Profiles search
Toby Edwards
CISO, Virtual / Fractional
Hot Springs National Park, AR, United States
Details
Education:
Master’s Degree
Cybersecurity, Computer Forensics Specialization
Utica College
2015 : 2016
Bachelor of Science
Computer Information Systems
Walden University
2011 : 2013
Associate's Degree
Computer Information System Technology
Ouachita Technical College
2003 : 2005
High School Diploma
Maric High School
1988 : 1988
Cybersecurity, Computer Forensics Specialization
Utica College
2015 : 2016
Bachelor of Science
Computer Information Systems
Walden University
2011 : 2013
Associate's Degree
Computer Information System Technology
Ouachita Technical College
2003 : 2005
High School Diploma
Maric High School
1988 : 1988
Experience:
Natural State Grow, Inc. has five sister companies within the medical marijuana industry. I have been the Virtual / Fractional CISO since the company start-up in 2019.
• Developed and implemented information security protocols and risk management for all five start-up companies.
• Monitor and advise risk management program.
• Provide leadership and guidance to the information security team.
• Assist with overall business technology planning to ensure company compliance and scalability.
• Created and implemented disaster recovery program.
• Assess and manage any new or potential threats.
• Collaborate with company executives to mitigate risk and align initiatives.
2019 : Present
Natural State Grow, Inc
Chief Information Security Officer
Independent Contractor / Freelance
o 1099 contracts
o Cyber security assessments, services, and consultations to companies with signed NDAs which included but were not limited to :
o Hardened devices such as firewall, routers, computers, networks, printers, etc.
o Hardened Wi-Fi connection.
o Used NIST guidelines for cybersecurity framework.
o Ensured security patches and updates were installed.
o Secured remote access including implementing strong passwords, two-factor authentication, and remote access policies.
o Set-up, configured, and monitored firewall logs.
o Performed security assessments, data security analysis, and incident response escalation from a forensics perspective.
o Integrated security programs and assisted in defining the level of security needed.
o Processed the containment and remediation of incidents.
o Monitored cyber security threats and associated activity.
o Setup Disaster Recovery Plans.
o Maintained all anti-virus and malware updates and installation.
o Provided consultation support for new hardware systems.
o Developed and implement security protocols and provide help desk support.
o LAN/WAN troubleshooting and repair.
o Identified opportunities to reduce risk and document remediation options.
o Maintained awareness of current network/system security technologies.
o Setup remote user access whether it was VPN or software based like LogMeIn.
o Expanded or modified systems to serve new purposes or modify workflows.
o Budgeted and monitored financial data for networking purchases.
o Setup Active Directory and Group Policies
o Trained users for various tasks and/or new OS/programs.
o Lennox Commercial Service Centers, Benton, AR
o Assessed, budgeted, designed, and installed the initial system using a WAN Topology to include four on-site users and two off-site users with remote access for a total of 12 devices and scalability to expand to two other locations.
The Appraisal CO
LindaEdwards.com
2002 :
E&E Enterprises
Information Security Consultant
Coordinate evidence gathering and remediation of findings resulting from penetration testing, vulnerability management and compliance/certification activities. Contribute to security control design, development, assessment, and testing. Help the organization to understand, categorize and prioritize security control gaps and vulnerabilities, determine effective risk mitigation strategies and drive remediation activities.
Essential Duties and Responsibilities :
• Confirm and assess severity, propose mitigations, and track remediation of findings resulting from penetration testing, vulnerability management and compliance/certification activities.
• Maintain vulnerability and risk registers, collaboratively establish risk treatment plans with stakeholders, and drive risk mitigation and remediation activities.
• Manage security policy exceptions requests where deficiencies identified cannot be remediated.
• Perform security risk assessments on new tools, applications, or systems.
• Produce risk and vulnerability management metrics and reports showing performance trends.
• Participate and support certification, compliance, and audit activities.
• Support InfoSec awareness training and anti-phishing activities.
2022 : 2022
Foothills Consulting Group
Sr. Information Security Analyst
Responsible for administering, monitoring, and maintaining an enterprise security log and SIEM system. Partners with IS&T departments to implement processes and procedures to align with provided guidelines. Implement SOX frameworks in current applications and networks. Assist with security projects, provide timely deliverables within scope and budget as well as assist in event research process. Conduct vulnerability and compliance assessments and reports on deficiencies and proposed remedies. Serve as member of security response team and works with team to conduct risk assessment analysis. Provide support for all enterprise security audits.
Also work to provide transformational change through cultivation of business and IT partnerships and work to think outside the box to develop and initiate positive change and work relationships. Perform data security analysis and incident response escalation from a forensics perspective. Process the containment and remediation of incidents. Monitor cyber security threats and associated activity. Identifies opportunities to reduce risk and documents remediation options. Other job functions included other duties such as assessing and documenting compliance and risk relating to informational assets, ensuring effective system-wide security analysis; intrusion detection; standards and guidelines and working on audits, system administration, vulnerability management. Create documentation for processes and guides.
Configure and monitor Imperva WAF. Collaborate with various departments to ensure cohesive data flow.
2021 : 2022
TEKsystems
Information Security Analyst
o Was responsible for administering, monitoring, and maintaining an enterprise security log and SIEM (QRadar) system.
o Partnered with IS&T departments to implement processes and procedures to align with provided guidelines.
o Implemented HITRUST and HIPAA frameworks in current applications and networks.
o Assisted company to obtain HITRUST certification.
o Assisted with security projects, provide timely deliverables within scope and budget as required.
o Provided guidance and support in the event research process.
o Conducted vulnerability and compliance assessments (Rapid7), monitors follow-up, and reports on deficiencies and proposed remedies.
o Served as member of security response team and works with ISO team to conduct penetration testing and risk assessment analysis.
o Provided support for all enterprise security audits.
o Established and maintain cooperative and productive relationships with stakeholders including IS&T staff, Enterprise business areas, third parties and contractors.
o Monitored cyber security threats and associated activity.
o Monitored/searched EDR (Carbon Black Defense/Response) for malicious activity.
o Monitored PhishER for potential malicious emails.
o Performed data security analysis and incident response escalation from a forensics perspective.
o Processed the containment and remediation of incidents.
o Incident Response
o Utilized ServiceNow
o Monitored email that is held in Mimecast that potentially violate company policy. Either approve or reject on a case-by-case basis.
o Monitored Digital Guardian.
o Collaborated Round Table discussions.
o Other job functions included GRC analyst duties such as assessing and documenting Compliance and Risk relating to informational assets, ensuring effective system-wide security analysis; intrusion detection; standards and guidelines and working on audits, system administration, vulnerability management.
2020 : 2021
Arkansas Blue Cross Blue Shield
Information Security Analyst / GRC
• Developed and implemented information security protocols and risk management for all five start-up companies.
• Monitor and advise risk management program.
• Provide leadership and guidance to the information security team.
• Assist with overall business technology planning to ensure company compliance and scalability.
• Created and implemented disaster recovery program.
• Assess and manage any new or potential threats.
• Collaborate with company executives to mitigate risk and align initiatives.
2019 : Present
Natural State Grow, Inc
Chief Information Security Officer
Independent Contractor / Freelance
o 1099 contracts
o Cyber security assessments, services, and consultations to companies with signed NDAs which included but were not limited to :
o Hardened devices such as firewall, routers, computers, networks, printers, etc.
o Hardened Wi-Fi connection.
o Used NIST guidelines for cybersecurity framework.
o Ensured security patches and updates were installed.
o Secured remote access including implementing strong passwords, two-factor authentication, and remote access policies.
o Set-up, configured, and monitored firewall logs.
o Performed security assessments, data security analysis, and incident response escalation from a forensics perspective.
o Integrated security programs and assisted in defining the level of security needed.
o Processed the containment and remediation of incidents.
o Monitored cyber security threats and associated activity.
o Setup Disaster Recovery Plans.
o Maintained all anti-virus and malware updates and installation.
o Provided consultation support for new hardware systems.
o Developed and implement security protocols and provide help desk support.
o LAN/WAN troubleshooting and repair.
o Identified opportunities to reduce risk and document remediation options.
o Maintained awareness of current network/system security technologies.
o Setup remote user access whether it was VPN or software based like LogMeIn.
o Expanded or modified systems to serve new purposes or modify workflows.
o Budgeted and monitored financial data for networking purchases.
o Setup Active Directory and Group Policies
o Trained users for various tasks and/or new OS/programs.
o Lennox Commercial Service Centers, Benton, AR
o Assessed, budgeted, designed, and installed the initial system using a WAN Topology to include four on-site users and two off-site users with remote access for a total of 12 devices and scalability to expand to two other locations.
The Appraisal CO
LindaEdwards.com
2002 :
E&E Enterprises
Information Security Consultant
Coordinate evidence gathering and remediation of findings resulting from penetration testing, vulnerability management and compliance/certification activities. Contribute to security control design, development, assessment, and testing. Help the organization to understand, categorize and prioritize security control gaps and vulnerabilities, determine effective risk mitigation strategies and drive remediation activities.
Essential Duties and Responsibilities :
• Confirm and assess severity, propose mitigations, and track remediation of findings resulting from penetration testing, vulnerability management and compliance/certification activities.
• Maintain vulnerability and risk registers, collaboratively establish risk treatment plans with stakeholders, and drive risk mitigation and remediation activities.
• Manage security policy exceptions requests where deficiencies identified cannot be remediated.
• Perform security risk assessments on new tools, applications, or systems.
• Produce risk and vulnerability management metrics and reports showing performance trends.
• Participate and support certification, compliance, and audit activities.
• Support InfoSec awareness training and anti-phishing activities.
2022 : 2022
Foothills Consulting Group
Sr. Information Security Analyst
Responsible for administering, monitoring, and maintaining an enterprise security log and SIEM system. Partners with IS&T departments to implement processes and procedures to align with provided guidelines. Implement SOX frameworks in current applications and networks. Assist with security projects, provide timely deliverables within scope and budget as well as assist in event research process. Conduct vulnerability and compliance assessments and reports on deficiencies and proposed remedies. Serve as member of security response team and works with team to conduct risk assessment analysis. Provide support for all enterprise security audits.
Also work to provide transformational change through cultivation of business and IT partnerships and work to think outside the box to develop and initiate positive change and work relationships. Perform data security analysis and incident response escalation from a forensics perspective. Process the containment and remediation of incidents. Monitor cyber security threats and associated activity. Identifies opportunities to reduce risk and documents remediation options. Other job functions included other duties such as assessing and documenting compliance and risk relating to informational assets, ensuring effective system-wide security analysis; intrusion detection; standards and guidelines and working on audits, system administration, vulnerability management. Create documentation for processes and guides.
Configure and monitor Imperva WAF. Collaborate with various departments to ensure cohesive data flow.
2021 : 2022
TEKsystems
Information Security Analyst
o Was responsible for administering, monitoring, and maintaining an enterprise security log and SIEM (QRadar) system.
o Partnered with IS&T departments to implement processes and procedures to align with provided guidelines.
o Implemented HITRUST and HIPAA frameworks in current applications and networks.
o Assisted company to obtain HITRUST certification.
o Assisted with security projects, provide timely deliverables within scope and budget as required.
o Provided guidance and support in the event research process.
o Conducted vulnerability and compliance assessments (Rapid7), monitors follow-up, and reports on deficiencies and proposed remedies.
o Served as member of security response team and works with ISO team to conduct penetration testing and risk assessment analysis.
o Provided support for all enterprise security audits.
o Established and maintain cooperative and productive relationships with stakeholders including IS&T staff, Enterprise business areas, third parties and contractors.
o Monitored cyber security threats and associated activity.
o Monitored/searched EDR (Carbon Black Defense/Response) for malicious activity.
o Monitored PhishER for potential malicious emails.
o Performed data security analysis and incident response escalation from a forensics perspective.
o Processed the containment and remediation of incidents.
o Incident Response
o Utilized ServiceNow
o Monitored email that is held in Mimecast that potentially violate company policy. Either approve or reject on a case-by-case basis.
o Monitored Digital Guardian.
o Collaborated Round Table discussions.
o Other job functions included GRC analyst duties such as assessing and documenting Compliance and Risk relating to informational assets, ensuring effective system-wide security analysis; intrusion detection; standards and guidelines and working on audits, system administration, vulnerability management.
2020 : 2021
Arkansas Blue Cross Blue Shield
Information Security Analyst / GRC
Company:
Natural State Grow, Inc
Years of Experience:
23
Spoken Language:
English
Skills
A+ Certified Professional, Active Directory, Analytical Skills, Computer Forensics, Computer Hardware, Computer Security, Consulting, C Suite, Customer Service, Data Governance, Data Management, Digital Forensics, Disaster Recovery, Diversity, Ethical Hacking, Incident Response, Information Security, Information Security Management, Information Technology, Internet Troubleshooting, Intrusion Detection, IT Compliance, IT Governance, IT Management, IT Security Assessments, Leadership, Management, Microsoft Office, Microsoft Partner, Network Administration, Networking, Network Security, Network Troubleshooting, Office 365, Project Management, Public Speaking, Risk Management, Security Information and Event Management (SIEM), Security Management, Security Operations, Security Tools, Social Media, Software Installation, Training, Troubleshooting, U.S. Health Insurance Portability and Accountability Act (HIPAA), Vulnerability Assessment, Windows, Windows Server, Written Communication, A+ Certified, HTML, Microsoft Excel, Microsoft Word, PowerPoint, Access, Strategic Planning
About
Cybersecurity - it's not a hobby or a job; it's my passion!
Experienced and goal-oriented CISO with twenty years of progressive responsibility and experience in IT and cybersecurity and ten plus years management and supervisory experience. Skills include analytical thinking and creative problem solving, ability to establish goals, develop policies and procedures, review materials for evaluation and effectiveness, read and understand technical data, laws, rules, and regulations, and prepare detailed reports and documentation. Education includes a Master’s in Cybersecurity, Bachelor’s in Computer Information Systems/Security, Certified Computer Forensic Examiner.
Profile Photo
