Cybersecurity Operations Manager | Senior Security Engineer
Motivated Cybersecurity Operations Manager | Senior Security Engineer with extensive experience in developing and maintaining security systems and policies. Years of experience with HI-TRUST compliance and certification process. A lifelong cellar-dweller who thrives in non-naturally lit environments and approaches every Security and Compliance challenge with collaboration, optimism, and a sense of humor. Passionate about enhancing Enterprise Cloud Security knowledge and compliance skills, and dedicated to being part of a resilient and dependable security operations team. Proven track record with years of experiences in many dynamic and unique professional settings and industries.
Technical Skills
Frameworks:
- MITRE ATT&CK, HI-TRUST, OWASP, GDPR, HIPAA, ISO 27000, NIST SP 800, NIST CSF, PCI DSS, CSA, SOC2, CIS, FedRAMP - Creating Security SOPs and implementing STIGs to enforce compliance
Technologies:
- AWS (Amazon Web Services), Azure, Google GCP, Docker, Microsoft Hyper-V, VMware, Citrix, RackSpace, OpenStack, Kubernetes, Nutanix, DigitalOcean, VxRail, and many more
Preferred Tools:
- Microsoft 365 Security and Compliance Center, AWS GuardDuty, AWS Config, AWS CloudTrail, Tenable, CrowdStrike, Nessus, RedCanary, DataDog, Rapid7, KnowBe4, Splunk, Palo Alto, CheckPoint SASE, Jira, Confluence, Snyk, StackHawk, Burp Suite
Thousands of hours with various offensive and defensive enterprise and open-source security tools
Professional Experience
Sr. Information Security Manager | <Withheld for Security Reasons>, USA, 2023 - Current
- Leads information security team for a leading healthcare IT software provider, ensuring the protection of sensitive patient data and our enterprise security and compliance programs.
- Compliance through automation to enforce industry regulations such as HIPAA, and HITRUST.
- Implemented vulnerability remediation programs, change management, multi-cloud disaster recovery, role-based access control (RBAC), privileged access management (PAM), email security gateways, static code analyst vulnerability reporting, and XDR\EDR Solution Management.
- Oversee day-to-day security operations, including monitoring, incident response, and threat intelligence analysis, while mentoring junior staff.
- Frequently meet with the Board, Senior Leadership Team, and other large healthcare organizations to share security experience, playbooks, and best practices.
- Manage Security Team personnel to implement security awareness training programs, fostering a culture of security awareness. Train IT Team in best practices for enterprise management.
- Implemented SIEM, MDR, SOAR, SAST/DAST, and SASE SAAS solutions.
Sr. Information Security Engineer | Municipal Securities Rulemaking Board, Washington, DC 2022 - 2023
- Led Threat Intelligence, Vulnerability Management, Round Table Events, Daily Security Operations, Incident Response Events, and other Information Security Management Programs.
- Monitored cloud security services to ensure the organization is compliant.
- Continually designed, implemented, maintained, documented, and reported on Security Requirements and Standards, briefing executive leadership and Board members.
- Built SOPs for Info Sec Team for repeatable tasks, investigations, and playbooks.
- GRC reporting and tasks for financial reporting regulations and other compliance needs.
- Provided leadership and continuous training for colleagues, enabling cross-team collaboration.
Cyber Exposure Consultant | Security Engineer | Tenable, Inc., Columbia, MD 2022
- Consulted customers and government agencies on best practices for vulnerability scanning and creating sustainable security programs to ensure compliance with security frameworks.
- Revamped onboarding playbooks and engagement script guides used by all Tenable employees and 3rd party consultants.
Security Operations Manager | Lead Security Engineer | Audacious Inquiry, Baltimore, MD 2019 - 2022
- Managed IT, Networking, Infrastructure, and Security departments with multiple reports.
- Served as the Technical Subject Matter Expert (SME) for all Operations teams and leadership.
- Promoted multiple times, managing various teams with different skill sets.
- Ensured HI-TRUST Certification; developed processes around compliance and security needs.
- Created SOPs for exercises, documentation for all systems, and repeatable actions.
- Led multiple daily scrums, managed projects (PM), directed customer communication, and often interfaced with outside organizations' security, networking, or compliance teams.
- Managed 40+ AWS accounts and AWS Organization, Azure, and Microsoft 365 deployment.
- Migrated thousands of resources from traditional data centers to multiple cloud platforms.
- Worked directly with federal government and cloud providers to ensure all guidelines were met, prioritizing compliance and security.
- Contributed to the next phase of growth and funding, creating substantial cost savings.
- Managed Objectives and Key Results (OKRs) reporting to management and stakeholders.
- Recruited and developed the next generation of IT, Networking, Infrastructure, and Security personnel and management team members, building robust hiring and screening processes.
- Passionate about growing team members' skill sets and progressing their individual career goals.
Cloud Solutions Engineer | Systems Administrator | Dollar Bank, Pittsburgh, PA 2018 - 2019
- Redesigned all on-prem infrastructure to be cloud-ready using industry best practices.
- Managed virtualization technologies for large data center deployments with 700+ VMs, created footholds in AWS and Azure, including Azure AD and Intune MDM, and E-Discovery.
- Designed and implemented high-availability and multi-site disaster recovery, backups, baselines, and configurations, bringing the organization into industry-standard IT methodologies.
- Ensured all platforms and infrastructure adhere to federal guidelines and regulatory compliance.
- On-boarded DevOps methodologies, started infrastructure as code, and created standard operating procedures and environment documentation.
- Worked in tandem with the Security Team to design more robust monitoring and SIEM.
- Created the Enterprise Architecture Board to help onboard new projects with standard operating procedures. Consulted on all security initiatives.
Lead Systems Engineer | B2BConnector, Washington, DC 2016 – 2018
- Designed highly available E-Commerce platform in the AWS cloud for internal testing.
- Leveraged hosted services to house GDPR and PCI compliant databases and servers.
- Built a sustainable fleet of EC2 instances using Spot Instances for maximum cost savings.
- Created and maintained monitoring and logging for all infrastructure.
- Developed CloudFormations for disaster recovery and automatic deployment.
Systems Engineer | NCsoft Subsidiary, Seattle, WA 2017 – 2018
- Migrated 1000+ servers into the AWS cloud for a Massively Multiplayer Online (MMO) game, achieving the industry first with zero customer-facing downtime.
- Created resilient infrastructure in the AWS cloud to support a micro-services architecture.
- Developed a global presence for game servers and disaster recovery for all infrastructure.
- Built IAM Secure Access, Route 53, monitoring and alerting systems, and massive high-availability (HA) SQL deployments, converting many SQL Servers to SQL Express, resulting in hundreds of thousands of dollars in savings.
- Ensured GDPR compliance of the platform, working with Amazon counterparts on-site at AWS.
- Managed security and forensic tactics and strategies, published documentation and standard operating procedures along with mentoring junior staff.
Systems Engineer | Brailsford & Dunlavey, Washington, DC 2013 – 2017
- Managed 50+ servers, IT systems for 200+ users, 8 national offices, and multiple BI interfaces.
- Migrated on-premise servers to multiple co-location facilities for high availability.
- Developed security policies, disaster recovery plans, white glove service, and E-Discovery.
- Designed 24/7 enterprise-level monitoring with reports and metrics, achieving 99.9% uptime on all key infrastructure with high levels of resiliency.
- Developed new business solutions and implemented through IT, BI, and analytics.
- Migrated MS Exchange from 2007 to 2016 and created high-availability (HA) DAG.
- Oversaw all IT operations for sister company CENTERS USA. Promoted from Systems Administrator to Systems Engineer.
IT Specialist | Freedom House, Washington, DC 2012 – 2013
- Solely designed IT for HQ and 10+ international offices, managing a 200+ user environment.
- Managed multiple systems, including AD, Exchange, SharePoint, SQL, BES, Archive Servers, NAS/SAN, and VMware.
- Deployed multiple secure systems, dealing with various encryption technologies and secure communications platforms.
- Network Administration: Managed LAN, WAN, VPN services, Firewalls, IPS, switches, etc.
- Interfaced with executive-level management regularly, attended local conventions and meetings, and worked across multiple languages and time zones worldwide.
- Published international best practices for personal device encryption and security standards.
Education | Certifications | Affiliations | Groups
Education:
- University of Maryland University College – College Park, MD – CyberSecurity
- Howard Community College – Columbia, MD – Computer Forensics
Affiliations & Groups:
- InfraGuard – FBI Civilian Relationship
- Open Source Security Foundation Member
- Cloud Security Alliance – Pittsburgh Chapter Founding Member
- Information Systems Security Association – ISSA
- Cybersecurity Association of Maryland Affiliate
Certifications:
- VMware Certified Professional 2006
- EC-Council Certification: ENSA
- CompTIA A+ 2006, Sec+ 2006
- ITIL Foundation Level
- AWS Certified SysOps Administrator 2017
- AWS Certified DevOps Engineer 2017
- Splunk Power User
- Microsoft SharePoint Architect for NGOs
Contributor on Security Publications and Communities such as AWS Security and Networking Best Practices for internal Amazon Web Services use
Download Resume (PDF)