| | | 20,000+ Fresh Resumes Monthly | |
|
|
| | Related Resumes Geopolitical and Cyber Security Threat Researcher and Analyst New York City, NY IT, Cybersecurity, Risk, Governance, compliance, SOC Weehawken, NJ Governance Risk Compliance CyberSecurity-DevOps-DevSecOps-IT Aud Manhattan, NY Cyber Security Information Wayne, NJ Cyber Security Engineer Jersey City, NJ Cyber Security Information Cedar Grove, NJ Risk Management Information Security Wayne, NJ |
|
Click here or scroll down to respond to this candidateCandidate's Name Georgia/New Jersey/Massachusetts PHONE NUMBER AVAILABLE EMAIL AVAILABLEC Y B E R S E C U R I T Y A D V I S O R & C H I E F I N F O R M A T I O N S E C U R I T Y O F F I C E R ( C I S O ) Led implementation of cyber security programs to secure companys assets, ensured compliance requirements and minimized risk while increasing cyber resilience. Proven track record of communicating complex technical concepts to executive teams and business leaders. TS/SCI clearance (DHS Street Address ) and Public Trust clearance (VA and HUD OIG, US Department of the Treasury, 2020 to Present).S E L E C T K N O W L E D G E B ASE Data Breach Notifications Information Assurance & Governance IT Controls Review, Assessment, & Remediation Threat & Vulnerability Management Security Architecture Physical Security IT Governing Policies & Procedures Third-Party Risk Management Business Continuity & Disaster Recovery Digital Forensics Cybersecurity Education & Security Awareness Agile Methodology Project Management Artificial IntelligenceC E R T I F I C A T I O N S GIAC Critical Controls Certification (GCCC) # 716732, SANS, 04/2017- Present ITIL, Foundation Certification Ver.3, Learning Tree International, 2/2012 Certified Ethical Hacker (CEH) EC-Council, 06/2011- Present Certified Fraud Examiner (CFE) #153382, Association of Certified Fraud Examiners, 03/2009- Present Certified Information Systems Security Professional (CISSP) #31549, 2002- Present Certified Information Security Auditor (CISA) #0864878, 12/2007- Present Certificate in National Security Agency INFOSEC Assessment and Evaluation Methodology, 05/2007 Cisco Security Specialist1, 2004; Cisco Secure PIX firewall Advanced, 2004; Certified Cisco Network Associate, 20023 P R O F E S S I O N A L E X P E R I E N C EFractional Cyber Information Security Officer - A plus Advisors Corp, Atlanta, GA 10/2020-Present Client: Solventum (1/2024-04/2024). As Cybersecurity Lead, conducted Vulnerability Assessment and IT controls review of medical devices for FDA submission. Built device inventory attributes and control questions using FDA and NIST requirements Reviewed security controls, risk mitigations, and documented test results Client: Department of the Treasury (12/2022 to 01/2024). As Lead High Value Asset (HVA) Security Specialist, built relationships with key stakeholders and points of contact for the Treasury Bureaus. Led analysis, assessments, and reporting of HVA assessment program. Created and architected a scoring algorithm and selection standard that selected critical systems for the HVA nomination. Led resiliency and modernization efforts that included 12 resilience metrics based on NIST 800-53 controls and 4 levels of maturity levels in effort to foster security-aware culture Oversaw and led implementation of the guidance from DHS CISA, NIST, BOD, and OMB for the following modernization projects: Enterprise Risk Management (GRC), Zero Trust, IPv6, Network Segmentation, Log Management, Encryption, Cloud Migration, MFA, and Legacy Systems Created and updated PMO documentation that included Charter, Methodology, and Strategy; FISMA audit metrics Client: 3M (5/2022 to 12/2022). As Lead Cybersecurity Subject Matter Expert, developed cybersecurity roadmap, SSDLC, RACI, Authority to Operate (ATO), Vulnerability and Risk Management (GRC), SOP, work instructions, and policies for post- market medical device solutions/OT. Conducted medical device/OT risk assessment reviews: planning, threat modeling, analysis of vulnerabilities, security mitigations, assess post mitigated and residual risks Built boundary diagram that illustrated the device elements and identified external interfaces with dependencies and relationships Developed a threat model using threat modeling tool (STRIDE) and reviewed the output with stakeholders Conducted post-mitigated risk analysis by scoring collateral damage potential, safety hazards, business impact, and documented possible mitigationsCandidate's Name Atlanta, GA 347.614.1122 EMAIL AVAILABLE Client: Housing and Urban Development, Office of Inspector General (12/2020 to 5/2022). As Cybersecurity Manager/Deputy CISO responsible for all cyber risk management, architecture, operations, and strategic activities for 47 field offices and 700+ employees. Utilized Agile methodology to plan and prioritize work deliverables. Conducted the controls review of Azure, O365, and other applications using NIST 800-53/30 for the ATO process Performed INFOSEC tools integration and streamlining of processes Identified weaknesses in existing processes and practices Implemented recommendations that yielded increased efficiency and accommodated internal resources to address other priorities Led compliance efforts such as FISMA, DHS Binding Directives, and Whitehouse Memorandum Performed security and privacy risk assessments Developed metrics for evaluating the effectiveness and the outcomes of INFOSEC initiatives Performed Vulnerability Management program optimization and improvement using Contrast and Nessus Client: PwC (10/2020 to 12/2020). As fractional CISO for short-term, part-time consulting engagements, performed the following duties:End client: GoDaddy. As Assessor performed capability maturity assessment using NIST CSF. Provided feedback on cyber strategy, developed roadmap to improve maturity and risk reduction activities End client: St. Lukes University Health Network. As Lead NIST CSF Assessor, conducted HIPAA, TPRM, and Enterprise Security Risk assessments using NIST 800-30 and NIST CSF frameworks. Prepared and facilitated workshops with clients. Prepared peer benchmarking analysis, executive reports, and recommendations End client: Whirlpool. As Lead Subject Matter Expert, provided feedback to Vulnerability Management Governance program for IoT and OT devices that leveraged Rapid7 tool. Identified gaps and provided recommendations. Built RACI models and process flows. Delivered quick turnaround deliverables that saved around $10,000 in contracting hours End client: CapitalOne. As Senior Advisor on the Technology Risk Enhancement Program, led process walkthrough and process level assessment working sessions that included identification of process risks, risk description, sizing, and controls. Established the scope of engagement, gathered, and analyzed relevant inputs and artifacts to build process flow diagramsEnd client: Dropbox. As Lead Cybersecurity Controls Auditor, used CIS Critical Security Controls framework, developed test plans, performed controls testing, interviewed system owners and stakeholders, reviewed artifacts, identified gaps, and provided recommendationsEnterprise Security Architecture Lead - Department of Veteran Affairs/Leidos, Reston, Virginia 06/2020 to 10/2020 Built Enterprise Security Architecture Framework (ESAF) for Medical Technology and IoT assets using MITRE, NIST SP (800- 37, 800-53, 800-39, 800-137, 800-63, 800-160, 800-27), Cybersecurity Framework (CSF) and NSA Community Gold Standard. Used 88 information data flows to create a logical technical architecture diagram for the data catalog Delivered accurate presentation of data flow into simple-to-read format Created Data Catalog (inventory of data assets, list of business owners, classification type, and consumers) that quickly identified cybersecurity data resourcesCybersecurity Risk Consultant - A plus Advisors, Atlanta, GA 08/2018 to 03/2020 Client: Ernst & Young (04/2019 to 03/2020). As Senior Security Solutions Architect for cyber defense projects. Evaluated of risk management program, architected Cloud IDS solutions, and DNS analytics. Created artifacts and deliverables, including network diagrams, proof of concept documents, target architecture documentations, staffing proposals, product roadmaps, technology selection research and recommendations, target operate models, business cases, RACI, and support models/flows Client: Cylera (08/2018 to 04/2019). As Advisor provided guidance and testing on the interfaces, features, dashboard, GUI, and report templates for IoT medical device start-up. Provided mapping controls from NIST 800-53, 800-82, IoM OWASP, and 800-37Candidate's Name Atlanta, GA PHONE NUMBER AVAILABLE EMAIL AVAILABLE Detective (Digital Forensics Team) - New York State, Office of Attorney General, NYC, NY 09/2017-08/2018 Consulted and guided prosecuting attorneys on strategies regarding evidence collection, including covert investigations, leading to quicker turnaround times for evidence processing and analysis Conducted computer, mobile, and video forensics tasks; prepared and processed covert video recording devices for undercover informants involved in Medicaid fraudCybersecurity Risk Consultant Lead - A plus Y Consulting, Queens, NY 01/2016-09/2017 Client: Valley Health System (10/2016 to 9/2017). As fractional vCISO, led cybersecurity risk management oversight of 4 business entities and 10K employees. Led guidance in design, implementation, and management of information security (policy and procedures), data protection (OT and IoMT), and risk management programs, utilizing HITRUST, ITIL, CIS, NIST, HIPAA, HITECH, and PCI DSS requirements Reduced risk by providing advisory expertise in the areas of risk analyses, vulnerability assessments, incident response, security architecture, physical security, business continuity and disaster recovery, security awareness, and resolution of highly complex security projects and issues Proposed architecture solutions and control recommendations that considered technical constraints, organization culture, budget, and other factorsClient: VF Corp (10/2016 to 09/2017). As fractional vCISO, updated information security policies and procedures to comply with PCI DSS requirements. Developed and architected Risk Register using GRC tool (Modulo); Troubleshot malware and managed security incidents using IBM ResilientClient: Avon (01/2016 to 07/2016). As fractional vCISO, developed Incident Response, conducted vulnerability and threat research intelligence analysis. Uncovered potential security breaches before they became issues by collaborating and monitoring alerts from SIEM(Nitro) and Intrusion Detection System (Snort)Information Security Officer - Passaic County Sheriffs Office, Wayne, NJ 09/2016 to 04/2017 As interim CISO, focused on risk mitigation strategies and leading security risk assessments of clinical and law enforcement applications. Decreased cyber risk by implementing defense-in-depth initiatives, evaluating, deploying, and managing current and future security technologies while building new standard risk foundations for future leadership Proposed, designed, and implemented security safeguards, controls, and countermeasures Police Officer Class II (part-time) - Hackensack Police Department, Hackensack, NJ 04/2015 to 04/2016 As a member of the Bureau of Criminal Investigations, advised and consulted on highly confidential and sensitive investigations related to cyber investigation issues, including evidence collection and the possible sources of evidence Risk Director, Chief Information Security Office - Columbia University, New York, NY 01/2013 to 06/2015 Directed governance and risk management program using the GRC tool RSAM for Columbia Universitys 21 schools and departments with 185 applications. Produced a risk management assessment of 60 control questions to address centralized & decentralized environments, including data center controls, cloud-based controls, and 3rd party vendors. Oversaw project management function using Agile methodology, documented project scope, project schedule, and business requirements Monitored, tracked, and reported metrics and risk dashboards on risk remediation efforts to C-level Management Addressed emerging threats and achieved compliance with FERPA, FISMA, and HIPAA regulations Created Plan of Action and Milestone (POA&M) to support risk mitigation activities Sold the Risk program benefits and created win-win relationship with the business and application owners Managed various vulnerability assessment tools (Whitehat Security and Nexpose Rapid7) to provide enhanced visibility in the Risk ProgramCandidate's Name Atlanta, GA PHONE NUMBER AVAILABLE EMAIL AVAILABLE Assistant Director, Information Security - Mount Sinai Medical Center, New York, NY 09/2005 to 12/2012 Introduced controls to mitigate risk to clinical applications and critical assets while managing enterprise security incidents and events. Created standard security protocols, operating procedures, and policies that increased security posture and awareness. Conducted risk assessment of clinical applications, medical devices, and provisioned vendors remote access requests.A D D I T I O N A L P R O F E S S I O N A L E X P E R I E N C E Specialist/E-4, Volunteer (2021 to Present) Georgia State Department of Defense, G6-Cybersecurity, Marietta, GA Adjunct Professor, Healthcare Information Security (2011 to 2013) St. Johns University, NY Senior Project Manager (2004 to 2005) Metropolitan Transportation Authority Headquarters/Police, NY Network Analyst (2000 to 2003) Columbia Presbyterian Medical Center, NY Network Engineer (1998 to 2000) Realtech Systems Corp, NY Network Technician (1997 to 1998) Merrill Lynch, NJ E D U C A T I O NBasic Course for Police Officers Rockland County Police Academy, Pomona, NY Special Law Enforcement Officer Passaic County Police Academy, Wayne, NJ Certificate in Management Practices New York University, School of Continuing Education, New York, NY Master of Arts in Biomedical Informatics, HIPAA, Risk, Audit, and Compliance Columbia University, New York, NY Bachelor of Science in Applied Science (Biomedical Engineering) Rutgers University, Piscataway, NJ I N D U S T R Y C O M P E T E N C I E SFrameworks/Regulations: ISO 27001/27002, NIST 800 Series/CSF/RMF, PCI DSS, HITRUST CSF, HIPAA, ITIL, NSA Community Gold Standard, FISMA, SOC 2, FedRamp, OWASP 10, 20 CIS Controls, CIS benchmarks, MITRE ATT&CK, SOX Cloud Technologies: AWS, Azure, AliCloud, BlueCloud Vendors/tools: GRC tools (RSAM, Archer, Modulo, XACTA), Firewall (Cisco, Checkpoint, Juniper, Netscreen, Fortinet), IDS/IPS (ISS, Lancope, Snort, Antura), Proxy, SIEM (Splunk, NITRO, Sentinel), McAfee, Symantec, Vulnerability Scanners(Nessus, Rapid7, Qualys, Accunetix, Contrast), Metasploit, DLP (McAfee), Reconnaissance/OSINT tools (Maltego, Shodan, NMAP), Forensics (EnCase, FTK, Cellebrite), ServiceNow, ForeScout, VPN (Cisco, Juniper) |
