Profiles search
Henry Duong, CEH, CPT
Information Security
Kansas City, MO, United States
Details
Experience:
2019 : Present
Dairy Farmers of America
Information Security
-Development and evolution of cybersecurity strategies - 1 year, 3 years, 5 years, and 10 years
-Development and evolution of cloud security strategies - 1 year, 3 years, and 5 years
-Development of the Identity & Access Security group to better manage user identities and access
-Development of the Cybersecurity Risk Management group to better align the security program with the hospital mission, projects, and strategies. Also to help define gaps and help our stakeholders understand cybersecurity risk
-Development of the Cybersecurity Incident Response Program
-Development of the Cybersecurity Blue team for the architect, design, and implementation of cybersecurity controls and privacy controls
-Development of internal team metrics and scorecards to measure team success
-Provide leadership, professional development, coaching, and mentorship to team
-Create and manage the cybersecurity team budget
-Responsible for cybersecurity projects related to IAM, Cybersecurity, Risk Management, and Incident Response
-Build and maintain relationships with partners and vendors
-Foster constant communication and good relationship with Information Technology teams
-Participate in the hospital Security and Policy Committee to bring visibility to cybersecurity
-Development of cybersecurity policies, processes, and procedures
-Conversion of fragmented CSF to the HITRUST CSF
-Creation of the Risk Management Framework
-Developed comprehensive plan that attracted and retained highly skilled IAM, Cybersecurity, Risk Management, and Incident Response professionals.
-Constantly keeping up with current and future threat landscape and pivot cybersecurity strategies to meet those threats in advance of the attacks
-Strategy for the cybersecurity machine learning (ML) and artificial intelligence (AI) initiative
-Development of the foundation of cybersecurity block chaining
***A full list of responsibilities document in media section below
2015 : 2019
The University of Kansas Hospital
Infrastructure Security Manager
• Responsible for leading IT Security team and Standards.
• Lead team that obtained ISO 27001 certification for the firm in September 2014
• Experience with ISO 27001 audit process and requirements for certification
• Manage and responsible for the Information Security budget
• Advise the CIO of privacy and security as it pertains to HIPAA, ISO 27001, SOX, and client
contractual security obligations
• Maintain and review ISO 27001 ISMS, SOA, Scope, and, meeting minutes to make sure the
firm is current in all its obligation in holding the ISO 27001 certification.
• Decide, plan, design, and implement security controls and standards to be compliant with ISO
27001 (using ISO 27002 control framework), HIPAA, and client security mandates
• Responsible for internal audit processes and procedures of all network devices
• Involve with evaluating, securing, and maintaining proof of concept for cloud storage
• Maintain, review, audit, and update policy, process, and procedures annually and on a
consistent basis
• Respond to client security audits on security and privacy of their data
• Respond to security questions on potential client RFP
• Responsible for the security architecture of the firm’s network
• Perform third-party/vendor security risk assessment
• Participate in the Information Governance Board
• Manage the Risk Management program and oversight of Risk Treatment plans
• Lead enterprise virus protection efforts for all servers, desktop, and laptops
• Coordinate annual third-party network security assessment
• Perform physical security audits
2014 : 2015
Shook, Hardy & Bacon L.L.P.
Information Security Supervisor and Security Officer
•Responsible for the security architecture of the firm
•Built Risk Management program
•Built Vulnerability and Patch Management program
•Built an Incident Response program
•Manage the Information Security budget
•Evaluate risk and vulnerabilities and find security solutions to either mitigate or transfer risk
•Mentor Computer Security Analyst
•Wrote policies for the firm to be in compliance with HIPAA Omnibus Final Rule
•Wrote policies, procedures, and process for the implementation of ISO 27001
•ISO 27002 implementation of security controls
•Work and maintain good working relationship with security vendors
•Kept up to date with security best practices
•Maintain the confidentiality, integrity, and available of firm data
•Help build firm wide Security Awareness program
•Answer client security questions during yearly audits
•Direct the security landscape of the firm as threat landscape changes/evolves
•Implemented advance web applications firewall
•Implemented network TAPS
•Implemented enterprise grade access points solution to move away from using consumer grade access points
•Implemented FireEye Web Protection Security
•Security project management
•Security project assignment
2013 : 2014
Shook, Hardy & Bacon L.L.P.
Lead Security Engineer
•Evaluated and keep up with new security technologies
•Deployed and maintain vulnerability assessment solution
•Responsible for monthly internal, DMZ, and external vulnerability scans and pen-testing
•Responsible for security group's appliances, physical servers and VMWare servers
•Responsible for and lead patch management meeting with all I.T. Groups
•Maintained Enterprise McAfee ePO for virus protection on all servers, desktop, and laptops
•Help maintain and administer desktop and laptop host intrusion prevention system
•Caught OS and application/program vulnerabilities and determine risk level for firm
•Monitored virus outbreaks and vulnerabilities each day
•Deployed and maintain wireless IDS/IPS to help manage wireless risk and vulnerabilities
•Maintained firm IPS solution and UDS standards
•Maintained and monitored firm IDS solution
•Deployed and maintain centralized event log & sys log server
•Deployed and maintain firm Internet filtering solution
•Wrote up security best practices and policies
•Provided budgetary numbers for annual budget
•Worked with various vendors in pricing security solutions
•Tracked down rogue access point, unknown outside and inside IP's, and workstations.
•Deployed and implemented Security Incident Manager
•Tracked down unknown external IP's that are sending malicious traffic
•Maintained security group databases and servers for 100% uptime
•Deployed and implemented USB end-point security solution
•Deployed and implemented Patch Management solution
•Project leader for annual web assessment, database assessment and network assessment
•Responsible for Wireless assessment to mitigate wireless risk and determine signal leak and mitigate any spoofing of valid access points
2005 : 2013
Shook, Hardy & Bacon
Sr. Computer Security Analyst
Dairy Farmers of America
Information Security
-Development and evolution of cybersecurity strategies - 1 year, 3 years, 5 years, and 10 years
-Development and evolution of cloud security strategies - 1 year, 3 years, and 5 years
-Development of the Identity & Access Security group to better manage user identities and access
-Development of the Cybersecurity Risk Management group to better align the security program with the hospital mission, projects, and strategies. Also to help define gaps and help our stakeholders understand cybersecurity risk
-Development of the Cybersecurity Incident Response Program
-Development of the Cybersecurity Blue team for the architect, design, and implementation of cybersecurity controls and privacy controls
-Development of internal team metrics and scorecards to measure team success
-Provide leadership, professional development, coaching, and mentorship to team
-Create and manage the cybersecurity team budget
-Responsible for cybersecurity projects related to IAM, Cybersecurity, Risk Management, and Incident Response
-Build and maintain relationships with partners and vendors
-Foster constant communication and good relationship with Information Technology teams
-Participate in the hospital Security and Policy Committee to bring visibility to cybersecurity
-Development of cybersecurity policies, processes, and procedures
-Conversion of fragmented CSF to the HITRUST CSF
-Creation of the Risk Management Framework
-Developed comprehensive plan that attracted and retained highly skilled IAM, Cybersecurity, Risk Management, and Incident Response professionals.
-Constantly keeping up with current and future threat landscape and pivot cybersecurity strategies to meet those threats in advance of the attacks
-Strategy for the cybersecurity machine learning (ML) and artificial intelligence (AI) initiative
-Development of the foundation of cybersecurity block chaining
***A full list of responsibilities document in media section below
2015 : 2019
The University of Kansas Hospital
Infrastructure Security Manager
• Responsible for leading IT Security team and Standards.
• Lead team that obtained ISO 27001 certification for the firm in September 2014
• Experience with ISO 27001 audit process and requirements for certification
• Manage and responsible for the Information Security budget
• Advise the CIO of privacy and security as it pertains to HIPAA, ISO 27001, SOX, and client
contractual security obligations
• Maintain and review ISO 27001 ISMS, SOA, Scope, and, meeting minutes to make sure the
firm is current in all its obligation in holding the ISO 27001 certification.
• Decide, plan, design, and implement security controls and standards to be compliant with ISO
27001 (using ISO 27002 control framework), HIPAA, and client security mandates
• Responsible for internal audit processes and procedures of all network devices
• Involve with evaluating, securing, and maintaining proof of concept for cloud storage
• Maintain, review, audit, and update policy, process, and procedures annually and on a
consistent basis
• Respond to client security audits on security and privacy of their data
• Respond to security questions on potential client RFP
• Responsible for the security architecture of the firm’s network
• Perform third-party/vendor security risk assessment
• Participate in the Information Governance Board
• Manage the Risk Management program and oversight of Risk Treatment plans
• Lead enterprise virus protection efforts for all servers, desktop, and laptops
• Coordinate annual third-party network security assessment
• Perform physical security audits
2014 : 2015
Shook, Hardy & Bacon L.L.P.
Information Security Supervisor and Security Officer
•Responsible for the security architecture of the firm
•Built Risk Management program
•Built Vulnerability and Patch Management program
•Built an Incident Response program
•Manage the Information Security budget
•Evaluate risk and vulnerabilities and find security solutions to either mitigate or transfer risk
•Mentor Computer Security Analyst
•Wrote policies for the firm to be in compliance with HIPAA Omnibus Final Rule
•Wrote policies, procedures, and process for the implementation of ISO 27001
•ISO 27002 implementation of security controls
•Work and maintain good working relationship with security vendors
•Kept up to date with security best practices
•Maintain the confidentiality, integrity, and available of firm data
•Help build firm wide Security Awareness program
•Answer client security questions during yearly audits
•Direct the security landscape of the firm as threat landscape changes/evolves
•Implemented advance web applications firewall
•Implemented network TAPS
•Implemented enterprise grade access points solution to move away from using consumer grade access points
•Implemented FireEye Web Protection Security
•Security project management
•Security project assignment
2013 : 2014
Shook, Hardy & Bacon L.L.P.
Lead Security Engineer
•Evaluated and keep up with new security technologies
•Deployed and maintain vulnerability assessment solution
•Responsible for monthly internal, DMZ, and external vulnerability scans and pen-testing
•Responsible for security group's appliances, physical servers and VMWare servers
•Responsible for and lead patch management meeting with all I.T. Groups
•Maintained Enterprise McAfee ePO for virus protection on all servers, desktop, and laptops
•Help maintain and administer desktop and laptop host intrusion prevention system
•Caught OS and application/program vulnerabilities and determine risk level for firm
•Monitored virus outbreaks and vulnerabilities each day
•Deployed and maintain wireless IDS/IPS to help manage wireless risk and vulnerabilities
•Maintained firm IPS solution and UDS standards
•Maintained and monitored firm IDS solution
•Deployed and maintain centralized event log & sys log server
•Deployed and maintain firm Internet filtering solution
•Wrote up security best practices and policies
•Provided budgetary numbers for annual budget
•Worked with various vendors in pricing security solutions
•Tracked down rogue access point, unknown outside and inside IP's, and workstations.
•Deployed and implemented Security Incident Manager
•Tracked down unknown external IP's that are sending malicious traffic
•Maintained security group databases and servers for 100% uptime
•Deployed and implemented USB end-point security solution
•Deployed and implemented Patch Management solution
•Project leader for annual web assessment, database assessment and network assessment
•Responsible for Wireless assessment to mitigate wireless risk and determine signal leak and mitigate any spoofing of valid access points
2005 : 2013
Shook, Hardy & Bacon
Sr. Computer Security Analyst
Company:
Dairy Farmers of America
About
A visionary in Infrastructure & Information Security. Creating sustainable and scalable security strategies to meet the growing demands to protect sensitive data from the cybercriminals.
As a Cybersecurity leader, I like to think outside the box. There are parts of Information Security that needs to be structured, but being able to and allowed to think outside the box gives more flexibility to keep up with the cybercriminals and not hinder business, but yet make business more secure and operating at optimal efficiency.
Development of cybersecurity threat scorecards and metrics to better understand trends and pivot strategies as needed to need the ever-evolving threat landscape.
Profile Photo
