• An IT professional with 10 year of expertise in Information Security, Risk Management, Vulnerability Assessment, Control Review and Assessment with background in Software Quality Assurance seeking new challenges to leverage strong information technology security acumen.
• From my previous and present experience, I have experience with baiting (USB Flash drive) and phishing attacks. To prevent those attacks, I work with the Software development team and other IT departments to conduct Penetration testing that uses Social Engineering techniques and enables the organization to learn which type pose the most risk for the specific attacks.

AREAS OF EXPERTISE

• DoD & DDoS Cyber Security Policies
• Risk Management Framework
• Social Engineering
• Security Architecture
• Regulatory Compliance
• Information SecurityAuditing
• Network & Security Architecture
• Identity Access & Management
• Cryptography Techniques
• Team Management & Customer Service
• NIST Series Publications

Social Engineering experience:

• Phishing - This is the most common threat and I work daily in educating staff on the importance of being careful about all e-mails they receive is crucial.
• Spear Phishing - After the incident with our Account Dept and the training provided, I participate in spear Phishing by sending spam emails to the accounting staff with the hope of having them respond.
• Baiting - After firewall upgrade alongside our Asset Management team. We left numerous infected USB drives in our customer service center. The USB was connected to an asset, but the Firewall prevented the installation of the malware.
• Tailgating - Each employee requires multifactor access to gain entrance to the floor so it is not possible for tailgating to occur.
• Pretexting - We randomly make a call to our customer service agent posing as a customer to get PII info, but base on the training provided, the agent requires HIPAA verification and the phone select option requires complete verification before initiating agent transfer.
• Quid Pro Quo - Work with the Tech support to ensure that all agent calls are screen prior to assisting with tech support. Also, we call a selection of random numbers within an organization and pretend to be calling back from tech support. The organization trains everyone not to divulge any info that cannot provide the employee IDs.
• USB drop attacks - After firewall upgrade alongside our Asset Management team. We left numerous infected USB drives in our customer service center. The USB was connected to an asset, but the Firewall prevented the installation of the malware.