Summary
Overview
Work History
Education
Certification
Training
Affiliations
Timeline
Work Availability
Hi, I’m

Cynthia Mitchell

Cyber Security Professional
Garner,NC
You gain strength, courage, and confidence by every experience in which you really stop to look fear in the face."
Eleanor Roosevelt
Cynthia Mitchell

Summary

20+ years of combined experience as a security practitioner, systems administrator, IT business analyst, and technical support specialist in government, big tech, financial services, and healthcare Leverages expertise in leading cyber security methodologies, application security best practices, and cyber security standards and frameworks to strengthen information security governance, risk and compliance, cyber resilience, and application security programs. Adaptable, rapid learner with the ability to quickly master new technologies, software, tools, and programming languages to keep pace with industry shifts.

Overview

20
years of professional experience
1

CompTIA Security+ce

1

Certified Threat Intelligence Research – Center for Threat Intel

1

Microsoft Certified: Azure Fundamentals

1

Pursuing Certified Cyber Intelligence Investigator (CCII) McAfee

Work History

Altera Digital Health
Raleigh, United States

Application Security Engineer
05.2021 - Current

Job overview

  • Provides application security consultation, guidance, and collaboration with security specialists, program managers, developers, and all levels of management to execute on strategic and tactical goals to improve the security of applications, software code, and infrastructure.
  • Conducts application security reviews, including threat models, architecture, software design, and security scan reviews, to identify and address security threats in an application before release to production
  • Conduct a security assessment when new features and functionalities are added to our boundary, provided security evidence shows that application control is implemented or planned.
  • Used Jira as a mechanism to track product teams compliance with application security reviews, assessments, and security testing.
  • Collaborates with development teams to ensure security is integrated into the software development life cycle of their applications.
  • Monitors proactive testing of mobile, web apps, legacy apps, and APIs using dynamic application security (DAST), static application security (SAST), and software composition analysis (SCA) techniques.
  • Reviews Dynamic Application Security Testing and Software Composition Analysis (Open Source) Scanning results identify and analyze vulnerabilities in applications, providing consultation to business units on the risk to applications and best practices for remediation.
  • Coordinates and tracks security reviews and evaluations of existing applications, technologies, and processes for SAST, DAST, threat modeling, and penetration testing per organization policy requirements.
  • Assist product teams in implementing security best practices and concepts into the Secure Development Lifecycle. Reviews security policies, standards, and guidelines to meet regulatory compliance and consistency with industry best practices.
  • Conducts data privacy and security assessments with internal stakeholders, ensuring compliance with data privacy and protection regulations including GDPR, CCPA, and NIST.
  • Experienced in application security vulnerabilities, OWASP Top 10, SANS 25, CWE, CIS Top 18, and NIST Security Standards.
  • Experience with threats and solutions relating to web applications, including cross-site scripting, URL manipulation, applications, and SQL injection
  • Perform on-going security code and testing reviews to improve software security.
  • Knowledge and familiarity with software development lifecycles (SDLC), including both waterfall and agile methodologies.
  • Experience with cloud security, IAM, security audit and monitoring, cloud network controls, security vulnerability management, security incident management, and penetration testing
  • Work with developers to communicate and track critical security vulnerabilities within application code.
  • Implement best practices for SSDLC and application security.
  • Provide guidance on secure CI/CD and API-enabled delivery.
  • Experience with web application vulnerabilities to review application source code to find its security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation.
  • Review test plans, automation, and processes to validate that application security controls and features are correct and complete; audit controls and identify areas for improvement.
  • Conduct effective risk assessments and threat modeling in a rapidly changing environment.
  • Collaborate with DevOps, Software Engineering, and Product Management to continuously improve our application security strategies and priorities for protecting our customers and company.
  • Develop and maintain technical documentation around the discovery and mitigation of threats and vulnerabilities.
  • Knowledge of web-related technologies (web applications, web services, and service-oriented architectures) and of network- and web-related protocols
  • Collaborates with teams on Implementing secure development practices in SDLC
  • Demonstrated direct project experience driving security considerations through all phases of the Software Development Lifecycle (SDLC).
  • Reviews application security scans for all web applications, mobile applications, and APIs as part of the development process and in accordance with the High-Risk Application Security Management Standard and DevSecOps methodology.
  • Follow up with internal and external stakeholders and keep track of vulnerabilities and remediation status.
  • An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, and BGP)
  • Experience identifying, exploiting, and remediating common application vulnerabilities through the use of tools and code review.
  • Review current security system configurations for correctness; monitor, report, and investigate access to determine unauthorized access attempts; provide continuous testing of systems for situations requiring corrective action.
  • Report and communicate security issues and topics to technical and non-technical audiences.

Truist Bank
Raleigh, United States

Cyber Threat Management Analyst II Contractor
12.2019 - 05.2021

Job overview

  • Drive improvements to application functionality and security, design advanced threat scenarios, and implement threat response opportunities to reduce risk.
  • Executed cyber resilience testing, including designing and facilitating tabletop simulations of cyber attack scenarios.
  • Assessed and tested the proficiency of application teams to implement their cyber resilience plan in the event of a cyber attack to ensure their networks and application recovery in a timely manner.
  • Facilitated scenario risk ranking sessions to assess the most relevant cyber threat attack vectors, advanced persistent threats, and their potential impact on business-critical applications.
  • Utilized results from the Risk Ranking sessions for the development of the relevant tabletop exercise scenarios.
  • Gathered application functionality and security, cyber threat intelligence, OSINT, and risk assessment information for the development of relevant tabletop exercise scenarios.
  • Conducts in-depth application analysis to identify existing logging, monitoring, security control, and data log gaps for the implementation of new controls to mitigate risk.
  • Develop test and remediation reports and facilitate after-action report overview sessions with business units to solicit feedback, discussion observations, and recommendations for areas of improvement to ensure security incident readiness.
  • Discuss actionable phases during cyber resilience testing to improve processes and mitigations in the event of an attack to ensure applications are back to full restoration in a timely manner.
  • Built and maintained collaborative relationships with key application team members, helping to develop their ability to efficiently respond to a cyber incident while proactively addressing potential risks.
  • Implemented operation improvements to meet established objectives: Reduced new hire onboarding time by 50% by developing updated orientation and training documentation that covered fundamental business processes, tasks, and job responsibilities.
  • Enabled a wider range of stakeholders to understand the critical importance of cybersecurity by writing a cyber resilience team participation guide for use in tabletop test exercises.
  • Launched a survey to assess application stakeholder satisfaction with the cyber resilience program; feedback will be used to measure program progress and drive process improvement, with a goal of streamlining key processes by 30% or more.

Aerotek Recruiting And Staffing - Cisco Systems
Raleigh, NC

Cloud Compliance Authorization Engineer Contractor
04.2018 - 11.2019

Job overview

  • Cloud Compliance Engineer contractor for Cisco Systems, Inc. consulting for internal business teams to implement and maintain compliance with the federal government regulatory program and other major certification bodies' security requirements, including FedRAMP, ISO 27001, CJIS, and SOC2.
  • Led multiple projects through the federal government regulatory program (FEDRAMP) ATO process, including supporting system categorization, control selection, implementation, assessment, and system monitoring.
  • Performed risk assessments, gap analysis, and overall security controls guidance around security standards (ISO 27001, NIST 800-53 and 800-37, SOC 2) to determine fit and audit readiness.
  • Reviewed security authorization documentation, including security plan, risk assessment, contingency plan, privacy threshold analysis, and other required deliverables for an ATO package
  • Analyzed systems to mitigate risks to the security posture of data, systems, networks, and hardware.
  • Helped guide projects through the security implications of design and implementation decisions and support government questions and meeting facilitation.
  • Reviewed signification change documentation and provided consultation, technical assistance, and risk reviews on security architecture and design.
  • Provide guidance on the implementation of countermeasures or mitigating controls to meet regulatory compliance requirements.
  • Documented and reviewed system security plans, security assessment reports, plans of action and milestones (POA&M), and authorization letter memoranda (ATO).
  • Provided technical and compliance support with appropriate access protection, system integrity and reliability, audit control, system recovery methods and procedures, and prevention of breaches, intrusions, and/or system abuses.
  • Captured and shared best-practice knowledge with internal technical teams.
  • Experience categorizing, selecting, and implementing security controls per NIST and FIPS requirements.· Experience in time planning, prioritizing tasks, and managing resources to ensure effective delivery of resources.
  • Reviewed security artifacts, including, but not limited to, system security plans, inventories, screenshots of technical files, scan data, requirement traceability matrices, control allocation tables, and security assessment reports.
  • ·Teamed up with ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closed.
  • Thoroughly read and review information system documents like System Security Plans (SSP), Security Assessment Reports (SAR), and Executive Summaries to ensure FISMA compliance.
  • Trained technical and business teams on the regulatory and compliance audit process and rules of engagement with third-party auditors.

NC DEPARTMENT OF INFORMATION TECHNOLOGY - Governme
Raleigh, NC

Application Systems Analyst I and II
12.2013 - 04.2018

Job overview

  • Lead analyst on the development and deployment of systems, data integration, and data analytics and validation on state government projects.
  • Performed system analysis, documentation, testing, implementation, and user support for platform transitions.
  • Defined and documented the scope of projects for distribution to the team.
  • Gathered requirements and performed gap analysis through design workshops with users.
  • Established specifications and coordinated production with software programmers.
  • Investigated system issues and implemented resolutions to reduce downtime.
  • Assessed business requirements to create focused solutions.
  • Ensured security validation and role-based security by developing requirements and evaluating and updating division security policies.
  • Designed, tested, and implemented information security and audit requirements adhering to statutory and regulatory standards and guidelines.
  • Assessed division and vendor security plans for compliance with statutory and regulatory standards and guidelines.
  • Developed and tested auditing requirements to ensure enterprise systems architecture compliance with statutory and regulatory standards and guidelines.
  • Documented and performed requirements analysis on business technical, user access controls, role-based security, integrity, system security, and audit requirements.
  • Identified customers’ concerns and promptly communicated them to the technical and project management teams by managing user test runs.
  • Reviewed and evaluated division security policies annually to ensure compliance with state security policies.
  • Designed, tested, and implemented information security and audit requirements to ensure compliance in all aspects of enterprise systems architectures.
  • Developed project work plans with MS Project to manage activities, tasks, and timelines to ensure implementation within the scheduled deployment date.
  • Developed use case scenarios, security role matrixes, mock-ups, detailed and high-level role-based business requirements with Word and Excel to document business technical, functional, user access controls, role-based security, integrity, validation and input controls, system security, and audit requirements to develop new and enhance existing solutions.
  • Executed SQL queries with SAS Enterprise Guide to validate data scenarios, test results, data analysis, and troubleshooting defects.
  • Created and executed UAT test cases to deliver test results as defined in the technical, functional, security, and audit requirements documentation.
  • Implemented change management using JIRA, specifying issues, system requirements changes, high-level updates, and recommendations at stakeholder reviews.
  • Conducted user walkthroughs, documented customer concerns, and communicated feedback to project management team management.

NC Office Of State Controller - CJLEADS
Raleigh, NC

Tech Support Analyst Team Lead/Tech Support Technician
05.2010 - 12.2013

Job overview

  • Lead security administrator and liaison for statewide criminal justice agencies.
  • Led team of security access administrators by delivering organizational policy guidance and Tier II incident response.
  • Validated results and performed quality assurance to assess the accuracy of the data.
  • Ensured continuous technical and IT support for organizational projects.
  • Provided IT security identity and access management provisioning and de-provisioning of user accounts in NC Identity Access Management and statewide enterprise criminal justice systems.
  • Identified and resolved problems through root cause analysis and research.
  • Performed system analysis, documentation, testing, implementation, and user support for platform changes and modifications.
  • Identified clear connections between policies and business results to eliminate or reduce confusion and help employees achieve goals.
  • I queried databases for information needed for report processing.
  • Enhanced interfaces to promote better functionality for users.
  • Recommended process improvements to continually identify, analyze, and fix constraints and challenges
  • Created and managed project plans, timelines, and budgets.
  • Provided reporting for forecast analysis and ad-hoc reporting in support of decision-making.
  • Evaluated customer needs and feedback to drive product and service improvements.
  • Devised and implemented processes and procedures to streamline operations.

Sunquest Information Systems
Tucson, AZ

Information Applications Systems Specialist
10.2007 - 05.2009

Job overview

  • Performed as Microsoft Junior Database Administrator.
  • Introduced robust system for authenticating users by developing and implementing identification proofing process for over 700 users.
  • Performed role-based access to create user roles, account profiles, password resets, and deletions, utilizing MS SQL Server and accounting software.
  • Installed patches and oversaw configuration of network, printer servers, computer workstations, email, and configuration.
  • Performed database backups and ran stored procedures and scripts to improve database performance.
  • Followed change management process to detect and remove bugs from financial and tax applications.
  • Remote domain administrator, enlisted active directory and security groups, and granted rights to users.
  • Monitored Window Print Server jobs, added printers, and switched for issues.
  • Investigated and corrected problems with printers, copiers, and other peripheral devices.
  • Set up hardware and software in optimal configurations to meet network performance requirements.
  • Documented support procedures, processes, and solutions in centralized systems, enabling user self-service.
  • Diagnosed and executed resolutions for network and server issues.
  • Improved overall user experience through support, training, troubleshooting, improvements, and communication of system changes.
  • Set up and controlled user profiles and access levels for each database segment to protect important data.
  • Adhered to set schedules to test databases for flaws and reduce downtime.

Education

Strayer University
Washington, DC

Master of Science from Computer And Information Systems Security
12.2015

University Overview

  • Academic Honor
  • 3.88 GPA

North Carolina Wesleyan College
Rocky Mount, NC

Bachelor of Science from Computer And Information Sciences
12.2003

Certification

Cyber Security License - CompTIA Security+ceAzure Fundamentals,Microsoft- 2023

Certified Certified Threat Intelligence Research, Center for Threat Intelligence 2023

Pursing SANS GIAC-Certified Web Application Defender

Training

Defending Web Applications Security Essentials, SANS, 2022

IBM Cyber Threat Intelligence Course Certificate, Coursera, 2021

Center for Threat Intelligence: Threat Intelligence Fundamentals

Certified Cyber Threat Intelligence Analyst Certificate, Cyber365 Training

McAfee Institute

How to Gather Intelligence Online

How to Conduct Investigations on the Deep Web

Top 20 Intelligence Resources on the Net

Cybrary - Cyber Kill Chain 

Affiliations

Information Security Systems Association

OWASP

Timeline

Application Security Engineer

Altera Digital Health
05.2021 - Current

Cyber Threat Management Analyst II Contractor

Truist Bank
12.2019 - 05.2021

Cloud Compliance Authorization Engineer Contractor

Aerotek Recruiting And Staffing - Cisco Systems
04.2018 - 11.2019

Application Systems Analyst I and II

NC DEPARTMENT OF INFORMATION TECHNOLOGY - Governme
12.2013 - 04.2018

Tech Support Analyst Team Lead/Tech Support Technician

NC Office Of State Controller - CJLEADS
05.2010 - 12.2013

Information Applications Systems Specialist

Sunquest Information Systems
10.2007 - 05.2009

Strayer University

Master of Science from Computer And Information Systems Security

North Carolina Wesleyan College

Bachelor of Science from Computer And Information Sciences
Availability
See my work availability
Not Available
Available
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Similar Profiles

CREATE PROFILE
Cynthia MitchellCyber Security Professional