Eric Pease
Pittsburgh,PA
Summary
I am an information security analyst with formal knowledge of the vulnerability management lifecycle, from vulnerability identification to problem record governance across both application and infrastructure security. I have experience with the development of enterprise security standards, policies, and operating procedures. In addition, I am experienced with the facilitation of penetration testing and communicating findings effectively across different ends of an enterprise.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Information Security Analyst
Highmark Health
Pittsburgh, PA
06.2023 - Current
- Performed vulnerability scans and evaluated impact across tens of thousands of corporate assets using Rapid7 InsightVM.
- Communicated and managed vulnerability problem records through ServiceNow and Cherwell, providing oversight over SLO/SLA response across an array of infrastructure including servers, workstations, and medical devices
- Established and sustained a comprehensive repository for vulnerability management standard operating procedures and program standards.
- Executed penetration test engagements to enhance security measures and disseminated findings across business units, and in some cases in conjunction with industry standards such as PCI DSS testing requirements.
- Conducted in-depth research and analysis of zero-day exploits to assess enterprise impact.
- Oversaw identification and tracking of risk register items to address systemic and persistent vulnerabilities beyond established SLO/SLA limits in Archer platform.
- Assisted in enterprise-wide compliance tracking initiatives for DISA STIG, ensuring fulfillment of Department of Defense audit standards.
Enterprise Technology Program Associate
Highmark Health
Pittsburgh, PA
06.2021 - 06.2023
- Responded to potential phishing emails, quarantining dozens a day and analyzing their impact with Incident Response
- Conducted risk control assessments for vendor and in-house technology
- Governed information security-related risk exceptions across the enterprise, from policy exceptions to vulnerability exceptions for both application and infrastructure security.
- Utilized DAST and SAST tools to identify and communicate application security vulnerabilities to development teams on a monthly enterprise schedule.
- Mentored graduates entering the professional environment, providing a space for guidance and development
- Co-chaired a recruitment committee for the early development program, and helped to pair incoming cohort members with a suitable mentor.
Education
Bachelor of Science - Management Information Systems
Penn State Univesity
University Park, PA05-2021
Minor - Security And Risk Analysis
Penn State University
University Park, PA05-2021
Skills
- Adversarial penetration test engagement acquisition and facilitation, gray-box and white-box
- Infrastructure and application security assessment
- Cyber GRC
- Microsoft Office Suite including Excel and PowerPoint
- Policy and procedure development
- Project management
- Rapid7 InsightVM, Archer, ServiceNow, JIRA
- Vulnerability management lifecycle
- Vulnerability risk evaluation and governance
- Zero day exploit response
Certification
- ICS2 Certfiied in Cybersecurity (CC)
- GIAC Foundational Cybersecurity Technologies (GFACT)
- Six Sigma Yellow Belt (CSSYB)
Timeline
Information Security Analyst
Highmark Health
06.2023 - Current
Enterprise Technology Program Associate
Highmark Health
06.2021 - 06.2023
Bachelor of Science - Management Information Systems
Penn State Univesity
Minor - Security And Risk Analysis
Penn State University