Summary
A seasoned risk practitioner with over 10 years of experience in the field of cyber risk management. Proven track record in identifying and mitigating potential threats, implementing risk management strategies, and leading teams to ensure the security of information systems. Strong background in governance, risk, and compliance (GRC), with hands-on experience in security auditing, regulatory compliance (HITRUST, PCI-DSS, FedRAMP, ISO 27001, NIST), and overseeing data protection measures.Committed to staying up-to-date with the latest developments in the field of cyber risk.
Proficient in various risk assessment tools and methodologies
Access Control
- Active Directory (AD) for role-based access control (RBAC) and group policy enforcement
- LDAP or SAML for centralized user authentication
- Privileged access management (PAM) tools for handling high-privilege accounts
Encryption
- AES-256 encryption for databases and full-disk encryption for endpoints
- TLS 1.3 for data in transit between clients and servers
- Encryption key management with Hardware Security Modules (HSM) or cloud-based key management services like AWS KMS or Azure Key Vault
Multi-Factor Authentication (MFA)
- MFA with Azure AD, Okta, or Google Authenticator for critical systems
- MFA for VPN and cloud services using RADIUS or SAML
- Adaptive MFA policies based on risk level (e.g., geo-fencing, device trust)
Patch Management
- SCCM or WSUS for automated Windows patch deployment and Ansible for Linux updates
- Vulnerability scanning tools for detecting missing patches
Network Security (Firewalls and IDS/IPS)
- Cisco firewalls for traffic control based on security policies
- Suricata or Snort for intrusion detection and prevention
Incident Response and Management
- MITRE ATT&CK framework for categorizing and investigating attack techniques
- Incident logs in SIEM tools for analysis
Data Loss Prevention (DLP)
- DLP agents on endpoints and network gateways to monitor data transfers
- Regex-based rules for detecting patterns like SSNs, credit card numbers, and blocking unapproved data transfers
Security Information and Event Management (SIEM)
- Centralized logs for real-time monitoring
- Correlation rules for identifying anomalies based on known attack patterns
Network and Application Security
- Regular web application vulnerability scans using tools like Burp Suite and OWASP ZAP
- Regular network vulnerability scans using tools like Tenable Nessus and OpenVAS
Identity and Access Management (IAM)
- Azure AD or Okta for centralized user provisioning and access management
- Single Sign-On (SSO) for internal applications to streamline authentication
Business Continuity and Disaster Recovery (BC/DR)
- AWS Backup and replication across geographic regions
- Annual testing of recovery procedures and RTOs
Security Awareness and Training
- Phishing simulations and awareness campaigns with KnowBe4 or PhishMe
- User training completion and incident response metrics tracked in LMS
Audit Logging and Monitoring
- Log aggregation for centralized audit trails
- Syslog and SNMP for capturing logs from network devices and servers
Third-Party Vendor Risk Management
- Vendor risk assessments
- SOC 2 reports and NDA clauses to ensure vendors meet compliance standards
Physical Security
- Smart card or biometric access control systems with platforms like HID Global or Lenel
- Quarterly security audits of data center access points and physical controls