Profiles search
Mike Simbre
Senior Information Security Analyst/Security Operations Program Manager at the Bill & Melinda Gates Foundation
Seattle, WA, United States
Details
Experience:
2021 : Present
US Air Force Reserve
Air Force Cyber Systems Operations
Develops and designs end-to-end strategy for information security projects, security policies, standards, processes, procedures and best practices.
Provides security expertise on the design, implementation, and operation of various IT projects consisting of hardware, software, and data and voice communications assets.
Manages and configures as needed operational security infrastructure, including SIEM, anti-malware, encryption, multi-factor authentication, and more in a hybrid architecture using AWS/Azure cloud and on-premise environments/applications.
Identifies control weaknesses, regulatory compliance issues, and potential areas of risk for all segments of the data processing and information technology business and provides management with a remediation plan for such issues.
Defines and coordinates the implementation of policies for acceptable use, security, anti-virus protection, and problem/incident management.
Leads patch and vulnerability management program to proactively prevent the exploitation of IT vulnerabilities.
Studies security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.
2015 :
Bill & Melinda Gates Foundation
Information Security
Detects and investigates potential information security issues through managing, identifying and triaging IDS / IPS system alerts
Identifies vulnerabilities and security risks of networks, operating systems, applications, databases and new technology initiatives
Defines and documents repeatable processes and procedures to drive higher success rates for continuous learning and business continuity
Conducts computer forensic investigations and electronic discovery requests through malware analysis
2014 : 2015
Avanade
Information Security Operations Specialist
Data Loss Prevention (DLP) project lead – transformed underutilized DLP software to monitor and scan environment for sensitive information leaks
Automate data collection from various sources (SIEM, SQL, Nessus) and transform information into visualizations to aid C-level executives and board members in strategic decision-making
Audit PCI and HIPAA compliance of applications through interviews with business owners and business analysts; assesses, calculates, and evaluates risk and produces threat profiles based on Factor Analysis of Information Risk (FAIR) methodology
As part of the Incident Response Team, detects, contains, investigates, reports, and performs follow-up activities of information security events
Develops internal tools with accompanying documentation, designed to streamline and improve existing processes
Implements security controls, including policies, procedures, and technology solutions to mitigate risk to acceptable levels
‘Information Security Tip of the Month’ contributor for staff education on Information Security best practices
2012 : 2014
Seattle Children's
Sr Information Security Risk Management Analyst
Developed in-depth knowledge and practical application of governance, risk assessment, and compliance procedures
Performed risk assessment through use of @Risk software and Monte Carlo simulations
Analyzed compliance issues of adding mobile devices to an existing IT infrastructure
Comprised risk assessment of businesses moving to a cloud based development environment
Composed Asset Storage Protection Policy to prevent and prepare for company data leaks through loss of physical items containing confidential information
Project manager and creator of prototype of information management system for retail business
Generated HTML webpage that auto-updates code through use of XML database
Produced taxonomy for Windows Phone 7 applications
Presented class projects through PowerPoint for peers and instructors, enhancing understanding of course concepts
2010 : 2012
University of Washington
Student
US Air Force Reserve
Air Force Cyber Systems Operations
Develops and designs end-to-end strategy for information security projects, security policies, standards, processes, procedures and best practices.
Provides security expertise on the design, implementation, and operation of various IT projects consisting of hardware, software, and data and voice communications assets.
Manages and configures as needed operational security infrastructure, including SIEM, anti-malware, encryption, multi-factor authentication, and more in a hybrid architecture using AWS/Azure cloud and on-premise environments/applications.
Identifies control weaknesses, regulatory compliance issues, and potential areas of risk for all segments of the data processing and information technology business and provides management with a remediation plan for such issues.
Defines and coordinates the implementation of policies for acceptable use, security, anti-virus protection, and problem/incident management.
Leads patch and vulnerability management program to proactively prevent the exploitation of IT vulnerabilities.
Studies security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.
2015 :
Bill & Melinda Gates Foundation
Information Security
Detects and investigates potential information security issues through managing, identifying and triaging IDS / IPS system alerts
Identifies vulnerabilities and security risks of networks, operating systems, applications, databases and new technology initiatives
Defines and documents repeatable processes and procedures to drive higher success rates for continuous learning and business continuity
Conducts computer forensic investigations and electronic discovery requests through malware analysis
2014 : 2015
Avanade
Information Security Operations Specialist
Data Loss Prevention (DLP) project lead – transformed underutilized DLP software to monitor and scan environment for sensitive information leaks
Automate data collection from various sources (SIEM, SQL, Nessus) and transform information into visualizations to aid C-level executives and board members in strategic decision-making
Audit PCI and HIPAA compliance of applications through interviews with business owners and business analysts; assesses, calculates, and evaluates risk and produces threat profiles based on Factor Analysis of Information Risk (FAIR) methodology
As part of the Incident Response Team, detects, contains, investigates, reports, and performs follow-up activities of information security events
Develops internal tools with accompanying documentation, designed to streamline and improve existing processes
Implements security controls, including policies, procedures, and technology solutions to mitigate risk to acceptable levels
‘Information Security Tip of the Month’ contributor for staff education on Information Security best practices
2012 : 2014
Seattle Children's
Sr Information Security Risk Management Analyst
Developed in-depth knowledge and practical application of governance, risk assessment, and compliance procedures
Performed risk assessment through use of @Risk software and Monte Carlo simulations
Analyzed compliance issues of adding mobile devices to an existing IT infrastructure
Comprised risk assessment of businesses moving to a cloud based development environment
Composed Asset Storage Protection Policy to prevent and prepare for company data leaks through loss of physical items containing confidential information
Project manager and creator of prototype of information management system for retail business
Generated HTML webpage that auto-updates code through use of XML database
Produced taxonomy for Windows Phone 7 applications
Presented class projects through PowerPoint for peers and instructors, enhancing understanding of course concepts
2010 : 2012
University of Washington
Student
Company:
US Air Force Reserve
About
Highly accomplished, analytical, and innovative cybersecurity professional, with over 15 years of industry experience, proven leadership ability, and track record of success in driving security initiatives and executive strategy to reduce risk and improve security posture. Cybersecurity Subject Matter Expert with capability to solve complex problems while leading security teams through large-scale projects in multifaceted, highly visible, and dynamic work environments.
Storyteller and slayer of ‘data dragons’, transforming facts and statistics into visualizations for communicable and actionable intelligence.
Profile Photo
