Cybersecurity engineer

JONATHAN CHARLES AVERY

*****.*********@*****.*** 561-***-**** West Palm Beach, FL

Cybersecurity professional with extensive experience protecting high-sensitivity federal environments and leading both offensive and defensive security initiatives. Skilled in risk assessment, incident response, penetration testing, vulnerability management, and internal IT audits. Known for strengthening confidentiality, integrity, and availability across complex systems while driving a proactive security culture. Continuously advancing expertise through certifications, research, and bug bounty participation. Holds a Master’s in Cybersecurity and top industry credentials including CISSP, CISA, Security+, CySA+, and SecurityX.

WORK EXPERIENCE

National Council on Compensation Insurance (NCCI)Boca Raton, FL Internal IT Auditor Nov. 2023 - Present

● Evaluates the organization's IT systems to ensure they are secure, compliant, and effective.

● Creates and presents initial audit kickoff meetings with stakeholders to establish baseline audit expectations

● Identifies potential risks and recommends ways to improve the systems.

● Meet weekly with audit stakeholders to ensure continuous communication

● Creates and presents final audit reports and exit meetings with stakeholders to review the audit City of West Palm Beach West Palm Beach, FL

Information Security Administrator Sept. 2021 - June 2023

Uncovered a cryptocurrency mining campaign that had gone undetected for years before I arrived (Cisco Umbrella)

Developed a proactive internal penetration testing and reverse engineering process to stay ahead of emerging threats

Reduced phishing click rate by 50% (1,200 users) through designing a more effective security awareness program

Reduced attack surface by 75% across 350 servers through hardening and decommissioning legacy devices (Rapid7)

Improved data classification, loss prevention efficiency (Varonis) user access geofencing process (Azure)

Evaluate and report on the effectiveness of security and compliance controls (Cisco Umbrella, Cisco Stealthwatch, Splunk, WireShark, KnowBe4) Collective Governance, Risk, Compliance (GRC) concepts and processes

Support Security Information & Event Monitoring (SIEM) Splunk setup, maintenance and administration, detection, prevention, containment and deterrence mechanisms, SOAR, EDR

Analyze and improve SIEM logging requirements and alerts, Microsoft 365 security, intrusion prevention Pratt & Whitney Jupiter, FL

Information System Security Officer (ISSO)Mar. 2021 – Sept. 2021

Primary on-site ISSO for Collateral systems and Federal audit support (NIST)

Assisted with personnel security processes and classified material management such as clearance verification, key control (safes

& server racks), open/close access, media control training (discs, SD cards, cameras)

Developed physical key control plan & media control plan for users to log in/log out items

Physical access management (electronic badge control, checking security clearances)

Document due diligence results, remediation tasks; communicate risks clearly to key stakeholders Georgia Technical Research Institute Atlanta, GA

Information System Security Officer (ISSO)Jun. 2018 – Jun. 2020

Lead security engineer for a sensitive rush project, successfully planned & executed on time

Reduced delivery time of system security plan (SSP) by 60% (From 3 months to approximately 1)

Prepared documentation for system facility activation, accreditations, acquisition programs (eMass)

Provided weekly briefings and annual security awareness training (Phishing, secure file transfers, insider threat)

Managed user certification documentation to support audits (Approximately ~200 users across 10 projects)

Audit user logs weekly, perform vulnerability management, work with other teams to ensure mitigations Boeing Oklahoma City, OK

Cybersecurity Engineer, System Engineering in Test (SEIT)Jun. 2016 – June 2018

Lead cybersecurity engineer for the US AWACS program

Gather requirements and functional specifications. Design and implement information security controls

Used NIST Risk Management Framework (RMF) process to complete projects

Ensure FISMA compliance during authority to operate (ATO) process

Participate in Purple Team exercises to analyze and evaluate the effectiveness of existing security controls

Provide mentoring and guidance to junior architects and security engineers MotionPoint Coconut Creek, FL

Sales Engineer & Quality Assurance Analyst May 2011 – June 2016

Acted as technical point of contact for implementation of technical requirements

Provides technical and analytical guidance to project team

Configured language translation web crawlers, quality assurance & regression testing. Javascript debugging

Recommends and takes action to direct the analysis and solutions of problems EDUCATION, CERTIFICATIONS, AWARDS

Master of Science in Cybersecurity

University of Maryland, 2017

Bachelor of Science in IT Management

Keiser University, 2008

Associate of Science in Computer Programming

Palm Beach State College, 2006

CISA (ISACA, May 2024, Expires 2027)

SecurityX (Formerly CompTIA CASP+, June 2024, Expires 2027) CySA+ (CompTIA, April 2020, Expires 2027)

CISSP (ISC2, March 2019, Expires 2026)

Security+ (CompTIA, August 2017, Expires 2027)

“Team of the Year” (Cybersecurity, 2022) Award from the Mayor of West Palm Beach (2023)

“Star Award” from Mayor of West Palm Beach (2022)

“On The Spot” Award, Boeing (2018)

Contact this candidate