John Heang
Dallas,TX
Summary
Goal-oriented IT professional with significant success in planning, analyzing and implementing of security plans and initiatives. Excel in developing comprehensive, secure network designs and systems.
Overview
15
15
years of professional experience
Work History
IT Security Analyst
Dallas INDEPENDENT SCHOOL DISTRICT
Dallas, TX
10.2023 - Current
- Monitor and assess selected security controls in the information system on an ongoing basis including assessing security control effectiveness, documenting changes to the system or environment of operation
- Monitored SIEM and IDS/IPS feed to identify enterprise threats, Investigate and triage threats to determine nature of incident
- Authorize information system operation based upon a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable
- Designing and deploying Microsoft Defender ATP through Intune/Config Manager
- Managing and leading efforts in the review, application, and maintenance of system policies and procedures
- Perform test on device client, review configuration of Microsoft Endpoint Manager, Intune, and MDM
- Performing security, analyses, and risk/vulnerability assessments
- Protecting virtual machines data by using Azure Disk Encryption (ADE) that is using BitLocker for windows VMs and DM-Crypt for Linux VMs.
IT Security Engineer
OZARK INC
DALLAS, TX
03.2023 - 10.2023
- Identify and mitigate cybersecurity risks
- Consistent review of established vulnerability procedures to assess areas in need of improvement
- Created pivot tables and charts using worksheet data and external resources, modified pivot tables, sorted items and group data
- Created email alerts which will inform administrators about which action triggered an alert, helping them locate the source of the action immediately
- Monitor, Analyze and report E-mail and Configure O365 policies
- Conducted vulnerability assessments and coordinated with various departments on procedural problems involving prioritized risks
- Manage and monitor systems Access Management using ManageEngine Log360 tool
- Develop and implement technical solutions to improve cybersecurity posture
- Ensure technical solutions follow best practice as per NIST or ISO guidelines
- Performed risk assessments and assisted with development of managing risks
- Monitor mailbox traffic to see details on the amount of good mail, spam, and malware infected
- Monitoring and identifying any suspicious security events using the ManageEngine AD Audit Plus console and raise a ticket
- Monitor system tool (PRTG, SolarWinds)
- Monitor cloud systems in real-time and analyst performance data to identify potential issues and improve overall efficiency of the cloud security system
- Managed user accounts and access controls using Microsoft Active Directory
- Performed risk analysis, determined risk finding and presented remediation recommendations to client
- Investigate and identify events, qualify potential security breaches, raise incident alerts, and perform technical and management escalation
- Export vulnerability data and investigation on case.
IT Security Analyst
RIVIAN
IRVINE, CA
01.2021 - 02.2023
- Assisted in the analysis and remediation of findings discovered and vulnerability scans
- Analyze and deploy Microsoft 365 suite (Security, Purview, Azure Sentinel and AAD)
- Identify and mitigate cybersecurity risks
- Incident handling and response
- Experience working with Microsoft Information Protection (MIP)
- Created custom reports using SQL Server Reporting Services (SSRS) to track compliance rates for critical security updates
- Providing remediation to the developers based on the issues identified
- Manage Endpoint Protection on all client machines managed by SCCM, resulting in a decrease in malware infections by 60%
- Monitor system devices, secure users, cloud assets, software, and SaaS applications
- Monitor system, analyze, and resolve compliance issues using Microsoft Intune
- Review and monitor patching Windows EC2 instance using AWS Systems Manager Patch Manager
- Conduct vulnerability scans, prioritize vulnerabilities, and research exploits
- Experience testing Weak Ciphers and protocols SSL and TLS
- Hand on experience using Kali Linux for SSL/TLS scanning vulnerability
- Collaborate with the team to provide recommendations and strategies for remediating vulnerabilities
- Develop and implement technical solutions to improve cybersecurity posture
- Create data and export data update watchlist with deployment and migration
- Ensure technical solutions follow best practice as per NIST or ISO guidelines
- Responded and mitigated incidents reported to Computer Security Incident Response Team (CSIRT), such as malware intrusions, advanced persistent threats, and insider threats
- Review Desktop policy environments such as (SCCM), JAMF Cloud, Encryption-BitLocker, and Intune
- Resolved remote and on-site system issues including hardware and software troubleshooting
- Monitored and responded to computer security incidents following established security procedures
- Technical cybersecurity adviser to other departmental projects and tasks
- Review Policy Exception Requests/ Evaluate, rate, and perform risk assessments on different assets
- Ensures compliance with and provides input to security policies, standards, and procedures.
IT Security and Vulnerability Analyst
FIRST AMERICAN
SANTA ANA, CA
12.2020 - 01.2021
- Analyze and investigate adverse events and incidents using enterprise security information and event monitoring (SIEM), logs from firewalls, IPS, servers, endpoints, and other network devices to determine threats
- Analyzed large amount of vulnerability data and generated a daily Excel report using the pivot table function to identify its impact on the cyber system
- Managed all aspects of the Vulnerability Risk Management Program including vulnerability identification, analysis, remediation coordination and reporting
- Managed third party application and drove remediation with responsible stakeholders
- Created pivot tables and charts using worksheet data and external resources, modified pivot tables, sorted items and group data, and refreshed and formatted pivot tables
- Managed day to day activities creating and managing OKTA policies and creating and managing OKTA application provisioning and user provisioning
- Monitored and identified any suspicious security events using the ManageEngine AD Audit Plus console and analyzed vulnerability data using SQL queries
- Working with Qualys Cloud and identify vulnerability open case
- Programming and scripting skills (PowerShell, Python, Bash, etc.)
- Cyber Security analysts review and analyze Security Assessment Report (SAR), as well as recommended preemptive actions for failed controls and vulnerabilities
- Conduct cloud vulnerability assessment on the target IT virtual infrastructure, applications, and related information assets
- Experience working with Azure app service and remove weak ciphers
- Knowledge of common software vulnerabilities and ability to apply CVSS
- Knowledge of ServiceNow GRC applications for Incident, Change, Problem, content management system (CMS), and reports / metrics as well as Performance Analytics
- Provide reporting, vulnerability analysis, and follow up to produce reports for management
- Prioritize vulnerabilities discovered based on severity level, along with the remediation timeline
- Create findings for non-compliant vulnerabilities according to policy.
System Administrator II
OLYMPUS CORPORATION
SAN JOSE, CA
03.2018 - 12.2020
- Assisted in the management and maintenance of the Vulnerability Management processes
- Execution and support of vulnerability analysis activities in support of Common Criteria certifications of products (technical report review, follow-up investigation with focus on hardware, and operating systems)
- Identifying and analyzing emerging threats that could affect technology platforms managed in the region
- Conducting the vulnerability assessment (Rapid7/ Microsoft baseline system analyzer), including user accounts, patch
- Knowledge in Windows/Linux operating system configuration
- Conduct vulnerability scans, prioritize vulnerabilities, and research exploits
- Collaborate with the team to provide recommendations and strategies for remediating vulnerabilities
- Create and maintain SCCM reports using SQL Server Management Studio
- Managing email security and DLP (Data Loss Prevention) tools to protect sensitive information and intellectual property
- Ensure proper IT security access provisioning policies and procedures are followed.
System Administrator
LANDESK SOFTWARE INC
SOUTH JORDAN, UT
04.2015 - 03.2018
- Direct configuration, technical, and programming contact for over 300 clients
- Experience in integration with OKTA and Worked on Multifactor Authentication Using OKTA
- Integrated Workday using OKTA SSO
- Oversee onboarding for new client implementation
- Active Directory
- Microsoft O365 (Exchange Online)
- Manage & support Windows server 2012 / 2012 R2
- Develop algorithms and processes to improve system performance.
System Administrator
CROSSCOM NATIONAL
MEMPHIS, TN
01.2009 - 04.2015
- Provide general IT consulting
- Design and configuring AD Forests, Domains, Trusts, Group Policy, OU's, promotion & demotion of domain controllers
- Manage and Install Windows server 2008 / 200R / 2012 / 2012 R2
- Install and configure software on servers and workstation.
Education
Associate of Science in Computer Science -
Southwest Tennessee Community College
05.2014
Skills
- Microsoft SQL server 2000/2005/2008/2008R2/2012/2014/2016/2019
- Microsoft SharePoint 2003/2007/2010
- Microsoft Windows server 2003/2008/2008R2/2012R2/2016/2019
- Microsoft Exchange 2003/2007/2010/2013
- Microsoft Windows server technologies (AD, DNS, DHCP, IIS, DFS, Clustering, Windows OS)
- Microsoft Azure Sentinel
- Microsoft Intune
- Microsoft Identity and Access Management
- Microsoft SCCM
- GitHub
- Terraform
- Linux OS
- Citrix VDI Desktop
- VMWare Horizon VDI
- VMware Virtualization
- ESXi Server
- VMware vSphere
- ISCSI Configuration
- HP ILO
- HP ProLiant Blade Server
- HP Onboard Administrator
- Fortinet Firewall
- FortiGate Client
- FortiMail
- Cisco Switch & Router
- Dell PowerEdge Servers
- AWS Cloud VPC, S3
- Ivanti
- ServiceNow Cloud
- SolarWinds
- ManageEngine
- OKTA Cloud
- Jump Cloud
- JAMF Cloud
- Rapid7
- Crown Strike
- Qualys
- Google G-Suite
- Symantec
- Zscaler
- BeyondTrust
- Tenable Nessus
- Axonius
- BeyondTrus
- Cybersecurity
- Frameworks such as HIPAA, NIST 800-171, PCI, etc
- Vulnerability Management (CVE’s, OWASP, scanning tools, Nmap, Qualys, Tenable Nessus, Rapid7, Crowdstrike, Axonius, etc)
- Anomaly detection and Event gathering tools (DarkTrace, SIEMs)
- Authentication and Access Management (MFA, password policies, RBAC, least privilege, etc)
- Content Filtering and Data Loss Prevention
- Disaster Recovery (DR), Incident Response (IR), Business Continuity Planning (BCP)
- Networking
- Palo Alto Firewalls
- Fortinet (Fortigate) Firewalls
- Fortinet FortiAnalyzer
- VPNs, both user endpoint and site-to-site
- Network Topologies (LAN, WAN, VLAN, SAN)
- Switching, routing, routing protocols (OSPF and BGP)
- Firewall configuration & management (ACLs, NAT, IDS/IPS, etc)
- Wireless technologies (APs, controllers, QoS, etc)
- Server/Domain
- Active Directory (GPO, ADUC, PowerShell, ADFS, etc)
- Azure (O365, Azure Conditional Access, Azure MDM, etc)
- Virtual Machine management and configuration
- Endpoint
- MS Defender
- CrowdStrike Falcon
- Disk encryption
- IoT management/auditing
- Okta cloud
- Baselines and imaging
- JAMF Pro Cloud security
- Microsoft Endpoint Configuration Manager (SCCM)
- Course/Training
- CompTIA Security plus
- Qualys Cybersecurity Asset Management (CSAM)
- Qualys Vulnerability Detection and Response VMDR
- PCI Compliance Foundation
- Rapid7 InsightVM
- Rapid7 InsightIDR
- ManageEngine Endpoint tools
- Microsoft Security, Compliance, and Identity Fundamentals (SC 900)
- Penetration Testing
- Disaster Recovery Planning
- Business Continuity Planning
- Network Security Management
- Regulatory Compliance
- Telecommunications Systems
- Protecting Networks
- Managing Security Breaches
- Monitoring Computer Viruses
- Encryption
- Data Security
- Intrusion Detection
- Network Security
- Risk Mitigation
- Incident Response
- Resource Allocation
- Linux Server
- Access Control
- Best Practices Implementation
- Critical Thinking Skills
Languages
English
Professional
KHMER
Professional
Timeline
IT Security Analyst
Dallas INDEPENDENT SCHOOL DISTRICT
10.2023 - Current
IT Security Engineer
OZARK INC
03.2023 - 10.2023
IT Security Analyst
RIVIAN
01.2021 - 02.2023
IT Security and Vulnerability Analyst
FIRST AMERICAN
12.2020 - 01.2021
System Administrator II
OLYMPUS CORPORATION
03.2018 - 12.2020
System Administrator
LANDESK SOFTWARE INC
04.2015 - 03.2018
System Administrator
CROSSCOM NATIONAL
01.2009 - 04.2015
Associate of Science in Computer Science -
Southwest Tennessee Community College