Cybersecurity Expertise
Throughout my IT career, I have developed extensive experience in cybersecurity across various sectors. My work with diverse organizations has exposed me to numerous security threats, from employees unwittingly installing malicious software to more intentional insider threats, such as data theft. I have gained invaluable insights into the protection of sensitive information, including credit card data and corporate intellectual property. My commitment to continuous learning and professional development has led to the accumulation of several cybersecurity certifications and a passion for the field from an early age.
Key Cybersecurity Projects:
- Comisión de Agua Potable y Alcantarillado (CAPA) – Cybersecurity Administration:
- Contract Acquisition: Successfully secured a contract with CAPA after meeting stringent cybersecurity requirements.
- Penetration Testing & Vulnerability Management: Led penetration testing operations, identifying vulnerabilities, collaborating with the IT director, and ensuring patches were properly applied. Followed up with retesting and detailed reporting to ensure systems were secure.
-
- Firewall and Network Security: Supervised the acquisition and implementation of Fortinet firewalls, network monitoring tools, and access policies to safeguard CAPA’s multi-site infrastructure.
- Encrypted Communications: Implemented encryption protocols for the company’s MotoTRBO radios, ensuring secure communications. Established processes for regularly updating encryption codes.
- GPS Monitoring System: Designed and implemented a centralized GPS tracking system, allowing real-time monitoring of company vehicles and operators, which contributed to recovering stolen assets and apprehending criminals.
- Incident Response & Threat Mitigation:
- Ransomware Attack: Played a critical role in mitigating a ransomware attack by enforcing strict backup policies that preserved all data. The source of the infection was traced to a compromised USB device, and the encryption key was eventually recovered.
- Insider Threat: Successfully identified and addressed an internal data theft incident through monitoring tools, preventing the loss of sensitive information.
- Ongoing Cybersecurity Support: Provided direct cybersecurity support to top management, assisting them with phishing attempts and suspicious emails. My proactive approach and 24/7 availability fostered a sense of security within the organization, ensuring timely intervention in the event of potential threats.