White glove support for the Cisco Secure Firewall (aka Firepower Threat Defense) product.

This role's primary responsibility is to identify and document gaps in the Vulnerability Management process, addressing findings from recent audits where higher priority vulnerabilities were discovered to not have been adequately remediated, or where remediation took longer than expected due to a deficiency in the detection methodology or information on the affected system. Some key details include:• Acting as a subject matter expert on Qualys Vulnerability Management, including working with Qualys support on validation of high priority findings compared to signature definitions.

In this role at REPAY, I utilized Tenable for vulnerability management and Crowdstrike Falcon for endpoint protection. This was a mixed environment with Windows and Mac laptops, and Windows and Linux servers, on-prem and in AWS. Some key projects or responsibilities included:• Working with I.T. to successfully deploy Cisco Umbrella on approximately 750 Windows and Mac endpoints, after working with Cisco and Crowdstrike support to identify and resolve a compatibility issue between Falcon and Umbrella on Mac laptops.• Managing and supporting Delinea Secret Server, including importing of credentials from other vendors’ products.• Managing and supporting Tenable Vulnerability Management for roaming, on-prem, and cloud-based endpoints.• Incident response activities, including on-call rotation.• Assisting in compliance audits as required, primarily in reviewing and supervising vulnerability remediation efforts and producing evidence for audits.

In this role I authored and co-managed security policies and procedures, including documenting risks in a risk register. I managed Carbon Black and utilized Qradar for SIEM (Splunk initially), onboarded security-relevant log sources into the SIEM, and performed security control reviews and testing. I assisted IT in establishing security baselines for systems and managed data loss prevention, network, and endpoint security, including conducting phish testing using Proofpoint. Vulnerability Management was performed via Qualys. I actively participated in the incident response process, working collaboratively with cross-functional teams to swiftly identify, contain, and remediate security incidents, ensuring minimal disruption to business operations and timely resolution of security issues. Moreover, I participated in internal and external audits to ensure ongoing compliance with HIPAA, HITRUST, and SOC, and reviewed and filled RFPs and security questionnaires for customers and business associates. Some key items:• Handled and documented several hundred potential ePHI exposures, including notification to relevant stakeholders, remediation of inbound and outbound communications that improperly contained ePHI.

Security Operations Center environment. Monitor and analyze security logs generated by Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, Web Application Firewalls (WAF), anti-virus and endpoint security solutions, as well as other security data sources. Utilize Security Incident and Event Management (SIEM) systems to analyze events and gather information. Develop use cases for SIEM. Establish new baselines for and tune IDS/IPS. Document actions in incident tracking system. Train and mentor new team members. Escalation contact for Tier 1 analysts.

Security Operations Center environment. Configure and manage Intrusion Detection Systems, Intrusion Prevention Systems, and Security Information and Event Monitoring (SIEM) platforms. Responsibilities include: Analyze and respond to security events from managed security appliances and other security data sources within documented SLA. Perform network analysis and understand detected threats. Tune devices for blocking and reporting based on customer business need. Document actions in cases to effectively communicate information internally and to customers. Respond to needs and questions of customers concerning their managed services. Train and mentor new team members.

Security Operations Center environment. Analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS),Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC) and othersecurity threat data sources. Configure, manage, and upgrade FW, IDS, IVS, IPS, NAC,Encryption and a wide variety of other security products/appliances. Perform networktroubleshooting to isolate and diagnose common network problems. Respond to inboundrequests via phone and other electronic means for technical assistance with managed services.Document actions in cases to effectively communicate information internally and tocustomers. Respond to needs and questions of customers concerning their access to networkresources through their managed devices.

Contract to hire position with Trustwave Holdings, Inc. Hired on as full-time employee after six month contract duration.

Provide cloud-based technology services for consumers and small business, delivering services online and by telephone. Responsibilities include: Install, set up, connect, secure, repair and optimize personal computers, printers, tablets, smartphones, gaming devices, and wireless networks. Provide resolution for common technology issues including computer maintenance, optimization and security, and removal of malicious software. Escalate to higher level tiers for appropriate issues.

Managed the document delivery workflows of a Fortune 500 client company. Environment consisted of HP-UX and Windows print and data warehouse servers. Responsibilities included: Troubleshoot and resolve digital sending issues and maintain print infrastructure availability, train and mentor junior support engineers, document processes and procedures.

Provided deep level support for the business-critical document delivery systems of a Fortune 500 client company. Environment consisted of HP-UX, MPE/iX, and Windows print and data warehouse servers. Responsibilities included: Troubleshoot digital sending issues and maintain print infrastructure availability, train and mentor junior support engineers, document processes and procedures, travel to client sites for end-user software training when necessary, and carry a pager for 24x7 escalation availability.

Administered the media library for a large data center; over 1000 Unix, Windows, and MPE servers; first for Hewlett-Packard, then Agilent Technologies after the Agilent split.