SUMMARY:

• Cybersecurity professional, practitioner, and scholar with 16 years of Ethical 10 years of Network Security.
• Security risk assessment (7 years), Cybersecurity (7 years), penetration testing (15 years), Linux (8 years), Ubuntu, Kali Linux, Debian.
• Windows Patch management (5 years). Information technology (16 years).
• Incidence responder, Offensive and defensive information security SME with skills on Web penetration testing, network penetration testing, network security assessment, and vulnerability assessment.
• EMET, CAPEC, OWASP. NIST 800 series. Microsoft Security Risk Detection Fuzz tools.
• Audit and Compliance for FedRamp, SOC, PCI, HIPAA

TECHNOLOGY:

IOC reading with FireEye and Decision Making, Software Fuzzing, Whitelisting and Application Control, SIEMS, Nessus, OpenVas, Newrelic, Nmap, Snort, Python, Bash, and Batch Scripting Language, Defense in Depth Implementation and Design, TCP/IP, VOIP UDP, Palo Alto, Windows 2003, 2008, 2010 SERVER PATCH SUPPORT, Troubleshoot Network and Websites for Assessment and Vulnerability, OWASP, NGFW, Python, Cloud Security, VMware, Azure and AWS, Virtualbox, Hypervisor, PASTA and STRIDE Threat Modeling with CAPEC and CWE, Kali Linux, Metasploit, Splunk, New Relic, Nikto, Burpsuite, Armitage, Openvas, CVE, OWASP, Vulnub, SANS kit, Nexpose, MS Office, Visio, TFTP servers, Cisco Works, Solar winds, Lansweeper, Wireshark, Splunk

PROFESSIONAL EXPERIENCE:

Information Security Engineer

Confidential, CT

Responsibilities:

• Perform an assessment on LAN and Cloud.
• Conduct Remediation for critical components with all teams
• Conduct vulnerability assessment company - wide
• Penetration testing with Kali Linux and Metasploit Pro, cobalt strike.
• Incident response
• Conduct all stages of system analysis efforts and patch management.
• Review third party pentest for remediation.
• Perform Audit for SOC, HIPAA, and HITRUST
• Create implementation, including requirements definition, design, architecture, testing, and support.
• Replicate zero-day virus POC (proof of concepts) found from alerts site and provide mitigations and remediation
• Provide recommendations and mitigations to CTO
• Use the MITRE|ATT&CK framework for pen-testing and vulnerability assessment.
• Review NIST and ISO and federal standards to match third party requirement Standards
• Provide exceptional cybersecurity insights in all levels of production.
• Perform local and global crystal box testing company-wide
• Conduct Remediation for critical components with all teams
• Conduct vulnerability assessment company-wide
• Penetration testing with Kali Linux and Metasploit Pro, cobalt strike
• Hands-on in L3 switches, stacks, and Firewalls for vulnerability management.
• Conduct all stages of system analysis efforts and patch management.
• Review third party pentest for remediation.
• Create implementation, including requirements definition, design, architecture, testing, and support.
• Replicate zero-day virus POC (proof of concepts) found from alerts site and provide mitigations and remediation
• Provide recommendations and mitigations to CISO
• Review NIST and ISO and PCI DSS Standards.
• Conduct Cyber security for new employees.

Cybersecurity Engineer & Penetration Tester

Confidential, CT

Responsibilities:

• Use Threat Hunting and Red Teaming for effective remediation and recommendations
• Perform local and global crystal box testing company-wide
• Create white papers and executive cybersecurity summaries with a strategic plan
• Ensure strict HIPAA and NIST 800 series regulations adherence to safeguard company assets
• Use commercial and opensource tools for Pentest and participate in Vulnerability Vendor meetings for tools tweaking and performance
• Work Iteratively with blue team and Vulnerability management for threat hunting and bugs tracking.
• Replicate zero-day virus POC (proof of concepts) found from alerts site and provide mitigations and remediation to Senior management and CISO.
• Unique competency in translating business issues into network solutions, including opportunity identification, requirements development, delivery, support, and analysis.
• Hands-on experience in leading all stages of system analysis efforts, including requirements definition, design, architecture, testing, and support.
• Penetration testing with Kali Linux,
• Integrate industry-recognized network attack/defense frameworks (e.g., MITRE ATT&CK, Lockheed Martin Cyber Kill Chain

Information Security Engineer

Confidential

Responsibilities:

• Use Network security assessment and Scanning tools to find a vulnerability.
• Assist with VPN and Firewall Zone concern using leadership skills for CONUS South and Canada
• Remotely Troubleshoot all IPsec VPN and DMVPN connectivity and provide Field Engineers with a directive to fix issues.
• Use IoT network security skills to troubleshoot Healthcare devices with monitoring and commercial scanning software.
• Provides solutions for Changes in VPN tunnels and connectivity, Security hash issues, and Next Generation of Firewall.
• Skillfully assist HCF and Philips stakeholders with Modality framework (Windows and Linux)
• Remotely safeguard against APT threats MRI and CV (Windows hosts), CT scanners (Linux hosts)
• Proactively Scan windows and Linux framework with Nessus, OpenVAS, and perform Fuzz test on running applications to find undetected loopholes.
• Provide Field service engineer and Product support engineer necessary support if remote troubleshooting and scanning are not sufficient.
• Provide Full lifecycle experience in scoping, designing, developing, deploying, and supporting enterprise-scale business applications and business intelligence software.
• Use skills and Experience to manage cross-functional teams for fast-paced projects as well as complex projects.
• Provide Outstanding leadership abilities to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project team initiatives.
• Empower all Zone leads, FSE, RSM to value the connections for Philips through recognition.
• Configure all DMVPN, SMVPM, VPN TUNNELS, IPSEC, SSL and Troubleshoot with TELNET, FSF, TRACERT, AND PING, Wireshark
• Ensure Network assessment with security tools and SIEMS.
• Test remotely all modality software for Vulnerability with Threat modeling and Fuzzing tools.
• Use SIEM tools for Vulnerability scanning, including log parser (Splunk, new relic).

IT Specialist & Network Security

Confidential, Columbus, Ohio

Responsibilities:

• Conduct Network assessment, Troubleshooting, and monitoring for all 76 county agencies.
• Proactively manage all county agencies' security system infrastructure and provide third-party support.
• Administer AirWatch (Mobile security) Administrator on all mobile platforms in the county.
• Assist Dell SecureWorks third-party security and administer local system Security and Scanning.
• Triage Event logs and manages security deployment through SIEM software and patch management software.
• Provide Computer network Defense support for all county and city agencies.
• Deploy security hotfix and patches to Windows, Linux systems and servers.
• Replicate Proof of concept using Kali Linux and Metasploit and provide remediation to the Blue team.
• Assist all associate technicians in creating VLANs and ACLs and VPN.
• Provide Incident response management, Incident prevention plan and Data loss prevention.
• Use effectively all Network security assessment tools, including commercial tools purchased by the county and SCAP tools.
• Use DLP (Data Loss Prevention) countywide for SaaS and IaaS and provide Cloud security.
• Implement STRIDE (Microsoft) threat modeling for County agencies.
• Use current OWASP top 10 to thwart XSS, XSRF, and Injections for countywide agencies.
• Conduct without interruption all Fuzz test all to applications before deploying to sensitive county agencies.
• Remotely ensure the security of VoIP hardware, VoIP Security with Cisco routers, Wireless Security infrastructure, Honeynet, DMZ, VoIP Defense system.
• Use practical customer service approach to exceed stakeholder needs.

Confidential

IT security and broadband manager

Responsibilities:

• Manage IT security and broadband satellite for Enterprise
• Deploy agents in the field
• Supervise teams
• Interact with third-party stakeholders.
• Provide Cybersecurity assistance to Businesses per packages.
• Respond to breaches and incidents
• Send whitepapers to CEO
• Deploy pentesters to businesses and provide businesses with Executive summaries.
• Conduct security risk assessments for businesses.
• Model the way for associates and instill a leader's vision to become new leaders.
• Train Junior employee quarterly