Strategic information security is my passion at work, while pursuing continuing education and in my free time. I attend security events and test/build knowledge with tools on a home lab to ensure I stay up-to-date and well-rounded in the ever evolving security space. I am a detail oriented fast learner that is eager and diligent in keeping current with emerging technologies and industry trends. My goals include creatively and analytically working at problem-solving to ensure enterprise and security goals are achieved. Recent training: GIAC Certified Incident Handler certification (GCIH), SANS GISP, and CISSP. Currently studying for CISM.

Senior Information Security Analyst @ Assist Senior Compliance Analyst with IT Audit, Compliance and Regulatory activities. Including: ISO 27001, SSAE 16 SOC1 & SOC2, Security Awareness Training, Policy/Standards/Procedures creation and review Investigate and mitigate security risks pertaining to results of internal vulnerability scanning, intrusion detection/protection alerts (IDS/IPS), log monitoring and Security Information and Event Management (SIEM) logs Creating/updating Incident Response processes and documenting procedures Monitor and manage internal and external vulnerability scanning Track, research, and mitigate suspected malware activity Actively manage Data Loss Prevention (DLP) including deployment, monitoring alerts, and tracking metrics Manage and monitor enterprise level log collection and analysis including creation of real-time alerting and executive summary dashboards Effectively manage multiple projects including delegating work to interns From December 2013 to Present (2 years 1 month) Lecturer @ CNS 533 Enterprise Security Infrastructure Controls and Regulatory Compliance. Design, implementation, support and management of control methods in enterprise environments. Focus is on how these controls can help organizations achieve regulatory compliance. Review of Sarbanes-Oxley and its impact on IT systems. Detailed study of how risk assessment methods, information security program management and ERP systems can be used to fulfill regulatory and legal requirements. Control Objectives for Information and related Technology (COBIT) guidelines and best practices for SOX compliance. Security management standards (ISO 17799, BS 7799 and ISO 27001) From September 2015 to Present (4 months) Security Analyst @ Correlate data from live traffic captures, device logs and customers to analyze threats and troubleshoot issues Mitigate security risks pertaining to results of internal vulnerability scanning, Intrusion detection/protection log monitoring (IDS/IPS) and Security Information and Event Management (SIEM) logs Manage, monitor and troubleshoot firewalls including: Juniper, Cisco, Checkpoint and Fortinet devices Implement and manage IPsec and SSL VPNs to ensure data in transit is encrypted and secure Lower the total cost of ownership while improving security stature for customers Help businesses achieve compliance with regulatory frameworks such as PCI DSS Deploy, maintain and troubleshoot email and web content filtering Support Network Access Control (NAC) solutions to secure client internal physical network connections Ensure file integrity using agents that report to a centralized management console Protecting data confidentiality using full disk, USB and E-mail encryption Configure and support multiple implementations of two factor authentication Administer Linux configurations and troubleshoot: network interfaces, services and IP tables From March 2013 to December 2013 (10 months) Project Manager - Public Key Infrastructure Support Desk @ Reduced monthly call abandonment from 21% to an average of 5% through re-working staffing and creatively restructuring support Act as primary interface between consultancy employer and Department of Veterans Affairs management to ensure performance is meeting or exceeding customer expectations for projects Compose formal monthly, quarterly, and semi-annual reports for project stakeholders based on reporting metrics and requirements obtained from customer Routinely analyze service desk metrics and performance to ensure helpdesk provides the most effective support with current resources Take an ITIL aligned service management approach by utilizing BMC Remedy & CA Service Desk Manager trouble ticket software to track and investigate issues for root cause analysis Create, review, modify, and provide updates on project improvement documentation and standard operation procedures Provide level I & II support for issues related to Public Key Infrastructure (PKI) including; assisting user in configuring Microsoft Outlook settings, Exchange server settings, and Active Directory profile settings Provide support for TLS\SSL certificate issuance and troubleshooting as well as vetting requests submitted to the VA’s certificate authority Develop training documents and procedures and instruct training for new staff Monitor multiple inboxes, call queue, and web-based portals to analyze, triage, categorize, and prioritize all events Provide feedback and input as part of a preliminary test group for new processes and procedures to establish an aggressive approach to service delivery From May 2011 to March 2013 (1 year 11 months) Senior Analyst - VPN & PKI Support Desk @ Department of Veterans Affairs Network Security and Operations Center (NSOC) Promoted from basic support analyst to senior analyst Tracked and documented incidents generated by network intrusion prevention systems (NIPS) and host based intrusion prevention systems (HIPS) Worked with and provide technical guidance to monitor, configure, and troubleshoot technical issues with; Virtual Private Network (VPN) accounts, Access Control Servers (ACS), and Access Control Lists (ACL) Identified, reported, and tracked Incident Management issues. All confirmed incidents are reported to United States Computer Emergency Readiness Team (US-CERT) and the Office of Inspector General if necessary Provided resources for monitoring system abuse by generating internet usage reports for information security officers upon request Monitored the Automated Notification Reporting (ANR) for all service disruptions and notify the management of unscheduled outages affecting helpdesk systems Managed VPN user account access to resources such as remote desktops (RDP), webmail, and Citrix From September 2009 to May 2011 (1 year 9 months) Support Desk @ Department of Veteran’s Affair’s Network Security and Operations Center (NSOC), Hines, Illinois. Duties were same as "Senior Analyst - VPN & PKI Support Desk" position with Enterprise Information Services, but under another contract. From July 2007 to September 2009 (2 years 3 months) Operations Support @ Performed monthly manual and automated security assessments which included: port scanning, vulnerability scanning, Website testing, Spoof testing, Password auditing Trained new users on network policies and procedures Administered nightly processing, backups, tracked and installed updates for computers and servers using Windows Server Update Services (WSUS) Maintained U.S. Treasury compliance (OFAC) Responsible for ensuring the bank systems were available for daily bank opening Responsible for writing monthly formal security assessment report for management report Insured that all administrative requests or changes were accomplished in a timely manner and according to change management policies Provided bank wide support for daily troubleshooting of IT issues Assisted in core banking system conversion: • Migrated existing user profiles to new system • Collaborated with the onsite conversion and offsite tech support team to provide system support • Worked in test groups to verify system operations and integrity From July 2006 to July 2007 (1 year 1 month)

Masters, Computer, Information and Network Security @ DePaul University From 2010 to 2013 BBA, Computer Information Systems (CIS) @ Eastern Michigan University From 2001 to 2006 Joe Hartmann is skilled in: VPN, Network Security, PKI, Active Directory, Servers, Help Desk Support, Vulnerability Assessment, Computer Security, Information Security Management, Information Security, Security, Encryption, Vulnerability Management, Disaster Recovery, PCI DSS