Summary
Overview
Work History
Education
Skills
Certification
Professional Attributes
Vendor Risk Management
Governance Program Manager
Security Awareness
Security Clearance
Training
Timeline
Generic

Jo-Ann Gozaloff

Cybersecurity Professional
Plantation,FL

Summary

Accomplished and driven Cyber Security Manager, Analyst, and Engineer with extensive experience in Cybersecurity operations gained from industry, government, & US Military engagements. Areas of expertise include formulation and implementation of risk management policies, security posture communication, cybersecurity program development, and technical hands-on security engineering. Proven history of significantly improving the Cybersecurity risk posture of employers and clients.

Subject Matter Expert and trusted advisor skilled in research, analysis and examination of company technology and standard operating procedures. Interface and collaborate with clients and internal team members, providing consultative enhancement recommendations based on industry research. Improve existing processes, procedures, technical enhancements, resource requirements, and stakeholder engagement procedures to align with strategic goals.

Overview

22
22
years of professional experience
2002
2002
years of post-secondary education
12
12
Certifications

Work History

Cloud Security Subject Matter Expert (SME)

By Light IT Services
11.2021 - Current
  • Company Overview: Supporting United States Cyber Command
  • Cloud security support for the US Cyber Command ensuring compliance, cyber operations, governance, and effective operations in a cloud computing environment
  • Manages Cybersecurity vulnerability management, risk communications, and delivery of cyber threat briefs
  • Communicates Risk Posture to senior command leadership including a comprehensive overview of US Cyber Command's current cybersecurity status, current and new threats, vulnerabilities identified, and the effectiveness of existing security controls
  • Supporting United States Cyber Command

Cyber Security Architect

World Wide Technology
03.2021 - 08.2021
  • Company Overview: Supporting the US Southern Command in Miami, Fl
  • Worked with Cyber Security Product Management, Engineering, and Operations team to understand business requirements, levels of demand and impact on technical architecture
  • Contributed substantive content to the development of cybersecurity documentation concept papers and test plans
  • Provided expertise in the area of NIST RMF and NIST SCRM
  • Implemented and configured Cloud Based Solutions as Secure Web Gateway hosted on AWSCloud
  • Supporting the US Southern Command in Miami, Fl

Sr Security Risk & Compliance Manager

Lennar Inc.
08.2019 - 03.2021
  • Security Risk and Compliance Management Managed risk management program for the Enterprise and Lines of Business including assessments of newly acquired subsidiaries
  • Manager in charge of assuring compliance to PCI-DSS, Sarbanes Oxley (SOX), and other privacy regulations such as GDPR and CCPA
  • Security Architect Worked closely with Security Engineering group to assure that leading technology is utilized to implement a robust and secure Information Systems posture

Senior Information Security Consultant

Motorola Solutions Inc
04.2013 - 08.2019
  • Information Security Team Leader Responsible for directing, supervising, and providing the information security assurance of the Astro 25 System 911 System on US Navy bases world-wide
  • Automated Vulnerability Management Worked with MITRE Corporation National Vulnerability Database (NVD) implementing the Security Content Automation Protocol (SCAP)
  • Certification and Accreditation Compliance activities to assure systems meet the requirement of the Federal Information Management Act of 2002 (FISMA)
  • Mitigation Management Responsible for identifying and classifying cybersecurity vulnerabilities and resultant mitigation plans with system owners to ensure plans are documented and understood while tracking the results according to a formal Plan of Actions and Milestones (POA&M)

Lead Systems Security Engineer

General Dynamics
03.2009 - 08.2011
  • Company Overview: Sunrise FL
  • Security Engineer for Research and Development performing Security requirements analysis in accordance with FISMA and DoD laws
  • Vulnerability Assessment Lead project to evaluate leading vulnerability assessment tools such as Retina, Nessus, and other open source tools such as NMAP, TCP Dump, and WireShark for use by the GD Information Security Team
  • Sunrise FL

Information Security Engineer

United States Southern Command (USSOUTHCOM)
04.2007 - 03.2009
  • Operational Security Engineer performing Vulnerability Management and Penetration Testing and resultant Senior Command Vulnerability Briefings
  • Critical Role on Incident Response Team acting as the 'Tip of the Spear' as the on-site engineer for Regional Computer Emergency Response Team South (RCERT-S)
  • Security Management Implemented Security Threat Mitigation (STM) utilizing CS-MARS (Cisco) for managing threats and monitoring network and security devices
  • Including security tools for network intelligence, vector analysis, context correlation, hotspot identification, anomaly detection, and automated mitigation capabilities

Computer Engineer -0854 /DP-02

US Navy Space and Naval Warfare System Center (SPAWAR)
06.2003 - 04.2007
  • Project Engineer for Mobile Ashore Support Terminal (MAST), a tactical mobile command and control data center, utilizing Cisco routers, firewalls, C4I systems, and switching networking to access the DoD's Global Information Grid (GIG)
  • Military Customer Liaison Translated customer operational and security requirements into functional implementation, actual configuration, and implementation at client site
  • Certification and Accreditation Information Security Consultant assuring system/networks moves, adds, and changes, were compliant with DoD Certification and Accreditation (C & A) requirements (DIACAP, 8500.2)

Education

Bachelor's Degree - Computer Engineering

Florida Atlantic University (FAU)

Skills

  • Cybersecurity Program Management

  • Network & System Security

  • Information System Security Manager (ISSM)

  • Cybersecurity Program Manager(CSPM)

  • Audit & Compliance

  • NIST 800-53

  • NIST RMF

  • NIST CSF

  • AR25-2

  • DoD 85002

  • NIST SP800-xx

  • STIGS/SRGS

  • FedRAMP

  • CIS Controls

  • CSA Cloud Control Matrix Controls

  • OWASP

  • ISO

  • HIPAA

  • Cybersecurity Technical Intel Analyst/Briefer

  • SIEM Management

  • Vulnerability Management

  • Firewall/IDS/IPS

  • DLP

  • Standard Cybersecurity Tools

  • Advanced Malware Prevention

  • Excellent interpersonal and communications skills

  • Attention to Detail

  • Vendor Risk Management

  • Governance Program Manager

  • Security Awareness

Certification

Certified Information System Security Professional (CISSP)

Professional Attributes

  • Cybersecurity Professional with years of Federal Cybersecurity and Information Assurance experience gained from working at US NAVY SPAWAR, US Southern Command, General Dynamics, and Motorola.
  • 15+ years' experience in all areas of Cybersecurity, ranging from that of Security Engineer, Cybersecurity Analyst, Certified Security Consultant and Program Management.
  • 12+ years of experience in Governance, Risk and Compliance (GRC) as it relates to FISMA and includes authoring Risk Assessment Reports (RAR), and the Continuous Monitoring of security controls via IA tools such as SCC, HBSS, ACAS and eMASS in both a management and a consulting capacity.
  • Extensive experience in presenting high level threat reports to Senior Command Leadership.
  • Demonstrated hands-on experience with common security tools in the areas of Log Management (LM), Security Information and Event Management (SIEM), firewalls, intrusion prevention systems, Endpoint Detection and Response (EDR), Anti-Virus (AV), and Data Loss Prevention (DLP), and the ability to clearly articulate the current threat landscape with analytical mindset to translate data into threat indicators.
  • Credentials include Certified Information Systems Security Professional (CISSP, 15 yrs) as well as nine other security certifications.

Vendor Risk Management

Implemented the Vendor Risk Management process and prioritization using the NIST RMF and NIST SCRM.

Governance Program Manager

Authored and collaborated with legal department to update corporate Information Security Policy including the subsequent Acceptable Use, Email, Data Classification and Handling, Security Awareness, Access Control, and Risk Management Policies.

Security Awareness

Responsible for and vastly improved company Security Awareness Program including leading proactive campaigns to simulate phishing attacks in order to educate the user community.

Security Clearance

Maintained for the last 15yrs.

Training

  • SANS 507 Auditing Networks, Perimeters, and Systems
  • Cisco MARS: Security Monitoring, Analysis and Response System
  • Secure Computing IronMail
  • ISS Proventia Intrusion Prevention System
  • Programming a MS SQL Server 2000 Database
  • Cisco PIX Firewall Training
  • F5 Big-IP 1500 v.9

Timeline

Cloud Security Subject Matter Expert (SME)

By Light IT Services
11.2021 - Current

Cyber Security Architect

World Wide Technology
03.2021 - 08.2021

Sr Security Risk & Compliance Manager

Lennar Inc.
08.2019 - 03.2021

Senior Information Security Consultant

Motorola Solutions Inc
04.2013 - 08.2019

Lead Systems Security Engineer

General Dynamics
03.2009 - 08.2011

Information Security Engineer

United States Southern Command (USSOUTHCOM)
04.2007 - 03.2009

Computer Engineer -0854 /DP-02

US Navy Space and Naval Warfare System Center (SPAWAR)
06.2003 - 04.2007

Bachelor's Degree - Computer Engineering

Florida Atlantic University (FAU)

Similar Profiles

CREATE PROFILE
Jo-Ann GozaloffCybersecurity Professional