Profiles search
Bradley Schultz
Information Security Specialist at Blue Cross Blue Shield of Michigan
Detroit, MI, United States
Details
Experience:
Maintain and support daily operations of Threat and Vulnerability Management Program (TVM)
Meet monthly with platform owners to discuss open vulnerabilities and patching cycles
Ensure platform groups are adhering to patch SLAs
Identify applications for patching to reduce risk to the company
Identify areas for risk reduction
2020 : Present
Blue Cross Blue Shield of Michigan
Information Security Specialist
Current Projects :
• Test, evaluate, and recommend essential security operations tools and vendors for Endpoint Detection and Response (EDR), Managed Security Service Provider (MSSP), and Security Information and Event Management (SIEM)
• Work with team to configure selected SIEM and EDR tools.
• Work with team to create a Security Operations Center (SOC) including the MSSP, EDR, and SIEM tools and vendors selected.
Roles and Responsibilities :
• Currently evaluating our current EDR/AV/SOC requirements and capabilities and suggesting new solutions to meet all of our needs and requirements.
• Responsible for identification, isolation, triage, and enterprise-wide remediation for both real and perceived threats.
• Drive detection and remediation of known IT security-related infrastructure vulnerabilities.
• Identify and investigate gaps and propose solutions for missing capabilities that are identified during remediation and business response.
• Help establish a process for measuring and monitoring the effectiveness of the tools and techniques for IT security incidents.
• Assist the IT Security Operations Lead in monitoring IT Security-related enterprise metrics and actively run programs, processes or projects as needed to meet or exceed minimum acceptable performance
• Create and maintain standard operating procedures related to response to external incidents, internal self-identified vulnerabilities, and insider threats to ensure the team’s preparedness to respond appropriately
• Drive remediation of all vulnerabilities on GE Transportation endpoints, ensuring appropriate response to high risk and aged findings.
2019 : 2019
Wabtec Corporation
Incident Response Specialist
Completed Projects :
• Removed WannaCry/EternalBlue/DoublePulsar from GE Transportation network using custom Splunk searches and reports divided into subnets and geographic locations for quick remediation of infection.
• Determined that WannaCry/EternalBlue/DoublePulsar proliferation through our network was due to endpoint/server images not being upgraded with latest patches before being installed on production devices.
• Recommended a new procedure to our CISO/CIO to stop all endpoint/server installations during a high priority vulnerability/threat in our environment. Suggested that new images with latest patches be created before new devices were installed on our network.
Roles and Responsibilities :
• Currently evaluating our current EDR/AV/SOC requirements and capabilities and suggesting new solutions to meet all of our needs and requirements.
• Responsible for identification, isolation, triage, and enterprise-wide remediation for both real and perceived threats.
• Drive detection and remediation of known IT security-related infrastructure vulnerabilities.
• Identify and investigate gaps and propose solutions for missing capabilities that are identified during remediation and business response.
• Help establish a process for measuring and monitoring the effectiveness of the tools and techniques for IT security incidents.
• Assist the IT Security Operations Lead in monitoring IT Security-related enterprise metrics and actively run programs, processes or projects as needed to meet or exceed minimum acceptable performance
• Create and maintain standard operating procedures related to response to external incidents, internal self-identified vulnerabilities, and insider threats to ensure the team’s preparedness to respond appropriately
• Drive remediation of all vulnerabilities on GE Transportation endpoints, ensuring appropriate response to high risk and aged findings.
2016 : 2019
GE Transportation
Incident Response Specialist
• Support the development of new Remote Monitoring & Diagnostic software
• Maintain and develop testing schedules
• Liaison between end users and development team
• Gather end user requirements
2015 : 2016
GE Transportation
Business Analyst - Contract Position
Roles and Responsibilities :
• Routine line management and leadership of staff within the Information Security Management function
• Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
• Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
• Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the SVP of Technology
• Leads the design and establishment of security requirements, security designs and implementing strategies and solutions to protect BSI from information security breaches.
• Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
• Leads or commissions suitable information security awareness, training and educational activities
• Leads or commissions information security risk assessments and controls selection activities
• Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
• Actively assist the security requirements and design processes associated with the implementation of new and changed business processes and information systems
• Investigate and report on information security issues, exposures, and threats and recommend mitigation action
• Ensure that security logs and events are monitored and implement appropriate strategies
2015 : 2015
BSI Financial Services
Information Security Manager
Meet monthly with platform owners to discuss open vulnerabilities and patching cycles
Ensure platform groups are adhering to patch SLAs
Identify applications for patching to reduce risk to the company
Identify areas for risk reduction
2020 : Present
Blue Cross Blue Shield of Michigan
Information Security Specialist
Current Projects :
• Test, evaluate, and recommend essential security operations tools and vendors for Endpoint Detection and Response (EDR), Managed Security Service Provider (MSSP), and Security Information and Event Management (SIEM)
• Work with team to configure selected SIEM and EDR tools.
• Work with team to create a Security Operations Center (SOC) including the MSSP, EDR, and SIEM tools and vendors selected.
Roles and Responsibilities :
• Currently evaluating our current EDR/AV/SOC requirements and capabilities and suggesting new solutions to meet all of our needs and requirements.
• Responsible for identification, isolation, triage, and enterprise-wide remediation for both real and perceived threats.
• Drive detection and remediation of known IT security-related infrastructure vulnerabilities.
• Identify and investigate gaps and propose solutions for missing capabilities that are identified during remediation and business response.
• Help establish a process for measuring and monitoring the effectiveness of the tools and techniques for IT security incidents.
• Assist the IT Security Operations Lead in monitoring IT Security-related enterprise metrics and actively run programs, processes or projects as needed to meet or exceed minimum acceptable performance
• Create and maintain standard operating procedures related to response to external incidents, internal self-identified vulnerabilities, and insider threats to ensure the team’s preparedness to respond appropriately
• Drive remediation of all vulnerabilities on GE Transportation endpoints, ensuring appropriate response to high risk and aged findings.
2019 : 2019
Wabtec Corporation
Incident Response Specialist
Completed Projects :
• Removed WannaCry/EternalBlue/DoublePulsar from GE Transportation network using custom Splunk searches and reports divided into subnets and geographic locations for quick remediation of infection.
• Determined that WannaCry/EternalBlue/DoublePulsar proliferation through our network was due to endpoint/server images not being upgraded with latest patches before being installed on production devices.
• Recommended a new procedure to our CISO/CIO to stop all endpoint/server installations during a high priority vulnerability/threat in our environment. Suggested that new images with latest patches be created before new devices were installed on our network.
Roles and Responsibilities :
• Currently evaluating our current EDR/AV/SOC requirements and capabilities and suggesting new solutions to meet all of our needs and requirements.
• Responsible for identification, isolation, triage, and enterprise-wide remediation for both real and perceived threats.
• Drive detection and remediation of known IT security-related infrastructure vulnerabilities.
• Identify and investigate gaps and propose solutions for missing capabilities that are identified during remediation and business response.
• Help establish a process for measuring and monitoring the effectiveness of the tools and techniques for IT security incidents.
• Assist the IT Security Operations Lead in monitoring IT Security-related enterprise metrics and actively run programs, processes or projects as needed to meet or exceed minimum acceptable performance
• Create and maintain standard operating procedures related to response to external incidents, internal self-identified vulnerabilities, and insider threats to ensure the team’s preparedness to respond appropriately
• Drive remediation of all vulnerabilities on GE Transportation endpoints, ensuring appropriate response to high risk and aged findings.
2016 : 2019
GE Transportation
Incident Response Specialist
• Support the development of new Remote Monitoring & Diagnostic software
• Maintain and develop testing schedules
• Liaison between end users and development team
• Gather end user requirements
2015 : 2016
GE Transportation
Business Analyst - Contract Position
Roles and Responsibilities :
• Routine line management and leadership of staff within the Information Security Management function
• Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
• Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
• Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the SVP of Technology
• Leads the design and establishment of security requirements, security designs and implementing strategies and solutions to protect BSI from information security breaches.
• Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
• Leads or commissions suitable information security awareness, training and educational activities
• Leads or commissions information security risk assessments and controls selection activities
• Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
• Actively assist the security requirements and design processes associated with the implementation of new and changed business processes and information systems
• Investigate and report on information security issues, exposures, and threats and recommend mitigation action
• Ensure that security logs and events are monitored and implement appropriate strategies
2015 : 2015
BSI Financial Services
Information Security Manager
Company:
Blue Cross Blue Shield of Michigan
About
Over the years, my varied skill set has enabled me to take on a variety of roles and provided me with a wealth of experience. I have learned proper development strategies, system analysis techniques, research and recommend new technologies and hardware, IT management, budget preparation and how to properly prepare project proposals. All of this has allowed me the ability to communicate effectively with all levels of users to quickly troubleshoot their issues and lead companywide projects.
All of my experiences have provided me with the insight to see how policies affect different areas of business and to identify and address any oversights or omissions.
Profile Photo
