Information Security Risk Management
Resume:
Professional Summary
An IT and cyber security professional specializing in governance, compliance and risk management as well as infrastructure design and implementation. Adept at writing policies and procedures, as well se designing, implementing, and managing information security infrastructure.
Skills and others
Governance
Develop policies and procedures for IT and Security and Legal as it pertains to compliance and IT
Work with legal and other departments to ensure compliance Policy writing
Developed ethical standards and policies for IT and compliance
Developed standards for conflict resolution within IT
Write and manage SSP’s
Write and manage POA&M
Managed all IT resources
Risk Management
Perform risk assessments on systems and mitigated as needed
Perform risk assessments on processes and mitigated as needed
Performed risk assessments on software and mitigated as needed
Performed Risk assessments on hardware and mitigated as needed
Developed a Change Management Process
Compliance Standards
CMMC Level 3 (V1)
CMMC Level 2 (V2)
NIST 800-171
NIST 800-172
ITAR/EAR
DFARS
HIPAA
NISPOM
DIACAP
SAAS
Google Workspace
Microsoft 365
Microsoft Intune (Limited)
CISCO Meraki
Elastic SIEM
CrowdStrike
Carbon Black Defense
KnowBe4 Training
Abnormal Security
Citrix ShareFile
Virtru
DUO Security
Cisco Umbrella
PAAS
AWS (Limited)
MS Azure (Limited)
GRC Tools
Netwrix Auditor
Manage Engine
i2ACT
Qualys
Professional Experience
02/2025 - 04/2025
Sr. Security Analyst, Tek Systems for Roush Defense, Troy, Mi.
Assist in CMMC L2 Compliance
Review/Update Policies and Procedures
Assist in updating various controls related to SSP
Conduct Risk Assessments on various systems
Conduct GAP analysis on various IT systems
Migrate CrowdStrike from Government Cloud to Commercial Cloud
Monitor CrowdStrike for anomalies and detections
Develop CrowdStrike policies for Identity Management Protection
Configure CrowdStrike environment for 3 separate domains (Federal, Defense, Commercial)
Develop rules and policies for detection in CrowdStrike for various platforms, and groups
Perform GAP Analysis and mitigate those findings or give direction to other departments
Manage Change Management Process
Manage DUO Security
Write and manage a process for vetting software approvals for use in Roush Defense
Assist in mitigating various POA&M findings for CMMC L2
Monitor Elastic SIEM for anomalies and mitigate according to policies and procedures
Configure, manage, and monitor Cisco Umbrella and mitigate threats
Work with various IT teams to shore up defenses across the Roush Defense environment
Monitor various external security feeds for emerging threats and IOC’s and inform the various departments of those threats and recommend protection strategies.
08/2010 - 02/2025
IT Manager/Security Engineer, RedViking
Security Engineering
Develop security roadmap and budgets for the organization
Research, design, and implement security stack revolving around Fortinet, Cisco Meraki, and other technologies
Implement and manage all firewalls, traffic analyzers, EMS, and AV to include rules, policies, and access.
Manage all IDS and IPS rules and investigate detections
Investigate, Implement, and manage DUO Security
Investigate, implement, and manage Abnormal Security
Investigate, implement, and manage physical security controls
Implement and manage application control policies and controls at the firewall and AD Group Policy level
Implement and manage software and device restriction policies and strategies.
Implement and manage physical access security at the switch level.
Implement and manage DNS policies at the internal DNS and firewall level
Implement and manage all web filtering policies and controls
Perform threat management at the firewall level and throughout the network and endpoints to include containment and mitigation.
Build automation into firewalls, antivirus, and other detection systems
Monitor and manage logs at all levels of the security stack for internal and external anomalies and threats.
Investigate, implement, monitor, and manage EMS for detected vulnerabilities and patch management.
Monitor various external security feeds for emerging threats and IOC and build rules in the security stack to counter those threats.
Perform forensic analysis for detected anomalies and threats throughout the security stack.
Work with application and developer teams to build security best practices and access controls into their cloud ventures to include AWS and Azure.
Provides security analysis and guidance to the administrator team members.
Provide information security guidance to the organization at large concerning threats that may impact them or their family members in their private lives. An educated workforce is a safer workforce.
Implement and manage security and access controls for the organizations SQL databases which include Epicor ERP and the SolidWorks EPDM vault.
Author and Implement access control policies and procedures for AD Security Groups
Implement security and controls at the file and application server levels
Implement and manage security groups at the Active Directory level
Author and update all policies and procedures related to IT, security, compliance, and privacy.
Conduct all Information Security Training
Perform all risk assessments related to IT and compliance and mitigate as required
Perform GAP analysis and mitigate as required
Develop and implement Change Management Process
Develop and implement patch management policies and procedures
Implemented encryption solutions throughout the network to protect data in motion
Implement encryption standards at the SAN, server, backup, and workstation level
Implement data protection solutions as well as policies and procedures to protect data transmitted to customers, vendors, etc.
Worked with HR and other departments to ensure PII and other regulated data was protected
Develop and implement comprehensive controls to protect regulated government data, CUI
Develop and implement multi-layered data backup strategies
Develop, implement and manage all patch management strategies for all IT and other covered systems
Developed threat management policies and strategies
Develop solutions to protect SAAS solutions such as Google Workspace and Microsoft 365 and ensure those solutions were compliant with DFARS and CMMC compliance standards
Write SSP’s in accordance to CMMC and NIST compliance standards and the protection of CUI for government contracts.
Ensured compliance with all applicable Federal, state and local laws
Developed ethical standards within IT and security
USE various GRC tools such as NetWrix Auditor, Manage Engine, i2ACT
Conduct Phishing and other tests
Compliance Management
Write all policies and procedures for IT and compliance
Spearhead all efforts for NIST 800-171/800-172 compliance – SPURS Score 100/110
Spearhead all efforts for CMMC Level 2 compliance
Conduct all risk assessments associated with compliance
Write and maintain SSP for compliance reasons
Implemented Change Management process
Implemented Data Classification
Work with various departments to ensure their compliance with ITAR/EAR, DFARS, NIST, CMMC, ISO
Work with customers to ensure our compliance with their standards requirements
Develop and test Disaster Recovery Plan (DRP)
Develop and test Incident Response Plan (IRP)
Implement and conduct Security Awareness training activities
Conduct vulnerability analysis
Conduct regular user assessment activities to include Phishing test
Implement and manage various physical security controls to include badge reader system, camera system, and visitor management system.
IT Management
Work with corporate leadership to ensure IT and business objectives are aligned.
Develop annual budgets for IT and Compliance.
Research various technologies for infrastructure implementation
Research, evaluate, and engage various IT vendors
Design, implement, and manage the infrastructure
Backend management of Epicor ERP System
Manage Active Directory
Develop Baselines for workstations/Servers/Virtual workstations (Generally based off STIGS)
Consult with customer IT departments to assist with their issues, to ensure compliance
Physically perform cable runs, copper and fiber
Migrated to Google Workspace
Develop access controls for folders
Design folder structure for all data repositories
Design permissions structure for all data repositories
01/2010 - 08/2010
System Specialist II, Tyonec Native Corporation, Madison, Al.
Responsible for maintenance, analysis, troubleshooting and repair of computer systems, hardware and peripherals.
Documents, maintains, and upgrades and replaces hardware and software systems.
Works with other IT staff members to ensure all policies are applied consistently throughout the corporation.
Development of system images on a quarterly /semiannual basis and provide regular education to Tyonek personnel to ensure policies/procedures are understood.
Investigate policy violations and forensically investigate workstations as needed
12/2009 - 01/2010
INFORMATION SECURITY COORDINATOR/SENIOR ANALYST, EMCO Technologies, Madison, Al.
Company Overview: (NASA Contract)
Examine, write, or update Information Security Policies and Procedures.
Perform facility and infrastructure audits and risk analysis.
Write and present reports and suggestions based on findings to management.
Ensure the infrastructure is compliant with all NASA and other federal directives concerning information security.
Maintain knowledge of NIST 800-53 and FDCC standards.
Perform annual site security certification and accreditation audit.
Stay current on threats to security.
Work with the facility training coordinator to ensure help desk staff has appropriate knowledge of NASA information security standards and how to implement those standards.
Provide tier one support for end users at all NASA sites and facilities worldwide
Resolve hardware, software, and customer support issues.
Answers, evaluates, and prioritizes incoming telephone, voice mail, and E-mail requests for assistance.
Logs and tracks calls using problem management database (Remedy), maintain history records and related documentation.
NASA 85P security Clearance required.
(NASA Contract)
12/2008 - 12/2009
INFORMATION SECURITY COORDINATOR, VIVA Health, Birmingham, Al.
Responsible for the on-going management of information security policies, procedures and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational healthcare systems.
Worked within the NIST 800-53 as well as HIPAA compliance framework
06/2004 - 12/2008
Senior Help Desk Analyst, EMCO Technologies, Madison, Al.
Company Overview: (NASA Contract)
Provide tier one support for end users at all NASA sites and facilities worldwide
Resolve hardware, software, and customer support issues.
Answers, evaluates, and prioritizes incoming telephone, voice mail, and E-mail requests for assistance.
Logs and tracks calls using problem management database (Remedy), maintain history records and related documentation.
NASA 85P security Clearance required.
(NASA Contract)
05/2004 - 06/2008
Senior Help Desk Analyst, AC Technologies, Tuscaloosa, Al.
Company Overview: (Department of Veterans Affairs Contract)
Tier one support for end users with hardware and software issues.
Answers, evaluate, and prioritize incoming telephone, voice mail, e-mail, and in-person requests for assistance from users experiencing problems with hardware, software, networking and other computer-related issues.
Logs and tracks calls using problem management database (Remedy) and maintain history records and related documentation.
Requires excellent verbal and written communication skills
(Department of Veterans Affairs Contract)
Education
06/2021
Masters of Science, Information Assurance and Security specializing in Network Defense
Capella University, Minneapolis, MN
06/2014
Bachelors, Information Technology specializing in Information Assurance and Security
Capella University, Minneapolis, MN
2025 CMMC Candidate
2025 CCP Candidate
References
Kevin Butler – CFO/Manager at RedViking – 734-***-****
Kevin Presley – Compliance Manager – RedViking – 734-***-****
Josh Johnson – Information Security – NSK – 248-***-****
Dakota Samuels – CMMC Consultant – Lincoln Electric – 256-***-****
Tommy French – IT Project Manager (CMMC) – Lincoln Electric – 440-***-****
Dustain Ebaugh
256-***-**** • *******@*****.*** • Fowlerville, MI 48836
Contact this candidate