Automation Engineer Cyber Security
Resume:
Summary
William is an experienced and impactful strategist. In his twenty years in information technology and security industry William has contributed to the growth and development of service and operational teams working with world class organizations, such as VISA, Amazon, General Motors, Apple, and PayPal. William’s contributions and accomplishments include intellectual property awards for inventions within the Fintech space for risk and severity mechanisms. William has a proven track record of identifying and developing talent while leading initiatives for process improvement and the implementation of automation to strengthen and mature business operations.
William holds a Master of Science Degree in Cyber Security Specialization in Information Assurance and Security from National University. Committed to continuous learning, William has achieved several professional certificates to enhance his knowledge and impact within the cyber security domain.
Professional Experience
AWS, FedRAMP Continuous Monitoring Manager May 2020 - Present
Manager of the U.S. ConMon FedRAMP department responsible for meeting compliance mandates from the Department of Defense, General Services Administration, and Department of Homeland Security braches of the federal government in accordance with required regulatory policies such as NIST SP 800-53r guidelines. Maximizing return on investment from AWS built tools and technologies. Reduce human tedium through the implementation of automation. Drive modernization across the organization through the identification of shared responsibilities between vulnerability management, incident response and continuous monitoring teams.
Spearheaded and developed the automation program for managing the Plan Of Action & Milestone (POA&M) lifecycle process. Identified and hired talent within established program budget to address developmental, documentation and policy tasks. Resulted in improved reporting accuracy, speed of delivery, and the development of a database platform for housing sensitive and restricted data. Oversaw the creation of a reporting dashboard, POA&M and Deviation Request database, automation of 85% of the POA&M ingestion and submission process. Matured overall level of service to the Joint Authorization Board resulting in increased customer trust.
Developed the process for tracking and implementing the Federal Information Processing Standard 140-2 (FIPS). This implementation consists of vulnerability management and endpoint security enhancement for third party entities. This is an ongoing strategic initiative aimed at the elimination of outdated TLS (Transport layer Security) encryption mechanisms (v 1.0 – 1.1). This initiative resulted in AWS achieving FedRAMP compliance.
Lorem ipsum dolor
VISA, Inc., Director of Third Party Security September 2015 – April 2020
Managed global team of third party security assessors for the purposes of analyzing and reporting the security posture of potential and current vendors.
Operated as trusted advisor spanning organizational lines to Visa verticals on security assessments and consulting engagements for Visa's Key control policy (primary security controls) and Visa's technical Security Policy (extended security controls with respect to the Payment Card Industry (PCI) and other regulatory bodies such as ISO, NIST, FFEIC and PCI DSS. Developed and Implemented severity identification mechanism that was adapted organizationally. This resulted in improved accuracy, enhanced security assessment reports (SAR) that included risk assessment and architectural reviews. Partner with internal and external legal teams, policy owners, and/or external regulators to fully understand and interpret the laws, regulations, and business policies, and program controls applicable to relevant org-level goals covered by your risk program.
Represent risk management programs to internal partners and external parties (e.g. audit firms, regulators).
Drive risk reduction while defining the risk strategy in relation to the business challenge(s), as well as driving partner teams to create, source, implement, and monitor/enforce program controls and testing mechanisms.
Provide long-term perspectives and context for risk related business and technology decisions, partnering with customers to determine what risk projects move forward and in what priority order.
Communicate verbally and in writing the status of the security program to senior level leadership and appropriate stakeholders.
General Motors, Automation Engineer June 2014 – September 2015
Development and validation of workflows.
Test and deploy automated workflows.
Install, uninstall version upgrades of HPOO and HPSA.
End to end debugging and provisioning of workflows during SDLC.
HP Server Automation Administrator. Completed 7 satellite builds.
Linux RHEL 5.7 Administrator
California Department of Motor Vehicles, Automation Engineer May 2012 – May 2014
Responsible for web sites vulnerability assessment and penetration testing. Performed risk identification and reduction tasks. Performed remediation of compromised applications and DMV web sites. Perform security reviews of application designs, source code and deployments as required, covering web applications and mobile applications.
Wins: Successfully reached 100% PCI-DSS compliance for CA DMV web application in 2013/2014.
Wins: 22% reduction in Cross Site Request Forgery successful attacks.
Education
Master of Science Cyber Security 2017
2-year course program focused on data security and information assurance. Cloud and on-prim security posture and policy enforcement were central to the course outcome.
B.S. Management Information Systems 2015
Course emphasized Linux and RHS operating systems hardening. Database schema development and network analyses for security awareness were foundational aspects of the program.
AWS Certified Cloud Practitioner 2020
SANS Data Privacy & Law 2020
Strategic Negotiations (UCD) 2021
GIAC Cloud Security Essentials (GCLD) 2022
AAS of Philosophy Ethics and Law 2007
Proficiencies
Security Governance Regulatory: Sarbanes-Oxley, HIPAA, NIST SP 800-53, ISO 27001/27002, GLBA, EU GDPR, CFAA, ECPA, COPPA, FISMA, PCI DSS, FTCA, FedRAMP
Systems Knowledge: Amazon Web Services (AWS - SaaS, IaaS, PaaS), Azure (SaaS), GCP (SaaS, PaaS), Nmap port scanning, BackTrack v5, Qualys Scanning, Burp Suite, Kubernetes, Docker Container, HP OpenView, HP Operations Orchestrator 10, HP Network Node Manager, HP NA
Contact this candidate