Summary
Overview
Work History
Skills
Certification
Technical Skills
Timeline
Generic

Mike Ackerman

Security Engineer
Bear Valley,CA

Summary

Results-driven Security Engineer & Compliance Analyst with expertise in governance, risk management, and security compliance . Proven ability to develop, implement, and enforce security policies aligned with HIPAA, NIST, HITRUST, and SOC 2 frameworks. Skilled in AWS security posture management, risk assessments, vulnerability management, incident response, and security awareness training . Hands-on experience mitigating security threats, performing compliance audits , and leveraging GRC platforms like Hyperproof to streamline regulatory compliance. Proactive in monitoring security posture, enforcing IAM policies, and strengthening cloud environments . Adept at collaborating with cross-functional teams to drive a strong security culture.

Overview

4
4
years of professional experience
3
3
Certifications

Work History

Security Engineer – Compliance & Cloud Security

Origin Healthcare
San Francisco, California
07.2024 - Current
  • Defined and enhanced the organization's security posture, establishing security policies, risk management procedures, and incident response plans.
  • Managed and mitigated security threats in AWS, overseeing IAM, security groups, and encryption policies to protect cloud assets.
  • Managed access controls, IAM policies, and audit logs in AWS to enforce least privilege and detect unauthorized access.
  • Performed risk assessments and compliance gap analysis, documenting findings and assisting in remediation strategies.
  • Conducted regular security and compliance audits, ensuring adherence to data protection regulations.
  • Conducted regular security assessments and vulnerability management in the AWS environment, implementing remediation strategies.
  • Provided Linux security hardening and troubleshooting, ensuring proper access control, patch management, and system monitoring.
  • Monitored security tools, including Elastic Stack for log monitoring and threat analysis.
  • Led security awareness training programs and conducted phishing simulations to improve employee cyber hygiene.

Security Administrator – Compliance & Risk Management

Amino Health
San Francisco, CA
03.2023 - 07.2024
  • Led Governance, Risk, and Compliance (GRC) initiatives using Hyperproof, driving efforts to achieve NIST, HITRUST, and HIPAA certifications.
  • Conducted risk assessments and gap analyses, ensuring security policies aligned with compliance frameworks.
  • Oversaw phishing simulations and employee security testing, reducing social engineering risks.
  • Contributed to the development of security policies, incident response plans, and audit documentation to maintain regulatory adherence.
  • Implemented and supported Data Loss Prevention (DLP) strategies, ensuring proper handling of Protected Health Information (PHI).
  • Proactively monitored infrastructure and security systems, mitigating threats to prevent downtime or potential breaches.
  • Managed vulnerability assessments and remediation strategies, enhancing overall security posture.
  • Led efforts toward achieving SOC 2 Type II certification to reinforce commitment to security and compliance.
  • Utilized Hyperproof to streamline compliance tracking and risk management, increasing efficiency and audit readiness.
  • Implemented and administered a Pure macOS environment with Jamf Pro and Jamf Protect, ensuring secure and seamless device management.
  • Deployed Jamf Connect to improve employee account administration, enhancing user experience and security controls.
  • Applied basic knowledge of Burp Suite for minor penetration testing, strengthening proactive security measures.
  • Mitigated security threats through HackerOne program engagement, continuously improving security posture.
  • Collaborated with cross-functional teams to foster a security-first culture and improve compliance across the organization.

Security Analyst – Threat Investigation & Endpoint Security

Alterra Mountain Company
Denver, CO
08.2022 - 03.2023
  • Utilized Crowdstrike endpoint detection and response platform to analyze and investigate security incidents across 18 different domains (ski resorts), identifying and mitigating potential threats to company systems and networks.
  • Conducted log monitoring and analysis using LogRhythm for up to 18 different domains, proactively identifying security events and anomalies to ensure integrity and confidentiality of company data.
  • Performed SIEM (Security Information and Event Management) review, demoing and reviewing various SIEM platforms to replace current company standard
  • Collaborated with cross-functional teams to develop and implement vulnerability management strategies, conducting regular vulnerability assessments and providing recommendations for remediation.
  • Led security awareness training programs for employees, designing and delivering engaging sessions to educate staff on best practices, policies, and procedures for maintaining a secure work environment.
  • Stood up new Security Awareness program using Workday LMS
  • Assisted in incident response activities, participating in investigations, containment, and resolution of security breaches and intrusions.
  • Conducted regular security risk assessments, identifying potential vulnerabilities and recommending appropriate security controls.
  • Collaborated with IT teams to ensure compliance with industry standards and regulatory requirements, such as PCI DSS and GDPR.
  • Developed and maintained documentation, including incident reports, security policies, and procedures, ensuring accurate and up-to-date information for reference.
  • Participated in security incident handling exercises and drills to test the effectiveness of incident response plans and procedures.
  • Stayed abreast of the latest security threats, vulnerabilities, and industry best practices through continuous professional development and information sharing with peers.

IT Systems Administration & Support

Alterra Mountain Company
Denver, CO
05.2021 - 08.2022
  • Managed MS Office 365 user accounts, enforcing security configurations and access control policies
  • Provided Tier 1-3 IT support, resolving endpoint issues and security concerns
  • Diagnosed network security risks, firewall misconfigurations, and endpoint security violations
  • Authored security installation and configuration guides for end-users

Skills

Hyperproof

Microsoft Purview

HITRUST

HIPAA

SOC 2

CrowdStrike Falcon

Elastic Stack (ELK)

Microsoft Defender

Nessus

AWS Security Posture

IAM

Encryption Policies

SIEM (Splunk, Microsoft Sentinel)

DLP Policies

undefined

Certification

HTB Certified Defensive Security Analyst HTB Certified Bug Bounty Hunter (CBBH), In Progress, Q2 2025

Technical Skills

  • GRC & Compliance : Hyperproof, Microsoft Purview, NIST 800-53, ISO 27001, HITRUST, HIPAA, SOC 2, SOX
  • Security Platforms & Tools : CrowdStrike Falcon, Elastic Stack (ELK), Microsoft Defender, Nessus, Qualys
  • Cloud Security & Compliance : AWS Security Posture, IAM, Security Groups, VPC, Encryption Policies
  • Endpoint Security & Monitoring : SIEM (Splunk, Microsoft Sentinel), DLP Policies, Threat Intelligence
  • Risk & Incident Management : Vulnerability Assessments, Threat Analysis, Access Control Audits
  • Operating Systems & Infrastructure : Linux Security Hardening, Windows Server, VMware, Citrix
  • Automation & Scripting : PowerShell, Python (basic)
  • Security Awareness & Training : Phishing Simulations, Employee Security Compliance Training

Timeline

Security Engineer – Compliance & Cloud Security

Origin Healthcare
07.2024 - Current

Security Administrator – Compliance & Risk Management

Amino Health
03.2023 - 07.2024

Security Analyst – Threat Investigation & Endpoint Security

Alterra Mountain Company
08.2022 - 03.2023

IT Systems Administration & Support

Alterra Mountain Company
05.2021 - 08.2022

Similar Profiles

  • Emily Ferreira

    Emily FerreiraEmily Ferreira

    Account Liaison/Supervisor at CareCloud/Origin Healthcare/Meridian MedicalAccount Liaison/Supervisor at CareCloud/Origin Healthcare/Meridian Medical

    View Profile
  • Thomas Burnett

    Thomas BurnettThomas Burnett

    Application Director at Hartford HealthCareApplication Director at Hartford HealthCare

    View Profile
  • Evelyn Puente De La Vega

    Evelyn Puente De La VegaEvelyn Puente De La Vega

    Revenue Operations Specialist at JLA Healthcare ManagementRevenue Operations Specialist at JLA Healthcare Management

    View Profile
Mike AckermanSecurity Engineer