMS also offers features such as data security, data backup, and data recovery, which are crucial for keeping the reliability and availability of critical information in technical systems.

Skills: With a solid foundation in AI, machine learning, and innovative technology design, I have honed my ability in IoT and DDoS attack prevention, as well as understanding the variables of how they work within a system. I am knowledgeable about PMBOK principles and have valuable experience in procurement, project reports, and sponsor interactions. My technical skills include abilities in HTLM, SQL, Java, Java Script, and the ability to encrypt files with EFS. I have honed my skills in conducting vulnerability scanning through Nessus and using social engineering techniques to strategize an attack. Additionally, I have practical knowledge of using Ettercap for ARP spoofing, obtaining hardware information from a network adapter, and intercepting packets. I have experience in static routing, assigning various IP address classes, and utilizing SSL to generate a public/private key pair. The ability also extends to symmetric key encryption, web-based management scripting and design, and UML design. Moreover, I am adept at conducting qualitative and quantitative research and have the capability to create fishbone diagrams to analyze various situations. My vast skill set, and experience make me well-equipped to tackle the most complex challenges within IT and cybersecurity.

My experience in cybersecurity has enabled me to develop a deep understanding of various security protocols, such as symmetric key encryption and web-based management scripting and design. I can design and develop UML diagrams, as well as conduct quantitative and qualitative research to gather insights into complex situations. With my experience, I am confident in my ability to solve the most challenging problems in IT and cybersecurity.

1.AI review design, coding AI review design and coding by analyzing patterns, finding errors, and providing suggestions for improvement. This helps to streamline the development process, ensure code quality, and enhance the overall user experience.

2.Generative AI review design, coding, and Generative AI are all related to AI technology. AI review design involves using AI to review designs and code, Generative AI involves using AI to create new ideas and products, and AI coding involves using AI to create code.

3.Chat GPT Successful implementations of Chat GPT can be seen in various chatbot applications. For example, many companies use Chat GPT to provide customer support, answering often asked questions and guiding users through troubleshooting steps. Chat GPT is also used in virtual assistants, where it can understand natural language queries and provide relevant information or perform tasks on behalf of the user.

4.Machine learning AI review is a specific application of machine learning. Machine learning algorithms are trained to analyze patterns in design and code, enabling them to find errors and suggest improvements. By using machine learning techniques, AI review enhances the efficiency and accuracy of the review process, ultimately improving the quality of the final product.

5.Innovative technologies design and review

6.Innovative technologies for design and review are essential for staying ahead in a rapidly evolving technological landscape. By incorporating AI review and machine learning techniques into the design and review process, companies can ensure that their products are cutting-edge, efficient, and user-friendly, giving them a competitive edge in the market.

7.BI tools can complement AI review in the design and review process by providing valuable insights and data analysis. BI tools can collect and analyze large amounts of data, allowing designers and reviewers to make informed decisions and identify trends or patterns that may not be immediately apparent. By combining the power of AI review with BI tools, companies can gain a comprehensive understanding of their designs and make data-driven improvements for best results.

8.Cloud Data Cloud data storage and management are crucial components in the design and review process. Storing design files and code on the cloud allows for easy access, collaboration, and version control among team members. Additionally, using cloud-based data analytics tools can offer real-time insights and ease efficient decision-making during the design and review phases.

9.Leg tables Leg tables are a popular choice for both residential and commercial spaces due to their sturdy construction and timeless design. With various styles and finishes available, leg tables can complement any interior aesthetic and serve as a functional and visually appealing addition to any room. Whether used as a dining table, work surface, or gathering space, leg tables offer versatility and durability for everyday use.

10.IoT and DDoS attack prevention and the variables related to it. IoT devices can play a crucial role in preventing DDoS attacks within a system by continuously checking network traffic and finding any suspicious patterns or anomalies. By collecting and analyzing data from various IoT sensors and devices, potential attacks can be detected in real-time, allowing for immediate action to be taken to mitigate the threat. Additionally, IoT devices can be equipped with security measures, such as authentication protocols and encryption, to ensure the integrity and confidentiality of data transmission, further enhancing the overall security of the system.

11.EV, TA, AC Encryption and authentication protocols help to ensure that data sent from an IoT device is only accessible to the intended recipient and is not intercepted or altered in transit. Authentication protocols, such as two-factor authentication, also help to ensure that only authorized personnel can access an IoT device, while encryption algorithms help to protect data stored on the device from unauthorized access. Examples of encryption algorithms commonly used in IoT security include Advanced Encryption Standard (AES), Rivest-Shamir-Adleman (RSA), and Elliptic Curve Cryptography (ECC).

12.PMBOK Implementing two-factor authentication in IoT devices involves an added layer of security beyond just a username and password. This could include a unique code sent to a user's mobile device, which must be entered along with their login credentials to access the IoT device. By requiring this extra step of verification, the risk of unauthorized access to sensitive data or control of the device is significantly reduced, enhancing the overall security of the IoT ecosystem.

13.Procurement, Project Reports, Sponsors In the context of procurement, project reports, and sponsors, it is important to consider the security of IoT devices. By implementing encryption algorithms such as AES, RSA, and ECC, sensitive data related to procurement, project reports, and sponsorship can be securely transmitted and stored on IoT devices, minimizing the risk of unauthorized access and ensuring the confidentiality and integrity of the information. These algorithms help to secure the transmission and storage of data in IoT devices, ensuring that sensitive information is still confidential and protected from unauthorized access.

14.Fishbone Diagrams Fishbone Diagrams can be used as a tool to analyze and find potential security risks or vulnerabilities in IoT systems. By visually mapping out the various factors that contribute to the security of an IoT device, such as hardware, software, network, and human factors, Fishbone Diagrams can help organizations better understand the potential weaknesses in their IoT infrastructure and take appropriate measures to mitigate them.

15.HTLM /SQL program language HTLM and SQL are two essential programming languages in web development. HTLM (Hypertext Markup Language) is used to structure the content and layout of web pages, while SQL (Structured Query Language) is used to manage and manipulate databases. Understanding and using these languages effectively is crucial for developers to create dynamic and interactive websites with secure data storage and retrieval capabilities.

16.Java and Java Script program language Java and JavaScript are both widely used programming languages in web development. While Java is a versatile language known for its performance and scalability, JavaScript is primarily used for front-end development and adding interactivity to websites. Understanding the differences and capabilities of these two languages is essential for developers to create robust and user-friendly web applications.

17.Encrypting Files with EFS, AES. Encrypting files with EFS (Encrypting File System) and AES (Advanced Encryption Standard) involves several steps. First, you need to enable EFS on your Windows operating system and select the files or folders you want to encrypt. Then, you can choose AES as the encryption algorithm. AES allows you to select a specific key size, such as 128-bit or 256-bit, to ensure strong encryption. Once the encryption is applied, only users with the proper encryption certificate or key will be able to access and decrypt the files, providing an added layer of security for your sensitive data.

18.Conducting Vulnerability Scanning Using Nessus is a powerful vulnerability scanning tool that helps organizations find security weaknesses in their network infrastructure. By conducting regular vulnerability scans with Nessus, organizations can proactively find and address potential vulnerabilities, reducing the risk of cyberattacks and data breaches. Nessus provides comprehensive reports and recommendations for remediation, allowing organizations to prioritize and take appropriate measures to enhance their overall security posture.

19.Using Social Engineering Techniques to Plan an Attack Using social engineering techniques to plan an attack involves manipulating individuals into divulging sensitive information or performing actions that compromise security. Attackers may use tactics such as impersonation, phishing, or pretexting to gain trust and exploit human vulnerabilities. It is important for organizations to educate employees about social engineering risks and implement effective security measures to mitigate these threats.

20.Using Ettercap for ARP Spoofing Using Ettercap for ARP spoofing poses significant risks to network security. ARP spoofing is a technique used by attackers to intercept network traffic, allowing them to eavesdrop, change, or even inject malicious packets into the network. This can lead to various security breaches, including unauthorized access to sensitive information, man-in-the-middle attacks, and the potential for data manipulation or theft. Organizations should be aware of these risks and take initiative-taking measures, such as implementing strong network security protocols and regularly monitoring network activity, to mitigate the dangers associated with ARP spoofing using tools like Ettercap.

Obtaining hardware information for a network adapter Obtaining hardware information about a network adapter involves gathering details such as the manufacturer, model, MAC address, and driver version. This information is essential for troubleshooting network connectivity issues and ensuring compatibility with software and drivers.

Obtaining the ARP cache. To obtain the ARP cache, one must retrieve and examine the mapping of IP addresses to MAC addresses in a network. This can be useful for diagnosing network problems, finding potential security threats, and optimizing network performance.

The physical address of a LAN adapter A LAN adapter's physical address, also referred to as the MAC (Media Access Control) address, is a distinctive identifier that the manufacturer assigns. Devices on a network use it for identification, and it plays a crucial role in data transmission and network communication.

Intercepting packets the practice of intercepting packets involves the capture and analysis of data packets during their transmission over a network. You can do this for various purposes like network troubleshooting, security monitoring, or performance optimization. By intercepting packets, network administrators can gain valuable insights into network traffic and take proper actions based on the analysis.

Static routing Static routing is a network configuration method in which network administrators manually define the paths that data packets should take to reach their destination. Static routing provides more control and is beneficial in specific network setups that require fixed and predictable routes, unlike dynamic routing that uses algorithms to decide the best path.

Assigning different classes of IP addresses Assigning different classes of IP addresses allows for efficient IP address allocation across networks. The different classes, including Class A, Class B, and Class C, have varying ranges of available IP addresses, allowing network administrators to assign the proper number of addresses based on the size and requirements of each network. This helps prevent IP address exhaustion and ensures that each device on the network has a unique identifier.

Hijacking Using the Burp Suite Assigning different classes of IP addresses is an important task for network administrators because it allows for efficient IP address allocation across networks. By assigning the proper class based on the network's size and



Contact this candidate