Sam

vCSO

NetGain Tech • Fulltime

Jul 2024 - Present • 1 yr 10 mos

- Specialized as the company and clients CMMC Specialist. - Managed client Risk Assessments under NIST CSF 2.0, NIST 800-171, NIST 800-53, HIPPA, and SOC2. - Managed Vulnerability Scanning and Reporting for clients, in which I would be the primary resource for presenting the findings to clients after each quarterly scan and push the remediations. - Managed Tabletop exercises against clients, providing them multiple layers of incidents to build on top of each other to determine the client’s response when in need of an IRP. - Assisted clients in Cyber Insurance Renewals. - Provided onsite Technical, Administrative, and Physical walk throughs to determine baseline risk. - Would present quarterly / bi-annual security findings to clients based on data from all security tools including SIEMs, Vulnerability Reports, Phishing Campaigns, and Risk Assessments to steering committee meetings. - Provided CSO Level Consulting to clients whenever client was in need for advice.

Chief Executive Officer

The Cyber Friend

Jan 2021 - Present • 5 yrs 4 mos

Established and spearheaded a consulting group as a proactive initiative, leveraging recommended tools and methodologies to enhance security measures effectively. Coordinated social media platforms to educate younger demographics on cybersecurity, disseminating current event insights and proactive protection strategies, garnering an impressive total of 60,000 views on security awareness tips from December 2022 to February 2023. Offering services as a vCISO and doing freelance work on tools such as Fiverr. Services offered include Risk Assessments, Software Vetting/Auditing, Security Awareness Training, Policy Reviews, Policy Creation, and Vulnerability Management. Established an Azure Active Directory (AD) profile. Created multiple accounts for this AD account, implemented proper security policies, rules, and compliance regulations. Each account is for a different device and the AD is now used to run experiments with AD profiles and security.

Compliance Specialist

Network Coverage • Fulltime

Oct 2023 - Mar 2024 • 5 mos

Specialized in CMMC (Cybersecurity Maturity Model Certification). Working on Risk Assessments, Vendor Reviews, Phishing Campaigns, Security Awareness Training, Stale User Reviews, and mitigating any vulnerabilities found from CISA Alerts. When needed, I will step in as backup for the security team and work any urgent tickets that are untouched. I have worked on materials such as POAMs and SSPs going under NIST 800-171. I was then moved to manage and own the Phishing Campaigns and Security Awareness Training projects.