IT Security or IT Specialist or IT Analyst or IT Technician

William L. Ferrell

***************@*****.*** 513-***-**** linkedin.com/in/williamlferrell

Professional Summary

Results-driven Information Technology Professional with 20+ years of experience in third-party risk management, cybersecurity operations, incident response, server administration and user and desktop support.

Certifications

Certified Information Systems Security Professional (CISSP) #43957

GIAC Certified Incident Handler (GCIH) #23806

Professional Experience

Clark County Public Library Springfield, OH Jan 2024 - Present

Information Technology Associate

Provided technical support to CCPL staff in setup, repair, administration and usage of IT equipment including desktop and laptop PCs, RFID scanners, printers, barcode scanners and other associated peripherals

Performed Microsoft 365/Azure, Active Directory and Windows server administration and support; as well as administering a vSphere environment with numerous virtual servers

Created comprehensive step-by-step procedures to capture the complete image build process, including the set up and installation of complex desktop images for Staff PCs, Patron Kiosk PCs, Patron Internet PCs, and Library Catalog PCs

Bank of Montreal Springfield, OH Oct 2022 - May 2023

Third Party Risk Assessor

Conducted comprehensive cybersecurity risk assessments for new and existing suppliers, evaluating SOC 2 reports, penetration test results, and security controls

Developed remediation plans and monitored supplier compliance with security requirements

Utilized Archer and Microsoft platforms for risk documentation and tracking

Speedway LLC / 7-Eleven Inc. Springfield, OH July 2017 - July 2022

Information Security Specialist - Cyber Defense Operations (6 months)

Performed incident response and threat analysis using enterprise SIEM, EDR, and network security tools

Served as Lead Engineer for threat intelligence, delivering weekly reports to senior leadership

Led evaluation and selection of threat intelligence platform from 11 vendors

Supported forensics activities and maintained incident documentation

Information Security Specialist - Third Party Risk & Partner Security (4-1/2 years)

Executed risk assessments using NIST SP 800-53 framework for retail, infrastructure, and business systems

Managed PCI compliance activities including annual penetration testing and evidence gathering

Developed risk mitigation strategies and compensating controls for non-compliant systems

Led post-breach risk analysis and remediation for compromised third-party partners

Coordinated with Cyber Defense Operations to assess continued partnership viability

Virginia Commonwealth University Health Systems Richmond, VA Dec 2013 - Nov 2016

Senior Information Security Analyst – Cyber Defense and Security Operations (3 years)

Led incident response activities including containment, analysis, and documentation of security events

Conducted host and network forensics to determine breach scope and data impact

Deployed enterprise security solutions including HP ArcSight SIEM, Bluecoat Proxy systems, and Nexpose vulnerability management

Implemented HIPAA/HITECH compliant risk management program using NIST standards

Managed security infrastructure for 12,000+ users across healthcare environment

Summary of Earlier Experience

Over a period of 10 years, I worked in various Information Security positions including in the worldwide SOC for the General Electric Company; Senior Information Security and Network Engineer positions at Epiphany Management Group, HealthBridge, Inc., and Pollak Technology Services, Inc.; IT and CyberSecurity Manager for Downlite Products, Inc., in Cincinnati; and as a Server and Network Administrator for the University of Cincinnati.

Professional and Personal References available upon request

Contact this candidate