Cyber Security Analyst
Resume:
Cover Letter:
Dear Recruitment Manager,
As a Security Consultant at Iron Defence Security Corporation, I focus on empowering clients to navigate the complex landscape of cyber security threats with confidence and resilience. I bring extensive knowledge in computer science, operating systems, networking, and cloud services, ensuring fortified corporate network environments.
I engage in a range of activities, from analyzing intricate incidents and conducting forensic examinations to proactively hunting threats and swiftly responding to malware incidents. I rigorously test client networks, applications, and devices using the latest methodologies to ensure they remain impervious to emerging threats.
As the technical advocate for information security requirements, I excel in distilling complex concepts into actionable insights for diverse stakeholders, including executive leadership and technical teams. My goal is to provide clients with the tools and knowledge needed to effectively defend against cyber attacks.
Best Regards,
Foluwa T. Rewane
M: 647-***-****
E: ad7xk1@r.postjobfree.com
Summary of Career Highlights:
Security Tool Utilization: Employs Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), and other tools to monitor and investigate threats within the client’s IT environment, aligning with corporate requirements and legal statutes.
Incident Identification and Resolution: Analyzes application, host, and network logs to detect insecure configurations and incidents, collaborating with internal and external teams to facilitate solutions that ensure business continuity.
Vulnerability Management: Leads the effort to remediate network vulnerabilities by partnering with internal and external teams, prioritizing actions based on risk which may involve feature upgrades or deactivation. Provide comprehensive action plans and oversee implementation.
Threat Assessment & Threat Intelligence Collaboration: Conducts studies to identify emerging threats, tactics, and procedures, collaborating with internal and external teams to share trends and provide actionable threat intelligence.
Policy Compliance: Contributes to and upholds compliance with policies, standards, and procedures, providing stakeholders with updated information in collaboration with team members.
Incident Response Leadership: Supports or leads the incident response lifecycle, collaborating with internal and external Incident Response leads and providing guidance during and after incidents, including tracking root cause analysis (RCA) and lessons learned.
Summary of Skills:
Proficient in Analytical and Problem-Solving: Demonstrate exceptional analytical and problem-solving abilities to proactively identify and mitigate security risks.
Robust Communication and Collaboration: Exhibit strong communication and collaboration skills, fostering effective teamwork within diverse environments.
Effective Outreach Presentation Skills: Possess the capacity to communicate effectively, engaging with community members and addressing sensitive issues while delivering impactful presentations to large audiences.
Champion of Inclusive and Diverse Employment Practices: Advocate for and cultivate an inclusive, equitable, and diverse environment that is respectful and supportive.
Versatile Team Player: Adaptable and capable of working both independently and collaboratively within diverse teams and with individuals from various backgrounds.
Handling Confidential Matters with Discretion: Skilled in managing confidential and sensitive information with a high degree of tact and discretion.
Certifications:
Currently Studying for Certificate in 2024 ISC2 - Certified Information Systems Security Professional (CISSP)
Education:
Golden Gate University (Up Grad) – Doctor Business Administration (DBA) – Emerging Technologies. (Current).
Dakota State University (Distance Learning) – Graduate Studies – MSc. Cybersecurity (Current).
Sheridan College - Computer & Information Technology Postgraduate Program.
York University - Bachelor Arts.
Professional Experience:
Information Security Specialist
Iron Defence Security Corporation
Oct 2023 – Present
Roles & Responsibilities:
• Cybersecurity Analysis Scenarios: Create and manage end-to-end cyber security analysis scenarios with deliberateness, speed, and in a repeatable fashion.
• Cyber Scenario Development: Partner with Red Team and Intelligence Function to develop current and relevant cyber scenarios for Financial Institutions.
• Threat Capacity Evaluation: Evaluate critical assets/technologies' capacity against defined threats.
• Expert Guidance on Risk Mitigation: Provide specialized expertise and guidance on risk assessment, gap identification, and security solutions to mitigate risks.
• Risk Quantification: Quantify risk in terms of likelihood and impact.
• Scenario Analysis Reporting: Produce detailed cyber security scenario analysis reports, including socialization, approval, and presentation to executives and stakeholders.
• Process Improvement and Automation: Identify, document, and implement process improvements, enhancements, and automation opportunities.
• Documentation and Reporting: Maintain up-to-date documentation (playbooks, runbooks) and required reporting (metrics).
• Cyber Scenario Library Management: Manage the Cyber Scenario Library, aligning with 2nd line requirements.
• Scoring Model Consultation: Consult on scoring model development (control scoring, risk scoring).
• Cybersecurity Compliance Leadership: Formulate, execute, and sustain customized cybersecurity compliance frameworks for the legal sector in Canada, addressing unique security needs and regulatory obligations.
• Cybersecurity Compliance Leadership: Lead the development, execution, and maintenance of customized cybersecurity compliance frameworks tailored for the legal sector within Canada, ensuring adherence to PIPEDA, GDPR, and ISO 27001 standards.
• Strategic Risk Management Advisory: Provide high-level advice and strategic guidance on cybersecurity risk management to Buchanan Technologies' executive team and legal clients, developing strategies to mitigate cyber threats and enhance resilience.
• Regulatory Expertise and Compliance: Serve as an expert on Canadian cybersecurity legislation, including PIPEDA, GDPR, and ISO 27001, guiding compliance efforts and establishing industry benchmarks.
• Incident Response Leadership: Manage and respond to cybersecurity incidents by coordinating internal teams and external partners to quickly mitigate impacts of security breaches or threats.
• Proactive Threat Intelligence: Continuously monitor and analyze emerging threats and trends to anticipate potential risks and recommend preemptive actions to strengthen cybersecurity frameworks.
• Team Development and Mentorship: Mentor and develop junior cybersecurity team members, promoting a culture of continuous learning and professional growth to enhance team expertise and effectiveness.
• Lead Cybersecurity Operations and Strategy Development: Oversee cybersecurity operations and strategy for legal and financial sectors, focusing on compliance with Canadian and international regulations such as PIPEDA and GDPR.
• Design and Implement Cybersecurity Strategies: Create and execute bespoke cybersecurity strategies that align with organizational risk profiles and business objectives, ensuring robust security across IT and OT landscapes.
• Direct Incident Response and Crisis Management: Lead incident response and crisis management during cybersecurity events, reducing risk exposure and ensuring operational continuity.
• Advise C-level Executives: Act as a primary advisor to C-level executives on cybersecurity risks and strategies, enhancing board-level cybersecurity governance and policy formulation.
Technical environment:
MITRE ATT&CK Framework, Recorded Future, Veracode, DNS Filtering, Anti-Spam, Anti-Virus, Forensic & Data Loss / Leakage, CrowdStrike, Tenable - Nessus, Qualys, and Nexpose, IBM, SSH, sftp, vi, syslog, Log4j, application level coding, Oracle Database, Checkpoint, Palo Alto, Fortinet, Vulnerability management, Pen Testing, Virus Total, Kali Linux, OWASP, NMAP, Metasploit, SIEM
Senior Information Security Manager (Contract)
Durham College – Centre for Cybersecurity Innovation
May 2023 – September 2023
Roles & Responsibilities:
• Information Security Processes Development: Spearheaded the development and implementation of comprehensive information security processes across the organization.
• Configured and maintained: Anti-virus software, firewalls, and intrusion detection systems to ensure robust network security.
• Network Traffic Analysis: Conducted detailed analysis of network traffic to identify and mitigate potential security threats.
• Multidisciplinary Team Coordination: Worked with business and technical teams across the organization to formulate and execute project plans based on established project management principles and methodologies.
• Cyber Risk Activities Oversight: Monitored cyber risk activities conducted by project teams, reviewing and supporting the implementation of processes and controls as outlined in the information risk policy and related standards.
• Stakeholder Communication: Ensured clear and effective communication with stakeholders, clients, project managers, and team members about business and technical decisions that impact solution delivery, staff performance, and technical support.
• Policy and Control Implementation Support: Assisted in the design, implementation, maintenance, and enforcement of policies, procedures, and controls to safeguard information assets.
• Project Resource Management: Planned, prioritized, and coordinated the allocation of internal and/or external resources to achieve project objectives.
• Contractual Document Preparation: Led or supervised the preparation of formal contractual documents, including Requests for Information/Proposals/Quotations, Statements of Work, Memorandums of Understanding, and Service Level Agreements.
• Executive Leadership Engagement: Participated in meetings with executive leadership and strategic partners to review and assess the client's cybersecurity posture.
Professor (Part-time) – Cybersecurity & Threat Management (Contract)
Seneca Polytechnic
November 2022 – April 2024
Roles & Responsibilities:
• Information Security Processes Development: Lead the creation and enforcement of comprehensive information security strategies across the organization.
• Security Systems Configuration and Maintenance: Oversee the setup and ongoing maintenance of anti-virus software, firewalls, and intrusion detection systems to ensure optimal network protection.
• Network Traffic Analysis: Perform detailed analyses of network traffic to identify security threats and vulnerabilities.
• Student-Centered Learning Strategies: Utilize diverse educational strategies to enhance student engagement and comprehension.
• Cultural Competency in Communication: Demonstrate effective communication skills and cultural competency in interactions with diverse stakeholder groups.
• Tailored Learning Resources Creation: Develop and update customized educational materials to meet specific student needs.
• Student Learning Objectives Assessment: Evaluate student understanding using a variety of assessment techniques to ensure educational goals are met.
• Positive Learning Environment Fostering: Create a supportive and engaging atmosphere that encourages student participation.
• Educational Collaboration: Work effectively within team-based educational frameworks to deliver high-quality learning experiences.
• Academic Technology Integration: Utilize technology tools to enhance the learning experience and improve student outcomes.
• Inclusive Educational Environment Promotion: Promote and maintain a respectful, equitable, and diverse learning environment.
• Professional Development Engagement: Regularly attend professional and academic meetings to stay informed and actively engaged in the educational community.
• Student Performance Documentation: Maintain detailed records of student grades and assessments with a high degree of transparency and accuracy.
• Teaching Practices Refinement: Continuously solicit and incorporate feedback to improve teaching methods and curriculum design.
• Ongoing Professional Development Participation: Engage in ongoing professional development activities to enhance teaching skills and knowledge.
• Academic Technology Utilization: Effectively support and enhance student learning through the use of educational technology.
• Respectful and Supportive Learning Environment: Ensure that the educational setting is respectful and supportive, adhering to principles of inclusion, equity, and diversity.
• Accurate Educational Records Maintenance: Attend meetings and keep precise records of student grades and assessments to ensure accountability and facilitate educational planning.
Enterprise Security Architect (Contract)
Ontario Securities Commission
October 2022 – January 2023
Roles & Responsibilities:
• Security Strategies Development and Approval: Developed, reviewed, and secured approvals for security strategies within industry-accepted frameworks.
• Secure Enterprise Application Delivery: Directed the delivery of secure enterprise applications, providing leadership on development best practices and governance to enhance system security posture.
• Security-Related Initiatives Management: Led initiatives and the delivery of enterprise business application projects, focusing on security enhancements.
• Application Security Implementation: Provided high-quality security implementation and operational capabilities for enterprise applications.
• Security Testing: Ensured applications underwent thorough security testing using industry best practices before promotion to production.
• Application Architecture and Design Review: Participated in application architecture and design reviews to ensure security integration.
• Security and Risk Assessments: Directed security testing and project risk assessments from a technical security and information risk management perspective, advising management on identified risks.
• Information Security Processes Development: Spearheaded the development and enforcement of information security strategies across the organization.
• Security Systems Maintenance: Configured and maintained anti-virus software, firewalls, and intrusion detection systems to ensure robust network security.
• Network Traffic Analysis: Performed detailed network traffic analyses to identify and address potential security threats.
• Emerging Requirements Management: Anticipated, analyzed, and addressed organizational impacts of emerging requirements, using conflict resolution and negotiation skills to manage sensitive issues.
• Security Transformation Strategies Development: Participated in creating security-focused transformation strategies to integrate and manage technology systems for operational improvement and threat management.
• Cyber Risk Issues Resolution: Managed cyber risk issues, escalating significant matters to senior management as needed.
• Security Controls in ERP Systems: Led the implementation and monitoring of security controls in ERP systems, assisting in the mitigation and remediation of incidents.
• ERP Security Gaps Assessment and Support: Provided direct support in assessing and addressing security gaps in current ERP processes and procedures.
• Security Strategies Development and Approval: Developed and approved security strategies within industry-accepted frameworks.
• Secure Enterprise Application Delivery Leadership: Led the delivery of secure enterprise applications, ensuring adherence to development best practices and governance standards.
• Security-Related Initiatives Management: Managed security-related initiatives, focusing on enhancing security measures within enterprise business application projects.
• Security Testing Execution: Conducted thorough security testing to ensure applications met industry best practices before being promoted to production.
• Application Architecture and Design Review: Reviewed application architecture and design to ensure the integration of robust security measures.
• Security and Risk Assessments Leadership: Led comprehensive security and risk assessments from both technical security and information risk management perspectives.
• Emerging Requirements Management and Transformation Strategies Development: Managed emerging requirements and developed transformation strategies to integrate and manage technology systems for improved operational security.
• Cyber Risk Issues Resolution and Escalation: Resolved and escalated significant cyber risk issues to senior management as needed.
• ERP Systems Security Controls Implementation and Monitoring: Implemented and monitored security controls in ERP systems to mitigate and remediate security incidents.
Technical environment:
(MITRE ATT&CK Framework, Recorded Future, Veracode, DNS Filtering, CrowdStrike, Tenable - Nessus, Qualys, and Nexpose, AppScan, vi, WinEvent, Oracle, Checkpoint, Palo Alto, Fortinet, Virus Total, Kali Linux, OWASP, NMAP, Metasploit, SIEM (ArcSight), (Splunk), JIRA, Passive Total, Clarity, McAfee DLP, IAM, McAfee IDS/IPS, UNIX/Linux, Windows Server, ISO, NIST framework, PCI, STIX/TAXII, TTPs, AWS, OpenStack)
Information Security Advisor (Contract)
Scotiabank
February 2022 – June 2022
Roles & Responsibilities:
• Information Security Processes Development and Implementation: Spearheaded the creation and enforcement of comprehensive information security strategies across the organization.
• Security Software and Systems Maintenance: Oversaw the setup and ongoing maintenance of anti-virus software, firewalls, and intrusion detection systems to ensure optimal network protection.
• Network Traffic Analysis: Performed detailed analyses of network traffic to identify security threats and vulnerabilities.
• Culture of Issue Self-Identification: Established practices and communications to support partners in effectively and consistently carrying out their roles in risk issue management.
• Issue Management Process Improvement: Continuously enhanced the quality of the issue management process and related data.
• Stakeholder Relationship Management: Engaged and resolved risk issues with stakeholders at various levels, including executives, ensuring effective relationship management.
• Cyber Security Initiatives Alignment: Built and managed relationships with key stakeholders, team members, and other business units; collaborated with senior leaders to ensure alignment of cyber security initiatives.
• Regulatory Responses and Audits Support: Assisted in responding to regulatory requests and audits, ensuring compliance and readiness.
• Cyber Security Deployment Management: Oversaw the deployment of cyber security policies and procedures, and managed related programs, projects, vendors, audits, assessments, remediations, and mitigations.
• Security Tool and Service Development Leadership: Architected, designed, implemented, supported, and evaluated security-focused tools and services, taking on project leadership roles.
• Security Architectures for Compliance Design: Created and documented architectures that meet security and compliance requirements for Canadian Government entities.
• Security Policies Development and Interpretation: Formulated and clarified security policies and procedures to guide organizational compliance and operations.
• Risk-Focused Cyber Security Consultation: Offered expert advice as a senior cyber security advisor on security-related initiatives, solution selection, security architecture, and assessments.
• Cyber Risk Updates Communication: Created and maintained presentations and other communication materials for updating the Executive Leadership Team, Board, and Committees on cyber risk issues.
• Information Security Processes Development and Implementation: Developed and implemented comprehensive information security strategies across the organization.
• Security Software and Systems Maintenance: Maintained and ensured optimal performance of anti-virus software, firewalls, and intrusion detection systems.
• Network Traffic Analysis: Conducted thorough analyses of network traffic to identify and mitigate security threats and vulnerabilities.
• Culture of Issue Self-Identification: Fostered a culture that encourages partners to effectively and consistently identify and address risk issues.
• Issue Management Process Improvement: Enhanced and streamlined the issue management process and related data quality.
• Stakeholder Relationship Management: Successfully managed relationships with stakeholders at various levels, including executives, to resolve risk issues.
• Cybersecurity Initiatives Alignment: Ensured alignment of cybersecurity initiatives by building and managing relationships with key stakeholders, team members, and business units.
• Regulatory Responses and Audits Support: Provided support for regulatory responses and audits, ensuring compliance and readiness.
• Cybersecurity Deployment Management: Managed the deployment of cybersecurity policies and procedures, overseeing related programs, projects, vendors, audits, assessments, remediations, and mitigations.
• Security Tool and Service Development Leadership: Led the architecture, design, implementation, support, and evaluation of security-focused tools and services.
• Security Architectures for Compliance Design: Designed and documented security architectures to meet compliance requirements for Canadian Government entities.
.Technical environment:
(Vulnerability assessments and Pentests using Kali Linux, Veracode, MITRE ATT&CK Framework, Recorded Future, CrowdStrike, DNS Filtering, Anti-Spam, Anti-Virus, Forensic & Data Loss / Leakage, Tenable - Nessus, Qualys, and Nexpose, AppScan, ssh, Oracle Database, Checkpoint, Palo Alto, Fortinet, Vulnerability management, Pen Testing, Virus Total, Kali Linux, OWASP, NMAP, Metasploit, SIEM (ArcSight), SIEM (Splunk), JIRA, Nexpose, Qualys, Anomali, Passive Total)
Security Enterprise Architect (Contract)
IBM – Entegris Assignment
September 2021 – February 2022
Roles & Responsibilities:
• Technology Controls and Information Security Guidance: Provided guidance and advice to stakeholders on a broad range of technology controls and information security programs, policies, standards, and incidents.
• Information Security Processes Development and Implementation: Spearheaded the creation and enforcement of comprehensive information security strategies across the organization.
• Security Systems Maintenance: Oversaw the setup and ongoing maintenance of anti-virus software, firewalls, and intrusion detection systems to ensure optimal network protection.
• Network Traffic Analysis: Performed detailed analyses of network traffic to identify security threats and vulnerabilities.
• Risk and Control Assessments: Participated in assessments related to risk, controls, implemented control procedures, threats, vulnerabilities, and risks.
• Third-Party Compliance Monitoring: Ensured that third-party providers complied with relevant data protection regulations such as PIPEDA, PCI DSS, GDPR, CCPA, HIPAA, and industry-specific standards.
• Security Policies and Procedures Development: Developed, reviewed, and updated information security and privacy policies, standards, and procedures to align with best practices and regulatory requirements.
• Cyber Security Technologies Research: Conducted research to maintain and expand knowledge of the latest cybersecurity technologies and standards, as well as the threat and vulnerability landscape across various industries.
• Cyber Security Governance Representation: Acted as an advisor and expert Cybersecurity Subject Matter Expert (SME) representing the Cyber Security Governance, Risk, and Architecture team to support the overall security program.
• Cybersecurity Consultation: Offered expert consultation to operational teams as a risk-focused senior cyber security advisor on security-related initiatives, solution selection, security architecture, and assessments.
• Technology Controls and Information Security Guidance: Guided and advised stakeholders on technology controls and information security.
• Information Security Processes Development and Implementation: Developed and implemented comprehensive information security processes.
• Network Traffic Analysis: Conducted detailed analysis of network traffic to identify security threats.
• Risk and Control Assessments: Engaged in comprehensive assessments of risks, controls, and implemented procedures.
• Third-Party Compliance Monitoring: Monitored compliance of third-party providers with relevant data protection regulations.
• Security Policies and Procedures Development: Developed and updated security policies and procedures to align with best practices and regulatory requirements.
• Cybersecurity Technologies Research: Conducted research to stay current on the latest cybersecurity technologies and standards.
• Cyber Security Governance Representation: Represented the Cyber Security Governance team as a subject matter expert.
• Cybersecurity Consultation: Provided expert cybersecurity consultation to operational teams and stakeholders.
Technical environment:
(Microsoft on desktops and servers, VMware 7.x, Cisco routers, HP switches, Palo Alto Prisma, Blade servers, SD wan, Grunt works, Crowdstrike, CyberArk, SyslogNG, MITRE ATT&CK Framework, Veracode, Recorded Future, DNS Filtering, Anti-Spam, Anti-Virus, Forensic & Data Loss / Leakage, CrowdStrike, Tenable - Nessus, Qualys, and Nexpose, AppScan, ssh, sftp, vi, syslog, WinEvent, Log4j, application level coding, Oracle Database, Checkpoint, Palo Alto, Fortinet, Vulnerability management, Pen Testing, Virus Total, Kali Linux, OWASP, NMAP, Metasploit, SIEM (ArcSight), SIEM (Splunk), JIRA, Nexpose, Qualys, Anomali, Passive Total, Clarity, McAfee DLP, IAM, McAfee IDS/IPS, UNIX/Linux, Windows Server, ISO, NIST framework, GO-ITS, PCI, STIX/TAXII, TTPs, AWS, Private cloud – OpenStack)
Information Security Analyst - Threat Modeler (Contract)
Toronto Dominion Bank (TD Bank)
July 2021 – August 2021
Roles & Responsibilities:
• Information Security Processes Development and Implementation: Led the creation and enforcement of comprehensive information security strategies across the organization.
• Security Systems Maintenance: Oversaw the setup and ongoing maintenance of anti-virus software, firewalls, and intrusion detection systems to ensure optimal network protection.
• Network Traffic Analysis: Performed detailed analyses of network traffic to identify security threats and vulnerabilities.
• Vulnerability Management Solutions Implementation: Deployed vulnerability management tools such as Tenable and Qualys to enhance security protocols.
• Threat Detection Activities: Engaged in threat detection and exploratory activities in real-world environments to proactively identify security risks.
• Software-Defined Networking Platforms Utilization: Utilized software-defined networking platforms, including SDN and SD-WAN, to strengthen network security.
• Security Assessments: Conducted security assessments using tools like Veracode and AppScan to evaluate the security posture of applications.
• Vulnerability and Patch Management Oversight: Established and managed frameworks for enterprise vulnerability and patch management initiatives in alignment with client objectives.
• Log Sources Onboarding and Benchmark Establishment: Achieved expertise in onboarding log sources and setting security benchmarks for comprehensive monitoring.
• Technology Controls Authority: Served as the main point of authority on technology controls and information security for project teams, internal business units, and external vendors.
• Expert Resource in Technology Controls: Provided expert guidance and leadership in technology controls and information security for project teams, the business/organization, and external partners.
• Information Security Processes Development: Developed and implemented comprehensive information security processes.
• Security Systems Maintenance: Maintained and ensured the optimal performance of security systems, including anti-virus software, firewalls, and intrusion detection systems.
• Network Traffic Analysis: Conducted detailed analysis of network traffic to identify and mitigate security threats.
• Vulnerability Management Solutions Implementation: Implemented tools such as Tenable and Qualys to enhance security protocols.
• Threat Detection Activities: Engaged in proactive threat detection to identify and address potential security risks.
• Software-Defined Networking Platforms Utilization: Leveraged software-defined networking platforms, including SDN and SD-WAN, to bolster network security.
• Security Assessments: Performed thorough security assessments using tools like Veracode and AppScan to evaluate application security.
• Vulnerability and Patch Management Frameworks: Established and managed comprehensive frameworks for vulnerability and patch management.
Technical environment:
(Microsoft on desktops and servers, VMware 7.x, Cisco routers, HP switches, Palo Alto Prisma, Blade servers, SD wan, Grunt works, Crowdstrike, CyberArk, MITRE ATT&CK Framework, Veracode, Recorded Future, DNS Filtering, Anti-Spam, Anti-Virus, Forensic & Data Loss / Leakage, CrowdStrike, Tenable - Nessus, Qualys, and Nexpose, AppScan, ssh, sftp, vi, syslog, WinEvent, Log4j, application level coding, Oracle Database, Checkpoint, Palo Alto, Fortinet, Vulnerability management, Pen Testing, Virus Total, Kali Linux,
Contact this candidate