Risk Management Incident Response

SULAIMAN “SOLOMON” EBADI

206-***-**** *******.*****@*****.*** United States https://www.linkedin.com/in/solomon-ebadi-cissp/ Profile

Cybersecurity professional specializing in Governance, Risk, and Compliance (GRC), risk management, and regulatory adherence. Proficient in incident investigation, policy development, and cybersecurity program management, with a strong focus on aligning security strategies with business objectives. Adept at cross-functional collaboration, stakeholder engagement, and driving process improvements to enhance security posture. Committed to optimizing security frameworks, strengthening compliance initiatives, and promoting cybersecurity awareness, while delivering exceptional service and fostering a culture of security resilience. PROFESSIONAL EXPERIENCE

Cybersecurity Engineer - GRC

Jet Support Services Chicago, IL August 2024 – Present

● Incident Response & Coordination – Served as the primary liaison for security incidents, orchestrating response efforts across internal teams and external vendors. Led triage, investigation, and resolution activities, ensuring timely remediation in compliance with cybersecurity protocols. Documented lessons learned to enhance incident response strategies and improve organizational resilience.

● Cybersecurity Leadership & Program Management – Directed enterprise-wide cybersecurity initiatives encompassing email security, endpoint protection, server hardening, and network security. Spearheaded the deployment and optimization of security technologies, including firewalls and intrusion detection/prevention systems, aligning them with organizational risk management strategies to mitigate threats.

● Risk Assessment & Compliance Management – Conducted cybersecurity risk assessments to ensure compliance with industry standards such as SOC 2 and PCI-DSS. Managed security audits, collaborated with third-party vendors to validate security controls, and facilitated evidence collection to support regulatory and contractual obligations.

● Security Framework Implementation – Supported the adoption and integration of the NIST Cybersecurity Framework (CSF) to enhance risk management practices, strengthen security postures, and maintain regulatory compliance.

● Vulnerability & Risk Management – Led vulnerability assessments to identify, analyze, and remediate security risks. Established Service Level Agreements (SLAs) and Key Performance/Risk Indicators (KPIs/KRIs) to measure security effectiveness, enforce accountability, and drive continuous improvement.

● Governance, Risk & Compliance (GRC) Strategy – Developed and implemented GRC frameworks and policies, ensuring alignment with regulatory requirements and industry best practices. Facilitated security audits, collaborated with cross- functional teams, and reinforced governance structures to enhance compliance maturity.

● Policy Development & Incident Planning – Strengthened cybersecurity policies and procedures, leading initiatives such as Incident Response planning, Vulnerability Management Programs, and AI governance policies to bolster security operations.

● Stakeholder Engagement & Risk Communication – Translated complex cybersecurity risks into actionable insights for technical and non-technical stakeholders, fostering informed decision-making and security awareness at all organizational levels.

● Cybersecurity Awareness & Training – Designed and delivered engaging security awareness programs incorporating interactive elements and gamification techniques to improve knowledge retention and mitigate human risk factors.

● Third-Party Risk Management – Led third-party risk assessments to evaluate vendor security postures, enforce contractual compliance, and mitigate supply chain risks. Ensured vendor security practices aligned with organizational risk management frameworks and regulatory obligations.

Cybersecurity Analyst

Regency Centers Jacksonville, FL December 2022 – June 2024

• Policy Development & Compliance Management – Authored, maintained, and enforced IT cybersecurity policies, procedures, and playbooks aligned with NIST CSF, ISO 27001, PCI DSS, and SOX to ensure regulatory compliance and audit readiness.

SULAIMAN “SOLOMON” EBADI *******.*****@*****.*** Page 2 of 4

• Cybersecurity Frameworks & Risk Management – Assessed and enhanced security controls by applying NIST CSF, ISO 27001, SOX, and PCI DSS frameworks. Identified compliance gaps, implemented risk mitigation strategies, and strengthened organizational security resilience.

• Threat Detection & Security Monitoring – Managed and optimized SIEM, IDS/IPS, Firewalls, EDR, XDR, and antivirus solutions to enhance real-time threat detection, incident investigation, and response. Refined security configurations and monitoring strategies to improve threat intelligence and anomaly detection.

• Incident Response & Investigation – Led Tier 1 and Tier 2 incident response, conducting root cause analysis, coordinating with IT and security teams, and ensuring rapid remediation. Continuously refined response procedures based on lessons learned to enhance incident handling efficiency.

• Vulnerability & Patch Management – Executed enterprise-wide vulnerability assessments, prioritized risk-based remediation, and collaborated with stakeholders to ensure timely patching within SLAs. Developed and enforced structured vulnerability management policies to mitigate security risks.

• Third-Party Risk & Compliance Assessments – Managed third-party security evaluations using CyberGRX, ProcessUnity, and BitSight, streamlining vendor risk assessments, documenting findings, and ensuring compliance with security standards and regulatory frameworks.

• Stakeholder Engagement & Risk Communication – Fostered collaboration between security, IT, compliance, and business teams to align security initiatives with organizational objectives. Delivered clear, risk-based reports to senior leadership and key stakeholders.

• Proactive & Adaptive Security Strategies – Pioneered an automated threat detection system utilizing and machine learning, identifying and neutralizing 100+ high-risk vulnerabilities monthly, reducing potential data breaches by 40%.

• Security Awareness & Training Programs – Designed and delivered interactive cybersecurity awareness programs via KnowBe4 and Ninjio, integrating gamification techniques to improve user participation and reinforce security best practices.

• Cybersecurity Controls Assessment & Optimization – Evaluated security controls for effectiveness and alignment with industry standards, regulatory requirements, and best practices. Provided strategic recommendations to enhance security posture and ensure continuous compliance.

Cybersecurity Engineer

Jacksonville Transportation Authority Jacksonville, FL May 2020 – December 2022

● Cybersecurity Strategy & Compliance Management – Developed, implemented, and maintained a cybersecurity strategy aligned with NIST CSF and ISO 27001 to safeguard against unauthorized access, data manipulation, and destruction. Collaborated with internal and external audit teams to address compliance challenges and maintain regulatory adherence.

● Security Policy Implementation & Risk Management – Assisted in implementing security policies and standards, conducting risk evaluations, and providing strategic recommendations to enhance security posture. Developed Standard Operating Procedures (SOPs) and cybersecurity guidelines to strengthen governance and ensure policy enforcement.

● Threat Monitoring & Incident Response – Monitored security tools, including Firewalls, IDS/IPS, SIEM, Email Protection, Endpoint Security, and Anti-Malware, for potential threats. Investigated phishing, ransomware, DDoS, vishing, and privilege escalation incidents, recommending remediation strategies and escalating threats as required.

● Security Technology Assessment & Deployment – Researched, evaluated, and deployed security technologies to enhance performance, reduce costs, and meet compliance requirements. Assisted with configuring and integrating DUO (MFA/SSO) and LogRhythm (SIEM) while supporting patching automation and change management.

● Vulnerability Management & Security Assessments – Conducted internal and external vulnerability scans across critical and non-critical assets, generating detailed risk reports to drive remediation efforts. Ensured baseline security compliance for Windows (Win 10/11, Windows Server) and Mac environments, enforcing security best practices.

● Cybersecurity Awareness & Training – Developed and delivered cybersecurity awareness programs to employees and cross- functional teams, fostering a security-conscious culture and enhancing incident response preparedness. SULAIMAN “SOLOMON” EBADI *******.*****@*****.*** Page 3 of 4

● Identity & Access Management (IAM) & Business Resilience – Conducted security assessments, IAM reviews, and risk evaluations, providing actionable insights to mitigate access-related threats. Supported Business Impact Analysis (BIA), Disaster Recovery Planning (DRP), and Cyber Incident Response Planning (CIRP) to strengthen organizational resilience. Network Engineer

Jacksonville Transportation Authority Jacksonville, FL Feb 2019 – May 2020

● Network Security & Infrastructure Management – Administered and maintained network infrastructure, including routers, switches, and wireless access points, ensuring secure and stable operations. Managed firewalls and access controls to enforce security policies. Assisted in optimizing network routing and traffic flow through RIP, OSPF, and static routing protocols.

● System Administration & Endpoint Security – Configured and managed workstations, ensuring compliance with security standards and organizational policies. Supported Active Directory, DHCP, DNS, NAT, VPN, and firewall configurations while assisting with backup and recovery operations to enhance system resilience.

● Incident Response & Technical Support – Resolved Tier 1 and Tier 2 network and security incidents, collaborating with service desk, security, and application teams to mitigate system vulnerabilities. Conducted remote troubleshooting via Citrix, Terminal Services, and DameWare while enforcing web security policies and firewall protections.

● Project Implementation & Security Enhancements – Assisted senior engineers in executing network upgrades, security hardening, and system deployments. Provided on-site support for infrastructure enhancements, security tool implementations, and user training to ensure seamless technology adoption across multiple locations. Network Engineer

Enterprise Integration Jacksonville, FL May 2018 – Jan 2019

● Network Configuration & Optimization – Configured, monitored, and troubleshot Cisco routers, switches, and wireless access points (WAPs), ensuring optimal network performance and stability post-implementation.

● Routing & Traffic Management – Diagnosed and resolved routing inefficiencies in RIP, OSPF, and static configurations to enhance network performance, reliability, and traffic flow.

● VoIP & Unified Communications Security – Administered and troubleshot Cisco phone systems, ensuring seamless voice communication, system integrity, and secure configurations to mitigate telephony-related vulnerabilities.

● Network Architecture & Documentation – Conducted site surveys, performed Layer 2 network mapping, and developed comprehensive network topology diagrams using Visio and PDF formats to support infrastructure planning and audit readiness.

● ISP & Carrier Coordination – Liaised with ISPs and telecom providers to diagnose and resolve circuit-related issues, ensuring minimal downtime and consistent network availability.

● Incident Response & Technical Support – Assisted field technicians with network installations, remote troubleshooting, and fault resolution, supporting various infrastructure and security initiatives.

● Network Security & Access Controls – Enforced security policies, monitored network access controls, and ensured compliance with cybersecurity guidelines to safeguard infrastructure from unauthorized access and potential threats. SULAIMAN “SOLOMON” EBADI *******.*****@*****.*** Page 4 of 4 Education

B.S.,Computer Systems Networking and Telecommunications, Florida State College at Jacksonville (FSCJ), Jacksonville J ANUARY 2 0 1 8 — D ECEMBER 2 0 2 0

Professional Certifications

• Certified Information Systems Security Professional (CISSP), ISC2

• Cisco Certified Network Associate (CCNA), Cisco

• CompTIA Security +, CompTIA

• ITIL v3 Foundation, Axelos

• Certified Information Security Manager (CISM) – In Progress Areas of Expertise

● Security Operations, Incident

Response & Threat Hunting

● Risk Management & Compliance,

NIST CSF, SOC 2, PCI-DSS, ISO

27001, CMMC

● Audit & Security Framework

Implementation

● Cloud Security; Azure, AWS, GCP

● Business Continuity & Disaster

Recovery Planning (BCP/DRP)

● Key Performance Indicators (KPIs) &

Key Risk Indicators (KRIs

● Security Awareness for Physical

Threats

● Tabletop Exercises & Real-World

Simulations

● IT General Controls (ITGC) & Security

Audits

● PCI DSS Compliance

● Stakeholder & External Assessor

Coordination

● EDR/ XDR

● TCP/IP, DNS, DHCP, VPN, NAT, BGP,

OSPF, RIP

● Vulnerability & Risk Management

● Third-Party Risk Management

● Collaboration & Communication

● Project Management & Cross-

Functional Collaboration

● Physical Security & Access Control

Best Practices

● Service Level Agreement (SLA)

Compliance & Monitoring

● BCP/DRP Plans & Testing

● Role-Based Security Awareness

Training

● Data Privacy & Governance

● Audit & Compliance Readiness

● Internal & External cybersecurity

assessment

● SSO, MFA, RBAC, Least Privilege,

Conditional Access Policies

● GRC; Policy development,

Compliance frameworks, Risk

assessments, and third-party risk

management

● Zero Trust & Network Security

● Policy Development & Security

Awareness

● AI and Machine Learning Security

● Stakeholder Engagement & Reporting

● Change Management & Patch

Management

● Zero-Day & Patch Prioritization

● Data Backup & Recovery Strategies

● Cloud & Infrastructure Auditing

● Risk-Based Auditing

● Risk Management & Continuous

Compliance Monitoring

● SIEM/ IDS/IPS

● CyberGRX, ProcessUnity, BitSight,

AuditBoard, OneTrust

● Zero Trust & Network Security

● Audit & Security Framework

Implementation

● AI and Machine Learning Security

Contact this candidate