April Vanover Email & Phone Number

San Ramon, CA, US

• Establish and maintain CSPM program with Wiz including root cause analysis of architectural issues and patterns for immediate resolution, supporting vulnerability management program, and determining where guardrails.
• Currently leading team in implementation of security within Gitlab and Kubernetes (DevSecOps) including image scanning, image trust/signing, and admission controller security
• Assist teams with cloud security architectural reviews in GCP, AWS, and Azure
• Create roadmaps for the cloud security program
• Part of team working towards FedRAMP ATO
• Working towards implementation of guardrails/paved road controls such as AWS SCPs, Azure Policy, GCP Organizational Policies, and IaC (Terraform) scanning as well as custom development of controls within Wiz and other.

Sunnyvale, CA, US

• Point of contact for InfoSec for the multi-year migration to Azure.
• Provide technical guidance and reviews for architectures and feature implementation for the migration to Azure, or new development within the cloud, including hybrid architectures.
• Mentor and provide guidance for junior engineers to progress their careers in Information Security.
• Provide leadership in addressing cross-organization coordination to implement and evangelize information security more effectively.
• Review vulnerabilities and attack chains primarily within Azure, but also including AWS, GCP, and OCI for mitigation prioritization, using cloud native and CSPM tools. Create Azure policies and other guardrails/paved.
• Co-created LinkedIn Cloud Security Standard to provide guidance for engineers, and explore as a baseline to establish guardrails to enforce without engineering involvement.

Sunnyvale, CA, US

• Build team for Corporate Security. Provided direction and leadership for team.
• Review network and application architectures from security perspective, both for internal initiatives and integrations with external parties. Includes cloud and hybrid, taking into consideration the security/business.
• Provided security consultation to design and implement multi-forest infrastructure for lower trust networks, lock downs of virtual infrastructure for use with external contractors, and configuration/improvement of MDM.
• Conduct security reviews for infrastructure integrations as part of acquisitions.
• Perform vendor and product security risk assessments, including cloud vendor deployments, hybrid, and on-premise installations.
• Create relationships with teams across the organization to collaborate on security initiatives.

Arlington, VA, US

• Development of automated security configuration through scripts, security template configuration, group policy, and documentation. Responsible for configuration management of scripts and configuration files in version.
• Coordination of development activities for team. Track bugs and features to be incorporated and closed.
• Develop documentation including standard operating procedures, policies, and vulnerability mitigation reports.
• Conduct analysis of vulnerabilities conducted through compliance scans in systems and recommend/develop remediation strategies or risk mitigation.
• Assist in the development and deployment of centralized patch management solution and other security solutions.
• Configure and support McAfee ePO including HIPS, Firewall, Asset Baseline Monitor, Policy Auditor, Data Loss Prevention, and Anti-Virus.

Huntsville, AL, US

• Department of Defense contracts at:Missile Defense Agency Computer Emergency Response Team (MDA CERT) US Air Force Integrated Network Operations and Security Center (INOSC) US Army Space and Missile Defense Command.
• Lead analyst for establishment of penetration testing (ethical hacking) team for internal penetration tests. Included organizing team members, configuring lab environment, documentation, processes and procedures, and.
• Vulnerability discovery and directing teams for remediation, architecture review, patch management, implementation review, and general security reviews.
• Directly responsible for the management of HBSS (Host Based Security Systems) for approximately 48,000 systems, and work on a team to manage a total of 200,000+ systems over 41 Air Force Bases. This includes.
• Monitor information technology networks and systems to deter, detect, isolate, and prevent intrusions and attacks on the network, recover affected systems following incidents, respond to and track security related.

Master'S Degree, Cloud Security

Ms, Cs Computer Security Systems

Ba, Foreign Languages/Business Administration