My name is Char! As a Cybersecurity Analyst and IT Consultant I'm leveraging my several years of experience in technology to provide solutions for enterprise environments. I have a strong background in IT infrastructure analysis, IT Technical Support, Technical Writing/Editing, IT Services Management, and core business operations. Currently developing and expanding my skillset through coursework and certifications such as CISSP (in progress), CC, Security+, A+, Network+, and GRC.
I evaluate risk assessments at a system level focusing on process, controls frameworks, monitoring, or incident response and recovery activities; I'm focused on helping organizations achieve cyber resilience and awareness through effective combinations of empathy and technology; Someone who believes that raising every technology subject's level of awareness regarding cybersecurity and risk management is paramount to success. I excel at finding solutions for complex problems, delivering customer care excellence, and facilitating efficiencies, accountability, integrity, and results.
- 🔭 I’m currently working on IT Services Support, InfoSec, IT Security Audit/Risk Assessment/Evaluation and Cybersecurity.
- 🌱 I’m currently learning python, linux for SOC, ML, and IAM.
- 👯 I’m looking to collaborate on SIEM, DR, and vulnerability tools.
- 🤔 I’m looking for help with threat assessment tips and any of the above.
- 💬 Ask me about how resiliency, risk, ethics, and customer experience can be intersectional.
- 📫 How to reach me: Find me online and Learn More.
- 😄 Portfolio Projects See Below
- 👉 I value exchanging insights, trends, and resources relevant to navigating change, on our own terms. Watching societal interactions, tech advancements, and cultural developments teaches me daily about human nature, society, and personal resilience.
Learning Items | Project Title |
---|---|
Table of Contents | Lab Overview |
Security Audit | Conducting a Security Audit |
Network Traffic | Analyzing network structure and security |
Linux | Using Linux commands to manage file permissions |
SQL | SQL Filters and queries |
Vulns | Identifying vulnerabilities for a small business |
Documenting Incidents | Incident Handler’s Journal |
Parsing Files | Importing and parsing security-related data |
- Professional Certifications and Coursework
- Google Cybersecurity Professional Specialization & multiple certificates
- ISC2 Certified in Cybersecurity Certificate
- CISSP - In progress
- GRC/Compliance
- CompTIA Security+
- CompTIA Network+
- CompTIA A+
⚡Professional Experience Snapshot: Char Hunt⚡
Several YOE in IT professional services and IT infrastructure analysis / IT Operations / ITGC / ITSM in Business IT Support Solutions and product management throughout organizations ranging SMBs, Legal environments, Corporate
Bachelor of Arts, Concentration: Communications, Journalism, Digital/New Media
Services offered:
Information, Communication
Technical Writing and Editing
Security IT Consulting, Cybersecurity
Risk Audit, Compliance
Business IT Consulting, Core Business
Customer feedback, Market data, and Product insights, Product Management
Work location: United States
Work preference: Remote or Hybrid, In-person / On-site negotiable
● Industry: Consultant
Primary IT Consultant - Tech Ops, ITSM Management, BITS, Feb 2023 — Present
● Industry: Marketing & Communications
Cybersecurity Relations - Training and Awareness, Mentorship, Writing/Editing, June 2023 — Present
● Industry: Techical Editing and Writing,
Communications, Writing - Technical Editor, Technical Writing, Training and Awareness, Documentation, Jan 2017 — Present
● Industry: Legal
Law Firm, Legal Environments - ITSM / ITGC, IT Tech Ops, Applications Support, IT Security, Jan 2017 — April 2023
● Industry: Telecommunications (Fortune 50)
Global Technical Customer Service (CMS/MSP) - B2B / SME/ SaaS / NOC, Aug 2015 — Jan 2017
● Industry: Business Analyst
Technical Sales Support - Retail Sales & Product Marketing / Computer Software & Hardware Consultant, September 2015 — December 2015
● Industry: B2B / B2C Events
Organization Member Relations - B2B Product Marketing / Technical Liaison / Product Membership Renewals B2B B2C, Jan 2012 — October 2015
- 🔭Safeguarding digital information
- Information privacy: Regulations and compliance
- LAB ACTIVITY: Determine appropriate data handling practices
- 🔭Elements of a security plan
- The NIST Cybersecurity Framework
- Security guidelines in action, Security Controls and frameworks
- 🔭Network Attacks and defense Overview of interception tactics
- Identify: Network attacks, Analyze: network attacks
- 🔭Security Information and Event Management SIEM tools
- 🔭Secure Networks against netwok intrusion, DoS attacks
- Hands-on experience with Python, Linux, and SQL.
- Scripting Automation: Automating Cybersecurity Tasks with Python
- 🔭File / Directory privileges: Linux Administraton
- 🔭Fundamentals of Cryptography
- Public key infrastructure
- Symmetric and asymmetric encryption
The Pyramid of Pain is a conceptual model for the effective use of Cyber Threat Intelligence in threat detection operations, with a particular emphasis on increasing the adversaries' cost of operations. It's method for understanding cybersecurity threats that organizes IOCs into six different levels. Information security expert DAVID J. BIANCO was the first to formalize this idea.
Bianco's philosophy -- "Forget the Defender's Dilemma and recognize that we have a lot of chances to succeed. We may not have the resources to take them all, but by choosing wisely, we can make an attacker's job MUCH harder while giving ourselves the best chance of success."
David Bianco's concepts and ideas have helped shape the landscape of hacker defensive tactics and instrusion analysis.
You may be wondering, “What are the types of encryption?” This is a good question to ask. Computerized encryption methods generally belong to one of two kinds of encryption:
- Symmetric key encryption
- Public key encryption
Public-key cryptography is sometimes called asymmetric cryptography. It is an encryption scheme that uses two mathematically related, but non-identical, keys. One is a public key and the other a private key. Unlike symmetric key algorithms that rely on a single key to handle the encrypt and decrypt functions, each key performs a unique process. The public key is used to encrypt and the private key is used to decrypt data.
So, say for example we need to confidentially send a plain text message to someone. We'll use our friends "Alice" and "Bob" to illustrate how it works. In a nutshell, the mathematical relation, sometimes referred to as a "hash", in certain forms, makes it possible to encode a message using a person’s public key. To decode it a matching private key is used so that the plain text or data is recognizable on the recipients's end. Here's an infographic that outlines the flow:
⚡Understanding Public Key Encryption⚡
⚡The Importance of Being Cyber-aware: Cybersecurity Training and Awareness Programs⚡
You cannot promise that your organization will not be breached, especially when intrusions are taking place by the thousands, even millions each hour. Also, when the inevitable breach happens--it's not a question of if it happens, it's actually a question of when it occurs--your stakeholders can trust your organization to respond quickly and protect their interests. But you should be able to say that you’ve secured the infrastructure your organization’s sustainable growth depends on.
Companies and organizations are spending more on cybersecurity and privacy than ever before and as businesses are allocating resources accordingly on processes (governance), compliance, people, and technology.
AUDIT RISK MATRIX
⚡EXPERIENCE and SKILLS:⚡
- SIEM tools, dashboard technologies
- Cloud
- Saas
- IDS tools
- SQL
- Authentication
- NIST Cybersecurity Framework
- Risk Assessment, Cybersecurity Assessment
- Information Assurance
- Information Systems, SSL Certificates, FTP, DNS, Reverse DNS, DHCP, Network Load Balancing, VPN, Database Mirroring, Systems Administration
- Risk Management Framework
- GRC /Compliance: SOC2 Fundamentals
- Threat Analysis
- Vulnerability Assessment
- Incident Reports and Documentation
- Small group, 1:1 training programs - Security Operations, Security Principles
- 🔭Security Tools
- Blue: Wireshark, Splunk, tcpdump
- Red: Burp Suite, Metasploit, Nmap
- Microsoft Windows Defender for Endpoint
- Threat and Vulnerability Management, Kali Linux, Risk Mitigation, Malware Analysis
- Operating Systems: Windows, Linux/Unix, MacOS
- Database Security: Microsoft SQL Server
- CISCO Secure Endpoint / Meraki / Firepower
- Alien Vault, OneAgent, SIEM, IBM QRadar, Crowdstrike Falcon, Netskope, AMP
- Network Security: Wireless Security, Cloud Security, Cryptography, Firewall Configuration & Administration, VPN, Ports, IoT, IDS, IPS
- Virtualization: VMware, Hyper-V, Configuring Ubuntu & Kali Linux Machines
- TCP/IP networking, network security concepts
- Identity & Access Management: Active Directory, AWS, Azure, Access Control Lists, User Permissions & Security Groups
- Risk, Governance & Compliance: Regulatory Frameworks, Security Auditing, Compliance Checking, Identity Governance, Data Security & Privacy, Security Policy, Mobile Device Management
- Basic Algorithm scripting, algorithm development automation
- Basic Programming: Linux, Bash, Python
- CYBERSECURITY: IT Audit, ITGC, Risk Assessment and design reviews, Controls / Standards ISO-27001, NIST-800, PCI, NIST SP 800-39, HIPAA, NIST 800-82, GDPR, NISTIR 8286, NIST SP 800-30, Security Architecture, Risk Appetite, BC / DR / IR Concepts
- Web Application Security concepts (OWASP)
Visit these Helpful Forums for further Learning & Development.