🔒 Kevin Kasberg
Details
Computer and Information Systems Security/Information Assurance
Western Governors University
2020 : 2021
Cardinal Health
Sr Information Security and Risk Engineer
• Manage a team of engineers each with their own strategic projects and initiatives
• Generate consistent metrics allowing for tracking of program maturity over time to meet organizational goals.
• Develop and implement a vulnerability management program based on NIST SP 800-53 and the MITRE ATT&CK framework, resulting in as 30% risk mitigation of risk in the organization's systems and networks.
• Utilize threat intelligence feeds to proactively identify potential threats and vulnerabilities and develop strategies to mitigate them.
• Conduct regular vulnerability assessments and testing based on NIST and MITRE guidelines, identifying and addressing security weaknesses in the organization's web applications, network infrastructure, and other systems.
• Work closely with technical teams to prioritize and remediate vulnerabilities identified through NIST and MITRE frameworks, resulting in a 60% vulnerability reduction, and verifying compliance with industry standards.
• Work toward maturing our vulnerability management and threat intelligence programs based on MITRE's ATT&CK framework, utilizing analytics to identify and analyze potential threats and trends.
• Conduct risk assessments using NIST guidelines for identifying and prioritizing potential threats and vulnerabilities to critical assets.
• Collaborate with external vendors and partners to leverage their expertise and tools for vulnerability management and threat intelligence, ensuring the organizational access to the latest technology and best practices.
• Stay current with the latest publications, guidelines, and recommendations related to vulnerability management and threat intelligence, incorporating them into the organization's security strategies and practices.
• Conduct continuous reviews and assessments of the organization's vulnerability management and threat intelligence programs, identifying areas for improvement and implementing strategies to enhance the organization's overall security posture.
2022 : 2023
Cardinal Health
Information Security and Risk Manager
• Verified controls such as firewalls, intrusion detection/prevention systems, access control systems, and other security controls to secure networks and systems in compliance with industry standards and confirmed their efficacy against assessed threats and vulnerabilities.
• Conducted vulnerability scanning, penetration testing, and log analysis using tools such as vulnerability stanning tools, Metasploit, and Splunk to identify potential security risks and vulnerabilities in the organization's systems and networks.
• Identified and worked with cross-team workgroups to mitigate security risks and vulnerabilities, such as patch management, security hardening, and network segmentation, resulting in improved security posture and reduced risk exposure.
• Collaborated with other members of the security team and external vendors to assess and respond to security incidents, investigate security breaches, and resolve security issues in a timely and effective manner.
• Communicated technical security information to non-technical stakeholders, such as senior leadership and business units, to raise awareness of security risks and promote best practices.
2021 : 2023
Cardinal Health
Information Security and Risk Engineer
• Utilized project management skills, including PMS I certification, to effectively plan and execute projects
• Worked with stakeholders to identify data needs and develop solutions to collect, manage, and analyze data
• Analyzed large data sets using Python with Pandas and SQL, extracting insights and identifying trends to inform business decisions
• Developed and maintained databases using MS SQL, ensuring data accuracy and completeness
• Conducted ad-hoc analyses to support business operations and identify areas for improvement
• Conducted data validation and quality checks to ensure data accuracy and completeness
• Collaborated with cross-functional teams to develop and implement data-driven solutions to business challenges
2020 : 2021
Cardinal Health
Advisor, Data Analytics / Developer
• Created data visualizations using Tableau to effectively communicate insights to stakeholders
• Collaborated with cross-functional teams to develop and implement data-driven strategies to improve business performance
• Worked in an Agile environment using SCRUM methodologies to manage projects
• Created dashboards and visualizations using Tableau to effectively communicate insights to stakeholders
• Worked in an Agile environment using SCRUM methodologies to manage projects
2015 : 2020
Cardinal Health
Senior Software Implementation Consultant / Data Analyst
Skills
Agile Methodologies, Alteryx, Analytical Skills, Analytics, Coaching, Communication, Cross-functional Team Leadership, Cybersecurity, Data Analysis, Data Analytics, Data Visualization, Information Security, Information Security Management, Installations, Integration, Interpersonal Skills, ISO 27001, JIRA, Leadership, linux, Management, Microsoft Power BI, Networking, Network Security, NIST, Policy Development, Problem Solving, Process Improvement, Project Management, Project Management., Python (Programming Language), Risk Frameworks, Risk Management, Security Compliance, Software Implementation, Software Integration, Solution Implementation, SQL, Strategic Planning, Tableau, Teradata SQL, Threat & Vulnerability Management, Transact-SQL (T-SQL), Troubleshooting, Vulnerability Management
About
As an experienced information security manager with over 10 years in information technology, I have a proven track record of developing and implementing effective security strategies that align with organizational goals and objectives.
Throughout my career, I have demonstrated a deep understanding of security frameworks and regulations, such as NIST and HIPAA, SOX, GDPR, and have a strong technical background in various operating systems, network protocols, and scripting languages. I have extensive experience in developing and managing security programs, including policies and procedures, compliance initiatives, and security awareness training programs.
My skills include vulnerability management, threat intelligence and, risk assessment. I have successfully managed teams to execute comprehensive security assessments, identify security risks and vulnerabilities, and implement effective security controls and technologies to mitigate those risks. I have also led incident response efforts, including investigation, remediation, and reporting.
I am highly collaborative, with excellent communication skills that enable me to effectively communicate complex technical information to both technical and non-technical stakeholders. I have experience in presenting to senior leadership teams and board members and am adept at translating technical security information into business terms. I have also worked closely with other departments, such as legal and compliance, to ensure that security initiatives are aligned with organizational goals.
I am committed to continuous learning and staying up-to-date with the latest security technologies, threats, and best practices. I hold various industry certifications, such as CYSA+, SSCP, and GCIH, and actively participate in industry associations and events to expand my knowledge and network.
I am passionate about protecting organizational assets and helping organizations achieve their security goals. I am looking to continue my career in a challenging role that will allow me to utilize my skills and experience to make a meaningful impact on the security posture of an organization. If you are looking for a security professional who is committed to excellence, has a strong technical background, and is passionate about security, then I would welcome the opportunity to connect and discuss potential opportunities.
Profile Photo
