Profiles search
John Hairston
Information Technology Cyber Security Analyst | PCI DSS Framework | NIST 800-53 Security Controls | SIEM Solutions - Splunk | Intrusion detection systems (IDS/IPS) | Fortify | NetBrain | Power BI
Atlanta, GA, United States
Details
Experience:
• Implemented metrics and risk assessment at the host, application, and business unit levels. Facilitated data aggregation for presentation on an executive reporting dashboard.
• Enhanced security posture through the systematic mapping of controls to potential threats, leveraging established frameworks such as NIST and PCI-DSS to proactively mitigate risk.
• Led the emphasis on industry-leading practices to secure both cloud and on-premises environments. Delivered precise recommendations for critical program updates, while embracing a culture of continuous improvement and innovative methodologies. This approach guarantees the effective implementation of comprehensive cyber frameworks, ultimately leading to enhanced operational efficiency and elevated overall business performance.
• Ensured consistent oversight and adeptly communicated program success metrics, real-time status updates, identified challenges, and potential risks to team members, stakeholders, and senior leadership. This facilitated well-informed decision-making, bolstered transparency, and enabled agile responses to emerging challenges.
2023 : Present
Equifax
Senior Cybersecurity Analyst
• Monitored network traffic to identify aberrant patterns, potential data leaks, and indicators of unauthorized access, thereby bolstering the organization's proactive threat detection capabilities and minimizing the risk of security breaches.
• Enhanced onboarding procedures by implementing Okta-Auth0 identity management for new hires, in close coordination with HR and IT teams to establish and reinforce security and audit standards. Achieved a significant 40% reduction in onboarding time, demonstrating expertise in Multi-Factor Authentication (MFA).
• Organized an audit of employee access privileges to ensure compliance with PCI DSS and reduce security risks. By revoking access for terminated employees, I was able to reduce security risks by 20%, providing greater protection for the business.
• Completed an assessment to confirm that Splunk was used to monitor networks for potential malware threats, which enabled the company to remain compliant with PCI DSS regulations and protect stored/in transit card holder data from untrusted users. Automated software solutions were used to identify and address any potential malware threats, which enabled the business to maintain compliance with regulatory standards and secure customer data. Also, built security dashboards and alerts using Splunk SIEM Tool.
• Led evaluation of Network Time Protocol (NTP) time-synchronization technology to validate compliance with industry standards, ensuring precise system time synchronization across all components increasing by 15% effective forensic analysis in the event of a breach and facilitating timely incident response.
2021 : 2023
Cox Automotive Inc.
Senior Information Technology Security Analyst
• Assessed the enablement of audit logs to accurately track access to all system components by individual users which enhanced the ability to monitor and detect any unauthorized access to the Card Data Environment (CDE), resulting in a 30% increase visibility into user activities.
• Ensured optimal server configuration by segregating functions based on their security requirements. Web servers, database servers, and DNS services were placed on separate servers, following a defense-in-depth approach, and adhering to standards like the PCI DSS Framework. This strategy bolstered security and efficiency within the environment.
• Played a pivotal role in supporting multiple internal audits by leveraging expertise in audit, security, and compliance, where contributed to the overall risk management framework of the organization. This included assessing and mitigating risks, improving controls, and establishing a culture of security and compliance awareness.
• Conducted regular internal scans of systems and networks to identify vulnerabilities in software, hardware, and configurations, effectively fortifying the organization's resilience against potential exploits by proactively addressing weaknesses.
• Launched the migration and installation of a new POS software platform, replacing the legacy system and worked closely with the development and testing teams to identify and resolve any issues or bugs prior to the production deployment.
• Verified the accuracy and integrity of the data by cross-referencing different sources and conducting reconciliation processes by ensuring that settlement reports, credit sales, and refunds aligned properly, identifying any gaps or errors in the data; reduced the average resolution time for report-related issues.
2018 : 2021
Genuine Parts Company
Cyber Security Analyst
• Audited upgrade procedure for 200+ Radiant POS systems, ensuring compliance with security protocols and regulations. Configured and optimized Back Office systems for secure data access and storage, resulting in a 10% reduction in security risks and compliance costs.
•Conducted an audit of data retention and disposal procedures across the CHD environment, confirming the accuracy of automated SQL purging of data according to the Merchants Configuration Standard Document. This ensured the integrity of data retention and disposal policies, providing the business with increased confidence in its data security.
• Led an audit process to ensure the accuracy, compliance, and security of Radiant POS software, hardware, and related assets against PCI DSS standards. Utilized advanced techniques to proactively monitor for risks and vulnerabilities, and took corrective action to mitigate them. This resulted in improved accuracy of the system, compliance with security standards, and minimized risk of data breaches, providing a secure and reliable environment for business operations.
• Supervised detailed audits of fuel station POS systems, swiping devices, and internal security measures to identify potential skimming and other tampering threats. Utilized industry-standardized protocols to analyze system vulnerabilities and recommend necessary preventive measures. Resulting improvements have enhanced the security of the fuel station's systems and provided greater protection of customer data, thereby mitigating potential business risks.
2010 : 2018
NCR Corporation
Information Technology Security Analyst
• Enhanced security posture through the systematic mapping of controls to potential threats, leveraging established frameworks such as NIST and PCI-DSS to proactively mitigate risk.
• Led the emphasis on industry-leading practices to secure both cloud and on-premises environments. Delivered precise recommendations for critical program updates, while embracing a culture of continuous improvement and innovative methodologies. This approach guarantees the effective implementation of comprehensive cyber frameworks, ultimately leading to enhanced operational efficiency and elevated overall business performance.
• Ensured consistent oversight and adeptly communicated program success metrics, real-time status updates, identified challenges, and potential risks to team members, stakeholders, and senior leadership. This facilitated well-informed decision-making, bolstered transparency, and enabled agile responses to emerging challenges.
2023 : Present
Equifax
Senior Cybersecurity Analyst
• Monitored network traffic to identify aberrant patterns, potential data leaks, and indicators of unauthorized access, thereby bolstering the organization's proactive threat detection capabilities and minimizing the risk of security breaches.
• Enhanced onboarding procedures by implementing Okta-Auth0 identity management for new hires, in close coordination with HR and IT teams to establish and reinforce security and audit standards. Achieved a significant 40% reduction in onboarding time, demonstrating expertise in Multi-Factor Authentication (MFA).
• Organized an audit of employee access privileges to ensure compliance with PCI DSS and reduce security risks. By revoking access for terminated employees, I was able to reduce security risks by 20%, providing greater protection for the business.
• Completed an assessment to confirm that Splunk was used to monitor networks for potential malware threats, which enabled the company to remain compliant with PCI DSS regulations and protect stored/in transit card holder data from untrusted users. Automated software solutions were used to identify and address any potential malware threats, which enabled the business to maintain compliance with regulatory standards and secure customer data. Also, built security dashboards and alerts using Splunk SIEM Tool.
• Led evaluation of Network Time Protocol (NTP) time-synchronization technology to validate compliance with industry standards, ensuring precise system time synchronization across all components increasing by 15% effective forensic analysis in the event of a breach and facilitating timely incident response.
2021 : 2023
Cox Automotive Inc.
Senior Information Technology Security Analyst
• Assessed the enablement of audit logs to accurately track access to all system components by individual users which enhanced the ability to monitor and detect any unauthorized access to the Card Data Environment (CDE), resulting in a 30% increase visibility into user activities.
• Ensured optimal server configuration by segregating functions based on their security requirements. Web servers, database servers, and DNS services were placed on separate servers, following a defense-in-depth approach, and adhering to standards like the PCI DSS Framework. This strategy bolstered security and efficiency within the environment.
• Played a pivotal role in supporting multiple internal audits by leveraging expertise in audit, security, and compliance, where contributed to the overall risk management framework of the organization. This included assessing and mitigating risks, improving controls, and establishing a culture of security and compliance awareness.
• Conducted regular internal scans of systems and networks to identify vulnerabilities in software, hardware, and configurations, effectively fortifying the organization's resilience against potential exploits by proactively addressing weaknesses.
• Launched the migration and installation of a new POS software platform, replacing the legacy system and worked closely with the development and testing teams to identify and resolve any issues or bugs prior to the production deployment.
• Verified the accuracy and integrity of the data by cross-referencing different sources and conducting reconciliation processes by ensuring that settlement reports, credit sales, and refunds aligned properly, identifying any gaps or errors in the data; reduced the average resolution time for report-related issues.
2018 : 2021
Genuine Parts Company
Cyber Security Analyst
• Audited upgrade procedure for 200+ Radiant POS systems, ensuring compliance with security protocols and regulations. Configured and optimized Back Office systems for secure data access and storage, resulting in a 10% reduction in security risks and compliance costs.
•Conducted an audit of data retention and disposal procedures across the CHD environment, confirming the accuracy of automated SQL purging of data according to the Merchants Configuration Standard Document. This ensured the integrity of data retention and disposal policies, providing the business with increased confidence in its data security.
• Led an audit process to ensure the accuracy, compliance, and security of Radiant POS software, hardware, and related assets against PCI DSS standards. Utilized advanced techniques to proactively monitor for risks and vulnerabilities, and took corrective action to mitigate them. This resulted in improved accuracy of the system, compliance with security standards, and minimized risk of data breaches, providing a secure and reliable environment for business operations.
• Supervised detailed audits of fuel station POS systems, swiping devices, and internal security measures to identify potential skimming and other tampering threats. Utilized industry-standardized protocols to analyze system vulnerabilities and recommend necessary preventive measures. Resulting improvements have enhanced the security of the fuel station's systems and provided greater protection of customer data, thereby mitigating potential business risks.
2010 : 2018
NCR Corporation
Information Technology Security Analyst
Company:
Equifax
About
Highly skilled and results-driven Senior Cyber Security Analyst with over 10 years of experience in the field. A trusted and knowledgeable expert in Point-of-Sale (POS) systems and Payment Card Industry Data Security Standard (PCI DSS) compliance, dedicated to providing exceptional service to clients. Identified the fundamental network security controls and their specific correlation with NIST 800-53 requirements. Demonstrated expertise in ensuring the security and integrity of sensitive data, optimizing processes, and mitigating risks. Proven track record of successfully leading and managing comprehensive audits, vulnerability assessments, and compliance initiatives for diverse organizations. Experienced in implementing and maintaining robust security controls, conducting risk assessments, and developing effective remediation strategies. Adept at collaborating with cross-functional teams, executives, and clients to achieve regulatory compliance, protect customer data, and enhance overall security posture.
AREA OF EXPERTISE
Information Technology Cyber Security Analyst | PCI DSS Framework | Vulnerability Management | SIEM Solutions - Splunk | Intrusion detection systems (IDS/IPS) | Fortify | Data visualization tool - PowerBI | Project Management tool - JIRA
Profile Photo
