Uploaded File
add photo
Eric
ebaker3@gmail.com
865-335-2900
12018 Inglecrest Lane
Knoxville, TN 37901
Cyber Security Advisor
22 years experience W2
3
Recommendations
Average rating
127
Profile views
Summary

Cyber Security and IT/Network Administration background with over 20 years of experience. Bachelor’s degree in Information Security; U.S. Department of Energy ‘Q’ security clearance (inactive); CISSP and Security+ certifications and the knowledge and experience with security tools, methodologies and best practices. Experience in protecting computing resources/data, intellectual property and national security interests in a compliance-oriented, high-stress, high-demand environment while working under tight budget constraints. Offers value-add to organizations by having the skills and willingness to perform multiple functions and the enthusiasm and tenacity to embark on new opportunities.

Experience
Cyber Security Advisor
Jul 2020 - present
Providing Cyber Security Advisory services to organizations nationwide.
Cyber Security
Remove Skill
Information Security Officer
Aug 2021 - Sep 2021
Information Security
Remove Skill
Information Security Governance/Officer
Jul 2020 - Jul 2021
Information Security
Remove Skill
EVP, Information Security (CISO)
Oct 2019 - Mar 2020
Laid off... Information Security Program dissolved due to COVID-19. Devised and implemented an Information Security Program around AICPA Security Operations Center 2 (SOC2) and National Institute of Standards and Technology (NIST) Cyber Security Frameworks. Defined standards, strategies, programs, policies and procedures where required to span all areas of the company that impact Information Security. Provided oversight and guidance regarding data and consumer privacy laws such as California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR). Recognized, assessed, and addressed changes that have the potential to introduce increased Information Security risk at the company-wide level. Engaged with customers and prospects as an Information Security subject matter expert and advocate. Partnered with Accounting and Legal teams to review customer contracts for security, privacy, and technical requirements.
Compliance Information Security Social Engineering Training Technical Specifications Stakeholder Engagement Human Resource Employ Auditing Actor Cyber Security
Remove Skill
Information Security Auditor
Jul 2017 - Oct 2019
Overland Park, KS
Reviewed Information Security Programs for clients in financial, healthcare, and other regulated industries from coast-to-coast. Responsible for review of policies, controls, firewalls, etc. to determine the effectiveness of program to keep critical client and institution data safe. Communicated findings and recommendations to Board and other key players. Coordinated with team to ensure technical reviews and other security engineering engagements performed seamlessly for our clients.
  • Information Security Audit
  • Social Engineering
  • Risk Assessments
  • Web Compliance Assessments
  • FFIEC, GLBA, SOX, NIST, CCPA, GDPR, NYDFS, HIPAA, HITECH, NIST, PCI, ISO
Compliance Data Security HIPAA Information Security Network Security Penetration Testing Risk Management Social Engineering Vulnerability Assessments Project Management FFIEC Auditing Firewall GDPR GLBA NIST PCI Risk Assessment SOX
Remove Skill
Information Security Consultant
Information Technology
Feb 2016 - Jan 2017
Knoxville, TN
  • Provided cyber security consulting services for a private company located in the Knoxville, TN area.
  • Responsible for developing, evaluating and implementing sound cyber security policies/principles and best practices; conducted audits and risk assessments; malware remediation and offered guidance securing and optimizing critical and private IT systems and networks.
  • Conducted Anti-Phishing, Baiting and Vishing campaigns.
  • Performed penetration testing/vulnerability assessments across the network scanning for application and system vulnerabilities.
  • Identified vulnerabilities and findings and recommended risk-reduction/mitigation solutions.
  • Provided metrics and detailed information of outstanding vulnerabilities and the risk they pose to the network.
Cyber Security Information Security Penetration Testing Vulnerability Assessments Auditing Social Engineering Malware
Remove Skill
References
Average Rating

0 recommendations
Senior Cyber Security Architect
Information Technology
Nov 2016 - Dec 2016
Madison, WI

Contractor to Hexagon Manufacturing Intelligence - North Kingstown, RI

  • Developed a security strategy/roadmap for security best practices and compliance with the National Institute of Standards and Technology Special Publications (NIST SP 800-53r4, NIST SP 800-171 and NIST SP 800-18).
  • Conducted audits and assessed the security program and network for improvements and made recommendations to resolve any security vulnerabilities and findings.
  • Recommended hardware and software solutions, tools and best practices that would help improve and strengthen the Hexagon Cyber Security Program and security posture.
  • Provided guidance and stressed the importance of security policies and standards; including, but not limited to an effective security awareness training and education program; continuous monitoring; vulnerability scanning and penetration testing, etc.
  • Evaluated security environment; identified security gaps; and made recommendations for enhancements.
Compliance Cyber Security NIST Penetration Testing Security Architect Actor Auditing Manufacturing Training
Remove Skill
Senior Cyber Security Analyst (Global Cyber Security)
Information Technology
Feb 2015 - Jan 2016
Austin, TX

Contractor to Hewlett-Packard Enterprise (HPE) f/k/a Hewlett-Packard (HP)

  • Collaborated with Hewlett-Packard’s (HP) Global Cyber Security Compliance team supporting the System Security Plan (SSP)/Compliance initiative in preparation of HP's corporate split (HPE and HP).
  • Developed and assessed SSPs and system profiles for HP's mission critical and entity essential applications, systems and networks across all business units and global functions.
  • Team Lead/Project Manager; conducted audits/risk assessments of IT systems for compliance in a diverse technology environment across varying infrastructures, applications and networks.
  • Advised senior management by identifying critical security issues, vulnerabilities and findings and recommended risk- reduction/mitigation solutions.
  • Assessed applications and systems for compliance against aligned security policies and standards; industry and regulatory controls; IT computing controls and conducted gap analyses as required.
  • Assisted in the demonstration of system security operational objectives by contributing information and provided recommendations to strategic plans and reviews.
  • Prepared and completed associated remediation action plans; assisted with resolving cyber security issues; identified trends; determined system improvements and drove needed change.
  • Recorded SSP information in the eGovernance, Risk and Compliance (eGRC) application (RSA Archer eGRC Platform) to promote and develop security strategies; identify compliance obligations (e.g., HIPAA, PCI-DSS, SOX, etc.); direct system control development and access management, monitoring, control and evaluation.
Compliance Cyber Security HIPAA Risk Assessment Security Analyst SOX Gap Analysis Auditing Actor HP Project Management
Remove Skill
Senior Cyber Security Specialist
Information Technology
Oct 2013 - Oct 2014
Corvallis, OR

Contractor to the USDA Forest Service Natural Resource Manager (NRM)

  • Revamped the Natural Resource Manager (NRM) Cyber Security Program to reflect the National Institute of Standards and Technology Special Publications (NIST SP) 800 series; OMB Circular A-130; Federal Information Security Management Act (FISMA); Federal Information Processing Standards (FIPS) 199, 200 and 140-2; U.S. Gov’t FedRAMP guidelines for Cloud and Virtualization infrastructure technologies as well as the U.S. Forest Service’s policies and standards
  • Recommended and procured software solutions, tools and best practices that would help improve and strengthen the NRM Cyber Security program and security posture with the goal of protecting the confidentiality, integrity and availability of NRM’s data
  • Provided security guidance and oversight for various IT projects and evaluated systems and documentation for federal compliance requirements.
  • Educated users in sound cyber security principles and best practices
  • Represented the NRM Cyber Security Organization during project meetings to assist stakeholders and provided recommendations regarding cyber security as required by federal guidelines and regulations
  • Created security guidance documents to assist NRM in producing organizational standard operating procedures (SOPs)
  • Ensured all regulations, guidelines, directives, policies and procedures are being followed and that security checklists/hardening guides are being employed to establish a standard baseline and to satisfy federal cyber security requirements
  • Proposed solutions, tools and best practices to strengthen NRM’s web/application/database security as well as establish an effective configuration/change management system (CMS)
  • Assisted in the process to reduce the current number of Plan of Action and Milestones (POA&Ms) identified by NRM Cyber Security as well as previous Office of Inspector General (OIG) audits and to propose solutions to prevent future POA&Ms from reoccurring
  • Worked with NRM federal and contract personnel to address security incidents and issues involving users, information systems and data
  • Identified current NRM security-related issues due to vulnerabilities, access, deficiencies, separation of duties/least privilege (SOD/LP), insufficient controls, etc. and offered recommendations and viable solutions to correct problems and ensure all federal regulation, guidelines and directives are followed accordingly.
Compliance Cyber Security FISMA Information Security POA&M Stakeholder Engagement Virtualization Actor Auditing Change Management Documentation Employ Natural
Remove Skill
References
Average Rating

1 recommendation
Cyber Security Engineer
Government
Nov 2010 - Oct 2013
Oak Ridge, TN

Y-12 National Security Complex (Nuclear Weapons and Highly Enriched Uranium Facility) Prime Contractor to the U.S. Department of Energy/National Nuclear Security Administration

  • Executed site-related security functions and job duties from the Security Operations Center (SOC) which provided 24x7x365 continuous monitoring and cyber security support.
  • Deployed and managed several defense-in-depth technologies on the classified and unclassified network environments to augment the site's cyber security posture and to help prevent/detect Advanced Persistent Threats (APTs) and other internal/external threats
  • Performed Quid Pro Quo attacks (via making false promises of free gift cards, money, t-shirts, or vacation).
  • Performed Tailgating employees, Spear Phishing and Baiting campaigns.
  • Evaluated information systems and security documentation for compliance with federal oversight requirements including FISMA compliance, NIST 800-53, OMB A-130, FIPS 140-2 and NAP 14.1D (National Nuclear Security Administration Policies).
  • Participated and contributed in biweekly U.S. Department of Energy (DoE) Cyber Security meetings to discuss cyber- related events, activities, incidents and to share cyber intelligence within the DoE community. Topics included malware analysis/research; APTs and other malicious actors and targeted threats/attacks such as spear-phishing, hostile attachments, watering hole attacks, drive-by attacks, command and control (C2), etc.
  • Conducted an ongoing threat analyses to determine the site security posture due to vulnerabilities, APTs and other malicious actors as well as the latest Situational Awareness Reports (SARs)/intelligence released by federal agencies (e.g., JC3, IARC, DoE, DoD, DHS, FBI, NSA, US CERT, etc.) and the open source community
  • Worked closely with Y-12 internal organizations (e.g., Helpdesk, Network Support, Desktop Support, Software Support, Email Support, etc.) and other U.S. Department of Energy (DoE)/National Nuclear Security Administration (NNSA) sites to resolve user, network and security-related issues
  • Responsible for oversight of network traffic. Conducted log analyses for tracking suspicious network activity due to malware, intrusions, internal threats, APTs and other malicious actors; failed/blocked websites; waste, fraud and abuse and for troubleshooting purposes related to software, hardware and network issues
  • Responsible for site web proxies and anti-virus servers. Duties included but are not limited to Internet policy and web content filtering enforcement; creating and managing proxy policies and categories; reviewing user requests and applying or creating policies which grants/denies access accordingly and reviewing and categorizing unidentified sources and websites
  • Responsible for the deployment and management of the site-wide network intrusion prevention system (IPS). Successfully configured and deployed the IPS in a test environment to monitor and understand its functionality in real-world situations and to observe its response to simulated attacks via penetration testing methodologies. IPS duties included but are not limited to managing the IPS central manger; network implementation of IPS sensors; software upgrades; emergency signature installs released by the vendor; creating custom Snort rules and attack signatures; creating custom firewall rules and exceptions; creating and managing policies; managing the IPS quarantine and analyzing attacks
  • Configured, deployed and maintained strategically placed network IPS sensors to maximize visibility within the infrastructure while operating within budget constraints
  • Tracked security-related events, incidents and alerts in the Y-12 cyber security event management system. This included but is not limited to tracking malware/Indicators of Compromise (IoC)/APTs; phishing emails; government issued Situational Awareness Reports (SARs) and intelligence, security alerts/bulletins and threat advisories published from various federal agencies and the private sector and technical advisories regarding the latest security vulnerabilities associated with hardware, software, mobile, wireless as well as Industrial Control Systems (ICSs)
  • Maintained a custom blacklist that downloaded malicious URLs, domain names and IPs from internal and external sources that was automatically imported into the network proxies to deny users and systems from accessing malicious domains
  • Developed a process for malware remediation by isolating/blocking infected or compromised hosts from internal and external resources until a strategy could be implemented to remediate its impact on the network
  • Scanned and reviewed external and 3rd party media for malware and other discrepancies
  • Configured, deployed and maintained the network data loss prevention (DLP) appliance. Activities included day-to-day maintenance, analyzing/tracking incidents and incident remediation.
  • Created and deployed IDS/IPS rules and signatures into the network sensors
  • Monitored networked systems for compliance with current policy standards (SCAP, USGCB, FDCC)
  • Experience with incident response procedures such as chain of custody and documentation; detecting and identifying that an incident has occurred; containing and isolating the incident and preserving evidence; adding the IoC to a custom block list and/or creating and deploying attack signatures; eradicating the incident by removing/blocking the affected system from the network and monitoring the network to observe for similar or new abnormal activity
  • Assisted with the implementation of the Security Information & Event Management (SIEM) system. Consolidated the site’s security controls (host-based and network-based IDSs/IPSs, proxies, firewalls) to a single platform for central management, alerting, correlation, profiling, and logging using a SIEM.
  • Experience with network forensics; Conducted proxy and firewall log analyses and IDS/IPS alert correlation due to malware; waste, fraud and abuse and APTs and other malicious actors. Analyzed logs and alerts via network security controls to verify if an intrusion, compromise or misuse has taken place and determine if an additional investigation or further action is required such as a packet capture analysis (PCAP), media inspection and/or sanitization, notifying senior-level management, etc.
  • Conducted penetration tests/vulnerability assessments to identify security weaknesses and potential threats; established baselines and tested new and existing systems after new software installations, upgrades or when configurations/changes were implemented.
  • Contributed to the certification and accreditation (C&A) process by performing network, system and software vulnerability assessments via security tools and walk-downs. Analyzed results to determine the level of risk they pose, both internally and externally, and contacted system owners to propose recommendations to resolve or lower the security level or to mitigate or accept the risks associated with the vulnerabilities.
Compliance Cyber Security Database Upgrades Firewall FISMA IDS IPS Network Support NIST Penetration Testing Security Engineer Social Engineering Network Monitoring Network Security Vulnerability Assessments PRIME Wireless Malware Database Maintenance Desktop Support Documentation Employ Problem Solving Testing Methodologies Actor Analysis
Remove Skill
Technologies Technician (IT / Network Administrator)
Information Technology
May 2010 - Nov 2010
Knoxville, TN
  • IT/Network Administrator responsible for managing the corporate WAN with offices located in Knoxville, TN, Cookeville, TN and Orlando, FL. Supported users in a Microsoft Windows environment who was responsible for all corporate hardware and software. This included but was not limited to the corporate WAN optimizer, firewall, proxy, switches, domain controllers, file servers, Exchange server, backups, workstations, laptops, mobile devices, printers/plotters, etc.
  • Other responsibilities included but are not limited to maintaining the corporate Intranet; diagnosing hardware, software and connectivity issues; testing backups and data recovery methods; malware remediation; documenting and tracking all network inventory; deploying new/existing software, updates, patches and configurations; building and repairing computer systems; monitoring and reviewing network activity and logs; maintaining software licenses; managing domain user accounts, groups and policies; automating network tasks via batch scripts; training users regarding proper usage of company resources as well as the corporate computer policies, procedures and standards and staying up-to-date with the latest security threats and practices.

Firewall Laptops Mobile Devices Network Administration Printers Switches WAN Windows Database Backups Data Recovery Malware Training
Remove Skill
References
Average Rating

1 recommendation
Backup IT Administrator / Mechanical Design Engineer
Information Technology
Feb 2001 - May 2010
Knoxville, TN
  • Backup IT Administrator responsible for managing and supporting a LAN in Knoxville, TN. Supported a small group of users in a Microsoft Windows environment who was responsible for company servers, workstations, firewall/IPS, printers/plotters and software, etc.
  • Other duties included but are not limited to deploying new/existing software updates, patches and configurations; training users regarding computer usage and new software; building and repairing new computer systems; installing and managing new computer systems, applications and network appliances; malware remediation; reviewing system configurations and logs; conducting vulnerability scans to determine system and network risk levels and mitigation strategies; staying up-to-date with the latest security threats and practices and CAD application development (created and maintained custom-made AutoCAD menus and toolbars to establish standards and to improve productivity). Design Engineer duties available upon request.

AutoCad Database Backups Firewall LAN Mechanical Design Printers Windows IPS Application Development Malware Training
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Bachelor's in Information Systems Security
ITT Technical Institute 2008
Information Security
ITT Technical Institute, 2006 - 2008
Associate's in Information Technology
ITT Technical Institute 2006
Information Technology
ITT Technical Institute, 2004 - 2006
Mechanical Engineering
University of Tennessee-Knoxville, 1992 - 1994
Certifications
CISSP - (ISC) 2 Certified Information Systems Security Professional, #425024
Security+ - CompTIA, #COMP001020032922
MCP Microsoft Certified Professional #6942119
CBISO - 10-D Academy, Certified Banking Information Security Officer, #18138
SANS Institute - (PMP) Project Management and Effective Communication for Managers and Security
AutoCAD 2000 - Autodesk
AutoCAD 2000
Autodesk, 2001
Certified Banking Information Security Officer (CBISO)
10-D Academy, 2018
Security+
CompTIA, 2009
Microsoft Certified Professional (MCP)
Microsoft, 2008
Certified Information Systems Security Professional (CISSP)
(ISC)², 2013
Skills
Firewall
2019
14
Malware
2017
13
IPS
2013
12
Training
2020
10
Application Development
2010
9
AutoCad
2010
9
Database Backups
2010
9
LAN
2010
9
Mechanical Design
2010
9
Printers
2010
9
Windows
2010
9
Cyber Security
2022
8
Compliance
2020
7
Penetration Testing
2019
6
Social Engineering
2020
6
Vulnerability Assessments
2019
6
Actor
2020
5
Auditing
2020
5
Information Security
2021
5
Network Security
2019
5
NIST
2019
5
Employ
2020
4
Documentation
2014
3
FISMA
2014
3
HIPAA
2019
3
Project Management
2019
3
Risk Assessment
2019
3
SOX
2019
3
Analysis
2013
2
Data Security
2019
2
Database Maintenance
2013
2
Database Upgrades
2013
2
Desktop Support
2013
2
FFIEC
2019
2
GDPR
2019
2
GLBA
2019
2
IDS
2013
2
Network Monitoring
2013
2
Network Support
2013
2
PCI
2019
2
PRIME
2013
2
Problem Solving
2013
2
Risk Management
2019
2
Security Engineer
2013
2
Testing Methodologies
2013
2
Wireless
2013
2
Security Admin
2013
1
Change Management
2014
1
Natural
2014
1
POA&M
2014
1
Stakeholder Engagement
2020
1
Virtualization
2014
1
Cisco
0
1
Cisco FirePOWER
0
1
CISSP
0
1
CompTIA Security+
0
1
Cyber Security Architect
0
1
Data Recovery
2010
1
Gap Analysis
2016
1
HP
2016
1
HP SA
2016
1
Human Resource
2020
1
Laptops
2010
1
Manufacturing
2016
1
Microsoft Office
0
1
Mobile Devices
2010
1
Network Administration
2010
1
Security Analyst
2016
1
Security Architect
2016
1
Switches
2010
1
System Administration
0
1
Technical Specifications
2020
1
VMWare
0
1
VPN
0
1
WAN
2010
1
Windows Server
0
1