Ian Y. Email & Phone Number

San Francisco, California, US

• Led the design, implementation, and management of a comprehensive vulnerability management program utilizing cutting-edge security technologies, ensuring a robust security posture across the organization.
• Engineered and optimized processes and technologies leveraging AI and machine learning to identify, assess, and remediate vulnerabilities, significantly improving overall system security and efficiency.
• Developed and executed strategic plans for the vulnerability management program, ensuring alignment with organizational goals, cloud security standards, and compliance requirements.
• Collaborated with cross-functional teams, including IT, development, and operations, to integrate advanced security practices and drive program success in both on-premises and cloud environments.
• Conducted thorough risk assessments and implemented effective mitigation strategies to address security vulnerabilities using automated tools and real-time analytics.
• Established key performance indicators (KPIs) and reporting mechanisms to track program effectiveness, leveraging data visualization tools to communicate results to stakeholders.

Colorado Springs, CO, US

• Developed and taught a comprehensive course on secure coding practices and DevSecOps, providing students with the knowledge and skills to integrate security into the software development lifecycle.
• Designed and delivered engaging lectures on topics such as secure coding standards, vulnerability assessment, threat modeling, and automated security testing.
• Created hands-on labs and assignments to reinforce theoretical concepts, enabling students to gain practical experience in secure coding and DevSecOps practices.
• Incorporated real-world scenarios and case studies to illustrate the importance of security in software development and the impact of security breaches.
• Evaluated student performance through assessments, projects, and examinations, providing constructive feedback to help students improve their skills.
• Mentored and advised students on academic and career development, helping them understand the evolving landscape of cybersecurity and secure software development.

San Francisco, California, US

• Guiding the organization through multiple mergers and acquisitions (M&A), performing due diligence assessments to ensure uniform security posture for initial public offering (IPO) readiness with a focus on RevOps.
• Leading the governance, risk, and compliance (GRC) program across various frameworks and multiple audits including SOC 2 and ISO 27001 as acting Chief Information Security Officer (CISO).
• Performing architectural reviews for product modernization efforts using cloud-native design patterns with a strong commitment to observability initiatives and site reliability engineering (SRE) best practices.
• Deploying security information and event management (SIEM), and security orchestration, automation, and response (SOAR) platforms to correlate with observability data and provide data science teams with normalized, big.
• Facilitate consistent incident response processes across the organization to increase the effectiveness of the incident management program and provide visibility to both internal and external stakeholders.
• Partnering closely with software engineering teams to forge a robust DevSecOps program and enable developers to take a more involved part in security assessments. Leveraging industry-standard best practices (OWASP Top.

Huntsville, AL, US

• Identified points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations to recommend the appropriate mitigation strategies as needed.
• Applied in-depth knowledge of IA policy, procedures, and workforce structure to implement secure networking, computing, and enclave environments.
• Wrote authorization and accreditation (A&A) documentation while ensuring the systems were operated and maintained in line with defined security plans.
• Enforced the design and implementation of trusted relationships among external systems and architectures and perform security planning, assessment, risk analysis, and risk management for client systems and programs.
• Engaged the customer and user community to develop an understanding of their security needs and implement procedures to accommodate those specific needs.
• Maintained open lines of communication with the user community, ensuring they understand and adhere to required procedures to maintain security.

Huntsville, AL, US

• Provided wide-ranging cyber security engineering and analytical support to the System Development, Engineering, and Testing teams while leading 3 direct reports and 10 indirect members.
• Cultivated a DevSecOps culture into the team, helping implement static & dynamic application security testing (SAST/DAST) into continuous integration & deployment (CI/CD) pipelines and accelerate security integration.
• Performed Scrum Master duties in cyber security centric sprints to conduct routine security posture maintenance.
• Maintained ongoing authorization and information system’s Plans of Action and Milestones (POA&M) and executed technical vulnerability assessments using Tenable.sc, and Static Code Analysis (SCA) using HP Fortify.
• Orchestrated efforts with network and DevOps team members to ensure the implementation and validation of patches through the development of custom Ansible playbooks.
• Created and led cyber security training and briefings to all levels of contractor and government stakeholders and conducted in-depth research to enhance the program's cyber security readiness.

Reston, VA, US

• Delivered wide-ranging technical leadership for cyber security efforts that supported multiple programs, including preparing DoD Risk Management Framework (RMF) accreditation packages for IT solutions.
• Managed 2 direct reports, and 7 indirect individuals, creating training materials and mentoring team members on cyber security best practices to drive performance improvements.
• Analyzed and translated security requirements into technical solutions and accreditation packages that met strict DoD accreditation standards.
• Performed cyber security analysis of all aspects of both production and research & development (R&D) information systems and implemented continuous monitoring to maintain acceptable security posture.
• Oversaw computer forensics in incident response scenarios and identified and analyzed security risks.
• Implemented and maintained vendor-supplied software packages, worked with security hardware components, and performed diagnostics for security issues.

Huntsville, Alabama, US

• Oversaw the development and management of a standalone data analysis lab focusing on IT architecture, infrastructure, and security while managing 2 direct reports and up to for 4 indirect staff members.
• Managed the IT systems, accreditation documentation, and physical security and provided comprehensive engineering and development staff support in understanding the mission and providing IT resources as needed.
• Deployed technologies, including VMware vSphere, Splunk, Tenable.sc, McAfee MVISION, Synology storage solutions, MATLAB, Visual Studio (C++/Java), Cisco layer 2 & 3 networking, and COMSEC equipment.

Huntsville, Alabama, US

• Managed the DoD Information Assurance Certification and Accreditation Process (DIACAP), NIST Risk Management Framework (RMF) transition, implementation of Security Technical Implementation Guides (STIGs).
• Worked directly with the organization’s CIO, managing over 50 different accreditations while in the position.
• Completed Information Assurance policy writing, implementation, and management for multiple stakeholders within the organization.
• Performed digital forensics analysis, evidence handling, and incident reporting for the organization.
• Established DoD Cyber Security risk management, Communications Security (COMSEC) management and administration, and Static Code Analysis (SCA) with HP Fortify.

Huntsville, Alabama, US

• Selected to the position to provide wide-ranging technical expertise on a variety of networking and virtualization-driven defense projects using Cisco, NetApp, Splunk, and VMware technologies.
• Leveraged interoperability between multiple information systems and standards for a position with a strong emphasis on information assurance and security.
• Obtained valued experience with DoD Information Assurance process, including DoD Information Assurance Certification and Accreditation Process (DIACAP) and Security Technical Implementation Guide (STIG) implementation.

• Monitored and maintained data center equipment, security, and services and provisioned hardware access while providing exceptional service to clients in a tiered Network Operations Center (NOC).
• Obtained deployment, configuration, and maintenance experience with enterprise network monitoring software (Nagios, Cacti, RackTables), virtualization/cloud environments (XenServer, vSphere), and managed service.
• Performed network administration tasks for multiple network elements including Storage Area Network (SAN) architecture design, Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), Domain Name System (DNS).

Doctor Of Philosophy - Phd, Security Engineering

Master Of Science - Ms, Cyber Security

Bachelor Of Science - Bs, Information Technology

Certificate Of Culinary Arts

Advanced High School Diploma