Information Security Specialist with 10+ Years Experience
Resume:
Michael G. Nevins
Email: *********@*****.***
Professional Summary
Information Technology Security Professional with over 10 years extensive hands-on experience in security operations, incident response, vulnerability management, governance, technical operations, installation, configuration, administration, project management, and troubleshooting of Clinical and Business Financial systems. Expert in incident management processes, monitoring platforms, and stakeholder engagement across collaborative consumption and traditional enterprise environments. Windows and security systems administration specialist with excellent communication skills and the ability to interface at all levels. A proven team player who also excels working independently.
Core Competencies
•Microsoft OS and Office Suite: Windows Server, Windows 10, Windows 11, MS Power BI, MS Visio, MS Project, MS Group Policy, MS PowerShell, MS Visual Basic, Power BI, MS Entra, MS Office 2007, MS Office 2010, MS Office 2013, Office 365, MS Access, MS Exchange, MS Outlook, MS Active Directory, TCP/IP, DNS, DHCP, MS SQL, MS SMS, SCOM, SCCM
•Cloud Platforms: MS AZURE, AWS
•Security & Incident Response Platforms: Splunk, IBM QRadar, LogRhythm, Arctic Wolf XDR, Rapid7 InsightIDR, Crowdstrike Falcon, Tanium, SysTrack, Wireshark, Snort, Nmap, Metasploit, Kali Linux, Forensic analysis tools, Tenable Nessus Security Center, Rapid7 Nexpose, Rapid7 InsightVM, Qualys, IBM AppScan, Burp Suite, OWASP ZAP, CrowdStrike, McAfee ePO Security Enterprises, Symantec Endpoint Protection Suite, HP Tipping Point IPS, Palo Alto Firewalls, Cisco ISE, Checkpoint, Fortinet, SonicWall, WatchGuard, Barracuda, SentinelOne
•Industry Project/Audit/Security and Compliance Frameworks: COBIT, ITIL, AGILE, SPLUNK, PROSCI ADKAR, KOTTER, SSAE18, GLBA, PCI-DSS, NIST CSF 2.0, ISO 27001, HIPAA, HITECH, HITRUST, OWASP, FSOC, SOX2, FFIEC, CMS, JCAHO, CCPA, and FedRamp.
•Accounting Packages: MS Dynamics, SAGE MAS 90, SAGE MAS 200, SAGE MAS 300, QuickBooks Pro, PeopleSoft Accounting Software, SAP 400
•Clinical Applications: Cerner Classic, Cerner Millennium, Power Chart, Power tools, EPIC, Siemens Invision Patient Accounting, Master files, RPM/OAS/Olie Scripts, AS400, Signature, MediSOFT, Meditech NPR, Seacoast LIS
Professional Experience
Independent Living Systems Jun 2017 - Oct 2025
Senior Security/Compliance Analyst Doral FL
•Established and led a Security Incident Response Team (SIRT) with a 24/7 on-call rotation, allowing critical security incidents to be addressed promptly and reducing containment time
•Implemented comprehensive incident management process including detection, analysis, containment, eradication, recovery, and post-incident review leveraging strong analytical skills to identify root causes.
•Maintained monitoring and alerting of production and corporate servers/endpoints using CrowdStrike, SentinelOne, and Tanium automation for real-time visibility and rapid incident response.
•Managed SOC functions using IBM QRadar SIEM and Splunk, correlating events from 500+ sources for threat detection.
•Deployed and managed monitoring platforms: IBM QRadar, Tenable Security Center, Burp Suite, Rapid7 InsightVM, CrowdStrike Falcon, and Tanium.
•Performed internal and external penetration testing and vulnerability scanning using Rapid7 Nexpose, Tenable Nessus Security Center, Kali Linux and IBM App Scan.
•Maintained 99.9% uptime for security monitoring systems through proactive technical operations and preventative maintenance.
•Managed global information security awareness and vulnerability programs across healthcare/financial collaborative consumption models.
•Conducted weekly meetings with IT staff on change management and security posture, compliance status, and risk exposure.
•Collaborated with Information Systems Managers (stakeholders) on security controls implementation for IAM, PAM, and MFA.
•Coordinated with external auditors and third-party vendors for SOC 2, HITRUST, and ISO 27001 assessments.
•Led cross-functional teams for security projects spanning multiple business units and satellite offices.
•Managed security projects and programs assessment around NIST CSF 2.0, HIPAA SRA, ITRA, CIS, SOC 2, and HITRUST Security Frameworks.
•Maintained information security procedures, policies, and controls pertaining to SOC2, HIPAA, HITECH, PCI DSS, and NIST frameworks.
•Managed all Security Risk Assessments and security audits pertaining to NIST and CIS Standards.
•Maintained risk register with 200+ tracked items, ensuring timely remediation and stakeholder accountability.
•Implemented role-based access controls (RBAC) for multi-tenant SaaS environment serving 50+ client organizations.
•Developed security protocols for API-driven integrations between collaborative consumption platforms and legacy healthcare systems.
•Validated vulnerability scans and prioritized according to risk ratings creating comprehensive security assessment reports.
•Reviewed source code with Burp Suite, and IBM App Scan for customer-facing applications.
•Conducted security code reviews for applications written in JAVA, VB.NET, JSON, XML, PHP, ASP.NET and Classic ASP using OWASP methodology.
•Led remediation efforts reducing software security vulnerabilities by 75% across multiple applications.
•Developed reports and metrics using data sources to assist stakeholders in the remediation.
•Managed IAM application (Okta) for creating roles, users, groups and implemented MFA providing additional security.
United Airlines Nov 2022 - Feb 2024
Senior Global Vulnerability Engineer/Analyst/Consultant (Remote) Contract via Chicago, IL
Swoon Technologies
•Led technical operations for a test group of 1,000-41,000 global endpoints, using Rapid7 InsightVM and Office 365 to conduct alpha/beta testing of patches, application updates, and operating systems, which ensured timely deployment and maintained compliance across the fleet
•Orchestrated incident response procedures for critical vulnerability remediation affecting enterprise-wide infrastructure.
•Implemented monitoring platforms (Workspace ONE Intelligence, Power BI) for real-time visibility into global endpoint health and security posture.
•Established incident management processes following ITIL best practices for coordinating cross-functional response to vulnerability events, improving resolution time.
•Partnered with LOB stakeholders across aviation operations, customer service, and corporate teams to coordinate application rollouts while minimizing operational disruptions.
•Conducted regular stakeholder meetings to report on vulnerability remediation status, risk exposure, and mitigation timelines.
•Collaborated with developers and vendors regarding security upgrades and compatibility issues.
•Built strong relationships with global IT teams across multiple time zones for coordinated incident response.
•Applications and scope included Java, Adobe Reader, Edge Chromium, Chrome, Firefox, WinSCP, Notepad++, Windows, Unix and Linux monthly OS patching and feature functionality testing.
•Conducted software vulnerability analysis and prioritized vulnerability remediations with mitigation strategies while preventing productivity outages.
•Analyzed business requirements with strong analytical skills and recommended technologies enhancing availability, reliability, scalability, and security.
•Conducted proof of concept and coordinated user acceptance testing of new solutions.
•Created reports and dashboards using Workspace ONE Intelligence, AWS, and Power BI for analyzing security vulnerabilities data.
•Extracted data from Microsoft Endpoint Configuration Manager to analyze and create comprehensive reports with findings.
Convey Health Solutions Jul 2015 - Jun 2017
IT Security Architect/Compliance Analyst Fort Lauderdale
•Architected, designed, implemented, and supported AWS cloud infrastructure using CloudFormation and Ansible, which reduced deployment time and improved system reliability
•Managed technical operations for hybrid cloud environment supporting collaborative consumption healthcare model.
•Implemented monitoring solutions for cloud resources ensuring 24/7 visibility and incident detection.
•Established incident response procedures for cloud security events with defined escalation paths to stakeholders.
•Managed 3rd party vendor security assessments, risk assessments, and security audits.
•Coordinated with QSAs on PCI DSS compliance issues, reports, and incident response procedures.
•Conducted strategic planning and tactical execution sessions with executive stakeholders on security governance.
•Implemented and managed security monitoring platforms including Tenable Security Cloud, Qualys Guard, and Palo Alto event logs.
•Performed internal and external penetration testing using Metasploit, Nexpose, Tenable Nessus, OWASP ZAP, and IBM App Scan.
•Designed and tested security controls with associated remediation procedures following incident management best practices.
•Managed global information security awareness and compliance programs maintaining policies for HIPAA, HITECH, GLBA, PCI DSS, NIST, HITRUST, ISO 27000, SSAE16, OWASP, SOC 2 frameworks.
•Led response to internal and external audits by 3rd party auditors implementing protective and mitigating controls using GRC standards.
•Developed business requirements around Data Integration, Governance, and security aspects of Data Management.
•Created strategic plans for Information Security Compliance department and technologies.
•Collaborated with Information Systems Stakeholders on security controls including standards for information systems architecture, operations, technology selection.
•Enforced security and industry best practices within security space recommending corrective actions for data and access security management.
•Participated as member of Business Continuity & Risk Management Committee providing assistance for business recovery, emergency preparedness, and security.
LVAC Mar 2015 - Jun 2015
Remote Application Security PCI and Compliance Consultant Contract via Link Las Vegas, NV
•Technologies
•Performed complex testing and analysis of network facilities-including Cisco routers, Catalyst switches, ASA firewalls, and VPN
concentrators-using Nmap and Snort, which identified multiple configuration weaknesses and supported PCI compliance
•Monitored performance and status of network resources implementing real-time alerting for security incidents.
•Designed, implemented, and tested security controls managing associated remediation procedures.
•Developed detailed project plans communicating with stakeholders from proposals through implementation.
•Provided guidance to network engineering/application teams on security management within enterprise environment.
•Delivered feedback to management concerning security problems and areas of improvement following incident reviews.
•Identified, evaluated, and reported on information security risks meeting company's legal, regulatory, and contractual requirements
for PCI DSS Compliance.
•Supported security audits and assessments to evaluate policy compliance, identify threats and vulnerabilities.
•Developed P&P documentation implementing information security procedures to enforce standards.
•Performed application vulnerability assessments identifying and prioritizing security exposures in applications and network pertaining
to PCI DSS.
•Assisted in designing and managing Active Directory architecture for enterprise applications.
•Conducted analysis of network information sources for infrastructure security placements.
Unity Health Insurance
Jun 2014 - Feb 2015
Senior IT Security/Compliance Consultant Contract via Signature Consultants
Middleton, WI
•Supported governance and implementation of the enterprise-wide Data Access and Security strategy using AGILE methods and
HIPAA guidelines, resulting a unified security framework across the organization
•Created and implemented new Security Incident Response Team (SIRT) with defined incident management processes.
•Participated in governance, risks and controls activities related to security reporting to CIO.
•Implemented Identity & Access Management and Privileged Access Management solutions.
•Utilized security products including Tenable Security Center, LogRhythm, Lansweeper, and LANDesk for security logging, scanning,
DLP, and asset management.
•Managed advanced malware detection and Active Role Server/Secure AUTH with MFA and SSO for identity access management.
•Administered McAfee ePO server and eight global repository servers deploying Antivirus and Host Intrusion to 4,000+ machines.
•Managed 3rd party vendor onsite security, risk assessments, and security audits.
•Educated business/affiliates and peers about security programs, policies, standards, and legal requirements regarding
HIPAA/HITECH/CMS.
•Conducted weekly meetings with CIO and upper management on technical guidance for information security controls.
•Measured and monitored compliance levels with security programs across enterprise.
•Managed projects for interfacing claims processes within data warehousing implementing security through de-identification using
cryptographic concepts.
•Implemented secure product development practices for entire product lifecycle for web applications development pertaining to SOX,
ISO 27001, and PCI/DSS.
•Maintained GRC governance, risk and compliance along with CIA (confidentiality, integrity, availability) pertaining to data within
healthcare environment.
•Researched and analyzed state HIPAA laws applying them to complex privacy and security issues.
•Handled de-identification of electronic health records ensuring compliance with HIPAA Security Rules.
•Designed, implemented, and tested security controls managing associated remediation procedures.
•Created security audits, policies, and procedures pertaining to healthcare business continuity.
Deutsche Bank Wealth Management
Jun 2012 - May 2014
Project/Compliance Security Analyst Consultant Contract via Apex Systems
Palm Beach, FL
•Provided hardware and software security support for Windows-based enterprise networks using MS Entra and COBIT frameworks,
reducing security incidents by ensuring timely patch deployment
•Maintained network & security architectures supporting GLBA, ISO 27001, and PCI-DSS-compliance payment application
transactions.
•Used IBM Security QRadar Vulnerability Manager for security monitoring and auditing.
•Troubleshot KMIP settings on Dell/IBM and HP laptops and desktops for security issues.
•Managed projects for installation and configuration of Market Data applications (Bloomberg, Reuters, Wealth Management
Applications).
•Organized projects to migrate users to Citrix Zen desktops acting as SME between staff and IT team.
•Met project deadlines while maintaining budgets below projected costs.
•Managed time effectively, set priorities for scheduling on-site technical calls.
•Supported shared services model for wealth management advisors across multiple offices.
•Maintained security for collaborative platforms enabling client data sharing across advisory teams.
•Administered Symantec Virus protection for newly deployed desktops and laptops.
Hayes Clinical Laboratories
May 2010 - May 2012
Manager of IT Security Compliance
Boynton Beach, FL
•Directed a $400,000 lab operational budget using Excel, prioritized spending, and stayed within budget while providing project leadership that supported the company’s long-term goals
•Used Nessus to monitor vulnerability alerts within enterprise networks implementing real-time incident response.
•Troubleshot security root causes daily documenting steps/solutions for knowledge base.
•Supported Application Support Lifecycle managing application availability, deployment, patching, capacity & upgrading servers.
•Managed and secured PHI (Protected Health Information) and EPHI (Electronic Protected Health Information) meeting HIPAA, HITECH, CMS, and PCI compliance requirements.
•Managed and assisted in response to internal auditors facilitating implementation of protective and mitigating controls using GRC standards.
•Gathered business requirements translating them into projects and business procedures.
•Coordinated day-to-day activities with IT vendors including development, server operations, infrastructure engineering, and troubleshooting.
•Analyzed, correlated, and reduced 100,000 security logs to less than 200 actionable work items per day using SIEM systems.
•Used Microsoft SCCM to deploy monthly patches maintaining system security posture.
•Created and maintained McAfee Antivirus and Firewall policies for laptops, desktops, and servers.
•Used Symantec Endpoint Security to deploy antivirus to all computers.
•Implemented web application interfaces into doctor offices creating VPNs via Checkpoint for secure collaborative access.
•Developed and built datasets for HL7 interfaces for EMR applications (E-clinical, Greenway, Siemen Practice Partner, Cerner Millennium, EPIC, Practice Fusion).
•Maintained patient database integrity in Lifepoint including interface relationships with Cerner Power Chart and other EMR applications.
•Worked closely with accounting department to secure credit card payment processing within the LIS.
•Performed penetration testing on Hayes Clinical websites working with developers for best practices in coding.
•Used cryptographic concepts sending claims via CMS portal using standard crypto interfaces (PKCS#12).
•Maintained HCM/FIN/CRM application software security.
•Managed user access within Server 2008/2012 Microsoft Active Directory via Active Roles Server.
•Performed weekly maintenance on data center networks.
•Created Visio flowcharts of business processes and network infrastructure.
Oakridge Outpatient Health Plex Sep 2006 - Mar 2010
Director of Information Systems Fort Lauderdale, FL
•Managed the network-infrastructure lifecycle-planned, designed, tested, and implemented additions, deletions, and major modifications; performed system backups and disaster-recovery using MS Azure and Arctic Wolf XDR, which reduced recovery time and kept the environment compliant with FFIEC guidelines
•Manage projects budget of $500k pertaining to IT security and infrastructure enhancement.
•Oversee, analyze prime projects to ensure company obtains the best possible pricing.
•Performed data transfers between network/security domains within data center.
•Deployed and maintained laptops, handheld devices, Windows-based servers, Active Directory, Group Policy, WSUS, SMS, Desktop Authority.
•Used McAfee ePO Suite to secure network and data within network enterprise environment.
•Performed various network IDP/IDS security testing/auditing functions resolving complex security issues.
•Hardened and configured all systems to meet HIPAA compliance standards.
•Accountable for troubleshooting and repairing computer-related technical issues with rapid incident response.
•Managed all change management requests from Senior Management.
•Managed assets and expenditures budget for all computer systems.
•Completed project timelines during various installations and upgrade projects.
•Effectively communicated relevant IT-related and security data gathering information to superiors.
North Ridge Hospital May 2000 - Jul 2006
Clinical/Business Systems Security Analyst Fort Lauderdale, FL
•Performed vulnerability assessments on projects using Rapid7 Nexpose and MS Office 2010, identifying potential risks and prioritizing remediation actions, which enabled the team to address high-risk findings before deployment
•Conducted vendor security assessments.
•Identified potential risks consulting on corrective or risk-reducing measures.
•Resolved IDP/IDS security issues in timely manner via IBM QRadar.
•Selected software, mapped unit process/flow, conducted development, testing, training, and implementation of FirstNet for ER Department.
•Gathered business requirements translating them into projects and business procedures.
•Functioned as Super User for Hospital and Ambulatory Services supporting IT Help Desk.
•Trained RNs, Physicians, and ancillary staff (specialty areas: PharmNet, RadNet, FirstNet).
•Worked with IS Analysts/Specialists, department user liaisons, and end users identifying security and production issues within clinical applications.
•Worked with HIM systems including Cerner Classic/Millennium Power chart and Siemens Invision/Signature.
•Conducted special studies regarding development of new clinical information systems meeting projected IT needs.
•Troubleshot network, desktops, and printers/scanners via remote access connectivity (Citrix Metaframe, GoToAssist, Netware Administration, Console One, VNC).
•Analyzed moderately complex business and technical problems devising solving procedures.
•Demonstrated ability to multitask and prioritize meeting demanding schedules for clinical systems implementation, deployment, and maintenance.
•Taught doctors and nurses clinical applications and Microsoft Office Suite.
Education
College of Arts, Science and Technology
Bachelor of Science, Computer Science
The Academy of South Florida
Information Security Systems
Certifications
Kingston, Jamaica
Fort Lauderdale, Florida
•CompTIA A+
•CompTIA Network+
•CISSO – Certified Information Systems Security Officer
•CPEH – Certified Professional Ethical Hacker
•CSS – Certified Security Sentinel
•CPTE – Certified Penetration Testing Engineer
•CPTC – Certified Penetration Testing Consultant
•MCP – Microsoft Certified Professional
•MCTS – Microsoft Certified Technology Specialist
•Qualys Certified Specialist – Patch Management
•Qualys Certified Specialist – Vulnerability Management Detection and Response
•Proofpoint Certified Security Awareness Specialist
•Proofpoint AI and ML Certified Specialist
•Proofpoint Identity Threat Specialist
•Proofpoint Certified DLP Specialist
•Proofpoint Certified Ransomware Specialist
•Proofpoint Certified Email Authentication Specialist
•Proofpoint Certified Phishing Specialist
•SysTrack Certified Desktop Engineer
•SysTrack Certified Administrator
•SysTrack Certified L1 Helpdesk Technician-Assist
•SysTrack Certified L1 Helpdesk Technician-Resolve
•SysTrack Certified L2/L3 Service Support
•Currently studying: CISA, CISM, CompTIA Security+, PMP (In Progress)
Contact this candidate