Risk Management Security Operations
Resume:
AARON ISAACS, PH.D
Pace, Florida ***** 859-***-**** *******@*****.***
https:/ / www.linkedin.com/in/aaron-isaacsphd
SUMMARY AND PROFILE
Accomplished CISO and Senior Security Compliance Analyst with 20+ years of experience in cybersecurity risk management, regulatory compliance, and enterprise security operations, delivering solutions for Fortune 500 companies, government agencies, and public sector organizations. Expertise in ISO 27001, SOC 2, PCI-DSS, CMMC, NIST CSF, HIPAA, GDPR, and FedRAMP. Proven success in risk assessment, security governance, and third-party risk management (TPRM). Skilled in implementing Security Operations Centers (SOC), Zero Trust models, XDR/SIEM deployments, and cloud security governance. PROFESSIONAL EXPERIENCE
Walden University
Contributing Faculty
11/ 2024 - Current
• Teach graduate-level cybersecurity and IT governance courses, focusing on risk management, compliance, and digital forensics.
• Advise capstone and dissertation committees, mentoring doctoral candidates on cybersecurity research, risk frameworks, and emerging security technologies.
VXI Global Solutions
Director, IT Security
08/ 2022 - Current
• Led enterprise-wide cybersecurity compliance programs for PCI-DSS, SOC 2, and ISO 27001, achieving zero non-conformities in audits and ensuring full regulatory adherence.
• Designed and implemented a risk management framework, overseeing enterprise-wide risk assessments that reduced security exposure by 40% through targeted mitigation strategies.
• Spearheaded the transition to XDR-based endpoint security, improving threat intelligence, reducing security incidents by 50%, and generating $750,000 in annual cost savings.
• Developed and institutionalized enterprise-wide security policies, integrating ISO 27001, NIST 800-53, and CIS Controls, fortifying cyber resilience across global business units.
• Implemented AI-driven threat detection and response strategies, reducing MTTD and MTTR by 40% through automation and machine learning analytics.
• Established and led a Third-Party Risk Management (TPRM) program, ensuring vendor compliance with ISO 27001, SOC 2, and CMMC, mitigating supply chain risks at a global scale.
• Presented security risk posture updates to executive leadership, aligning cybersecurity strategy with business objectives and financial risk assessments. University of the Cumberlands
Adjunct Professor
07/ 2021 - Current
• Teach online Information Security Management courses
• Develop and implement curriculum for new sections PCI Federal Services
Senior Security Analyst
03/ 2022 - 08/ 2022
• Conducted enterprise-wide security risk assessments, identifying and mitigating high-risk vulnerabilities, ensuring full alignment with NIST CSF, ISO 27001, SOC 2, HIPAA, and CMMC compliance standards.
• Led internal and external audits, proactively addressing compliance gaps before regulatory reviews, reducing non-conformities and streamlining audit responses.
• Collaborated with IT and security teams to develop remediation plans, improving security posture maturity scores by 35% through policy enhancements and risk-based controls.
• Developed and delivered targeted security awareness training programs, integrating phishing simulations and compliance workshops, reducing human-factor security incidents by 30%.
• Conducted third-party vendor risk assessments, ensuring SOC 2, ISO 27001, and CMMC compliance across suppliers, reducing supply chain risk exposure.
• Spearheaded the transition from enterprise antivirus to Endpoint Detection and Response (EDR), resulting in annual savings of over $275,000
• Enhanced security protocols, achieving a 40% reduction in incident response time and improving overall operational efficiency
Microsoft
Customer Engineer
05/ 2021 - 03/ 2022
• Advised Fortune 500 executives and security teams on implementing Microsoft security solutions, optimizing SIEM, XDR, and SOAR strategies to enhance cloud security postures.
• Led security workshops and deep-dive technical training on Microsoft Defender for Endpoint, Sentinel
(SIEM), and Microsoft 365 Security solutions, accelerating enterprise adoption and improving threat detection capabilities by 40%.
• Guided customers in Zero Trust security architecture implementation, integrating Conditional Access, Azure AD Identity Protection, and Endpoint Security policies, reducing unauthorized access attempts by 35%.
• Designed and optimized cloud security frameworks, ensuring compliance with FedRAMP, ISO 27001, NIST 800-53, and CIS Benchmarks across Azure and Microsoft 365 environments.
• Developed and delivered executive-level security assessments, helping enterprises remediate compliance gaps and align security controls with regulatory requirements.
• Provided hands-on technical guidance for XDR integrations, enhancing endpoint threat intelligence and reducing incident response times by 50%.
• Collaborated with Microsoft product teams, delivering real-world customer feedback on security product enhancements, leading to improved threat analytics and detection capabilities.
• Deployed and optimized Microsoft Defender for Cloud Apps, strengthening data protection and governance policies, improving DLP enforcement by 30% across global deployments.
• Assisted enterprise clients in securing hybrid cloud environments, integrating Microsoft Sentinel, Defender for Identity, and Azure Security Center for enhanced visibility and automated threat response. Jefferson County Public Schools - Louisville, USA
Chief Information Security Officer
08/ 2020 - 05/ 2021
• Replaced McAfee with Windows Defender, saving $200,000 annually
• Developed IR strategies, reducing resolution time by 30%
• Developed and executed the district’s first enterprise-wide cybersecurity strategy, aligning with NIST CSF, CMMC, and FERPA compliance mandates, enhancing the security posture for 100,000+ students and 18,000 staff.
• Led the implementation of multi-factor authentication (MFA) for 118,000 users, reducing unauthorized access attempts by 70% and strengthening identity security across faculty, staff, and students.
• Directed a full-scale transition to Zero Trust Architecture, implementing Conditional Access, Endpoint Security, and Network Segmentation, reducing attack surface risks by 45%.
• Spearheaded a district-wide endpoint security overhaul, replacing legacy antivirus with XDR solutions, reducing security incidents by 50% and saving $750,000 annually in cybersecurity costs.
• Optimized district-wide security operations by deploying Microsoft Sentinel SIEM and SOAR automation, reducing incident response times by 40% and improving cyber threat detection capabilities.
• Ensured full compliance with federal and state regulations, including FERPA, HIPAA, CIPA, and PCI-DSS, safeguarding sensitive student data and financial transactions.
• Led the modernization of third-party risk management (TPRM), enforcing ISO 27001 and SOC 2 security controls for edtech vendors, transportation, and food services, reducing vendor-related security risks by 35%.
• Designed and delivered cybersecurity awareness training for 18,000+ district employees, incorporating phishing simulations, compliance training, and incident response drills, reducing phishing-related incidents by 40%.
• Established a 24/7 Security Operations Center (SOC), implementing threat intelligence-sharing programs with state education agencies, federal law enforcement, and peer school districts, improving cyber threat response coordination.
• Presented quarterly cybersecurity briefings to the Board of Education, translating technical risk into business impact, securing $2M in funding for security modernization initiatives.
• Developed an enterprise-wide data loss prevention (DLP) program, enforcing strict access controls, encryption policies, and cloud security governance, reducing sensitive data exposure risks by 50%.
• Partnered with local law enforcement and federal agencies (FBI, DHS, CISA) on K-12 cybersecurity initiatives, improving district resilience against ransomware and emerging cyber threats. CisCom Solutions - Louisville, USA
Cybersecurity Officer
08/ 2018 - 07/ 2020
• Built and Managed Security Operations Center (SOC), safeguarding over 400 clients, reducing incident response time by 30%
• Led transition from legacy antivirus solutions to SentinelOne XDR, improving threat detection capabilities by 40% and reducing security incidents by 25%
• Migrated 3000 users to Microsoft 365, implementing MFA
• Leveraged Standard Information Gathering (SIG) questionnaires to assess cybersecurity practices, compliance, and vendor risk management, identifying and mitigating 15+ critical vulnerabilities across third-party vendors
E& H Integrated Systems - Louisville, USA
Enterprise Support Team Lead
02/ 2016 - 08/ 2018
• Led migration of 1000+ clients to Office 365
• Implemented Azure Backup, saving customers $12K annually
• Virtualized customer infrastructure cutting hardware costs by 75%
• Streamlined technical support, reducing MTTR by 35% Fayette County Public Schools - Lexington, USA
Computer Systems Analyst
07/ 2010 - 02/ 2016
• Managed and maintained 4,000+ school websites
• Configured web servers on Windows Servers with IIS L-3 Communications, Lockheed Martin - Lexington, USA Computer Systems Analyst
02/ 2005 - 07/ 2010
• Migrated SOFSA proxy to Microsoft ISA/ Forefront TMG,
• Led migration from Lotus Notes to Microsoft Exchange
• Optimized system performance, reducing downtime by 30%, ensuring compliance with DOD standards EDUCATION AND CERTIFICATIONS
University of the Cumberlands - Williamsburg 05/ 2021 PH.D., Cybersecurity, Digital Forensics
Sullivan University - Lexington, Kentucky
Microsoft Network Engineer Certificate
Eastern Kentucky University
Master of Music
Eastern Kentucky University - Richmond, Kentucky
Bachelor of Music Education
Certifications
ISACA CISM, Certified Information Security Manager ISACA CISA, Certified Information Systems Auditor
ISACA CRISC, Certified in Risk and Information Systems EC Council Associate Certified Chief Information Security Officer Microsoft Certified Trainer
ISACA ID, 1647462
ISC2 ID, 1193768
Microsoft Certified Professional ID, 5575779
Contact this candidate