Patrick Hughes

Information Security Professional

Poughkeepsie, NY, United States

Details

Education: Bachelor's Degree

Management Information Systems and Services

State University of New York Empire State College

2013 : 2019

English

The Ohio State University

1994 : 1999

Experience: 2022 : Present

Moody's Corporation

Senior Cybersecurity Engineer

2022 : 2022

Strategic Financial Solutions NY

Lead Information Security Engineer

-Matured security program across multiple vectors.

-Revamped and managed Splunk environment. Set up new log source ingestions (Cisco Umbrella, Meraki,

-Salesforce, Office365, Keeper, OneLogin, SentinelOne); created alerts and reports. Trained personnel in

Splunk use.

-Created and managed user security awareness programs. Implemented test phishing campaigns (quarterly

basis) and customer-facing security training; deployed Phish Alert button into users’ Outlook.

-Deployed MFA for +800 users in Office365 environment. Developed user documentation; worked with

infrastructure team on enforcement and audits.

-Follow trends in threat intelligence; remediate new and ongoing threats. Consult on deployment and use of endpoint AV solution.

-Developed IT security roadmap; aligned organizational goals.

2021 : 2022

Strategic Financial Solutions NY

Information Security Analyst

Expertly provide cyber security related project planning and execution support to the on-site program manager.

Perform technical cyber security related planning and effectiveness analyses for the active IT infrastructure design. Formulate and design cyber security related design specifications. Develop and deliver consistent, high quality cyber related services and products. Provide cyber security related quality assurance check on delivered services and products. Identify opportunities for improvement and makes constructive suggestions for change.

• Proficiently Upgraded and revamped existing Qradar platform that provided more actionable intelligence, including the creation of custom alerts and daily reports, custom dashboards, and training.

• Adeptly implemented Nessus Security Center and created a regular security scanning schedule for the server range that decreased vulnerability numbers by 20% and improved patching schedule from a 90 to a 60 day cycle.

• Upgraded Qradar hardware to allow for longer event retention as well as better performance.

• Executed internal phishing program utilizing Cofense's PhishMe, resulting in 20% increase in end-user phishing awareness.

2017 : 2021

Nuvance Health

Information Security Analyst

Supported a complex security architecture that includes, next generation firewalls, web filtering, network access control, vulnerability management, log monitoring, endpoint protection, and forensic analysis. Designed, implemented, and supported new security technologies. Proactively threat hunted and performed malware analysis. Created multiple ongoing reports and dashboards used for security monitoring.

• Partnered with the Infrastructure Team to install Carbon Black Response to 10K+ individual endpoints covering all machines in the organization, allowing for upgraded malicious detection processes based on hash values and isolate machines where required.

• Effectively created reporting and dashboards in Splunk analytics driven SIEM; decommissioned legacy Oradar platform.

• Implemented and administrated POC systems for security orchestration, to include Phantom, Demisto and Resilient.

• Created and maintained Cyber Security WIKI documenting multiple systems and general “how-to” documentation.

• Member of FSISAC and InfraGard for security knowledge sharing and action.

2016 : 2017

OppenheimerFunds

Cyber Security Engineer

Company: Moody's Corporation

Years of Experience: 26

Spoken Language: English

Skills

Active Directory, Business Analysis, Business Continuity, Cloud Computing, Cybersecurity, Data Center, Disaster Recovery, Enterprise Architecture, Integration, ITIL, IT Management, IT Operations, IT Strategy, Microsoft Outlook, Process Improvement, Requirements Analysis, SDLC, Security, SharePoint, Software Development Life Cycle (SDLC), Unix, Vendor Management, Visio

About

► Seasoned professional with a solid technical background and hands-on experience designing, implementing, and managing multi-tiered high-range IT security systems. Mastery in a wide range of infrastructure and security solutions architecture and operations, enterprise network design and troubleshooting. Capable of creating and implementing reliable and cost-effective communication systems that drive productivity and efficiency. Comfortable in a fast-paced environment requiring critical thinking and strong problem-solving skills; strong knowledge with Microsoft-based server environments.

► Trusted partner, cross-functional analyst and excellent communicator producing exceptional results and maintaining strong, healthy relationships with management, customers and colleagues at all levels; excellent verbal and written communications. A professional that instills a positive working environment while directing and motivating diverse teams.

► Proven track record of implementing large scale and complex projects; armed with a solid background in operations, production, logistics, and infrastructure management.