Christopher
chrisolan@gmail.com
614-805-9104
Orlando, FL 32806
Cyber Security Analyst
12 years experience W2
0
Recommendations
Average rating
161
Profile views
Summary

  • An IT professional with 10 year of expertise in Information Security, Risk Management, Vulnerability Assessment, Control Review and Assessment with background in Software Quality Assurance seeking new challenges to leverage strong information technology security acumen.
  • From my previous and present experience, I have experience with baiting (USB Flash drive) and phishing attacks. To prevent those attacks, I work with the Software development team and other IT departments to conduct Penetration testing that uses Social Engineering techniques and enables the organization to learn which type pose the most risk for the specific attacks.

AREAS OF EXPERTISE

  • DoD & DDoS Cyber Security Policies
  • Risk Management Framework
  • Social Engineering
  • Security Architecture
  • Regulatory Compliance
  • Information SecurityAuditing
  • Network & Security Architecture
  • Identity Access & Management
  • Cryptography Techniques
  • Team Management & Customer Service
  • NIST Series Publications

Social Engineering experience:

  • Phishing - This is the most common threat and I work daily in educating staff on the importance of being careful about all e-mails they receive is crucial.
  • Spear Phishing - After the incident with our Account Dept and the training provided, I participate in spear Phishing by sending spam emails to the accounting staff with the hope of having them respond.
  • Baiting - After firewall upgrade alongside our Asset Management team. We left numerous infected USB drives in our customer service center. The USB was connected to an asset, but the Firewall prevented the installation of the malware.
  • Tailgating - Each employee requires multifactor access to gain entrance to the floor so it is not possible for tailgating to occur.
  • Pretexting - We randomly make a call to our customer service agent posing as a customer to get PII info, but base on the training provided, the agent requires HIPAA verification and the phone select option requires complete verification before initiating agent transfer.
  • Quid Pro Quo - Work with the Tech support to ensure that all agent calls are screen prior to assisting with tech support. Also, we call a selection of random numbers within an organization and pretend to be calling back from tech support. The organization trains everyone not to divulge any info that cannot provide the employee IDs.
  • USB drop attacks - After firewall upgrade alongside our Asset Management team. We left numerous infected USB drives in our customer service center. The USB was connected to an asset, but the Firewall prevented the installation of the malware.

Experience
Education
Master's in Health Administration and Informatics
University of Phoenix 2014
Bachelor's in Public Health
Ohio University 2011
Skills
Compliance
2021
5
Mitigation
2022
5
Salesforce
2015
4
Accounting
2022
3
Agile Methodology
2018
3
Auditing
2015
3
Change Management
2015
3
Data Security
2015
3
Integration Testing
2018
3
Malware
2022
3
Quality Assurance
2018
3
Security Systems
2022
3
Selenium
2018
3
SQL
2015
3
Test Case Preparation
2018
3
Test Planning
2018
3
Workday
2015
3
Cyber Security
2021
2
Network Administration
2021
2
Security Analyst
2021
2
Patch Management
2019
1
Firewall
2021
1
HIPAA
0
1
IAM
0
1
IDS
2021
1
Information Security
2021
1
IPS
2021
1
Linux
0
1
Microsoft Excel
2021
1
Network Infrastructure
2021
1
NIST
0
1
Penetration Testing
0
1
Risk Management
0
1
SIEM
2021
1
Social Engineering
2021
1
Splunk
2021
1
TCP/IP
2021
1
UDP
2021
1
Vulnerability Assessments
0
1