Kimberly Helmus

Led the design and implementation of a comprehensive cybersecurity strategy , enhancing the protection of sensitive patient data and ensuring compliance with HIPAA and other regulatory standards.

• Performed regular security audits and assessments , evaluating the effectiveness of existing controls and recommending enhancements to address identified vulnerabilities.
• Stayed updated on the latest cybersecurity trends and threats , continuously refining security strategies and solutions to address evolving challenges in the healthcare industry.
• Oversaw the development and delivery of cybersecurity training programs , increasing staff awareness and ensuring adherence to security best practices across the organization.
• Developed and enforced security policies and procedures , aligning them with industry best practices and regulatory requirements to maintain a high standard of data protection.
• Implemented advanced security solutions , including intrusion detection systems (IDS), firewalls, and encryption technologies, to protect critical healthcare infrastructure from emerging threats.
• Coordinated with cross-functional teams , including IT, compliance, and clinical departments, to integrate security measures seamlessly into existing systems and workflows.

• Part of a Critical Task Force who has a sole purpose in finding and remediating hundreds of Critical Vulnerabilities across the company
• Oversaw network and security monitoring programs to quickly detect and control intrusions, potential attacks, and other Information Systems security threats
• Detected vulnerabilities through in-depth investigations and network scanning tools, and perform investigations on assets that are not reporting correctly
• Performed Vulnerability Assessments on 0-Day Vulnerabilities, Embargoed Issues, and other Critical Vulnerability Assessments to understand impact to the company
• Launched and successfully ran hundreds of Vulnerability Campaigns of varying levels of criticality.

• Managed implementation of new systems, coordinating closely with internal/external personnel and outside vendors to onboard 5 subsidiaries quickly and correctly
• Helped non-security personnel implement appropriate levels of compensating controls for business objectives, while still maintaining an appropriate security posture
• Familiar with NIST, ISO, OWASP, MITRE, and PCI Standards
• Using them to perform Vulnerability Assessments and keep the company up to date with these guidelines.

• Maintained primary technical ownership of service support tickets by assisting customers in their remediation efforts for 100+ different Vulnerability Campaigns
• Responsible for creating and driving to resolution high level Vulnerability Campaigns, which successfully resulted in a reduction of over 3 million risks in 2020
• Assisted the Incident Response team in investigation and response to active security incidents when necessary
• Liaison between the Vulnerability Management team and partner security teams throughout the company to ensure understanding and compliance across Amazon.

• Collaborated and advised on the complete rewrite of the United States Navy Cybersecurity Workforce Qualification Standard, revamping the guidelines, qualifications, and requirements needed for the entire Navy's Cybersecurity Workforce
• Assisted the Information Systems Security Manager with managing and enforcing the cybersecurity requirements necessary for three networks, 55 servers, 600 computer workstations, and 3,000 users
• Maintained a Systems Security Plan for two separate organizations
• Interacted with personnel within and outside the site's security organization, properly and effectively executing security responsibilities
• Ensured Cyber Security Workforce Individual Development Plans for 25 employees were created and fulfilled detail specific cybersecurity training and qualifications required for full compliance
• Assisted in the FedRamp Authorization Process for three separate organizations, with each organization being issued ATOs to maintain successful operations
• Scanned and maintained two separate networks for PII, HIPAA, and various other DoD compliance regulations and policies.