SUMMARY:

• People and process improvement with bias for action. Over a decade of building out CyberSecurity programs, tooling and teams.
• Senior level Project/Program Management utilizing JIRA/Conflluence, ServiceNow and Airtable.
• Built multiple security teams from the group up, resulting in a multifaceted skillset that allows me to perform a variety of CyberSecurity team duties.
• Deploying, maintaining and operating full CyberSecurity tool stacks.
• Internal/External Audit Leader - I have completed multiple ISO27001 implementations
• Current Vulnerability Program Manager/Operations Engineer
• Provide highly effective and meaningful metrics using Tableau/PowerBI expertise.

PROFESSIONAL EXPERIENCE:

Confidential

Vulnerability Program Manager

Responsibilities:

• Participate in zero-day tiger teams
• Rebuilding Vulnerability Management program from the ground up using a customer focused model.
• Engineer, architect and maintain multiple vulnerability scanners throughout technologically immature decentralized environment.
• Created a centralized knowledgebase where system owners new and old can get up to speed on the program, requirements, and how to best contribute.
• Used a combination of Tableau/PowerBI and JQL to create and manage program metrics. These metrics are used by executive management to drive progress, staffing, and budget decisions.

Confidential

Risk Analyst

Responsibilities:

• Founding member of OCISO/GRC team
• Authored and published ISO27001 Policies, Standards, and Procedures. Socialized with business unit stakeholders and obtained buy-in to move forward with .
• Created ISMS Manager - An application underpinned by Airtable, to document dates and timelines, control development and control metrics/measurements.
• Created ISMS Matrix and guide for in-scope system owners and business leaders on internal wiki page.
• Engaged/Coached business unit stakeholders in evidence collection and assigned action items to Information Technology Teams when needed.
• Built an audit readiness dashboard for Executives using Confluence. This was fed from the JIRA tickets being used for evidence collection and provided executives with an automated way to check progress.
• Authored and published Security Awareness content for distribution to organization.

Confidential

Senior Consultant (Vulnerability Management - Azure FedRAMP)

Responsibilities:

• Coached Azure Application and Service Teams on efficient remediation processes to drive progress and remain within FedRAMP guidelines.
• Analyze vulnerability scan results and create remediation plans for Azure application teams.
• Create team-focused interactive dashboards using PowerBI
• Provide hands on technical support to Azure Application Teams to assist in remediation and/or false positive investigation.
• Author Deviation Requests and POAMs for Federal Authority when teams can’t remediate vulnerabilities by deadline.

Confidential

Lead Audit Consultant

Responsibilities:

• Lead post-incident discovery team using tufin after incident was traced to firewall misconfiguration.
• Documented security leaks in firewall configurations and curated data for client’s remediation team. Escalated to Security Operations Center via ServiceNow if warranted.
• Verify fidelity and integrity of data aggregated from multiple consultants.
• Improve overall security posture of network infrastructure.
• Provide on network operating standards and best practices to internal networking teams.

Confidential

ETS Technical Compliance Analyst (External)

Responsibilities:

• Provide ISO27001 foundational to foster support and collaboration of technical teams.
• Built evidence matrix using ServiceNow that allowed for easy communication to stakeholders and efficient evidence collection.
• Worked with internal ServiceNow devs to automate processes that were once manual. Some of these processes later became evidence for ISO controls.
• Deploy, operate, manage, and tune various security tools ranging from SIEM, endpoint, email, and network security toolsets.
• Author, socialize, obtain buy-in, and manage Security Awareness Program while working directly with CIO and CISO to craft phishing campaigns to increase organizational security posture and end user vigilance.
• Created CSAAS (CyberSecurity as A Service) model with the help of our ServiceNow developer to bring automation to many manual processes. This helped to lighten the load on tier 1 CyberSecurity Analysts thus helping them tighten their focus, which ultimately helped to lower the organization’s attack surface.

Confidential

Security Analyst

Responsibilities:

• Deploy, manage, and configure, Juniper, Palo Alto, and Checkpoint devices.
• Manage, maintain, and operate endpoint security tools, WAFs, and email security tools.
• Participate in on-call rotation

Confidential

Tier II Desktop Support Analyst

Responsibilities:

• Configure, install, monitor, and troubleshoot Windows/MacOS machines inside touchscreen kiosks in Mercedes-Benz Dealerships across the country.
• Maintain internal tools for monitoring and management of client resources.
• Troubleshoot over phone, remote access, and on-site with Mercedes-Benz dealership customers.
• Administer NTFS and share permissions on file servers.
• Build and deploy server/client hardware and software packages to client networks.