Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

JOSHUA T. THOMAS

Louisville,KY

Summary

Dedicated and passionate about Cyber Security, I am focused on securing, defending and protecting corporate IT environments. I have worked my entire career of 18+ years in the IT field for a fortune 500 company. I have been exposed to most major aspects involved with protecting a large corporation, ranging from networking, compute, endpoint protection, applications, PKI, MFA, IAM, firewalls, architecture, cloud, websites and incident response. I also have 6 years of experience in IT auditing and oversight involving assessments, policies, and governance. I have worked with business clients, external auditors, legal teams, IT and upper management to mature and improve IT Security controls and programs. My focus has been as both an individual contributor and subject matter expert (SME) as well as an IT and audit manager with direct report oversight.

Overview

18
18
years of professional experience
1
1
Certification

Work History

Manager, IT Internal Audit

Yum! Brands
Louisville, KY
08.2019 - Current
  • Designed, conducted and completed with a small team numerous technical, cyclical, remote audit programs. Scope areas included Websites, Web Application Firewalls, Identity and Access Management, Cloud Environments, CMDB, and Network Firewalls. Utilized best practices, AI, scripting tools, industry benchmarks, and company policy to develop and execute. Shared results and presented reports with leadership and IT management. Helped track, monitor, and validate remediation for thousands of IT issues.
  • Conducted multiple, onsite infrastructure audits of corporate and franchise offices and stores globally, including locations in the UK, Russia, UAE, South Africa, India, France, Switzerland, SOPAC and Spain.
  • Recruited, onboarded, and managed a new IT Audit analyst employee.
  • Helped to implement a new audit program solution - Audit Board.
  • Helped to conduct security awareness training via email phishing simulations for corporate and franchise users. Worked with the Cyber Security team to implement and conduct tests during onsite engagements.
  • Partnered with external auditors, corporate control owners, and finance auditors to test and deliver SOX and ITGC controls for in-scope IT Systems.
  • Recognized twice with ABR awards for contributions to IT audit and company-related incident response support focused on reporting, recommendation and remediation.
  • Served on numerous security and legal focused committees, including M365 Governance, GRC Committee, and Data Champions

Manager, IT Security

Yum! Brands
Louisville, Kentucky
03.2019 - 08.2019
  • Lead Cyber Security Incident Response Program. Advised CISO and IT Security Management.
  • Coordinated with IT and non-IT teams to establish steps, on-call, and response protocols. Performed incident response triage, wrote leadership focused flash reports, postmortems, recommendations, and oversaw crisis management during corporate and franchise cyber security incidents.
  • Worked with a small team to triage email security tools, and helped to train the help-desk on response procedures.
  • Helped to write run books for incident response scenarios including email scenarios and website attacks.

Security Engineer, Security Operations

Yum! Brands
Louisville, Kentucky
03.2013 - 03.2019
  • Worked with a small Security Operations team to oversee, harden and conduct assessments on the corporate Active Directory, including several major projects and to implement recommendations from our enterprise partner, Microsoft. Implemented or assisted in applying tiered accounts, LAPS (randomization of administrator passwords) and other AD security hardening best practices. Lead or helped to conduct ADRAP and Pop-Slam engagements with Microsoft in the corporate environment.
  • Worked over several years to harden our NAC environment, implementing 802.1x, MAB, and certificate controls on network devices. Designed, upgraded, and rebuilt our NAC environment multiple times during planned upgrades and system refreshes.
  • Worked with a vendor to design and build two PKI environments. Oversaw the corporate Certificate Authority and was responsible for maintenance and administration.
  • Implemented Client VPN solution for corporate employees, worked with small team to test, harden and maintain configuration.
  • Administered or oversaw firewall administration of Cisco and Fortinet appliances. Monitored and performed oncall duties.
  • Worked with a small team to upgrade legacy firewalls and migrate to Palo Alto devices.
  • Lead, designed, and implemented a password enterprise vault solution - Cyber Ark. Responsible for architecture, administration, and operations.
  • Responsible for enforcing IT security controls including password and account enforcement of corporate identities.
  • Partnered with a vendor to design and implement an Incident Response platform, via Service Now. Worked with CISO and Senior Director to design an end-to-end incident response life cycle and process flow diagram for incident response.
  • On-call and responsible for all incident response scenarios for the corporation. Wrote flash reports and provided to CISO and senior leadership.
  • Helped to administer Microsoft Azure and M365 environment for corporate.
  • Worked with a co-worker to architect and implement a corporate MFA solution - DUO. Setup and maintained cloud and radius servers for O365 access.
  • Owned and helped to install and run Microsoft authentication and Azure directory sync environments (ADFS and AAD Connect).
  • Implemented NAC with a new print vendor, and utilized EAP-TLS cert-based auth for printers. Helped write policy documents on NAC, IoT and Printer devices.
  • Worked with internal SOC/SIEM to implement and provision to corporate workstations and servers an incident response agent (Tanium). Helped to monitor and respond to alerts via a central console.

Analyst, Security Administration

Yum! Brands
Louisville, Kentucky
04.2007 - 03.2013
  • I started my career at Yum as an intern and was promoted to an analyst upon graduation in 2007.
  • Performed both low- and high-level security administration of corporate employee and contractor accounts.
  • Utilized the highest privilege level access to grant appropriate permissions to users, groups, databases, and applications.
  • Worked with IT application owners on system design, implementation, and administration.
  • Helped to update and migrate code changes to Oracle PeopleSoft, including HR, Finance, and CRM modules. Oversaw access to a corporate mainframe, and assisted with roles and permissions for users, jobs, and datasets.
  • Helped application IT teams to design and implement security request workflows. Participated in major projects to build ticket request catalogs in solutions such as PMG and BMC-Remedy.
  • Worked with compliance and audit to provide proper documentation of financial and ITGC SOX controls.
  • Performed on-call duties, and assisted with company re-orgs and terminations.
  • Oversaw and led an SSL VPN solution to grant contractors and vendors least-privilege access to internal company systems. Hardened, maintained, and upgraded the VPN system as necessary.
  • Helped oversee administration of a PCI environment, and ensured appropriate, compliant controls were in place.

Education

Bachelor of Science - Computer Information Systems

University of Louisville
Louisville, Kentucky
12.2007

Skills

  • Cisco ISE and firewalls
  • Microsoft Active Directory and Azure
  • Multi-factor authentication - DUO
  • Public key infrastructure (PKI)
  • Enterprise password management - CyberArk
  • Incident response management
  • Technical IT audits - Cloud, WAF, Firewalls, IAM, Infrastructure, Applications, Networking, CMDB, IR/DR, Governance
  • Data visualization - Power BI and DOMO
  • Audit board compliance
  • SOX IT general controls (ITGC)
  • Use of artificial intelligence (AI) to create lightweight PowerShell and Python scripts to enhance IT tasks and audit automation
  • Policy development and writing
  • Compliance oversight strategies
  • Network security management
  • Problem-solving techniques
  • Adaptability and flexibility skills
  • Team collaboration and dynamics

Certification

GIAC Systems and Network Auditor (GSNA), 09/13/24, 09/30/28

Timeline

Manager, IT Internal Audit

Yum! Brands
08.2019 - Current

Manager, IT Security

Yum! Brands
03.2019 - 08.2019

Security Engineer, Security Operations

Yum! Brands
03.2013 - 03.2019

Analyst, Security Administration

Yum! Brands
04.2007 - 03.2013

Bachelor of Science - Computer Information Systems

University of Louisville

Similar Profiles

CREATE PROFILE
JOSHUA T. THOMAS