• Perform risk assessments identifying corporate information security and privacy risks to the protected electronic data within the CommonSpirit Health enterprise. • Utilize HIPAA and Federal & State Privacy Regulatory controls along with financial industry regulations to assess Data Loss Prevention tools across the enterprise• Set policy/procedures and act as a mentor & leader to more junior members of the team.• Work with the DLP engineering teams to enact data security projects that impact highly sensitive information across the enterprise.• Working with IT, Business Operations and CyberSecurity to implement practical workflows, policies & procedures to monitor and protect confidential information across the enterprise• Supported the IG & DLP programs while assisting Junior Analysts to maintain expected Service Levels. • Conducts investigations and reports on inappropriate use of CommonSpirit confidential information• Work with other teams and disciplines to identify privacy and security risks and compliance gaps related to protecting confidential data across the enterprise• Subject matter expert on DLP controls and response rules while providing end user and team member training• Improving the DLP program maturity by assessing & reviewing DLP monitoring controls

• Monitoring the Symantec Data Loss Prevention and the ProofPoint consoles for triggering events• Ascertaining whether or not these events were legitimate events or false positives• Identifying whether or not the appropriate encryption technologies were used in the transmission of the data• Using MediTract to identify whether the recipients of the emails had current BAA’s or contractual agreements according to HIPAA requirements.• Working with the Tier III DLP staff to maintain and optimize data loss prevention controls and complete projects including email, endpoints and data storage.• Working with other CHI teams on the Unstructured Data project to clean up the accesses and permissions of data that resides on file shares.• Working with business groups, to reduce known privacy/security vulnerabilities.

• Responsible for monitoring and responding to alerts, detections and incidents generated by the security tools presently deployed in the Charter Security Operations Center (SOC)• Responsible for standing up, maintaining cross-team bridges for security incidents with 15 minute SLA.• Mentoring junior staff members to increase security knowledge across the board. • Analyze existing detection mechanisms to ensure system logic is correct.• Utilizing JIRA and Remedy ticketing systems to document all pertinent activity for auditing purposes.• Utilize the CHALK documentation tool to ensure consistent processes and procedures are available to the S.O.C. team.

• Implemented an Incident Response Policy & Procedure from scratch.• Member of the Disaster Recovery team and integral part of the effort implement a Disaster Recovery plan.• Instituted a Bring Your Own Device (BYOD) policy from scratch.• Updated and enhanced the existing User Acceptable Use policy to reflect more secure policies and procedures.• Instituted the process for clearing contractor supplied laptops for use in the SourceGas environment.• Primary resource for the use of the SEIM tool, QRadar. • Instituted a two-factor authentication for the SCADA network using the Yubikey token system with the AuthLite authentication software to interface with Active Directory in the SCADA environment.• Implemented a data encryption system for protecting data that was to be sent to Black Hills during the purchase of SourceGas.• Responsible for tuning and updating the Palo Alto firewall.• Utilized the Cybersecurity Capability Maturity Model (C2M2) framework created by the Dept. of Energy to examine the maturity of SourceGas security programs and posture. This allowed us to assess the strength and weaknesses of our security programs. • Instituted a changeover from the Nessus vulnerability scanning/management tool to the Rapid7 (Nexpose) tool. This included the creation of new policies and templates as well as the porting of the existing policies from Nessus to Rapid7 and the creation of the Rapid7 slave scanning engines in the SourceGas environment.• Utilized & tuned the Bit9 Application Whitelisting tool to facilitate endpoint protection against unknown software executing in the environment.

• Conducted forensic investigations using Encase and HBGary forensic tools• Served as the designated security control owner for critical security controls used in the risk-based Continuing Monitoring accreditation systems including, but not limited to, configuration of all software in the environment using DISA, NIST and CIS secure configuration checklists.

• Certified new systems prior to connection to the DOI production network using Nessus, Symantec and WSUS.• Successfully implemented the transition from Symantec Anti-virus v9 to Symantec Endpoint Protection v11 for 2000+ clients across 15 different geographic locations (DOI) and subsequent upgrade through various versions to v12.1.4a• Created a new patch testing regimen to ensure that the majority of possible issues were tested and identified before any patches were rolled out via a re-composition of the virtual environment.• Completed project to deploy Symantec Endpoint Protection (A/V) and Encryption (Data-at-Rest) Suites, Encase Enterprise Forensics software; HB Gary Responder Pro2; and Secure configuration of the enterprise software using D.I.S.A., N.I.S.T. and C.I.S configuration guides