System Hardening

Most recently, my work at Zoom Video Communications included provision of a level of oversight for system hardening initiatives. Where IT teams worked to implement system hardening requirements, requests for variations or exception often came up due to some perceived need. My role as Manager Security Controls Validation was to challenge those I believe could and should be implemented in accordance with the standards. I needed to understand the technical or business reasons behind the difficulty and offer realistic solutions to overcome or mitigate the problem. Other times, I needed to provide input to the documentation of an exception.

Prior to this, in Jackson National Life Insurance, my work on the Vulnerability Management team entailed performing the empirical testing of whether systems complied to security configuration hardening standards or not and to work with IT teams to identify potential mitigations where a standard was considered infeasible. As Manager Information Security Controls Program, I wrote the company standards and policy governing configuration hardening.

As Senior IT Security Consultant with Info@Risk, I consulted with many clients in several industries on ways they could meet their system hardening requirements, leveraging my many years experience building, deploying, and managing IT systems. This was particularly important for many of my clients in the electric utilities industry who needed to comply with NERC CIP requirements for cybersecurity to ensure reliability of national infrastructure.

In all of these efforts I have made extensive use of CIS Benchmarks and DISA STIGs as important sources of guidance. I've also spent a lot of time customizing standards based on such guidance as deliverables for my clients.

Prior to these positions I had spent many years securing system configurations of network infrastructure devices and Windows networks using Group Policy Object enforcement.

Professional certifications supporting this work include: CISSP, CISM, CISA, GCCC, MCSE