Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Desiree Haag

Katy,TX

Summary

Highly skilled and motivated Cyber Security Analyst with 10 years of experience in threat analysis, vulnerability management, and incident response. Possesses strong knowledge of networking and security principles, as well as experience with various security tools such as DLP, SIEM, SAST scan, DAST scan, and vulnerability scanners. Quick learner with the ability to identify business risks and compliance issues and designing proactive solutions. Excellent communication and teamwork skills, with the ability to work collaboratively with cross-functional teams to achieve organizational goals.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Sr. Cyber Security Analyst

Catalyst Clinical Research, LLC
12.2022 - Current
  • Conducted regular security assessments to identify vulnerabilities in systems and networks
  • Implemented security controls and protocols to protect against unauthorized access and data breaches
  • Monitored security logs and investigated incidents to identify and respond to security breaches
  • Collaborated with cross-functional teams to develop and implement security policies and procedures
  • Provided cybersecurity training and awareness programs to educate employees on best practices and security threats. Analyzing, reporting, and creating matrices using Python and VBA in Excel.
  • Creating PowerPoint presentations for training different business units, and creating Visio and Word workflows and standard operating procedures.
  • Working within the Secure Software Development lifecycle for applications to identify and remediate findings in different cyber controls such as SAST scans, DAST scans, and penetration testing etc by communicating with multiple cross-functional teams.
  • Experienced in utilizing Splunk and Archer for in-depth application analysis and risk management.

Contract Sr.Cyber Security Analyst

Hays Coorporation
10.2020 - 10.2022
  • Working on Symantec DLP Data In Motion (DIM) policies to identify potential insider threats, intended and unintended malicious activities by analyzing email traffic.
  • Handling DAR(Data At Rest) and DIM(Data In Motion) incidents using ServiceNow ticketing tool
  • Working as a team to resolve or escalate incidents as required.
  • Fine tuning policies to reduce the number of false positive incidents.
  • Running python scripts to take actions on DLP incidents and retrieving data from Data Warehouse using SQL and making report.
  • Managing incidents using RSA Archer attestation portal.
  • Writing, setting up and maintaining standard operating procedures (SOPs) and update it to SharePoint to meet the needs of TIAA.
  • Using splunk quary language to retrieve and take action on DIM incidents.

Cyber Security Analyst

Novo Nordisk
03.2017 - 10.2020
  • Using Nessus, OpenVAS and Qualys , in order to scan the subnet of 41 assets to find the vulnerabilities, sends reports to colleagues to help remediate.
  • Use Splunk Enterprise security (SIEM) to leverage independently a wide range of security use cases - Compliance, Advanced Threat Detection, Application security, and real-time monitoring.
  • Using network intrusion detection and prevention system software; Snort to identify threats and have deep understanding on Firewalls, Remote Desktop, Single-Sign-on and different authentication factors.
  • Creating and updating Policies, monitoring Agent's Status, Users, Endpoints, Policy Groups, Logs, Alerts, Database on Symantec DLP.
  • Performing risk assessment on Data center using NIST 800-30 "Risk Assessment" guideline and performing penetration testing, while required.

  • Automated on-boarding accounts process in CyberArk, using Python and CyberArk's REST APIs.
  • Analyzing TCP/IP, UDP, ICMP, HTTP, HTTPS and other protocols using tcpdump, Wireshark and iptables.
  • Experience with identity and access management solutions such as LDAP, Active Directory, XAML, SAML and multi factor authentication.
  • Working on MITRA ATT&CK matrix to understand the behavior of the adversary, different stages of attack lifecycle and platform they known to target.
  • Working with Open Source Intelligence tools such as, Maltego and ThreatConnect, to find out previous and recent threats for the network and performing phishing campaign to build up more awareness.
  • Conducted risk assessments according to Payment Card Industry Data Security Standard (PCI-DSS) and National Institute of Standards and Technology (NIST).

Junior Cyber Security Analyst

Eros Health
10.2014 - 01.2017
  • Review the access control policy of the organization (Logical and physical) to determine its adequacy and effectiveness.
  • Created, updated and monitored policies , also reviewed and updated system documentation in accordance with the Risk Management Framework (RMF) requirements.
  • Creating incident response plan, handling incidents using ServiceNow ticketing system and educating new colleagues about the high rating incidents happened in the environment so far.
  • Reviewed the adequacies of key systems and application controls – Access control, Data Integrity, Segregation of duties, disaster recovery, and change management among others.
  • Reviewed internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls.
  • Performed IT general controls such as access control, IT operations, disaster recovery and platform reviews.
  • Created custom reports for various departments to view vulnerability issues.
  • Worked with various Cyber Security Compliances, such as, NIST, ISO 27000 and CIS frameworks and HIPPA.
  • Performed social engineering to identify how secure the premises are from unauthorized access.

Education

Cyber Security - Computer Science

Evolve Security Academy
Online, Remote
01.2014

Bachelor of Science - Sports Medicine

Pepperdine University
Malibu, CA
04.2011

Skills

  • Proficient in conducting vulnerability assessments and penetration testing using tools such as Nessus, Nmap, and Metasploit
  • Strong understanding of network security principles, including firewalls, VPNs, and intrusion detection/prevention systems
  • Experience with SIEM (Security Information and Event Management) tools like Splunk and QRadar
  • Familiarity with industry compliance standards such as ISO 27001, NIST, and GDPR
  • Excellent analytical and problem-solving skills with ability to interpret complex data and identify security risks
  • Strong communication skills, with ability to convey technical information to non-technical stakeholders effectively

Certification

  • Certified Information Systems Auditor (CISA )2024
  • Certified Information Systems Manager (CISM), 2024

Timeline

Sr. Cyber Security Analyst

Catalyst Clinical Research, LLC
12.2022 - Current

Contract Sr.Cyber Security Analyst

Hays Coorporation
10.2020 - 10.2022

Cyber Security Analyst

Novo Nordisk
03.2017 - 10.2020

Junior Cyber Security Analyst

Eros Health
10.2014 - 01.2017

Cyber Security - Computer Science

Evolve Security Academy

Bachelor of Science - Sports Medicine

Pepperdine University
  • Certified Information Systems Auditor (CISA )2024
  • Certified Information Systems Manager (CISM), 2024

Similar Profiles

  • Stacey Jorgenson

    Stacey JorgensonStacey Jorgenson

    Manager, FSP Principal Clinical Programmer at Catalyst Clinical Research, LLC.Manager, FSP Principal Clinical Programmer at Catalyst Clinical Research, LLC.

    View Profile
  • MORGAN EDWARDS

    MORGAN EDWARDSMORGAN EDWARDS

    Technical Marketing Manager at D2V Clinical, Inc.Technical Marketing Manager at D2V Clinical, Inc.

    View Profile
  • ASHLEY RHED

    ASHLEY RHEDASHLEY RHED

    Accountant at Clinical Research Associates of Central PA, LLCAccountant at Clinical Research Associates of Central PA, LLC

    View Profile
Desiree Haag