Cyber Security Risk Management
Resume:
•**+ years combined experience in IT technology and cybersecurity field.
•10+consecutive years focused on cyber security.
•Cyber Security professional with experience in collaborative team management and concept development.
•Exceptional interpersonal skills with documentation and verbal communication abilities.
•Organizational service skills ensuring technical security planning, testing, verification, and risk analysis in accordance with security regulations, frameworks, and company needs.
•Experience executing network administration, cybersecurity administration, implementing audits, security assessments, risk management, security-related awareness and training, threat hunting and, ensuring safe environments through best practices following prolific cybersecurity frameworks. (NIST, COBIT, ITIL, ISO/IEC).
•Expert in Microsoft Office Suite including Excel, and use of Cyber Security Monitoring tools (i.e., pfSense Firewall Manager, Nessus, Nmap, Alien Vault, and Wireshark).
•Experienced investigating and analyzing Cyber Security events found in vulnerability scans and monitoring using Nmap/Zenmap, Hping 3, QRadar, Nessus to name the most prevalent.
•Experienced reporting Cyber Security events and issues found in vulnerability assessment scans through exhaustive documentation for stakeholders.
•Experienced with Cyber Security vulnerabilities and risks in computer networks as a means to reduce the threat landscape for multiple organizations.
•Performed security assessments and audits for compliance with the NIST Risk Management Framework on critical information systems to implement recommended security controls.
EDUCATION, CERTIFICATIONS, AND TRAINING
University of California at Berkeley
Berkeley, CA
EECS (Electrical Engineering Computer Science)
•Network+ (Certified), Security+ (Certified), EC-Council – Certified Ethical Hacker Server+ training
•CompTIA Security+ (Certified)
•Certified Ethical Hacker (CEH) training
•Azure Fundamentals az-900
•AWS Fundamentals
•Azure Security az-500
•AWS Security
•Certified Information Security Auditor (CISA) training
•Certified Information Security Manager (CISM) training
•Certified Information Systems Security Professional (CISSP) training
TECHNICAL AND REGULATORY SYSTEMS/PROTOCOL KNOWLEDGE/SKILLS
Security Evaluation
•Compliance Evaluation, Network Auditing, Risk Management, MBSA Monitoring
•Intrusion Detection Security Analytics
•Intrusion Prevention
•Penetration Testing
•FireEye Mitigation
•Mobile Protection Tools (MDM)
Cyber Security Tools
•Splunk, Nessus, Metasploit, LogRhythm, Nmap, Hping3, Telnet, Burp Suite, IDA Pro,
MDM Solutions, Cyber Kill Chain, Diamond
Model, Intrusion Detection Tools (e.g.,
Snort, pfSense Firewall Manager, Kali Linux, Alien Vault, ArcSight), Hardware and software firewalls (e.g. Comodo Firewall), Honeypot tools
(e.g., KFSensor), IDS/Firewall evasion tools (e.g. Traffic IQ)
Drop Box Admin Console (DLP investigation)
Framework and Compliance
•NIST 800 Series
•
•
•
•
• • • • •
•
•
•
•
•
•
•
Network/wireless sniffers (e.g., Wireshark,
Airsnort)
Port scanning tools (e.g., Nmap, Hping)
Vulnerability scanner (e.g., Nessus, Qualys,
Retina)
Vulnerability management and protection systems (e.g., Founds tone, Ecora)
Intrusion Detection Tools (e.g., Snort, FireEye)
Splunk Enterprise Security (SES)
Metasploit
pfSense Firewall Manager
Kali Linux
Alien Vault
Network Hardware and Software (e.g.,
Comodo Firewall, Cisco ISR, Cisco ASA,
Meraki, Cisco Smart Switches)
Honeypot tools (e.g., KFSensor)
Cloud security tools (e.g., Core Cloud Inspect)
Cryptography tools (e.g., Advanced Encryption
Package)
Cryptography toolkit (e.g., OpenSSL) XDR/EDR (e.g. MS ATP, SentinelOne, CrowdStrike)
•
•
•
•
•
•
• • •
•
Risk Management Framework (RMF)
HIPAA, SOC (1,2,3) FedRAMP, ISO
Enterprise Mission Assurance Support Service
(eMASS)
Owasp Top 10, Consulting on OWASP best Coding Practices, CVSS, CVE’s, CIS
Benchmarks
Enterprise Mission Assurance Support Service
(eMASS)
DoD Information Assurance Certification and
Accreditation Process (DIACAP)
PCI – DSS
ISO 27000 series
COBIT
HIPAA
WORK EXPERIENCE
Contra Costa Health, Matinez, CA(Hybrid)
Health Services Systems Analyst II (Cybersecurity) (08/2023-04/2024)
•Managing the central corporate computing complex
•Use MS Azure to manage a County Wide Area Network (WAN)
•Managing numerous Local Area Networks (LANs)
•Providing business and technical consulting services to departments and managers throughout the organization
•Spearhead IAM (Identity and Access Management) project to streamline process for personnel and asset tracking after dispersion/transition of workforce following Covid closures.
•Management, monitoring operations of SOC (Security Operations Center) < SIEM (LogRhythm), XDR/EDR ( sentinelOnE), security appliances Varonis, Extrahop, PAN)
•support of Epic, Sharecare, and mission-critical clinical, business, and operational applications.
•Consulting, planning, implementing, and organizing activities relating to enterprise-wide application selection, deployment and optimization, and training
•reviewing, analyzing, and evaluating system and/or service requests using structured techniques and methodology
•managing all or portions of a project from the initial fact-gathering meeting, through post-implementation review
•developing and maintaining training environments and materials; and providing role-based education such as Wombat for phishing campaigns
•Leveraging Security appliances to create, manage and utilize metrics for inventory tracking and data security. Performing Data gathering for DLP and possible exfiltration incidents
Fannie Mae, Reston, VA(Remote)
Security Engineer/ Architect with AWS (11/2021–08/2022)
•Utilized Slack for instant messaging between team members and clients.
•Focus on AWS Cloud security, Planning, Design, Road maps, POC implementations for AWS Cloud technologies.
•Worked with AWS security services, and ELB, ElastiCache, CloudWatch, CloudTrail, S3, Lambda, Kinesis, App Mesh.
•Worked with security standards for REST standards and best practices.
•Worked with Frameworks NIST and FEDRAMP for SOX compliance.
•Consulted on Security Best practices (OWASP top 10) to ensure continued compliance throughout project.
•Worked with DevOps principles and technologies for IaC (Palo Alto Networks).
•Maintaining ACL, Security Groups and firewall configurations
IBM, Austin, TX (Remote)
Cyber Security Engineer (01/2021–07/2021)
•Utilized Slack for instant messaging between team members and clients.
•Utilized ServiceNow to process incidents from alert to resolution or escalation as necessary.
•Used QRadar (proprietary application) for incident investigation.
•Applied Microsoft ATP (EDR) for incident investigation.
•Used Crowdstrike Falcon (both crowd and on prem) for incident investigation.
•Used XDR tools for threat detection and investigation of cybersecurity incidents/occurrences
•Used Microsoft Azure for user/asset tracking. • Utilized IBM inventory for user/asset tracking.
•Leveraged DropBox Administrator console to perform data transfer monitoring and DLP
•Used BeeKeeper for user/asset tracking and monitored assets using Armis Dashboard.
•Worked with Mixed Address Database (MAD) for user/asset tracking.
•Used Virus Total for investigation of Malware.
•Used X -force Exchange (proprietary) for investigation of Malware.
•Used Threat Connect for investigation of Malware.
•Used Proofpoint Targeted Attack Protection (TAP) to prevent/respond to email-based attacks.
•Tracked status of personal tickets using MS Excel.
•Utilized IBM Notes for email and ran network reporting using Kibana.
•Utilized Jamf Pro Dashboard to manage Apple devices in the environment.
•Used explainshell investigate utility to decode and modify Linux Shell Scripts.
•Used IP void for IP address investigation (blacklist, whitelist, reporting).
•Used Cisco umbrella to manage/investigate user VPN usage/issues.
•Applied the entire FISMA Risk Management Framework (RMF), and system control assessment processes using NIST SP 800-60, NIST SP 800-53A, preparing and reporting SSP, SAP, PTA, P.I.A., E- Authentication ST&E (Security Test & Evaluation), POA&M.
•Worked with Splunk to extract relevant data from machine logs.
•Directly responsible for analyzing and implementing Cybersecurity (IA) requirements into accreditation packages that meet accreditation standards improving product security and overall security posture
•Provided assessment reports on the severity of findings/weaknesses and recommend corrective actions for mitigating vulnerabilities and exploits to the information and information system.
AT&T (Lenovo), San Ramon, CA
IT Security Engineer (07/2016–01/2021)
•Investigated and responded to Tier 1, 2, and 3 alerts from ArcSight SIEM.
•Cross-referenced alerts from other sources against ArcSight to rule out false positive and false negatives.
•Designed metrics to assess how long before an alert is triggered vs. how much time it took to be placed in the queue for proper incident responses.
•Using ArcSight, information such as the source IP, ports, payload and destination address, gave insight as to how to create a response action plan in the event of a real-time incident.
•Devised a playbook for tabletop exercises on how to respond to hypothetical incidents.
•Assisted in the architecture of how to configure Splunk for threat feeds alongside ArcSight and Sourcefire.
•Experienced in working with AWS SME cloud security.
•Used XDR tools for threat detection and investigation of cybersecurity incidents/occurences
•Used Sourcefire IDS to inspect packets and payloads that triggered ArcSight alerts.
•Install anti-malware, HIDS, host-based firewalls, MDM, DLP and monitoring software on various devices.
•Used the Cyber Security Kill chain as part of the Intelligence driven defense initiative initiated during the merger at AT&T. It provided greater visibility for identification and prevention of cyber intrusions/malicious activity.
•Throughout my tenure have been involved in all steps from initial reconnaissance through intrusion and exploitation, privilege escalation, lateral movements, obfuscation, and exfiltration.
•Used MITRE ATT&CK as a framework for performing penetration testing on systems/networks prior to adding them to the existing environment.
•Use Nessus to provide information on vulnerabilities that were at risk of being exploited and allowed for patching, mitigation or elimination of discovered risks improving the security posture of the organization.
•Reworked enterprise IAM policies and procedures to ensure access for Bus and new user groups being added to the environment, while performing access audits during business transition to ensure continuity of security posture.
•Employed FireEye sandboxing solutions where added to the AT&T environment to allow for Dynamic malware analysis.
•Gained insight into company’s threat intelligence portfolio during assessment of inclusion into security environment, native managed vs SaaS based solution.
•Provide high-level consultation and security analysis for best practices on safeguard data across several interoffice departments (e.g., H.R., Finance, R&D, I.T., Coding, Risk Management)
• Mobile apps and embedded IoT (including cryptographic primitives for security)
•Consulted newly acquired business units on security requirements for maintaining security posture during transition into the environment.
•Utilized CrowdStrike Falcon Platform by providing endpoint security with antivirus solutions (falcon prevent), Threat detection and Response (falcon insight) and device control (falcon Device control).
•Cloud native endpoint protection allowed for scalability and real-time threat intelligence, combined with security and IT operations to provide security platform that was robust and lightweight.
VA Hospital, San Francisco, CA
Sr. Cyber Security SOC Analyst, (05/2011-07/2016)
•Administered Cyber Security continuous monitoring information security program per NIST framework.
•Worked as part of Cyber Security incident Response team as needed, following SOC Incident Response procedures.
•Investigated and resolved Cyber Security incidents and events per SOC team policy and procedures.
•Utilized Splunk dashboards for Cyber Security incident reports in Splunk and helped create automated reports for greater understanding of, and accountability for, Cyber Security issues and Incident Response Plan and Continuous Monitoring in accordance with NIST 800 series guidelines. Used WireShark to troubleshoot and investigate Cyber Security threats.
•Responsible for troubleshooting various indexing issues by analyzing Splunk logs such as splunkd.log, metrics.log ingested as internal index.
Automated Cyber Security analysis workflow regarding endpoint detections, sandbox results, email scanning.
•Detected Cyber Security events and reported on any and all threats that are directed against systems regardless of classification level or type.
•Reviewed audit logs and provided Cyber Security documentation guidelines to business process owners and management.
•Conducted Cyber Security Awareness Training with SOC Team for all end-users and management.
•Evaluated the adequacy of Cyber Security Programs against NIST guidelines and industry best practices.
•Work with SOC team to provide 24/7 Cyber Security coverage, responding to any and all alerts per SLAs.
•Stayed abreast of current updates and patches, and ensued all systems were maintained and tested post update/patch implementation.
Bank of America, San Francisco, CA
Security Deployment Engineer,(07/2005-05/2011)
Provided tier 2-3 desktop support, (Windows, Mac, and Linux) to clients both onsite as well as remotely
UC Berkeley, Berkeley, CA
Network Technician, (09/2002-05/2005)
Provided tier 2-3 desktop support, (Windows, Mac, and Linux) to student organizations
Contact this candidate