Information Security Incident Response

Lamont Robertson 773-***-**** / ********@*****.***

Cybersecurity Professional https://www.linkedin.com/in/lamont29

Recognized cybersecurity leader with a distinguished 20+-year career directing complex, business-critical IT and security operations. Proven practitioner in developing and implementing security policies, risk management strategies, and control frameworks, including ISO 27001, NIST, and ITIL. Known for identifying and mitigating risks to protect data integrity, user privacy, and network infrastructure. Demonstrated success in managing teams, overseeing incident response, and driving security awareness programs. Proficient in streamlining processes and implementing cost-saving operational improvements. Skilled at fostering stakeholder relationships and delivering training to enhance organizational cybersecurity knowledge and resilience.

Areas of Expertise

Vendor Security Assessment

Business Continuity Planning

Security Auditing

IT Project Management

Network Security

Security Awareness Training

Incident Response

Security Policy Development

Cybersecurity Management

Cloud Security testing & auditing

Financial Sector

Government / Military

Professional Experience

Bank of America, Chicago, IL October 2024 – Present

Sr. IT Security Consultant (contractor)

Analyzed and interpreted complex laws, rules, and regulations (LRRs) within a regulated environment, ensuring alignment with organizational information security policies.

Provided legal and regulatory guidance on firm policies, procedures, and guidelines, mitigating risks and ensuring compliance.

Conducted in-depth analysis of data and trends, identifying insights to inform policy development and communicate statistical predictions to stakeholders.

Collaborated effectively with senior leaders, legal counsel, and technical SMEs throughout the IT policy governance lifecycle.

Deconstructed intricate processes to identify and validate adherence to LRRs and policies, driving continuous improvement.

Prioritized and addressed the needs of diverse stakeholders, providing solutions, resolving problems, and delivering exceptional customer service.

Leveraged past knowledge and experience to define effective solutions and action plans, fostering a strong security posture.

Computer Training Source, Chicago, IL March 2018 – Present

Cybersecurity Instructor (part-time)

Established and deployed training plans and course materials for various cybersecurity certifications including CompTIA Security+, Project+, Network+, A+ and Microsoft Office certifications. Leveraged Learning Management System technology to track student progress and facilitate feedback. Consulted with CEO on relevant prerequisite and feeder training courses for advanced levels, effectively managing student training requirements and career progression.

Created and implemented a comprehensive training program for Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP) based on (ISC) common body of knowledge.

Developed and delivered training courses for achieving ISACA Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) certifications.

Provided individualized instruction and feedback to enhance student understanding and performance in cybersecurity courses.

Maintained "Very Good" rating on Trustpilot, reflecting high levels of student satisfaction

SAIC, Hines, IL June 2022 — October 2024

Cybersecurity Operations Center Manager

Oversaw a team of 50+ cybersecurity experts across three distinct locations at the Veterans Administration, ensuring consistent cyber incident response and strategic security objectives. Led multidisciplinary team in carrying out effective cyber incident responses. Developed and maintained government agency-specific incident response procedures and security SOPs. Developed and utilized incident response use-case workflows, SOPs, and Playbooks to guide the team through established and repeatable processes for triaging and escalating. I also managed cybersecurity incidents from containment to eradication.

Executed bi-weekly cyber incident response activity metrics reports, providing valuable insights into security status and areas for improvement.

Enhanced security incident validation through analysis of event data, investigation reports, and forensic analysis reports.

Implemented framework for repeatable generation of after-action reports to identify strengths, weaknesses, and areas for improvement.

Developed improved metrics recommendations to aid leadership in preventative actions and improvements.

Utilized Cyber Threat Framework to characterize, categorize, and classify incidents based on incident details.

Monitored various security tools such Microsoft MDE, Microsoft Sentinel, SIEM, Splunk, Sourcefire, Cisco ASA to identify potential incidents and cloud and network intrusions.

Led and contributed to AAR sessions to develop more effective governance policies

Bank of America, Chicago, IL December 2021 – June 2022

Third-Party Assessor

Directed implementation of global strategy to strengthen security posture of Bank of America by conducting on-site security assessments of high-risk third-party vendors. Evaluated vendors' security postures based on specific control test processes and techniques. Successfully communicated project and justified need for key IT controls to both technical and non-technical stakeholders. Demonstrated expertise in wide range of information security domains to promote process improvements.

Led execution of security assessments, reducing client and business impact, and protecting liability risk while maintaining client confidence.

Utilized knowledge across various information security domains to identify and mitigate risks in business continuity and information security control gaps during third-party assessments.

Identified, analyzed, and remediated control gaps in third-party security architectures, networks, and products, communicating risks that require remediation or mitigation to all stakeholders

Bank of America, Chicago, IL December 2021 – June 2022

Remediation Assessor

Conducted assessments of information security risks for third-party vendors and communicated identified control gaps to guide business partners through company's security requirements. Strengthened company's security posture through development and implementation of programs focused on visibility and monitoring, training and awareness, and operations and process. Led presentation of security posture during bi-monthly Executive Security Briefing attended by senior leadership including CEO, CFO, CIO, CDO, General Counsel, and others. Developed company-wide security awareness program and created Security Accountability Lifecycle playbook to clarify training expectations and responsibilities for employees.

Initiated shift in company culture towards improved daily routines and security practices by overseeing creation of company-wide security communications.

Pioneered application security framework integrating DevSecOps into CI/CD pipeline and based on industry security standards such as OWASP, NIST, ISO, and others.

Ensured compliance with ISO 27001, SOC 2, HIPAA, and PCI DSS through successful completion of independent attestations.

Expanded technical security controls by leading implementation of Threat Intel, DLP, SAST/IAST/DAST, and Credential Management.

Cook County Government, Chicago, IL April 2019 — September 2019

Manager of Information Security

Directed information security governance structure at Cook County Government, collaborating with various organizations on approach to information security in line with risk management approach and compliance monitoring. Managed network security, application security, perimeter security, and vulnerability management. Led team of professionals, including Senior Information Security Specialists, Information Security Specialists, Information Security Analysts, and vendor contractors, ensuring completion of regular reports on status of information security program to senior management, enterprise risk teams, and department leaders.

Improved security posture of Bureau of Technology by managing network monitoring and incident response capabilities.

Developed and enhanced up-to-date information security management program based on ISO 27001, NIST Cyber Security Framework and other applicable standards.

Managed budget for security operations center, handling forecasting, requests, defense, procurement, and budgeting.

Analyzed network, application, and firewall architectures against best practices and provided recommendations to ensure alignment with Bureau of Technology's standards.

Provided executive reports to senior management, informing them about security and IT project status throughout lifecycle.

Chicago Public Schools, Chicago, IL March 2018 – April 2019

Security Operations Team Lead

Directed and coordinated security initiatives among various business units to meet objectives of Chicago Public Schools. Led team of security engineers and analysts, overseeing implementation of Palo Alto NGFW and Web Application projects. Enhanced cyber threat hunting capabilities by deploying enterprise security tools. Reviewed and developed policies, standards, procedures, and guidelines for Governance, Risks, and Compliance. Managed network and security infrastructure across 640 remote sites and three data centers, providing services for over 600,000 users and nodes.

Cultivated secure and efficient network environment by managing migration from CheckPoint FW to Palo Alto NGFW.

Instituted F5 Web Application Firewall (WAF) to secure public-facing applications, thereby minimizing potential security risks.

Provided comprehensive guidance on Governance, Risk, and Compliance for agency and vendor contracts, ensuring alignment with NIST, GDPR, HIPAA, FERPA, PCI-DSS, ISSRA, and other legal and regulatory guidelines.

Optimized incident response processes to ensure prompt and effective handling of security threats.

Adopted various security tools, such as Splunk, Palo Alto NGFW, WAF, Cloudlock, Nexpose, Service Now, McAfee, Trend Micro to monitor and manage network security.

Led and contributed to AAR sessions to develop more effective governance policies.

Additional Experience

IT Contractor, On Sight Technology, Chicago, IL

Information Systems Officer, United States Army, Fort Dix, NJ

Information Systems Officer, United States Army, St. Louis, MO

Education

PhD in Information Technology

University of The Cumberlands, Williamsburg, KY

Master of Business Administration in Project Management

Columbia Southern University, Orange Beach, AL

Master of Science in Cyber Security

DePaul University, Chicago, IL

Master of Science in Criminal Justice

Troy University, Troy, AL

Master of Arts in Information Technology Management

Webster University, Jacksonville, FL

Bachelor of Arts in Political Science

University of Arizona, Tucson, AZ

Associate of Applied Science

Harold Washington, Chicago, IL

Industry Certifications

CISSP, (ISC)2, 621058 3/2018 - 03/2027

CISA, ISACA, 17142540 9/2017 - 01/2028

CISM, ISACA, 1737045 7/2017 - 01/2027

CDPSE, ISACA, 2003228 6/2020 - 1/31/2027

C CISO, ECCOUNCIL ECC8974652130 9/2020 - 9/2026

CCSP, (ISC) 2621058 11/2022 - 11/2025

CRISC, ISACA, 1926600 4/2019

CEH, ECCOUNCIL ECC7283901456 7/2020 - 7/2026

CEI, ECCOUNCIL ECC7283901456 7/2020 - 7/2026

PMP (PMI), 2976506 1/2021 - 1/2027

Network+, CompTIA, COMP10143468 NO EXP

A+, CompTIA, COMP10143468 NO EXP

MCSE, Microsoft 11/1998 – NO EXP

CyberArk, CyberArk 2/2021 – NO EXP

Security+, CompTIA, COMP10143468 03/2017 - 03/2027

AWS, Amazon AWS (CLF) HR5DCNY1TN1EQ797 10/2022 - 10/2025

Contact this candidate