Summary
Overview
Work History
Education
Skills
Certification
Work Availability
Quote
Timeline
BusinessAnalyst
Logan Holleman

Logan Holleman

Jackson,MS

Summary

Expert in cybersecurity with over seven years of experience in risk management, compliance, and the implementation of security controls in large corporate cloud and on-premises environments. Capable of leading cross-functional teams and implementing strategic cybersecurity initiatives that support organizational goals and drive outcomes for the business. By focusing on wide-ranging flexibility and proficiency across many technologies and frameworks, bringing a wealth of experience and the ability to motivate, lead, and succeed at fostering a premier security program and culture. This expansive expertise in leading complex endeavors, including conducting risk assessments, threat assessments, control efficacy testing, and disaster recovery plans, yields stronger protections against and higher visibility of cyber risks while raising cybersecurity operational and cultural standards. This relentless commitment to cybersecurity principles and best practices hones the capability of the business to anticipate and identify cyber-risk, mitigate vulnerabilities, and fortify defenses against emerging cyber threats.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Cyber Security Risk Coordinator

Entergy Corp
03.2021 - Current
  • Managed company-wide assessment for SOX patching and vulnerability remediation, resulting in coordinated effort to hold IT and Business unit stakeholders accountable
  • Responsible for assessing vulnerability management in SOX regulatory space
  • Leading innovative Cyber Risk Management process that leverages collaboration from all business units to create dynamic cyber security risk register, multi-departmental risk review board, and process for continuous assessment and control effectiveness testing
  • Moved to "loss-event"-focused risk register and assessment methods, leading to easier quantification and cost-benefit analysis of risk
  • SME for technical risk assessments, focused on DR/BIA, Ransomware, Decommissioning process and IVR security
  • Developed "Incident Postmortem" process to allow for independent governance-based report to tease out lessons learned from incident management events and feed into Cyber Security Risk Management and Risk Register processes
  • Conducted company wide Cybersecurity Resilience and Reliability in Extreme Weather assessments led to development of winter readiness checklist for OT business owners
  • Designed and implemented standing meeting and support group for internal cybersecurity certification and training to promote security culture excellence beyond typical awareness training
  • Conducted AWS risk assessment to evaluate cybersecurity cloud engineering implementation and compliance policy

NERC/CIP Compliance Analyst II

Entergy Corp
05.2019 - 03.2021
  • Investigated and report on potential NERC violations as Cybersecurity SME for NERC/CIP CAP group
  • Responsible for Causal Determination and Cause Mapping of bulk electric system for CIP Violations
  • Create Self Report, Mitigation Plan, and Reportability review documents for CIP 009, CIP 007, and CIP 010 standards
  • NERC Reliability Standard policy and procedure administration
  • Designed, developed, implemented, and monitored processes and controls that ensure ongoing compliance with NERC Reliability Standards
  • Developed, implemented, and maintained NERC Compliance program JIRA project queue to manage SERC enforcement issues and provide dashboards, metrics, and KPIs for upper management

Information Security Analyst I-II

C Spire
02.2017 - 05.2019
  • Responsible for leading, tracking, and reporting on compliance-driven corrective action and remediation efforts across the organization
  • Designed and implemented Cyber Security Awareness Training and Phishing Campaigns companywide during 2018 and 2019
  • Advised and Facilitated third-party penetration tests and risk assessments
  • Responsible for Monthly cybersecurity audit and compliance control design, execution, and documentation
  • Investigated, analyzed, and assessed the impact of security incidents as well as led remediation efforts
  • Managed and delivered 2017 and 2018 PCI and SOC audit data for C Spire Cloud services division
  • Change control coordinator for C Spire Cloud services division for 2017/2018
  • Communicated with and maintained relationships with internal and external entities regarding security trends and techniques
  • Revised and streamlined continuous internal testing controls process across the company on an ad-hoc and annual basis
  • Assisted in Cyber Security policy creation and revision
  • Planned, implemented and tuned Data Loss Prevention program using Office 365 DLP tools
  • Led the post-acquisition cloud engineering assessment and SOC I/II audit and harmonization for 2018 and 2019
  • Managed Nexpose vulnerability scanner deployment project and launched the vulnerability management program
  • Communicated advisories and authored intranet posts regarding current and emerging threats related to core business

Fraud Analyst

C Spire
01.2016 - 02.2017
  • Investigated, analyzed, mitigated, and reported on fraud incident data occurring in the retail channel
  • Lead analyst for fraud incident response for over 70 stores and 3 call centers, investigated suspicious customer transactions and worked to prevent fraudulent activity
  • Managed and deployed TNS FraudTec II CDR fraud engine
  • Developed wireless usage driven fraud detection model which reduced detection window and financial exposure by over 80%
  • Created predictive analytical techniques that targeted accounts opened using ID theft, resulting in $500,000+/year loss prevention
  • Managed "Kount" transactional Fraud and Risk Management engine; tuned rules to mitigate retail channel vulnerabilities

System Support Specialist I-II

C Spire
05.2012 - 01.2016
  • Responsible for maintaining proper chain of custody procedures for assets involved in cybersecurity incidents when applicable
  • Worked with Cybersecurity group incident response team to investigate cybersecurity incidents and assist with containment
  • Managed Sophos and Symantec full disk encryption console and submitted compliance records
  • Maintained Symantec Endpoint Protection clients
  • Investigated and mitigated desktop security events for entire corporate headquarters
  • Served as technical representative on IT projects or specific IT areas
  • For example, PC requisitions, equipment inventory, new product rollout, equipment repair process.

Education

Bachelor of Science - Computer Science, Cisco Networking Emphasis;

University of Southern Mississippi
Hattiesburg, MS
2014

Skills

  • Designing and Governing Cloud-Based Security Architectures and Operations
  • Assessment and Control Testing of Third-Party and Supply Chain Security
  • FAIR methodology
  • Risk Register Creation and Planning
  • Incident Response Planning
  • Analysis of contracts with vendors and third parties
  • Business continuity and disaster recovery planning
  • Risk assessment and analysis
  • Policy development and Revision
  • Data Loss Prevention
  • Auditing SOC I and SOC II controls
  • Auditing ISO 20000 standards
  • ISO 31000 Risk Evaluation
  • Implementation of NERC/CIP standards
  • NIST Cybersecurity Framework
    PCI Compliance
  • Wireshark PCAP analysis
  • CISCO firewall/network appliance configuration
  • Nexpose & Tenable Nessus vulnerability scanner
  • SIEM and IDS Integration
  • InfoSec IQ Awareness and PhishSim phishing Suite
  • Sophos and Symantec Full Disk Encryption
  • Reciprocity Zen GRC security GRC tool
  • Metasploit penetration testing software
  • Trustwave's PCI scanning engine
  • Archer RSA GRC

Certification

  • CISSP (633884) - Certified Information System Security Professional - (ISC)2 - 7/13/2018

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Quote

Facts do not exist, only interpretations.
Friedrich Nietzsche

Timeline

Cyber Security Risk Coordinator

Entergy Corp
03.2021 - Current

NERC/CIP Compliance Analyst II

Entergy Corp
05.2019 - 03.2021

Information Security Analyst I-II

C Spire
02.2017 - 05.2019

Fraud Analyst

C Spire
01.2016 - 02.2017

System Support Specialist I-II

C Spire
05.2012 - 01.2016

Bachelor of Science - Computer Science, Cisco Networking Emphasis;

University of Southern Mississippi
Logan Holleman