Profiles search
Stephen Dinger, CISSP
Information Security Analyst at ITEL Laboratories, Inc.
Jacksonville, FL, United States
Details
Experience:
• Create and update Security Policies and set up metrics to monitor progress to ensure the company meets and passes our annual SOC 2 Type 2 audit/certification.
• Create Security Awareness program using phishing/vishing campaign and set up quarterly and annual security training using KnowBe4.
• Monitor SIEM to detect and respond to potential security threats and incidents.
• Create Vendor Security program. This includes creating annual security questionnaires and create program/schedule to meet time requirements for fixing any outstanding issues.
• Review and respond to Security questionnaires sent to ITEL from our customers.
• Review and approve/deny all requests for new software to ensure they meet company’s security standards.
• Review and approve/deny all requests for right/access requests to ensure to maintain least privilege and limit access creep.
• Create and implement runbooks and Standard Operating Procedures for the Security department.
• Set up and perform IT risk assessments and create a Risk Registry to assign and monitor assignments to remediate any issues.
• Perform monthly and ad hoc vulnerability scans on internal assets and company API’s.
• Perform monthly reviews of access management and settings for Active Directory, JIRA, Bitbucket, and Brivo badging systems.
• Member of Change Management Board and review all changes for any security concerns.
• Create a Security Addendum to all existing and future contracts with third party vendors.
• Create security program and processes/policies for sister company which allowed them to pass and attain SOC 2 Type 1 and Type 2 certifications in under one year.
• Create a formal Software Risk Assessment review process to lower company’s attack surface.
• Modify annual hardening standards for company workstations, servers, and IIS.
• Review all projects to ensure Secure SDLC is part of the process and being followed.
2019 : Present
ITEL Laboratories, Inc.
Senior Information Security Administrator
• Protect company’s data and assets using security tools (IPS, DLP, MSSP, AV).
• Review intelligence and threat feeds and write up reviews of relevant TTPs.
• Ensure defense and remediation of all threats.
• Monitor SIEM to detect potential security threats and incidents.
• Create runbooks and document processes to meet audit requirements.
• Monitor and update Cisco ESA.
• Review and respond to security incidents.
• Identify and implement security controls.
2018 : 2019
Florida Blue
Senior Cyber Security Threat Analyst (Contractor)
• Protect from threats and cyber-attacks by evaluating, developing, and implementing security solutions per the security architecture
• Analyze business exposure and impact from emerging security threats, risk and vulnerability assessments, and gap analysis.
• Ensure defense from, and remediation of all threats, in a cost-effective manner.
• Monitor SIEM to detect potential security threats and incidents.
• Perform research on existing and emerging cyber threats. Ensure current vulnerabilities are remediated and threats mitigated through patch management, and software and hardware controls.
• Oversee security incidents through to resolution and ensure restoration of services.
• Monitor firewall logs, and audit firewall rules. Ensure firewall rules are updated to reduce risk and exposure. Monitor IPS to monitor attacks.
• Maintain and monitor endpoint protection software to ensure endpoint threats are remediated.
• Monitor URL filtering software for internet misuse, and maintain categories, exceptions, and filtering.
• Establish information security architectural standards. Develop and update information security policies and procedures.
• Responsible for security compliance on accounts, applications, databases, networks, systems, and Active Directory, including comprehensive log analysis.
• Perform monthly information security audits. Ensure remediation of all non-compliance.
• Work on information security projects and review other IT projects according to company SDLC compliance and review projects for any Security concerns or to recommend Security controls to remediate vulnerabilities.
• Establish information security architectural standards. Develop and update information security policies and procedures.
• Establish and maintain monthly metrics reports for senior leadership.
• Security Scrum Master for the Security Operations team.
• Member of the Architecture Review Committee (ARC), Design Review Committee (DRC), and Subject Matter Experts (SME) committee
2015 : 2018
Citizens Property Insurance Corporation
Information Security Engineer - Senior
• Responsible for monitoring security applications such as Symantec (SEPM, Protection Engine, and Discovery Accelerator), Websense, Quest suite, and other security applications as required.
• Detect Information Security violations within CPIC and suggest corrective procedures.
• Responsible for compliance of IT Security Policies and reports issues and status to IT Security Management.
• Support external and internal audit efforts.
• Monitor and review security compliance on applications, databases, networks, systems, and Active Directory.
• Assure individual workstation and server security.
• Created scripts using PowerShell to automate items.
• Conduct vulnerability assessments and security risk assessments using NIST, ISO, ITIL and COBIT standards.
• Participate in security incident response, root cause analysis, and logging security incidents.
• Implement changes to procedures and systems to enhance system security.
• Create, maintain, and validate documentation.
• Conducts and assists with periodic security system audits.
• Create and maintain accurate process documentation.
• Provide application security in an agile environment for new applications/project to review/ensure there are no security risks and comply with our security policy.
• Create monthly Security metrics with trending statistics and created baselines and reports for upper management
2011 : 2015
Citizens Property Insurance
IT Security Administrator - Intermediate (Tier 2)
• Responsible for the Access Control administration and validation on CPIC systems.
• Helps update and maintain Access control authority matrix.
• Responsible for detecting any security violation within the access control domain.
• Monitors unauthorized media files and software use.
• Administers and maintains Quest password recovery manager and Quest Reporting tools.
• Assists the IS/IT Security team in the implementation of security policies.
• Processes Security work order requests within an established service level agreement.
• Responds to Service Desk Tickets.
• Responsible for user account management; account creation, account deactivation, modification of account access authority matrix as required.
• Supports external and internal audit efforts by providing accurate user account information.
• Performs data entry and the daily maintenance of security logs.
• Creates and maintains accurate process documentation and validates and review security documentation
• Performs periodic account and system audits and maintain security NDA files.
• Participates in projects as assigned.
• Assists in the communication of Security policies, processes, and procedures to users.
• Assists in the implementation and delivery of Security Awareness.
• Communicates and reports issues, status, and results to IS/IT Security management.
• Monitors and logs the use of Information security hardware and software.
• Maintain Access 2007 database and create and run queries for reporting purposes.
2010 : 2011
Citizens Property Insurance Corporation
IT Security - Access Control Technician
• Create Security Awareness program using phishing/vishing campaign and set up quarterly and annual security training using KnowBe4.
• Monitor SIEM to detect and respond to potential security threats and incidents.
• Create Vendor Security program. This includes creating annual security questionnaires and create program/schedule to meet time requirements for fixing any outstanding issues.
• Review and respond to Security questionnaires sent to ITEL from our customers.
• Review and approve/deny all requests for new software to ensure they meet company’s security standards.
• Review and approve/deny all requests for right/access requests to ensure to maintain least privilege and limit access creep.
• Create and implement runbooks and Standard Operating Procedures for the Security department.
• Set up and perform IT risk assessments and create a Risk Registry to assign and monitor assignments to remediate any issues.
• Perform monthly and ad hoc vulnerability scans on internal assets and company API’s.
• Perform monthly reviews of access management and settings for Active Directory, JIRA, Bitbucket, and Brivo badging systems.
• Member of Change Management Board and review all changes for any security concerns.
• Create a Security Addendum to all existing and future contracts with third party vendors.
• Create security program and processes/policies for sister company which allowed them to pass and attain SOC 2 Type 1 and Type 2 certifications in under one year.
• Create a formal Software Risk Assessment review process to lower company’s attack surface.
• Modify annual hardening standards for company workstations, servers, and IIS.
• Review all projects to ensure Secure SDLC is part of the process and being followed.
2019 : Present
ITEL Laboratories, Inc.
Senior Information Security Administrator
• Protect company’s data and assets using security tools (IPS, DLP, MSSP, AV).
• Review intelligence and threat feeds and write up reviews of relevant TTPs.
• Ensure defense and remediation of all threats.
• Monitor SIEM to detect potential security threats and incidents.
• Create runbooks and document processes to meet audit requirements.
• Monitor and update Cisco ESA.
• Review and respond to security incidents.
• Identify and implement security controls.
2018 : 2019
Florida Blue
Senior Cyber Security Threat Analyst (Contractor)
• Protect from threats and cyber-attacks by evaluating, developing, and implementing security solutions per the security architecture
• Analyze business exposure and impact from emerging security threats, risk and vulnerability assessments, and gap analysis.
• Ensure defense from, and remediation of all threats, in a cost-effective manner.
• Monitor SIEM to detect potential security threats and incidents.
• Perform research on existing and emerging cyber threats. Ensure current vulnerabilities are remediated and threats mitigated through patch management, and software and hardware controls.
• Oversee security incidents through to resolution and ensure restoration of services.
• Monitor firewall logs, and audit firewall rules. Ensure firewall rules are updated to reduce risk and exposure. Monitor IPS to monitor attacks.
• Maintain and monitor endpoint protection software to ensure endpoint threats are remediated.
• Monitor URL filtering software for internet misuse, and maintain categories, exceptions, and filtering.
• Establish information security architectural standards. Develop and update information security policies and procedures.
• Responsible for security compliance on accounts, applications, databases, networks, systems, and Active Directory, including comprehensive log analysis.
• Perform monthly information security audits. Ensure remediation of all non-compliance.
• Work on information security projects and review other IT projects according to company SDLC compliance and review projects for any Security concerns or to recommend Security controls to remediate vulnerabilities.
• Establish information security architectural standards. Develop and update information security policies and procedures.
• Establish and maintain monthly metrics reports for senior leadership.
• Security Scrum Master for the Security Operations team.
• Member of the Architecture Review Committee (ARC), Design Review Committee (DRC), and Subject Matter Experts (SME) committee
2015 : 2018
Citizens Property Insurance Corporation
Information Security Engineer - Senior
• Responsible for monitoring security applications such as Symantec (SEPM, Protection Engine, and Discovery Accelerator), Websense, Quest suite, and other security applications as required.
• Detect Information Security violations within CPIC and suggest corrective procedures.
• Responsible for compliance of IT Security Policies and reports issues and status to IT Security Management.
• Support external and internal audit efforts.
• Monitor and review security compliance on applications, databases, networks, systems, and Active Directory.
• Assure individual workstation and server security.
• Created scripts using PowerShell to automate items.
• Conduct vulnerability assessments and security risk assessments using NIST, ISO, ITIL and COBIT standards.
• Participate in security incident response, root cause analysis, and logging security incidents.
• Implement changes to procedures and systems to enhance system security.
• Create, maintain, and validate documentation.
• Conducts and assists with periodic security system audits.
• Create and maintain accurate process documentation.
• Provide application security in an agile environment for new applications/project to review/ensure there are no security risks and comply with our security policy.
• Create monthly Security metrics with trending statistics and created baselines and reports for upper management
2011 : 2015
Citizens Property Insurance
IT Security Administrator - Intermediate (Tier 2)
• Responsible for the Access Control administration and validation on CPIC systems.
• Helps update and maintain Access control authority matrix.
• Responsible for detecting any security violation within the access control domain.
• Monitors unauthorized media files and software use.
• Administers and maintains Quest password recovery manager and Quest Reporting tools.
• Assists the IS/IT Security team in the implementation of security policies.
• Processes Security work order requests within an established service level agreement.
• Responds to Service Desk Tickets.
• Responsible for user account management; account creation, account deactivation, modification of account access authority matrix as required.
• Supports external and internal audit efforts by providing accurate user account information.
• Performs data entry and the daily maintenance of security logs.
• Creates and maintains accurate process documentation and validates and review security documentation
• Performs periodic account and system audits and maintain security NDA files.
• Participates in projects as assigned.
• Assists in the communication of Security policies, processes, and procedures to users.
• Assists in the implementation and delivery of Security Awareness.
• Communicates and reports issues, status, and results to IS/IT Security management.
• Monitors and logs the use of Information security hardware and software.
• Maintain Access 2007 database and create and run queries for reporting purposes.
2010 : 2011
Citizens Property Insurance Corporation
IT Security - Access Control Technician
Company:
ITEL Laboratories, Inc.
Profile Photo
