Jul 2020 – Oct 2020 · 3 mos · Remote

• Classified- Based upon Client Sensitivity
• Responsibilities include:
• Auditing of the Internal Systems
• Constant upkeep, monitoring, analysis, and response to network and security events
• Documents compliance actions within the approved automated compliance tracking system or develops a plan of actions and milestones (POA&M) with the Information Systems Security Manager (ISSM) to address non-compliance in the allotted timeframe
• Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan
• Ensures configuration management (CM) for security-relevant IS software, hardware, and firmware is maintained and documented in accordance with baseline
• Ensures all information system security-related documentation is current and accessible to properly authorized individuals
• Ensures records are maintained for workstations, software, servers, routers, firewalls, network switches, telephony equipment, etc. throughout the information system's life cycle
• Evaluates proposed changes or additions to the information system and advises the ISSM of their security relevance
• Assist and conduct security IS education
• Participates in internal/external security audits/inspections; performs risk assessments
• Informs ISSM on technical IS security matters

May 2020 – Jul 2020 · 2 mos · Remote

• Responsibilities
• Expertise in conducting Vulnerability assessments including network, host, web application, wireless network using tools including Nessus, Rapid7 Nexpose, Qualys, Metasploit, Burp Suite, Fortify, Nmap, and HP Webinspect.
• Discover, identify, and track vulnerabilities to assess risks to NFCU information assets. This includes identifying vulnerability false positives and maintaining a vulnerability assessment schedule.
• Conduct Ad-Hoc Risk and Impact assessment of the vulnerabilities found during the scans.
• Provide and support efforts to maintain metrics which includes vulnerability remediation
• Participate in execution of testing, red teaming, and enforcement of security standards and remediation tracking.
• Escalate issues to management in a timely manner with appropriate information regarding risk and impact
• Assist senior consultants in the execution of information security risk assessments to include interviews, technical testing, and physical inspections of administrative, technical, and physical security controls
• Coordinate third party/vendor risk assessments on behalf of client(s); follow-up with resources on status of assigned tasks and drive towards completion
• Participate in internal and external vulnerability scanning of client networks
• Utilize industry tools to perform phishing tests of client populations
• Support client efforts to adopt security practices consistent with various frameworks, most commonly the HITRUST Common Security Framework and NIST Cybersecurity Framework
• As needed, participate in client information security incident response efforts by correlating reported status from staff and indications and input from systems and security tools; contribute to containment, eradication, and recovery activities and assist in the documentation of incident reports and lessons learned activities

Oct 2019 – May 2020 · 7 mos · Remote

• As an Information Security Engineers, also called Information Security Analysts, help to safeguard the organization’s computer networks and systems. They plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. Information Security Engineers usually work as part of a larger IT team and report directly to upper management.
• As sensitive data is more frequently stored on computer systems, and hacking and cyber-attacks grow more frequent, companies and governments are increasingly relying on Information Security Engineers.
• As an Information Security Engineer Duties my responsibilities are to accomplish the primary goal of protecting computer systems and networks,
• My Roles is to create and help enforce:
• Develop Information Security Plans and Policies
• Implement Protections
• Test for Vulnerabilities
• Monitor for Security Breaches
• Investigate Security Breaches

Aug 2019 – Oct 2019 · 2 mos

• Red Team Assessments focus on giving your security team practical experience combatting real cyber attacks. While avoiding business damaging tactics, these assessments use conventional and advanced attacker TTPs to target agreed-upon objectives. You define the attack objectives — usually worst-case business scenarios . Red teaming goes through full attack lifecycle, from initial reconnaissance to mission completion. We offer two types of assessments: Red Team Operations and Red Team for Security Operations.
• Red Team Operations test your internal security staff’s ability to safeguard critical assets. Using experience from the front lines of cyber attacks, our experts simulate the tactics, techniques and procedures of real-world targeted attack, without the negative consequences.
• Red Team for Security Operations, also known as a Purple Team, simulate targeted attack across each phase of the attack lifecycle – with the ability to simulate multiple attackers at each phase. A Mandiant incident responder works side by side with your internal security team as they work to detect and respond to the red team, providing coaching and evaluating your response (people, process and tools used) at every step.
• Red Team Operations is ideal for organizations who want to test their ability to protect critical assets from targeted attack.
• Red Team for Security Operations is ideal for organizations who want to coach their security teams to improve detection and response capabilities to targeted attack.

Apr 2019 – Oct 2019 · 6 mos

• Assesses information risk and facilitates remediation of identified vulnerabilities with the private network, systems, and applications. Reports on findings and recommendations for corrective action.
• Performs vulnerability assessments as assigned utilizing IT security tools and methodologies.
• Performs assessments of the IT security/risk posture within the IT network, systems and software
• applications, in addition to assessments within the Vendor Management Program. Identifies
• opportunities to reduce risk and documents remediation options regarding acceptance or mitigation
• of risk scenarios. Facilitates and monitors the performance of risk remediation tasks, changes related to
• risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security
• maintenance of their systems and applications. Provides weekly project status reports, including
• outstanding issues. The IT Security/Risk Analyst assists in all IT audits, IT risk assessments and
• regulatory compliance.
• Key responsibilities including but not limited to:
•  Management of IT security and IT risk (e.g., data systems, network and/or web) across the
• enterprise.
•  Address questions from internal and external audits and examinations.
•  Develop policies, procedures and standards that meet existing and newly developed policy
• and regulatory requirements including SOX, PCI, and/or guidance.

Jan 2019 – Aug 2022 · 3 yrs 7 mos · Remote

• Classified per client SLA and NDA -The provisions of Executive Order 12356 of Apr. 2, 1982, appear at 47 FR 14874 and 15557, 3 CFR, 1982 Comp., p. 166, unless otherwise noted.

Jan 2019 – Apr 2022 · 3 yrs 3 mos · Remote

• University of ArizonaUniversity of Arizona
• Master's degree Program Content Provider / Fellowship, Cyber/Electronic Operations and WarfareMaster's degree Program Content Provider / Fellowship, Cyber/Electronic Operations and Warfare
• 2020 - 20222020 - 2022
• Grade: Fellowship for content creation of Post Graduate Program in Cyber Security Grade: Fellowship for content creation of Post Graduate Program in Cyber Security
• Activities and societies: Information is to for the training of students. This included lab and testing for students in the post-grad program.
• Activities and societies: Information is to for the training of students. This included lab and testing for students in the post-grad program.
• As the Content Creator, my responsibilities include: producing marketing copy to advertise our products, writing blog posts about industry-related topics and promoting our content on social media. To be successful in this role, you should have experience with digital publishing and generating traffic and leads for new business.
• Responsibilities Include:
• Researching industry-related topics
• Preparing well-structured drafts using digital word processing and publishing platforms
• Prepare well-structured drafts using digital publishing platforms
• Create and distribute marketing copy to advertise our company and products
• Interview industry professionals and incorporate their views in blog posts
• Edit and proofread written pieces before publication
• Conduct keyword research and use SEO guidelines to optimize content
• Promote content on social networks and monitor engagement (e.g. comments and shares)

Aug 2018 – Jan 2019 · 5 mos · Remote

• When healthcare organizations are migrating applications, websites, and associated protected health information (PHI) to the cloud, many opt for an infrastructure-only solution that places them at risk of extremely costly PHI data breaches. Without managed security services, these organizations bear full liability for their own cloud security, increasing the likelihood of HIPAA violations and driving up IT compliance costs.
• Unfortunately, most healthcare leaders can't be sure their cloud systems are secure. They’re hazarding fines of $250 per record in the event of a data breach — as well as reputational damage. VM Racks eliminates that uncertainty – with HIPAA compliant managed security, secure FTP, encrypted email, secure WordPress, and two-factor drive storage services we prevent PHI security risks from cropping up in the first place. VM Racks provides peace of mind by:
• Ensuring your data security. We secure and encrypt PHI on our servers, our offsite backups, and in-transit, while our network security layers actively preserve data integrity and confidentiality.
• Managing your HIPAA Compliance. Unlike infrastructure-only IT solutions, VM Racks signs a Business Associate Agreement (BAA) for every client – a requirement for true compliance. We employ a full-time HIPAA Compliance Officer, so your team can focus on maximizing growth.
• Delivering a level of responsiveness and support far above other IT service providers, with US-based Tier-2 engineers available 24/7.
• Recently, VM Racks’ vulnerability monitoring identified a key weakness in a client’s data security which left them exposed to a potential PHI breach. Thanks to our regular monitoring, we quickly remediated the gap, preventing the risk of a leak and saving the client from massive fines.
• If you’re ready to eliminate the risk of a HIPAA violation or leak by hosting your application, website, or protected data in a HIPAA-secure, managed environment.

Jun 2018 – Aug 2018 · 2 mos · Private | Confidential

• I am an IT Security and Networking Professional with excellent written and oral communication skills. Thorough understanding of Networking Information Assurance and Cybersecurity disciplines to include open-source information gathering threat and vulnerability assessments penetration testing and techniques and network defense. I have over fifteen years of hands-on experience in IT Security specializing in penetration testing. I am an accomplished security engineer malware analyst and incident responder. I currently work in the healthcare sector and enforced and maintained company charter and any amendments for Government and Private Companies –Examples are OSHA, HIPPA, SOX, FISMA, NIST SP800, HIPAA Security, and Privacy Rules, FERPA, Risk Process, ISO 9000 and Venerability management.
• # Lead Security Engineer of an Assessment Team doing full vulnerability assessments of Medical and Private Companies
• # Conduct network/host penetration tests and web application penetration tests
• # Assist the information security risk assessment program by identifying risks in the current security posture.
• # Conduct risk assessment using NIST SP 800-53 v3 & v4 for Penetration testing and Security Assessments

Jan 2018 – May 2018 · 4 mos · Undisclosed - Private

• My key role is to work in a challenging environment that combines technical security operations talent with business consulting skills to deliver industry-leading IT security testing services. Join a team of security enthusiasts that perform cutting-edge research and promote an environment of innovation and knowledge–sharing. Lead enterprise and system focused network and application penetration test and red team engagements for a wide variety of clients, including the federal government and commercial clients across multiple market sectors, working with a team of 10+ seasoned security testing professionals to enhance existing services offerings and security testing capabilities.

Oct 2017 – Jan 2018 · 3 mos · Tupelo , MS and Remote Security Administration

• I manage all IT activities in the organization. Implements and maintains the policies and goals of the IT department to support the company's needs. Ensures proper information system operations and plans necessary upgrades. Oversees the internal IT support function. Conducts research and recommends the selection of IT equipment, applications, and supplies. Requires a bachelor's degree. Typically reports to top management. Manages subordinate staff in the day-to-day performance of their jobs.
• My responsibilities are :
• Manage information technology and computer systems
• Plan, organize, control and evaluate IT and electronic data operations
• Manage IT staff by recruiting, training and coaching employees, communicating job expectations and appraising their performance
• Design, develop, implement and coordinate systems, policies, and procedures
• Ensure security of data, network access, and backup systems
• Act in alignment with user needs and system functionality to contribute to organizational policy
• Identify problematic areas and implement strategic solutions in time
• Audit systems and assess their outcomes
• Preserve assets, information security and control structures
• Handle annual budget and ensure cost effectiveness

Sep 2016 – Oct 2017 · 1 yr 1 mo · Greater Memphis Area / Australia

• As the Information Security Engineer identifies potential information and network security vulnerabilities. Develops and implements solutions to mitigate risks and enhance system security through solutions such as Identity management and firewalls rules. Ensures site security and provides consultation on security issues. Investigates and recommends security technologies. Audits data, application, computer and network security problems and issues. Performs security investigation and computer forensic analysis. Assists in the development of secure architecture and designs and provide training on security solutions. Runs disaster recovery drills to ensure systems will be up and running securely during disasters. Performs activities related to Software compliance and vendor coordination for licenses.
• Manage Security Components and Servers:
• o Assists with development, implementation and maintenance of IT security solutions including firewalls, web proxies and filtering, email security, web application firewalls, intrusion detection / prevention, identity management.
• o Manages Windows and Linux servers and appliances in the DMZ.
• o Oversees AD, DNS, IIS, Apache, Tomcat, SQL Server, and MySQL servers.
• o Controls publicly registered domain names.
• o Manages publicly registered certificates obtained from our chosen Certificate Authority.
• Incident Response:
• o Monitors firewall/IPS, gateway, and endpoint protection logs for violations and issues.
• o Investigates any actual or potential information security incidents.
• o Provides periodic reporting on information security issues.
• o Prepares reports that are requested by IT leadership related to IT risk assessments, control assessments, and/or remediation efforts.

May 2016 – Oct 2016 · 5 mos · Memphis,Tn

• I am responsible for all network, servers and desktop administration services in the
• Memphis Headquarters.I help plan, implement, oversees and maintain all the servers,desktops,network infrastructure and projects in the local Memphis HQ and with or Amazon Cloud based environment.
• CLOUD SECURITY SPECIALIST: technical expertise in deployment, management, and operations on the AWS platform. Here are some concepts and examples that I have worked on. These include:
• Deploying, managing, and operating scalable, highly available, and fault tolerant systems on AWS - For "Best Security Practices"
• Migrating an existing on-premises application to AWS - this includes an entire company and data center to AWS
• Implementing and controlling the flow of data to and from AWS
• Selecting the appropriate AWS service based on computer, data, or security requirements
• Identifying appropriate use of AWS operational best practices
• Estimating AWS usage costs and identifying operational cost control mechanisms
• Work with various risk and information security teams in presenting recommendations for improvement to technology subject matter experts and management
• Interfaces with Senior Management inside Symantec to help set strategy and participates in varied roles to support the internal business development
• Develop and execute Cloud Information Security strategy to proactively identify risk and drive remediation
• Develop horizontal view of risk posture across multiple technology domains
• Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the cloud operating model
• Certificate Management
• Act as point of contact to executive leadership for dimensioning, managing and driving remediation of information security risk within the context of the AWS infrastructure and P.O.D for security issues.

Dec 2015 – Present · 10 yrs 3 mos · Remote - Client Sites and Services - All over the World ! · Remote

• My job description is to provide expertise and advice to help clients improve their business performance in the roles of Cyber Security, Cyber Security Awareness and improve responsibilities for them and there clients. This may include:
• Research: Conduct research, surveys, and interviews to understand the client's needs and business
• Analysis: Analyze data and statistics to identify issues and potential solutions
• Planning: Develop action plans and strategies for improvement
• Communication: Present findings to clients in writing, visually, and orally
• Implementation: Implement agreed-upon solutions and new procedures
• Evaluation: Periodically evaluate the situation and make adjustments
• Chip has worked in over 50 countries in the Middle East, Asia,
• Africa, Latin America, and Europe and has experience
• in developing and developed countries as well as well as operating
• in austere and hostile environments.Chip has unique experience that
• covers the spectrum of field practitioner to senior policy advisor.
• This allows Chip to fully understand a wide variety of stakeholder
• needs and provide realistic, actionable, and effective solutions.
• Capabilities and Experience:
• Maritime and Port Security
• International Security Consulting and Training
• Organizational Resilience
• Emergency and Crisis Management
• Cyber and Physical Security Convergence
• Security Sector Reform
• Security Agency Capacity Building
• Diplomatic and Embassy Security
• Border Security
• Supply Chain Security
• Security Advisory Services to Government Leadership
• Force Protection
• Operations in High Threat Environments and Conflict Zones
• Intelligence Analysis
• Threat Assessment Methodology

Nov 2015 – May 2016 · 6 mos · Memphis Metropolitan Area

• I currently work with teams to deliver Managed Services to local and US client base. I am working as a Subject matter experts manage equipment and security processes that protect the integrity and confidentiality of client information by ensuring appropriate controls are in place to control data visibility. This position was to engineer solutions for data visibility & loss prevention technologies in the information security environment and will support current and future designs. As the security engineer it is expected to work independently with internal clients and Sr. Management on information security issues and strategies, Manage new and existing requirements involving Data Protection, and fully document processes and solutions.

Sep 2001 – Oct 2015 · 14 yrs 1 mo · Afghanistan

• Classifed - Under Federal NSL

Jan 1999 – Present · 27 yrs 2 mos · Tupelo, Mississippi, United States · Remote

• In System Failure, cybersecurity expert Chip Harris exposes the hidden cyber war that is threatening the infrastructure that we all rely on daily.
• With gripping case studies and near-disasters. He reveals how hackers, rogue states, and criminal networks are targeting our most vital systems - risking blackouts, explosions, and economic chaos.
• Part exposé, part urgent warning, System Failure is a wake-up call for anyone who takes electricity, water, or fuel for granted.
• Power grids, oil refineries, and water systems.
• These are not just utilities - they are the lifelines.....and they are under attack.