Cyber Security Risk Management
Resume:
Houston, TX ***** • 806-***-**** • ady3vh@r.postjobfree.com •
linkedin.com/in/jonah-ashu-675a31228/
Jonah Ojong Ashu.
Vulnerability Manager & GRC specialist
Summary
● Solutions oriented and self-motivated Cyber Security professional /AWS Solutions Architect with 6+ years of experience in managing and configuring networks, infrastructure management, storage area networks, and implementing best practice to ensure compliance with NIST, HIPAA, SOC, PCI-DSS.
● I have provided Invaluable hands-on expertise with firewalls, network security, and database administration to several customers, handled day-to-day cyber security operation, coordination, in M/W Construction, cyber security advice for network Hardening to stay incompliance with different government regulatory policy framework mention above.(NIST,HIPPA, SOC,PCI-DSS). Received
$1,700,000million cyber security insurance policy by using the Minerva risk management platform to protect M/W Construction against ransom ware attack.
● Properly and efficiently management of $2.200,000million annual revenue targeted for overseeing cyber security projects and operational cost in Wal-Mart.
● Provide operational support for security operations such as endpoint protection, email security with encryption, vulnerability scanning, firewall configuration, DLP, IDS/IPS, VPN, encryption and cryptography, routers, network access control,proxy servers. Area of Expertise
● Senior Cyber Security Engineer & Vulnerability management
● Compliance such as HITRUST, HIPAA NIST and SOC. HTTP
● Phishing and social engineering Preventive measures
● Application security professional
● Cloud security professional
● Security analyst
● Cryptography professional
● IT Project Management
● Vulnerability Threats Management
● Risk Mitigation & Analysis
● Cyber Security Engineering
● Malware analyzer
● Security architecture engineer
● Leadership & Training
● Vendor Management
● IAM professional
● Risk and compliance.
● Cyber security and the law.
● Incident Response.
● Risk management and remediation.
● Penetration testing
● Network application engineer
● OSCP defensive security
Tools used include intrusion detection and prevention systems, Systems and application logs, SIEM, Antivirus software, file integrity checking software, Anti-spam software, firewalls, Network Analyzer Availability monitoring vulnerability scanners.
Software Skills
Microsoft sentinel.
Houston, TX 77045 • 806-***-**** • ady3vh@r.postjobfree.com • linkedin.com/in/jonah-ashu-675a31228/
Web proxy; force point zscale EDR (Carbon Black, Crowd strike,NGFW and intrusion detection and prevention solution,palo Alto cisco FTD Vulnerability management solution (Qualyst Tenable),Scripting language python and power Shell, SIEM
Technical Skills
● Penetration testing and Application Scanning,
● Guard Duty, Cloud Front, Dynamo DB, Cloud Watch, Docker Containers, EMR, Lambda, CI/CD, AWS Shield, S3 Glacier, Kubernetes, API, Amazon Macie, AWS Glue, GIT, Terraform, Jenkins, Cloud passage, SNS, SQS, VPC Peering, Transit Gateway, Athena, Quick Sight, Data-Pipeline,
● Amazon Redshift, OWASP, Route 53 Data sync, Step Function, OpenVPN, DNS, Log Analysis, Cloud Trail, Config, Python, Cloud Formation, Barracuda, Ansible, Dome9, Data-Dog Education
● Bachelor of Science: Biochemistry 09/2005
University of Yaoundé 1
Certifications
● CISA - (Certified) HARVARD UNIVERSITY ONLINE
● Cyber security risk management (Certified) HARVARD
● AWS Security Specialty – (Certified)
● CompTIA Linux+ - (Certified)
● AWS Certified Solutions Architect Professional (In-view) Work Experience
Wal-Mart – Houston, TX (Remote) - 07/2016 - Present Cyber Security and vulnerability manager
● Developed designs using extensive experience and knowledge of cloud service providers such as Amazon Web Services (AWS).
● Provided advanced support, troubleshooting, architectural design, and management of the overall health of infrastructure solutions.
● Security Management Working knowledge of DoD HBSS, ACAS, STIGs, and IA Vulnerability Management
(IAVM).
● Implemented automation, leveraging DevOps best practices for CI/CD, IAC, and Containerization.
● Maintained all leveraged services within a managed service environment.
● Worked in a fast-paced environment both independently and in a team.
● Migrated applications to the cloud, automation through various tools both AWS native and third-party.
● Designed, deployed and maintained enterprise class security, network and systems management applications within an AWS environment.
● Led the implementation of IAM architecture, processes, and governance; and also worked with various engineering teams to quickly enable SSO for POCs or production applications, enforcing SAML2.0 and OIDC and Federation, Privileged Account Management.
● Experienced with Static and Dynamic Application Security Testing (SAST/SCA/DAST) tools for automation of security system testing in Agile - Example vendors: SonarQube, Snyk, Synopsys, Veracode, Checkmarx.
● Built AWS CloudFormation using the Infrastructure as Code (IaC) approach. The environment was built following NIST 800-53 security guidelines, in compliance with the DoD SRG IL5 risk impact level.
● Assisted clients in the selection and tailoring of approaches, methods, and tools to support cloud adoption for secure migration of existing workloads to a cloud vendor. This may cover services such as tenant setup and service configuration focused on cloud cyber risk mitigation, IAM (e.g., PIM/PAM, MFA, Houston, TX 77045 • 806-***-**** • ady3vh@r.postjobfree.com • linkedin.com/in/jonah-ashu-675a31228/
SSO, Conditional Access), data protection (e.g., DLP, encryption, PKI), network security (e.g., firewalls, WAF), etc.
● Participated in architectural discussions with customers when building new and migrating existing applications on a multi cloud platform including both Azure and AWS cloud platform.
● Monitored resources and applications using AWS Cloud Watch including creating alarms to monitor metrics for services like EBS, EC2, ELB, RDS, S3
● Architected dev-test environment, utilizing Virtual Networks, VPN, Express Route/Direct Connect, V net/subnets, Network Security Groups, Load balancers.
● Encrypted Amazon RDS as an added layer of security.
● Recommended and managed transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs.
● Created and executed a strategy to build mindshare and broad use of AWS within a wide range of customers and partners.
● Supported the Cybersecurity Risk Management Lifecycle (RMF) mission by developing new methods to ingest compliance data and facilitate continuous monitoring.
● Designed for client opportunities in one or more AWS Competencies or general cloud managed services.
● Created a lift and shift process model clearly defining the individual steps of the lift and shift process.
● Designed and implemented monitoring and protection capabilities to help identify and protect against DoS attacks, MITM, EC2 instance compromise, secret compromise, etc.
● Managed SIEM tool and created Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts).
● Focused on containerization and immutable infrastructure.
● Experienced with "on-premises to cloud" migrations and IT transformations with the aid of AWS solutions, promoting the use of industry best practices, security frameworks, automation and standardization.
M&W Construction (Part time) – Houston, TX
Cyber security engineer
● Created and managed launch configurations for enterprise scale infrastructure.
● Leveraged Cloud security fundamentals to combat Cyber threats as they relate to the Cloud
● Implemented solutions for complex deployments in the Cloud leveraging AWS.
● Automated snapshot backup, stopping and starting EC2 servers using Ansible playbook I wrote.
● Manually built over 300 VPCs, creating both private and public subnets, security groups, network access lists and configuring internet gateways to drive traffic to VPC.
● Reviewed/Monitored entire environment and execute initiatives to reduce failures, defects, and improve overall performance.
● Provided incident management support on escalated trouble tickets when necessary.
● Deployed hundreds of Amazon Workspaces and App Stream 2.0 for end users.
● Conducted education/training sessions for AWS cloud services and offering guidance in infrastructure movement techniques including bulk application transfers within AWS cloud platform.
● Experienced using written Production-ready automation code to implement solutions with Puppet, Ansible, Cloud Formation, Terraform
● Designed production, staging, QA and development Cloud Infrastructures.
● Created solutions using PaaS with cloud platforms such as Azure.
● Managed AWS-provided portal account access credentials and privileges.
● Reviewed and evaluated current access routes, sites, vendor integration points, and security platform v integrations; recommended improvements and develop corrective strategies to improve security prior to implementation.
Houston, TX 77045 • 806-***-**** • ady3vh@r.postjobfree.com • linkedin.com/in/jonah-ashu-675a31228/
● Rotated IAM access keys regularly and standardize on a selected number of days for password expiration to ensure that data cannot be accessed with a potential lost or stolen key.
● processes that enable the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers.
● Inculcated Strong understanding of information processing principles and practices.
● Worked leveraging technical knowledge for networking, storage systems and computing platforms including Amazon AWS, .NET, Windows, and CI/CD pipelines.
● Ensured all IAM users have multi-factor authentication activated for their individual accounts and limited the number of IAM users with administrative privileges.
● Rotated IAM access keys regularly and standardize on a selected number of days for password expiration to ensure that data cannot be accessed with a potential lost or stolen key.
● Turned on Redshift audit logging in order to support auditing and post-incident forensic investigations for a given database.
● Encrypted data stored in EBS as an added layer of security
Contact this candidate