Identify and analyze gaps in desired outcomes, obligations, and compliance responsibilities; serve as a Trusted Advisor to stakeholders and business partners; participate in root cause analysis and evaluation of design of Information Security controls and processes making recommendations for control improvement where necessary; develop and execute audit compliance plans while analyzing results with actionable recommendations and corrective action plans; provide detailed management level reporting and dashboards designed to demonstrate adherence against expected control outcomes, including compliance obligations; oversight remediation of identified gaps; engage with internal, external, and regulatory auditors; maintain business relationships with key stakeholders.

Identify and analyze gaps in desired outcomes, obligations, and compliance responsibilities; serve as a Trusted Advisor to stakeholders and business partners; participate in root cause analysis and evaluation of design of Information Security controls and processes making recommendations for control improvement where necessary; develop and execute audit compliance plans while analyzing results with actionable recommendations and corrective action plans; provide detailed management level reporting and dashboards designed to demonstrate adherence against expected control outcomes, including compliance obligations; oversight remediation of identified gaps; engage with internal, external, and regulatory auditors; maintain business relationships with key stakeholders.

Serve as Security Architect/Consultant to small business clients. Assist with Cloud (Azure or AWS preferred but can work with any platform) migration, configuration, and architecture. Engineer, implement, monitor and document security controls; conduct internal security compliance audits, and assist/support external audits; discover and remediate vulnerabilities in networks, systems, and applications; develop threat models, security policies, standards and procedures in response to regulatory and business requirements; conduct system, network and datacenter security architecture reviews; propose new security solutions to address future security challenges, conduct proof of concepts, and perform implementation; configure and troubleshoot security infrastructure system and devices; develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks; maintain and operate security solutions to ensure optimal operating state; respond to security incidents; develop and present training and lectures on IT Security topics as requested.

My co-host and I do a weekly podcast about being transgender. Find us at anchor.fm/lothie ! Sometimes it's just the two of us and sometimes we'll have a guest or two. I also do all the social media for the Translucidity! brand.

Serve as Security Architect for a NEMT company applying for HITRUST certification. Engineer, implement, monitor and document security controls for the protection of computer systems, networks and information assets; conduct internal security compliance audits, and assist/support external audits; support security remediation efforts with other IT teams; develop threat models, security policies, standards and procedures in response to compliance requirements; conduct system, network and datacenter security architecture reviews; propose new security solutions to address future security challenges, conduct proof of concept; configure and troubleshoot security infrastructure system and devices; develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks; maintain and operate security solutions to ensure optimal operating state; ensure that the company knows as much as possible, as quickly as possible about security incidents. Develop and present training and lectures on IT Security topics as requested.

Serve as ISSO for Federal contract. Create, update, and approve security documentation (based on NIST RMF) for General Support Systems (GSS), Major applications, supporting subsystems and Platform IT (PIT) located both on-prem and in AWS. Continuously review, analyze and update system security policies, risk assessments, vulnerability assessments, Splunk reports, and other documents to ensure that the development of C&A documentation is in compliance with the most recent, appropriate regulations, requirements, legislation and standards. Assess posture of systems in AWS Cloud to maintain security, including investigating and implementing zero trust architecture solutions. Create system security documentation policies, procedures, risk assessments, vulnerability assessments and other documents for new systems to ensure that the development of C&A documentation is in compliance with the most recent, appropriate regulations, requirements, legislation and standards. Create reports in Splunk and drill down to show activities on systems that could affect security posture. Create Splunk dashboards and work with existing dashboards.

Engineer, implement, monitor and document FISMA/NIST RMF/PCI/ISO security controls for the protection of computer systems, networks and information assets; support security remediation efforts with other IT teams; develop security policies, standards and procedures in response to compliance requirements; conduct system, network and datacenter security architecture reviews; propose new security solutions to address future security challenges, conduct proof of concept; configure and troubleshoot security infrastructure system and devices; develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks; maintain and operate security solutions to ensure optimal operating state; ensure that the company knows as much as possible, as quickly as possible about security incidents through leveraging network and endpoint intrusion prevention; assist with cloud migration. Test and validate code for Application Security. Participate in Threat Modeling exercises with Program Managers. Assist with installation of SIEM (Splunk), including installation of log forwarders on systems including databases Create Splunk reports to demonstrate security posture to executive team. Monitor logs through Splunk in real time to catch intrusion attempts. Assist with configuration and administration of WAF (Barracuda) and email gateway (Symantec) as well as Symantec and Carbon Black Endpoint, and VM (Tenable/Nessus). Assist in migration to Microsoft Azure cloud, including automation using PowerShell. Migrate scanning technology into Azure cloud to double with Defender results for vulnerability assessment. Investigate and implement zero trust solutions in cloud.

Provide analytic and technical expertise to Cyber Security teams using vulnerability management and analytical auditing software. Create custom queries and reports to provide requested data to teams. Assist in creating database(s) with analytical data to assist with correlation of risks and threats. Assist with implementation and installation of vulnerability management hardware and software as requested. Maintain and administer the Enterprise computing systems to meet the DoD mandated security requirements and directives. Previously, serve as an ISSO and work with the technical staff and program managers to draft, review, approve and disseminate C&A documents for all programs and systems, including General Support Systems (GSS), Major applications (MA), supporting subsystems and Platform IT (PIT). Continuously review, analyze and update USCG system security policies, risk assessments, vulnerability assessments and other documents to ensure that the development of C&A documentation is in compliance with the most recent, appropriate regulations, requirements, legislation and standards. Create system security documentation policies, procedures, risk assessments, vulnerability assessments and other documents for new USCG systems to ensure that the development of C&A documentation is in compliance with the most recent, appropriate regulations, requirements, legislation and standards.

Write and review articles for ISC(2)'s peer-reviewed technical journal. Research and contribute articles to Taylor and Francis' other peer-reviewed journals.

Write short articles on Information Security-related topics tailored to the needs of government employees and business people.

Write short articles on Information Security-related topics tailored to the needs of business people.

Develop and deliver presentations and demos of Tenable software line to potential customers. Participate in quarterly conferences and webinars for customers and other interested parties. Develop and maintain lab scenario and populate with useful data.Write white papers and blog entries and respond to RFIs and RFPs.

DoD Contractor in the Information Assurance division within the 93d Signal Brigade (NETCOM). Advise and assist installations in the 93d's AOR on DoD/Army regulation, policy and best practices to assure information security. Travel within AOR to assist with hands-on issues relating to IA inspections. Respond to RFIs about Army regulation and policy relating to IA. Provide weekly briefings on IA posture to 93d IAPM. Provide technical assistance regarding IA tools such as vulnerability scanners, IPS/IDS, and patching utilities to AOR as needed.

Travel to sites to deploy products from McAfee product line (scanner, endpoint, DLP, etc.) to large installations including Federal and State government. Consult with customer and provide basic training, do initial customer setup, integrate with current network products.

Pre- and post-sales support of entire McAfee product line, especially Risk Analysis and Compliance products. Assist in evaluations; write proposals and white papers; respond to RFPs; write and deliver presentations. Meet with product management and development staff to help drive product direction. Install, maintain, and use products in a virtual lab setting, using VMWare. Write and test SQL queries to massage and report data. Participate in teams, discussion groups, and seminars to promote world-wide support initiatives for risk analysis and other McAfee products. Perform installs, walk-throughs, and training on-site and through desktop sharing application. Mentor other engineers as needed.

Senior member and technical lead of the Tier III (highest level) technical support team for the Foundstone product offering. Support pre- and post-sales customers via phone, email, and desktop sharing in configuration and administration of all components of risk assessment products, including managed services. Perform installs and walk-throughs on-site and through desktop sharing application. Troubleshoot possible false positive or false negative vulnerabilities. Write and test SQL queries to massage and report data. Mentor and train other members of the worldwide technical support group, and take ownership of ticket items that have been escalated for technical or administrative reasons. Provide training to customers onsite. Help to maintain knowledgebase. Member of various product management committees. Participate in conference calls with "hot" customers to maintain customer relationships.

Senior member of the technical support team for the company's main product offering, Foundscan. Support pre- and post-sales customers via phone, email, and desktop sharing in configuration and administration of network scanning engine, web management system, and database. Perform installs and walk-throughs on-site and through desktop sharing application. Troubleshoot possible false positive or false negative vulnerabilities. Write and test SQL queries to massage and report data. Mentor other members of the department, and take ownership of ticket items that have been escalated for technical or administrative reasons. Coded a candidate for replacement of then-current helpdesk system using ASP and SQL.

Principal member of the IT services team, directing network admins in attaining department goals. Responsible for overseeing and administrating all perimeter and internal security procedures of the company. Set security policies for and administered company firewalls and perimeter routers. Designed and architected security systems to protect server farms. Set up user internet access accounts. Monitored and reported on system logs relating to internet access. Set up and maintained VPN between company and various vendors and users. Assisted and consulted in setup and maintenance of ftp, web, and webmail servers for the company. Assisted with preparation of disaster recovery site. Presented proposal (currently being implemented) for reorganization and renumbering of company's network.

First point of contact for all users of company's networks and services. Ensured that service level agreements and statements of work were being met. Supervised small staff consisting of three sustaining engineers. Implemented security and escalation policies, implemented user training procedures. Directed heterogeneous customer server hosting network and associated servers and procedures, including DNS, scripts, email, database, load balancing, and backup. Also directed heterogeneous internal network, including DNS, email, and user account administration. Acted as company hostmaster and webmaster. Performed routine maintenance on customer web sites as requested, from simple HTML changes to more complicated ASP coding. Coordinated, implemented, and maintained web site "hit" reporting solutions for customers. Designed and managed the company intranet site, including architecting and implementing a web-based Help Desk application to deal with in-house requests for IS/IT.

Went on sales calls, met with prospective customers to discuss network needs. Architected and implemented solutions to customer network security problems. Wrote proposals for engineered network security solutions. Performed demos of CyberGuard's products at trade shows and customer sites. Performed installations of CyberGuard products at customer sites and integrated CyberGuard's products with the rest of the customer's network, including DNS, email, and load balancing. Provided training for customers/resellers in network security and CyberGuard's products. Provided pre-sales and post-sales support to users on both UNIXWare and NT platforms of CyberGuard's products, and associated OS-related problems, DNS, mail, routing, and other protocols. Managed a test/lab network of machines to simulate customer problems and situations. Acted as second-level backup to Technical Support team. Wrote white papers, articles, and technical support documents as needed.

Supported users and resellers of Gauntlet firewall product and related TIS products in all aspects of system and network administration, including OS-related problems, DNS, sendmail, routing, and protocol-level application. Managed lab and testing machines, especially firewall installation and setup. Conducted training sessions in setup of various platforms (BSD/OS, Solaris, and NT). Drafted and maintained technical documentation pertaining to security of various network configurations with regard to the Gauntlet firewall. Reviewed and maintained security-related shell scripts. Provided training and mentoring within the department to new members. Personally addressed emergency security situations in user base, providing immediate technical response, and took ownership of ticket items that had been escalated for technical or administrative reasons.

Supported users and resellers of InterCon products in system and network administration, including WAN connectivity, application-level networking, and protocol-level troubleshooting of user problems. Set up tcp/ip client and sever applications, file sharing, mail, and printing, on Macintosh, Windows (3.1/95/NT), and UNIX platforms. Engineered, researched and documented solutions for user issues, trained new members of the department, gave periodic performance reviews for junior staff, wrote and taught technical classes on varied subjects relating to networking and system administration (e.g., DNS, IP addressing schemes and masking, and protocol-level network architecture), managed lab network (SunOS 4.1.3-based), including uucp server, conducted training sessions in SunOS system setup and administration, maintained company presence in international electronic fora, tested software, and wrote department's procedures manual.