Profiles search
Rachael Klamo
Segment Information Security Officer at UnitedHealth Group
Philadelphia, PA, United States
Details
Experience:
2023 : Present
UnitedHealth Group
Segment Information Security Officer
2022 : 2023
UnitedHealth Group
Cyber Defense Technical Specialist
• Map application security value, risk, and tooling through UHG’s Software Supply Chain Security while liberating data sets to provide broader visibility and enhancing asset management and asset security
• Perform on a dedicated SWAT team used as quick deployment engineers to assist in critical events such as zero-day vulnerability responses
• Served as cloud security consultant to address threat and vulnerability management and metrics for customers with security debt
• Created automated workflow management processes and compliance data reporting for the Ethical Hacking team to collect and verify technical details pre-penetration test engagement to enable Ethical Hacking resources to work more efficiently
• Lead a development team to forge a Business Track in the OSA Program broadening the audience to all users on security fundamentals including Security Policies, Threat Modeling, and CIA Triad
• Liaise and work closely with the Cyber Defense operations teams, Line of Business and Provider leads and team members, and other business partners to drive the implementation and integration of new processes and capabilities in support of the Cyber Defense mission and vision
• Assess processes to identify opportunities for improvement and leverage customer feedback to ensure operations changes meet customer needs
• Consult with Strategy, Architecture, and Engineering resources in a key position working with leaders, operations teams, and stakeholders on solutions and integrations across UnitedHealth Group
• Active instructor of Optum’s Threat Modeling course that focuses on the STRIDE methodology
• Active internal volunteer assisting with Early Career Internship Program where I served as a Shark Tank judge to help interns practice presenting their project work, Technology Development Program Interviewer and Peer Lead getting the opportunity to support our talent partners as well as provide help in onboarding and familiarizing new talent with our internal ecosystem
2021 : 2022
UnitedHealth Group
Senior Information Security Engineer
• Analyze 3rd party security assessments to determine current risks and evaluate remediation plans and prepare executive communications for AARP clients and UHC leadership
• Create a Cyber Security focused Culture change for business and developers related to implementing secure development and operations practices and proactively defend against threats for a $12B Division of UHC
• Provide security architect solutions, assist in risk mitigation, facilitate security testing and code scans, introduce security training, and fulfill security governance and best practices within the environment
• Participate in Optum Security Advocate (OSA) Program to boost experience with security principles
• Lead a development team to forge a Business Track in the OSA Program broadening the audience to all users on security fundamentals including Security Policies, Threat Modeling, and Secure Coding
• Serve as Liaison between LoB and Security Teams on frequent basis allowing Security to be a part of strategic design and establishing bi-directional relationships
• Analyze business and technology challenges, assess costs, and suggest solutions in critical decision matrices
• Develop and maintain organization’s strategy for Security and Continuous Improvement horizontals
• Collaborate with key stakeholders, leaders, development and operations teams to define architecture principles, standards and best practices that provide guidance on adequate security controls and direction
• Evangelize Innovation communication, tracking, and socialization of projects in Insurance Solutions creating a community of Innovation
2021 : 2021
UnitedHealth Group
Architecture Analyst
• Performed threat assessments for new applications including Application Security Assessments, Attack Surface Management, Threat and Vulnerability Management, and Threat Modeling
• Created an Aggregate Application scoring model based on organization’s PADU (Preferred, Acceptable, Discouraged, Unacceptable) framework and contributed findings and model to UHG Enterprise
• Created and maintained Business Continuity Plan for Information Technology department responsibilities include coordinating routine updates, testing communication plans, and overseeing documentation
• Automated build and deployment using Jenkins to reduce human error, speed up production processes, and saved 20 hours of manual processes per month
• Built and managed Grafana dashboards using scripting, InfluxDB, and Jenkins pipelines for frequent monitoring of Fortify Static Code Issue statistics and monthly ServiceNow metrics
• Delivered project on Agile Scrum based development with daily stand up and stay on velocity
• Involved in managing other version control tools and knowledge in creating Jenkins CI pipelines
2019 : 2021
UnitedHealth Group
Associate Business Systems Analyst
UnitedHealth Group
Segment Information Security Officer
2022 : 2023
UnitedHealth Group
Cyber Defense Technical Specialist
• Map application security value, risk, and tooling through UHG’s Software Supply Chain Security while liberating data sets to provide broader visibility and enhancing asset management and asset security
• Perform on a dedicated SWAT team used as quick deployment engineers to assist in critical events such as zero-day vulnerability responses
• Served as cloud security consultant to address threat and vulnerability management and metrics for customers with security debt
• Created automated workflow management processes and compliance data reporting for the Ethical Hacking team to collect and verify technical details pre-penetration test engagement to enable Ethical Hacking resources to work more efficiently
• Lead a development team to forge a Business Track in the OSA Program broadening the audience to all users on security fundamentals including Security Policies, Threat Modeling, and CIA Triad
• Liaise and work closely with the Cyber Defense operations teams, Line of Business and Provider leads and team members, and other business partners to drive the implementation and integration of new processes and capabilities in support of the Cyber Defense mission and vision
• Assess processes to identify opportunities for improvement and leverage customer feedback to ensure operations changes meet customer needs
• Consult with Strategy, Architecture, and Engineering resources in a key position working with leaders, operations teams, and stakeholders on solutions and integrations across UnitedHealth Group
• Active instructor of Optum’s Threat Modeling course that focuses on the STRIDE methodology
• Active internal volunteer assisting with Early Career Internship Program where I served as a Shark Tank judge to help interns practice presenting their project work, Technology Development Program Interviewer and Peer Lead getting the opportunity to support our talent partners as well as provide help in onboarding and familiarizing new talent with our internal ecosystem
2021 : 2022
UnitedHealth Group
Senior Information Security Engineer
• Analyze 3rd party security assessments to determine current risks and evaluate remediation plans and prepare executive communications for AARP clients and UHC leadership
• Create a Cyber Security focused Culture change for business and developers related to implementing secure development and operations practices and proactively defend against threats for a $12B Division of UHC
• Provide security architect solutions, assist in risk mitigation, facilitate security testing and code scans, introduce security training, and fulfill security governance and best practices within the environment
• Participate in Optum Security Advocate (OSA) Program to boost experience with security principles
• Lead a development team to forge a Business Track in the OSA Program broadening the audience to all users on security fundamentals including Security Policies, Threat Modeling, and Secure Coding
• Serve as Liaison between LoB and Security Teams on frequent basis allowing Security to be a part of strategic design and establishing bi-directional relationships
• Analyze business and technology challenges, assess costs, and suggest solutions in critical decision matrices
• Develop and maintain organization’s strategy for Security and Continuous Improvement horizontals
• Collaborate with key stakeholders, leaders, development and operations teams to define architecture principles, standards and best practices that provide guidance on adequate security controls and direction
• Evangelize Innovation communication, tracking, and socialization of projects in Insurance Solutions creating a community of Innovation
2021 : 2021
UnitedHealth Group
Architecture Analyst
• Performed threat assessments for new applications including Application Security Assessments, Attack Surface Management, Threat and Vulnerability Management, and Threat Modeling
• Created an Aggregate Application scoring model based on organization’s PADU (Preferred, Acceptable, Discouraged, Unacceptable) framework and contributed findings and model to UHG Enterprise
• Created and maintained Business Continuity Plan for Information Technology department responsibilities include coordinating routine updates, testing communication plans, and overseeing documentation
• Automated build and deployment using Jenkins to reduce human error, speed up production processes, and saved 20 hours of manual processes per month
• Built and managed Grafana dashboards using scripting, InfluxDB, and Jenkins pipelines for frequent monitoring of Fortify Static Code Issue statistics and monthly ServiceNow metrics
• Delivered project on Agile Scrum based development with daily stand up and stay on velocity
• Involved in managing other version control tools and knowledge in creating Jenkins CI pipelines
2019 : 2021
UnitedHealth Group
Associate Business Systems Analyst
Company:
UnitedHealth Group
About
Experienced cyber security professional working on a Cyber Defense team. Recognized promoter and advocate of positive change including security awareness, security by design, security advocacy programs, process improvement, business consulting, application security, and vulnerability management. Key strengths include self-starter, lifelong learner, public speaker, and motivator.
Profile Photo
