Uploaded File
Christopher
chrisolan@gmail.com
614-805-9104
Orlando, FL 32806
Cyber Security Analyst
9 years experience W2
0
Recommendations
Average rating
79
Profile views
Summary

  • An IT professional with 10 year of expertise in Information Security, Risk Management, Vulnerability Assessment, Control Review and Assessment with background in Software Quality Assurance seeking new challenges to leverage strong information technology security acumen.
  • From my previous and present experience, I have experience with baiting (USB Flash drive) and phishing attacks. To prevent those attacks, I work with the Software development team and other IT departments to conduct Penetration testing that uses Social Engineering techniques and enables the organization to learn which type pose the most risk for the specific attacks.

AREAS OF EXPERTISE

  • DoD & DDoS Cyber Security Policies
  • Risk Management Framework
  • Social Engineering
  • Security Architecture
  • Regulatory Compliance
  • Information SecurityAuditing
  • Network & Security Architecture
  • Identity Access & Management
  • Cryptography Techniques
  • Team Management & Customer Service
  • NIST Series Publications

Social Engineering experience:

  • Phishing - This is the most common threat and I work daily in educating staff on the importance of being careful about all e-mails they receive is crucial.
  • Spear Phishing - After the incident with our Account Dept and the training provided, I participate in spear Phishing by sending spam emails to the accounting staff with the hope of having them respond.
  • Baiting - After firewall upgrade alongside our Asset Management team. We left numerous infected USB drives in our customer service center. The USB was connected to an asset, but the Firewall prevented the installation of the malware.
  • Tailgating - Each employee requires multifactor access to gain entrance to the floor so it is not possible for tailgating to occur.
  • Pretexting - We randomly make a call to our customer service agent posing as a customer to get PII info, but base on the training provided, the agent requires HIPAA verification and the phone select option requires complete verification before initiating agent transfer.
  • Quid Pro Quo - Work with the Tech support to ensure that all agent calls are screen prior to assisting with tech support. Also, we call a selection of random numbers within an organization and pretend to be calling back from tech support. The organization trains everyone not to divulge any info that cannot provide the employee IDs.
  • USB drop attacks - After firewall upgrade alongside our Asset Management team. We left numerous infected USB drives in our customer service center. The USB was connected to an asset, but the Firewall prevented the installation of the malware.

Experience
Cyber Security Analyst
Hospitality and Entertainment
Jul 2019 - present
Orlando, FL
  • Manage, maintain and monitor multiple security technologies, such as vulnerability scanning solutions, social engineering, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions.
  • Develop a working relationship with personnel and a comprehensive working knowledge of our clients Security system.
  • Work with developers, system/network administrators, and other associates to ensure secure design, development, and implementation of applications and networks.
  • Assists in developing an overall change management strategy for Cloud Operations.
  • Assist with identifying improvement opportunities for internal processes managed by the Security & Compliance Team.
  • Knowledge of security technologies such as Malware, Network Intrusion Prevention, Security Information Event Management systems.
  • Provides networking and information security services for internal and external network infrastructure.
  • Understand TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services.
  • Monitors network traffic and diagnoses security problems.
  • Maintained Awareness of vulnerabilities of the newest security patches.
  • Verified and implemented of the required STIGs and control mechanisms.
  • Performed network traffic analysis using raw packet data, network flow, Intrusion Detection Systems (IDS), and custom sensor output from communication networks.
  • Created written documentation related to the compliance procedures for the compliance lifecycle.
  • Minimized, mitigated the risk and maintained an up-to-date knowledge of cyber threats.
  • Performs daily review and analysis of logs.
  • Documents and submits security reports.
  • As a Threat Analyst, I was responsible for conducting analysis, providing assessments of known threats and vulnerabilities discovered, identify policy violations among other roles as assigned by management. An example of a high-risk threat I found and averted was a phishing email title '2019 COVID Payment File' that contains an excel file with malicious malware that was sent to the account dept. Opening the excel file would have installed malicious code through the backdoor and gain access to the accounting software and would have resulted in a massive data breach. The approach we took about this discovery was to reorientate the accounting staff the importance of not opening an unfamiliar email or spam emails from a non-technical point of view. From a technical point of view, we’re verifying the URL and trace the IP address and have both backlisted from the email server.
Compliance Cyber Security IDS Information Security IPS Security Analyst SIEM UDP TCP/IP Network Infrastructure Network Administration Firewall Splunk Microsoft Excel Social Engineering
Remove Skill
Cyber Security Analyst
Information Technology
Jun 2018 - Jul 2019
Orlando, FL
  • Work with developers, system/network administrators, and other associates to ensure secure design, development, and implementation of applications and networks.
  • Maintained Awareness of vulnerabilities of the newest security patches.
  • Verified and implemented of the required STIGs and control mechanisms.
  • Performed network traffic analysis using raw packet data, network flow, Intrusion Detection Systems (IDS), and custom sensor output from communication networks.
  • Created written documentation related to the compliance procedures for the compliance lifecycle.
  • Minimized, mitigated the risk and maintained an up-to-date knowledge of cyber threats.
  • Performs daily review and analysis of logs.
  • Documents and submits security reports.
Compliance Cyber Security Security Analyst Network Administration Patch Management
Remove Skill
Cyber Security Analyst
Information Technology
Jun 2018 - Jul 2019
Orlando, FL
  • Work with developers, system/network administrators, and other associates to ensure secure design, development, and implementation of applications and networks.
  • Maintained Awareness of vulnerabilities of the newest security patches.
  • Verified and implemented of the required STIGs and control mechanisms.
  • Performed network traffic analysis using raw packet data, network flow, Intrusion Detection Systems (IDS), and custom sensor output from communication networks.
  • Created written documentation related to the compliance procedures for the compliance lifecycle.
  • Minimized, mitigated the risk and maintained an up-to-date knowledge of cyber threats.
  • Performs daily review and analysis of logs.
  • Documents and submits security reports.
Compliance Cyber Security Security Analyst
Remove Skill
IT Quality Analyst Lead
Information Technology
Jan 2015 - Feb 2018
Columbus, OH
  • Strong exposure to Security and sharing rules implementation at object, field, and record level for different users at different levels of organization and Single Sign
  • On (SSO) setup.
  • Tested configuration and workflow changes. Develops test scripts. Performed unit, system, and integration testing per standards and documents outcome.
  • Worked effectively with Developers, AGILE Team, and Project Management to achieve Selenium automation, high quality, release deadlines and QA processes improvements.
  • Used visual studio to create a test plan, test cases, and run manual tests.
  • Worked closely with product owners and project managers to meet QA commitments and align delivery priorities with business objectives.
  • Established and provided best in class QA policies and procedures while proactively developing and utilizing collaborative work relationships to accomplish work goals in an agile environment.
Integration Testing Quality Assurance Selenium Test Case Preparation Test Planning
Remove Skill
IT Quality & Compliance Auditor
Information Technology
Dec 2011 - Jan 2015
Columbus, OH

  • Perform daily change reviews to ensure system changes are in compliance with organizational change management policies.
  • Worked on Cloud application (Salesforce, Workday, & Callidus) integration project.
  • Validated Data security and Sharing rules in Salesforce. Tested Users, Profiles, Role hierarches and Permission sets as per user profile and Public group.
  • Performed Back End Testing by executing SQL queries.
  • Summarized IT compliance audit conclusion and key findings into the audit repository.
  • Prepare various reports on audit findings and recommend improvements in policies, procedures and internal controls.
SQL Auditing Compliance Workday Change Management Data Security
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Master's in Health Administration and Informatics
University of Phoenix 2014
Bachelor's in Public Health
Ohio University 2011
Skills
Compliance
2021
5
Auditing
2015
3
Change Management
2015
3
Data Security
2015
3
Integration Testing
2018
3
Quality Assurance
2018
3
Selenium
2018
3
SQL
2015
3
Test Case Preparation
2018
3
Test Planning
2018
3
Workday
2015
3
Cyber Security
2021
2
Network Administration
2021
2
Security Analyst
2021
2
Patch Management
2019
1
Firewall
2021
1
IAM
0
1
IDS
2021
1
Information Security
2021
1
IPS
2021
1
Linux
0
1
Microsoft Excel
2021
1
Network Infrastructure
2021
1
NIST
0
1
Risk Management
0
1
SIEM
2021
1
Social Engineering
2021
1
Splunk
2021
1
TCP/IP
2021
1
UDP
2021
1
Vulnerability Assessments
0
1