Ashley Penchion
Union City,GA
Summary
Experienced and enthusiastic Consultant with track record of success across wide range of industries. Possesses exceptional interpersonal, problem-solving and analytical skills to provide advice and expertise to client organizations improving business performance. Experienced in all aspects of operations, strategy and finance.
Overview
11
11
years of professional experience
Work History
Freelance Cyber Security Consultant
Self-employed
04.2021 - Current
- Delivered outstanding service to clients to maintain and extend relationship for future business opportunities.
- Analyzed problematic areas to provide recommendations and solutions.
- Liaised with customers, management, and sales team to better understand customer needs and recommend appropriate solutions.
- Managed multiple deadlines across several businesses to meet dynamic needs of multiple clients.
- Provide consultation on security-related inquiries and challenges
- Work with various stakeholders to provide security advice and assist them in understanding the severity of security risks and remediation activities that could follow.
- Contribute to the development and maintenance of cybersecurity strategy.
- Conduct cybersecurity assessments of project design and implementation plans
- Assist in ensuring compliance with relevant cybersecurity regulations and standards.
- Participate in development and continuous improvement of the following cybersecurity programs: Threat & Vulnerability Management, Insider Threat Management, Data Governance, Cloud Security, Supplier Risk Management, Security Policies, and Cybersecurity Governance & Compliance
Cyber Security Consultant
Accenture
05.2020 - 02.2021
- Defend corporate networks from advanced, targeted attacks by leading efforts to design and implement improved processes and technologies.
- Help to upgrade their security posture by using current best practices based on standards and frameworks
- Design, develop, review, and finalize remediation recommendations based on standards and common risk management frameworks
- Perform assessments of organization's risk and security posture, collaborate with other teams, and customize work development
- Document analysis results in knowledge and/or intelligence management system
- Work across organizational lines of business to implement mitigations, remediation's, and countermeasures resulting from risk reduction goals.
Cyber Security Manager
Xavier University of Louisiana
12.2016 - 04.2020
- Provide direction for company data and Cybersecurity protection and oversee technology governance and policies
- Develop company-wide security strategy, security awareness programs, security architecture, and security incident response
- Architect and implement security fabric for monitoring, preventing, detection, alerting, troubleshooting, and reporting on cyber threats and attacks
- (LogRhythm, Cylance, Firepower, Vulnerability Management)
- Provide strategic risk guidance for projects, including evaluation and recommendation of technical controls
- Educate leaders on appropriate security risk and mitigation strategies
- Collaborate with IT Operations, DevOps, and R&D to ensure security program compliance
- Develop, maintain, and publish up-to-date security policies, standards, and guidelines
- Evaluate new Cybersecurity threats and IT trends and develop effective security controls
- Ensure accomplishment of all objectives in accordance with company policies, procedures, and strategic direction, as well as regulatory standards
- (NIST SP 800 series, GDPR, NIST CSF)
- Communicates and ensures programs, suppliers, and vendors follow applicable laws, regulations, policies, and standards
- Served as subject matter expert to internal business and technology teams on range of compliance standards as influenced by regulatory mandates (HIPAA) and industry best practices (e.g., NIST CSF, ITIL, etc.)
- Partner with business solution leaders to plan and execute internal risk assessments, conduct third-party assurance audits, and coordinate audit activities with system owners and subject matter experts
- Obtain and review supplier responses and documentation to validate supplier's appropriate implementation of information security controls
- Communicate supplier information security issues to stakeholders and ensure cyber and business risks are communicated effectively.
- Developed and maintained incident response protocols to mitigate damage and liability during security breaches
- Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack
- Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards
- Participated in creation of device hardening techniques and protocols
- Worked closely with management teams to plan, develop and execute technical strategies aligned to client's vision
Cyber Security Engineer/Security Assessor
NCI, Inc
04.2015 - 12.2016
- Conducted an average of ten yearly comprehensive assessments of management, operational, and technical security controls employed within or inherited by information system to determine the overall effectiveness of controls
- Conduct wireless, windows, Unix/Linux, database, application, and infrastructure security assessments
- Implement vulnerability scanning and remediation recommendations for the enterprise infrastructure
- Provide identification of non-compliance of security requirements and possible mitigation to requirements that are not in compliance
- Use IA tools such as: Secure Vue, Tenable Security Center, Lansweeper, HP Web Inspect, and McAfee EPO, Red Seal, and Wireshark
- Responsible for development, enhancement, organization and maintenance of organization's security assessment and audit solutions.
Cyber Security Engineer II
EOR Security
10.2014 - 04.2015
- Implement and monitor security measures for communication systems, networks, and provide advice that systems and personnel adhere to established security standards and Department of Defense requirements
- Utilize tools like Tenable NESSUS to identify vulnerabilities, as well as perform manual checks on software using such resources as DISA STIGs, SRGs(Security Requirements Guides), and NIST (National Institute of Standards and Technology) guides as well using industry best practices for hundreds of reserve Marine Corps bases
- Maintain Certification and Accreditation lifecycle
- Monitor and review Palo Alto and Imperva firewall logs
- Perform security reviews of Plan of Action and Milestones, IA controls Ports, protocols and services and database management systems within the enterprise network
Cyber Security Engineer I
Kingfisher Systems
06.2014 - 10.2014
- Manage and operate a virtualized Microsoft environment by implementing and monitoring security measures in accordance with government standards
- Perform daily system checks with Event Sentry (server monitoring tool)
- Perform server patch management in accordance with the Department of Defense Information Assurance standards
- Utilize network tools/scanners (SCAP: Security Content Automation Protocol) to adhere to industry standards and to ensure system health
- Install and maintain enterprise patch and security configurations with WSUS
- Administer and configure Windows Server 2000 up to 2012
- Manage Active Directory and Group Policy
- Manage and install Microsoft Exchange 2003 through 2008.
- Performed risk and vulnerability assessments and provided results and recommendations to senior management
- Developed, implemented and documented security programs and policies and monitored compliance across departments
Technical Support Specialist
Achievement School District
01.2013 - 06.2014
- Provided high-level technical support by resolving inquiries by phone, e-mail and web consistent with department and team service levels and goals.
- Assisted customers in identifying issues and explained solutions to restore service and functionality.
- Resolved diverse range of technical issues across multiple systems and applications for customers and end-users across various time zones.
- Collaborated with supervisors to escalate and address customer inquiries or technical issues.
- Provide consultation on security-related inquiries and challenges
- Troubleshoot issues with MS Windows, Active Directory, Exchange and MAC OS X as well as software applications, printers, and phone services
- Image and configured computers for employee and student use
- Perform basic one-on-one and small group technology training for employees as needed.
- Install and maintain hardware and software for servers and network service devices.
- Troubleshoot local area networks
- Maintained responsibility for authentication, confidentiality and integrity of information systems.
Education
Master of Science - Cybersecurity and Information Assurance
Western Governors University
Salt Lake City, UT06.2017
Bachelor of Science - Cybersecurity and Information Assurance
Western Governors University
Salt Lake City, UT08.2016
Skills
- Vulnerability Management
- Security Architecture Design
- IT Risk Management
- Security Audits
- IT Security Assessments
- Compliance Assessments
- Security Policies
- Information Security Awareness
- Governance, Risk Management, and Compliance
- Network Security
Timeline
Freelance Cyber Security Consultant
Self-employed
04.2021 - Current
Cyber Security Consultant
Accenture
05.2020 - 02.2021
Cyber Security Manager
Xavier University of Louisiana
12.2016 - 04.2020
Cyber Security Engineer/Security Assessor
NCI, Inc
04.2015 - 12.2016
Cyber Security Engineer II
EOR Security
10.2014 - 04.2015
Cyber Security Engineer I
Kingfisher Systems
06.2014 - 10.2014
Technical Support Specialist
Achievement School District
01.2013 - 06.2014
Master of Science - Cybersecurity and Information Assurance
Western Governors University
Bachelor of Science - Cybersecurity and Information Assurance
Western Governors University