Scott Cavanaugh Email and Phone Number

Cyber Security Architect/Manager for Ozarks Electric Cooperative Corporate and SCADA networks. Established Security program for the enterprise based on CIS framework and controls. Instituted vulnerability and patch management programs. Deployed Rapid7 Insight VM and IDR SIEM tools. Designed, deployed Crowdstrike Falcon and Airlock agent architecture . Developed and deployed Thycotic (Delinea) PAM solution for enterprise. Developed Security policies for enterprise based on CIS security framework.

Managed Business Continuity and Disaster Recovery program along with Incident Response program for enterprise. Managed Rapid 7 InsightVM project from proof of concept to enterprise full deployment of product which resulted in the discovery of ten thousand previously un-reported assets resulting in the reevaluation of vulnerability assessment program. Rewrote Vulnerability Assessment, Acceptable Use, and Clean Desk policies. Attended ISC2 Health Care Information Security and Privacy Professional (HCISPP) class. Working knowledge of HIPAA and HiTrust compliance

CISSP Certified (555247) Lead IT Security Analyst, PCI, SOC2, and ISO 270002 audits. Afni Bloomington, IL 11/14-Present Security Department Team Lead Duties included supervision of a team of four security analysts. As the Security Team Lead I was responsible for PCI DSSv3.2 audits and ISO 27002 audits. I also facilitate and coordinate audits for Afni’s (3rd Party) clients. I was responsible for coordinating with all internal IT department and operations staff in order to remediate and resolve client audit findings. My knowledge of security tools include Nessus (Rapid 7) vulnerability scanner, Trigeo (Solarwinds) SIEM tool, Secureworks IDS/IPS, and RSA SecurID. Responsibilities included working with training team members to develop CBT courses for semi-annual, company-wide security training, coordinating with clients to perform internal/external network penetration testing and email phish testing. Additional responsibilities included the formulation, definition, and implementation of procedures that are necessary to ensure the safety of information systems assets, and protect them from intentional or inadvertent access or destruction. I was responsible for the implementation of industry best practices in order to ensure enterprise-wide security policies, standards, guidelines, and procedures and to ensure ongoing compliance with appropriate security and privacy practices. Responsibilities also included the collection of information security and privacy data and the publication of periodic security and incident reports. I was also tasked with logging outstanding information security and audit issues and keeping management informed of these issues through routine reporting.

Server Engineer As server engineer I worked as a member of the network server team in the installation and maintenance of network hardware and software. Experience includes: HP and Dell blade enclosures; VMWare VSphere; Windows 2012 HyperV; EMC Avamar DeDuplication Backup and System; McAfee Enterprise Mobility Management (EMM); Active Directory; Group Policy; installation and configuration of 100's of devices in Solarwinds Orion; and Cherwell to resolve level 2 and 3 help-desk tickets on a day-to-day basis.

Citrix Engineer (Contractor) My primary focus as Citrix engineer was the day-to-day management of the enterprise-wide Citrix network. Experience includes: installation and configuration of Dell blade servers: configuration of network setting for new servers; Citrix Server 6.0.1; XenApp 6.0; and XenDesktop 5.6. I also provisioned virtual machines and set up user accounts, assisted in the daily troubleshooting of Xen infrastructure and implemented Solarwinds 5.0 monitoring software.

393rd Tactical Psyop Company(Retired)

Installed, maintained, and managed 15 Dell and HP servers, Citrix Xen Server environment, 10 virtualized servers and workstations, 3 separate SAN systems totaling 14 TB in storage, 55 user desktop workstations and associated hardware and software. Monitored all networking and telecommunication lines. As the primary support person in this small/medium network environment, I was the “go-to” person for all networking and server issues. I also outlined and installed Wyse terminals, and setup and configured Microsoft SharePoint (virtualized) for the company’s Intranet and document management. I was also responsible for the daily monitoring of firewall and servers. In this position, I also authored all policies, procedures and standards during the process of achieving SAS 70 (Type II) accreditation (75 separate documents). I also developed all internal and external (3rd party) requirements for handling sensitive data and documents, facilitated standards for installation of security camera system, and performed security training for all employees on an annual basis.This was a multi-faceted position that provided me with an extensive breadth and depth of duties and responsibilities in support of an enterprise IT system, which included the network infrastructure, peripheral devices, and system and application software. Selected Results: ● Installed virtualized server environment based Citrix Xen Server v5.6● Specified hardware requirements for Xen Server virtualized server environment● Established minimum security guidelines for handling of sensitive data● Performed annual security training for all employees● Facilitated bi-annual penetration testing by an independent security firm to check external network vulnerabilities● Researched and implemented Windows 7 workstations into a Windows Server 2003 Active Directory schema.● Maintained and updated all patches for software and systems. ● Implemented Windows Server Update Services

Managed 5 IT personnel and 36 Real Estate offices supporting 600 agents across the Dallas/Ft. Worth Metro Plex

Naval Aircrewman with 3500 hours flight time. Radar and Acoustic Operator, Operations Leading Petty Officer