Information Security Analyst

• Oct 2021 - Present

Information Security Analyst II - Information Security Officer

• Sep 2019 - Sep 2021

Responsible for designing, drafting, implementing, and reviewing policies and procedures to ensure the TDCJ is able to maintain regulatory compliance with the FBI CJIS policy, Texas Administrative Code 202, and utilizing NIST 800-53r4 standards and best practices. Annually disseminated training to over 14000 employees, vendors, and contractors per Texas Government Code 2051.5191 and 2054.5192. Oversaw the risk assessment modernization project to improve future efficiency while performing assessments on more than 100 systems. Managing audits on agency systems, discussing policy violations with users, and presenting findings to agency management. Conducting annual review and update to the agency Computer Security Incident Response Plan to include training for the Incident Response Team. Designed and implemented a more aggressive vulnerability management program to significantly reduce the time between identifying and remediating vulnerabilities reducing the time the agency is susceptible to a successful attack. Researched and oversaw implementing a new risk assessment platform, Isora, while providing training to data owners and ensuring agency management received actionable data from the assessments. Continually reviewing, testing, and providing recommendations to management regarding various new hardware and software products Show less

Network Specialist IV - Information Security

• Feb 2016 - Aug 2019

Supported the agency by orchestrating a team of technicians tasked with maintaining the day-to-day Information Security operations for an organization consisting of approximately 40,000 employees. Duties included implementing, administering, and overseeing multiple Information Security Systems, including Malwarebytes Management Console, Cisco FireSIGHT, RSA Archer, Encase Forensic Software, and vulnerability management software such as Nessus and Netsparker. Provided coordination, oversight, and analysis of the agency’s annual penetration test to include the prioritization of vulnerability remediation and the creation of summary reports for executive management. Supplemented the annual penetration testing with in-depth and rigorous scan cycles to ensure the secure development, implementation, configuration, and maintenance of operating systems and web applications. Gathered and analyzed data from agency Information Security Systems to develop and recommend plans of action to secure agency systems and data against accidental or unauthorized destruction, alteration, and disclosure. Provided the agency with the initial template and collaborated with a team to implement our current Information Security Policies. Drafted detailed procedural documentation to improve efficiency, consistency, and accuracy. Analyzed and streamlined many of our procedures, including our forensic analysis techniques, to provide management with more efficient and accurate results. Show less

Network Specialist III - Information Security

• Apr 2014 - Feb 2016

Located, quarantined, and remediated infected or compromised systems utilizing Symantec Endpoint Protection and Malwarebytes Management Console. Orchestrated annual penetration tests with the Department of Information Resources (DIR), distributed the results, and coordinated remediation efforts with agency teams. Performed evaluation of tools, drafted procedural documentation, and assisted with policy development that allowed the agency to better meet regulatory compliance (TAC 202, CJIS, and NIST 800-53r4). Utilized risk assessment tools and methodologies, including MS-ISAC, ICS-CERT’s Cybersecurity Evaluation Tool (CSET), and Archer. Performed unit audits to ensure adherence to agency policy and courtesy security inspections and detailed forensic analysis utilizing open-source tools and proprietary software (EnCase). Implemented scheduled and on-demand vulnerability scans using Nessus and Netsparker. Evaluated and provided recommendations on multiple systems before implementation (Cisco FireSIGHT, Malwarebytes Management Console, Symantec PGP encryption) Trained and collaborated with technicians to install Symantec PGP on all agency-owned laptops. Created custom mail rules to reduce spam and malicious attachments in our environment. Show less

System Support Specialist III - Information Security

• May 2013 - Apr 2014

Promoted within the Information Security Office and continued to provide forensic analysis for the Office of the Inspector General (OIG) and various divisions within the agency. Coordinated with teams across multiple divisions to improve the agency’s security posture and meet regulatory compliance. Additional projects include collaborating with multiple departments in a concerted effort to remediate numerous infected systems, developing security controls for the first online inmate program alongside the Windham School District Information Technology staff. Responsibilities included authoring and collaborating on monthly security articles for the division and agency-wide newsletters, guiding the Enterprise Systems Support server administrators to best harden servers. Additional tasks included creating custom malware alerts, administering the Passport mainframe emulation software, managing Information Security procedural documents, assisting with policy interpretation, and participating in the team that began rewriting the agency’s Information Security policies. Monthly responsibilities included state-mandated reporting utilizing DIR’s Security Incident Reporting System (SIRS) and providing security metrics to senior management. Show less

System Support Specialist II - Information Security

• Aug 2012 - May 2013

Joined the Information Security Office and wrote security policies, procedures, and guidelines for the agency, vendors, and other organizations. Primary responsibilities included administering Passport software, monitoring and maintaining Symantec Endpoint Protection, reducing malware on the network, assisting with the submission of monthly reports to the Department of Information Resources (DIR) and Information Technology management. Assisted PC support technicians by providing specialized assistance through installing, configuring, and troubleshooting mainframe emulation software. Provided a unique solution during the migration from IBM Host on Demand to Passport that allowed the agency to avoid approximately $10,000 in additional software costs. Began providing forensic analysis support to the Office of the Inspector General utilizing both proprietary and open-source software. Show less

System Support Specialist I

• Jan 2012 - Aug 2012

Served the agency on the Information Technology Division Help Desk by performing remote installation, configuration, and troubleshooting of computers, printers, software, thin clients, and mainframe terminals. Monitored the network and mainframe for system outages statewide to proactively provide our users with a quick, accurate, and effective response. Multiple troubleshooting techniques were utilized on both the mainframe and PC to identify the best solution to have users operational as expeditiously as possible. Experience gathered on the Help Desk provided unique insight into the vastly different processes utilized by the various agency divisions. Show less