It Security Analyst
Resume:
IT Security Lead
************@*****.***
Albuquerque, United States
Tony
Humphries
Profile
I have been a successful security professional in a variety of settings serving from 150 to 10,000+ users. I have supported many different security applications, network technologies, hardware and software. I work well in a team and on my own initiative. I am confident managing others, leading projects and organizing the work environment and expectations to get the best out of the people I supervise. Employment History
IT Security Analyst II at New Mexico Mutual,
Albuquerque
11/2019—10/2024
Wide range of responsibilities, including:
Application security
Access controls
Security requirements for IT projects
Network scanning and vulnerability assessment
Business Continuity Planning and Disaster Recovery Business Impact Analysis
Security Training and Phishing campaigns
Incident Response (IR)
Data classification
Data loss prevention.
Splunk for SIEM (real-time monitoring and analysis). Major successes include:
Created and managed a new policy and procedure framework for IT Department which adhered to both NIST 800-171 and ISO 27001 standards. All policies are indexed, cross-referenced and compliant with regulatory requirements.
Led company efforts to update and implement new Business Continuity Planning and Business Impact Analysis programs for the organization.
Designed, configured and maintained new vulnerability management program, including regular scans of entire company environment and led remediation efforts for identified issues.
Installed, configured and maintained Data Loss Prevention system for data in transit and data at rest.
Led company-wide data classification initiative in conjunction with DLP.
Introduced monthly security bulletin program, distributed to all staff. Links
Linked In Profile
Skills
Problem Solving 5/5
Adaptability 5/5
Effective Team Leader 5/5
Communication 5/5
IT Security 5/5
Organization 5/5
Courses
CompTIA CASP+ at Online Bootcamp
02/2024—03/2024
Various security certifications at Proofpoint
09/2021—09/2024
GIAC Certified Forensic Examiner at GIAC
03/2016—04/2016
Interconnecting Cisco Network Devices at
Cisco
09/2010—09/2010
Certifications
CompTIA Security+, A+ and working
towards CASP+
BA (Hons) Business Administration, London
(Middlesex University)
Managed quarterly Information Security Training program, including content creation, distribution to all staff and reporting to C-level management.
Managed accompanying quarterly phishing campaigns including content design, targeting and distribution and reports to all management.
Introduced, configured and maintained LAPS (Local Administrator Password System) to company's Active Directory environment. This secured local admin passwords, limited access to Domain Admins and Techs and ensured that passwords were securely and randomly generated to company standards, and automatically changed every 30 days.
IT Security Analyst at UNM Medical Group,
Albuquerque
10/2015—11/2019
Vulnerability scanning
Patch management (WSUS & SCCM)
Infrastructure and vendor risk assessment
Security reviews and RFPs
Incident Response
Management of change requests
IT Policies and Procedures
Main achievements included:
Numerous successful Data Breach and other Forensic investigations and analysis
Regular vulnerability scanning/analysis, remediation/mitigation, and reporting leading to a vastly reduced attack surface Annual internal and external HIPAA, Security controls, and PCI related audits, assessments and reports leading to a consistently improving
Successful major update and roll-out across the environment of McAfee EPO and introduction of new encryption and DLP components. Project management of numerous Cybersecurity & IT/IS projects Development of new RFP and evaluation process
IT Security Analyst at UNM Hospitals,
Albuquerque
02/2009—10/2015
Provided Cybersecurity Analyst role for the UNM Hospitals, responsibilities: Conducted numerous forensic investigations/analysis Incident response
Administered McAfee EPO
Technical lead/project management on various projects Daily Monitoring/administration/troubleshooting
Subject expert for all levels of cyber-security requirements Regular and ad-hoc vulnerability scans and remediation, Authoring IT/IS/Cyber-security policy and procedures, Provided training and knowledge transfer to all levels of staff for Hospital operations,
Contact this candidate