John L. Johnson
Cleburne
Summary
Dynamic Senior Technical Information Security Officer at Citigroup with expertise in vulnerability assessment and regulatory compliance. Proven track record in risk analysis and incident response, enhancing security architecture and leading successful IS projects. Adept at translating complex security requirements into actionable strategies, fostering collaboration across teams to achieve compliance and mitigate risks effectively.
Overview
13
13
years of professional experience
Work History
SENIOR TECHNICAL INFORMATION SECURITY OFFICER
Citigroup
Irving
01.2012 - 01.2020
- Ensured vulnerability assessments and technology practices complied with defined standards, policies and procedures
- Reviewed security architecture of web applications and analyzed risk for Citigroup applications to provide application risk analysis reports that applied to remediation/mitigation techniques and recommended policies
- Contributed on global peer review committees to ensure consistency with IS project management needs
- Executed entitlement reviews and assessed quality within technology, developed business/functional requirements documentation and interpreted and translated IS information security requirements into technical requirements
- Demonstrated expertise in industry and corporate technology standards across IS/IT to develop documentation for processes to ensure compliance with GDPR, CCPA, SOX, FFIEC standards and OCC regulations
- Enhanced Identity and Access Management through collaboration with Business and Application Managers to reduce the complexity of entitlement descriptions in Enterprise Entitlement Review System
- Monitored changes in the risk profile of the highly critical systems produced or managed by the developer group
- Shared technical proficiency via ad-hoc security risk assessments, compliance reviews and incident investigations
- Identified IS risks and implemented proper controls for daily operation and remediation for all IS/IT and Business
- Improved information security environment, led IS projects and presented strategies to senior leadership
SENIOR SECURITY ARCHITECT | UNIFIED THREAT MANAGEMENT SYSTEM
Sprite Technologies IP, LLC (Purchased ShopIP)
Monument
01.2007 - 01.2010
- Executed full software solution development lifecycle, including concept, planning, architecture, design, development, implementation, deployment, maintenance and enhancements
- Ensured guidelines for secure coding practices were followed, with 'Elements of Reusable Object Oriented Software' principles to construct of data design patterns
- Performed application vulnerability assessment and secure code review for XSS, CSRF (Cross Site Request Forgery), Application Denial of Service and OWASP Top 10 as well as conducted infrastructure penetration testing
- Headed development project to evolve standalone software set into a more SaaS model for customer base that needed both COTS and Non-COTS IDS/IPS systems while also leading New Technology Introduction projects
- Teamed with business partners on requirements and ensured timely and quality business deliverables
- Created test situations where simulation of thousands of users would potentially stress TCP connections for Client/Firewall/Server based architecture as well as manipulated Perl scripts for integration with Red Hat Linux
- Installed proprietary IDS/IPS at the Network Operating Center in Philadelphia while working with DCIS
- Managed NAS, Tacacs/Radius server, a Beta install of the Crunchbox (a Snort/Packet Filter based firewall)
- Architected software that helped close large deals by providing functionality unmatched in the product space
- Used 802.1x port authentication for wired and wireless network access testing where connection attempts using Netcat’s port based connection attempts to connect to servers/web based front end for proprietary smart firewall
- Identified key components of customer information security needs and designed effective customized solutions
- Engaged in Performance Qualification to prove the system performed consistently as intended during normal operational use and remained in compliance with regulatory and user expectations
- Tested, initiated and rebuilt new IPS systems and redesigned instruction detection systems and IPS for OSI model
- Optimized activities for software development team using Agile software development methodologies and design pattern-based architecture as well as tracked activities for over 20 technology projects on system security
IT PRIVACY-SECURITY CONSULTANT
Technical Alliance Partners
Denver
01.2011
- Developed documentation related to ISO 27002 (17799) Information Security analysis, vulnerability detection and remediation as well as for processes to ensure compliance with HIPPA, PCI DSS and GLBA standards
- Managed Alertlogic IDS for SaaS architecture, identified security weaknesses and provided mitigation analysis
- Ensured updated authentication and patch levels (OS and Applications) to avoid unnecessary service installations
- Performed web application penetration tests to monitor new threats, analyze impact and deliver mitigation
- Conducted penetration testing of network segments Core, Aggregation and Access as well as performed manual analysis applications for security vulnerabilities
- Incorporated application vulnerability and host vulnerability assessments to implement security best practices
- Examined results to ensure threat modeling, secure design in coding practices and proper retests were conducted
- Spearheaded latest security and product identification research to prioritize infrastructure investments that would strengthen overall security while providing concise information on security audits to management
- Supported network development teams by providing intelligent information to help make critical decisions
Education
Associate of Arts - Computer And Information Systems
Institute of Business And Technology
Santa Clara, CA08-1984
Skills
- Vulnerability assessment
- Secure coding practices
- Risk analysis
- Regulatory compliance
- Incident response
- Project management
Timeline
SENIOR TECHNICAL INFORMATION SECURITY OFFICER
Citigroup
01.2012 - 01.2020
IT PRIVACY-SECURITY CONSULTANT
Technical Alliance Partners
01.2011
SENIOR SECURITY ARCHITECT | UNIFIED THREAT MANAGEMENT SYSTEM
Sprite Technologies IP, LLC (Purchased ShopIP)
01.2007 - 01.2010
Associate of Arts - Computer And Information Systems
Institute of Business And Technology
Similar Profiles
Pradeep KattaPradeep Katta
Head of Data Governance Representing Technology || Head of Data Engineering Tooling and Platform || Cloud Solutions Data Architect at CitigroupHead of Data Governance Representing Technology || Head of Data Engineering Tooling and Platform || Cloud Solutions Data Architect at Citigroup
Roberta WesolowskiRoberta Wesolowski
Administrative Assistant at CitigroupAdministrative Assistant at Citigroup
Patricia RodriguezPatricia Rodriguez
Asset Services Intermediate Associate Analyst (B11) at CitigroupAsset Services Intermediate Associate Analyst (B11) at Citigroup
Srihitha ReddySrihitha Reddy
Sr. Scrum Master at CitigroupSr. Scrum Master at Citigroup
Alejandro RoblesAlejandro Robles
Sales Associate at Grime ConstructionSales Associate at Grime Construction