Professional Summary
Seasoned CISSP with ** years of experience establishing and maintaining compliance with NIST 800-171/53, CMMC, HITRUST & SOX; Defining conditional access and Data Loss Prevention policies and implementing MFA.
Skills
Verbal communication
Implementation and management of MDM/EDR/NDR platforms
SIEM
Fortigate and Checkpoint firewall management
AAD Administration
Microsoft 365 security stack
Creating Conditional Access Policies
Creating Data Loss Prevention Policies
CrowdStrike
Writing IT related Policies and procedures
And more
Experience
Senior Security Engineer - September 2021 to October 2023
Alternate Solutions Health Network
●Responsible for safeguarding all Alternate Health Solutions Health Network and their patient's sensitive data PII/PHI
●Responsible for preventing and mitigating the potential impact of cyber-attacks by developing, distributing, and sharing countermeasures that may impact networks and information systems.
●Analyzed and assisted with the development of information security governance, including organizational policies, procedures, standards, baselines, and guidelines concerning information security and the use and operation of information systems.
●Designed, implemented, maintained, and operated information system security controls and countermeasures
●Respond to information system security incidents, including investigations, deployment of countermeasures, and recovery from computer-based attacks, unauthorized access, and policy breaches; interact and coordinate with third-party incident responders, including law enforcement.
●Coordinate with Infrastructure teams to update all systems including desktops, servers, networking equipment, and other various IT equipment.
●Evaluate, recommend, and implement new technologies such as Endpoint Detection & Response (EDR) solutions to improve our security posture.
●Coordinate annual vulnerability testing including but not limited to PEN testing and Purple teaming.
Accomplishments:
●Collaborated with Infrastructure to Configure Microsoft Teams to be HIPAA Compliant.
●Configured and deployed Microsoft Conditional Access Policies.
●Configured and deployed custom Microsoft Data Loss Prevent policies.
●Evaluated, Configured, and deployed CrowdStrikes Falcon platform to all endpoints.
●Enabled SAML SSO for all cloud applications.
●Configured and Deployed CrowdStrike policies restricting access to USB mass storage devices for all non-approved users.
IT Manager/ISSO – April 2017 to September 2021
UES Inc. (a DoD contract Research company)
●Identify and safeguard all CUI data
●Developing new network troubleshooting strategies to help reduce downtime and decrease maintenance costs.
●Creating strategies for upgrading the company’s network software whenever a new update is available.
●Constructing and implementing plans to ensure the company’s network continues to operate smoothly in the event of a problem.
●Staying current with new technology and reporting this information to the executive team.
●Coordinating with other department Directors and their Managers to assess the growth needs and maintenance of the company’s network.
●Coordinate annual vulnerability testing including but not limited to PEN testing and Purple teaming
Accomplishments:
●Managed the project of migrating legacy exchange server and office products to Office 365 GCC High.
●Deployed and configured a software solution for a secure FTP server now known as The File Collaboration Space.
●Established and reviewed security response plans for both cyber and physical.
●Established annual pen testing.
●Established Monthly vulnerability scans followed by remediation.
●Implemented an MDM solution that works for company phones and BYOD.
●Collaborated with Global Security Ops Inc and Security Cyber Defense to establish an Access control list to harden network security and allow ease of access to the internet for visitors.
Infrastructure Technician II/IT Manager April 2013 to April 2017
Hennegan Printing/CGX/RR Donnelley
Responsibilities
●Evaluate and recommend new technologies to increase functionality.
●Coordinated with business leadership to establish appropriate windows for maintenance downtime.
●Worked with Infrastructure teams to implement updates to servers and networking equipment.
●Responsible for preventing and mitigating the potential impact of cyber-attacks by developing, distributing, and sharing countermeasures that may impact networks and information systems.
●Analyzed and assisted with the development of information security governance, including organizational policies, procedures, standards, baselines, and guidelines concerning information security and the use and operation of information systems.
●In partnership with the Director of Information Security, architects, design, implement, maintain, and operate information system security controls and countermeasures
●Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
Accomplishments:
Education and Certification
Such and Such University, City and State
Associate Degree in Computer Networking Sciences
CISSP Certification
References Upon request