Ngwengeh Fonguh

• Expertly monitored and managed IT Security environment to immediately detect, verify, and respond swiftly to cyber threats: vulnerabilities, malwares, cyber-attacks, to ensure risks are accurately mitigated.
• Was part of the team that worked on Apple’s safe browsing project, as Team Lead, in charge of cross-functional strategic, tactical, and operational initiatives, for the team, the organization and our clients.
• Managed, maintained, and used security tools i.e., DLP, SIEM, EDR, SWG, etc., to keep organization’s security posture in compliance with security regulatory requirements.
• Spearheaded the formulation and implementation of security policies to ensure the organization's confidentiality, integrity, and availability requirements are met.
• Led the charge in deploying cybersecurity-enabled products and leveraging compensating security control technologies to mitigate identified risks effectively.
• Oversaw and orchestrated the implementation of targeted cybersecurity countermeasures tailored for both systems and applications, ensuring strict adherence to established procedures.
• Provided mentorship for new team members and junior analysts, and approved Timesheets for junior Analysts, SOC 1 and SOC 2 Team members on a weekly basis, taking into consideration hours worked per week, comp offs, planned leaves, etc.
• Prepared and updated weekly status reports, quarterly shift roasters, and capacity planning reports, as well as provided departmental support to the business on enterprise-wide security initiatives and projects.
• Drove the meticulous documentation of systems security implementation, operations, and maintenance activities, ensuring that documentation is always up to date.
• Actively contributed valuable insights to the Risk Management Framework process, enhancing the quality of system life-cycle support plans and operational procedures.
• Rigorously verified and updated security documentation to reflect the latest application/system security design features, maintaining a comprehensive and accurate repository.
• Analyzed and presented trends in system security postures, offering strategic recommendations for continuous enhancement of cybersecurity resilience.
• Implemented organization-wide security measures to resolve vulnerabilities, mitigate risks, and proactively recommend security changes based on evolving threats.
• Guaranteed the confidentiality, integrity, and availability of systems by methodically implementing system-level security measures aligned with established protocols.
• Collaborated seamlessly with stakeholders to expediently resolve computer security incidents and address vulnerability compliance to ensure a robust security posture.

• Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
• Recommend improvements in security systems and procedures.
• Performed risk analyses to identify appropriate security countermeasures.
• Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
• Galvanized a high-performing cybersecurity team to achieve optimal results in vulnerability management, promoting a culture of collaboration and excellence.
• Implemented advanced threat detection and response strategies using leading EDR and SIEM tools, significantly enhancing the organization's security posture.
• Provided first level response for security events including but not limited to intrusion detection on the network, application, and operating systems (endpoint security).
• Coordinated investigations and response efforts throughout the Incident Response lifecycles and analyzed events and data to determine scope of cyber incidents.
• Conducted comprehensive risk assessments, proactively identifying, and mitigating potential security threats through a holistic approach.
• Collaborated closely with cross-functional teams to seamlessly integrate security measures into the software development life cycle, fostering proactive security practices.
• Orchestrated impactful security awareness training programs for employees, contributing to an overall improvement in the organization's cybersecurity posture.
• Coordinated with external auditors to ensure compliance with industry standards and regulatory requirements, maintaining a robust security framework.
• Conducted regular security briefings and updates for executive leadership, providing insights into emerging threats and vulnerabilities.
• Initiated and led incident response drills, ensuring organizational readiness to handle security incidents with precision.
• Developed and maintained detailed documentation of security policies, procedures, and incident response plans, establishing a foundation for robust cybersecurity practices.
• Galvanized a high-performing cybersecurity team to achieve optimal results in vulnerability management, promoting a culture of collaboration and excellence.
• Implemented advanced threat detection and response strategies using leading EDR and SIEM tools, significantly enhancing the organization's security posture.
• Provided first level response for security events including but not limited to intrusion detection on the network, application, and operating systems (endpoint security).
• Coordinated investigations and response efforts throughout the Incident Response lifecycles and analyzed events and data to determine scope of cyber incidents.
• Conducted comprehensive risk assessments, proactively identifying, and mitigating potential security threats through a holistic approach.
• Collaborated closely with cross-functional teams to seamlessly integrate security measures into the software development life cycle, fostering proactive security practices.
• Orchestrated impactful security awareness training programs for employees, contributing to an overall improvement in the organization's cybersecurity posture.
• Coordinated with external auditors to ensure compliance with industry standards and regulatory requirements, maintaining a robust security framework.
• Conducted regular security briefings and updates for executive leadership, providing insights into emerging threats and vulnerabilities.
• Initiated and led incident response drills, ensuring organizational readiness to handle security incidents with precision.
• Developed and maintained detailed documentation of security policies, procedures, and incident response plans, establishing a foundation for robust cybersecurity practices.

Executed vulnerability assessments utilizing tools such as Nessus and Qualys, adopting a proactive stance towards threat intelligence.

• Collaborated closely with system administrators to implement security measures in line with industry best practices, ensuring a cohesive security approach.
• Recommend improvements in security systems and procedures.
• Contributed to the development and meticulous documentation of security policies and procedures, setting a solid foundation for organizational security.
• Conducted regular and engaging security training sessions for end-users, elevating overall security awareness across the organization.
• Participated actively in the analysis and reporting of system security posture trends, providing valuable insights for continuous improvement.
• Performed risk analyses to identify appropriate security countermeasures.
• Implemented system-level security measures to ensure confidentiality, integrity, availability, authentication, and non-repudiation of organizational assets.
• Coordinated with external vendors for penetration testing and security assessments, ensuring a comprehensive understanding of potential vulnerabilities.
• Verified minimum security requirements for applications, ensuring compliance with established standards.
• Monitored use of data files and regulated access to protect secure information.
• Contributed significantly to the development of risk management processes, providing valuable input to enhance the overall security posture of the organization.
• Collaborated closely with stakeholders to efficiently resolve computer security incidents and ensure swift vulnerability compliance.

• Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
• Performed risk analyses to identify appropriate security countermeasures.
• Conducted security audits to identify vulnerabilities.
• Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
• Collaborated with third-party payment card industry (PCI) compliance partners.
• Maintained company-wide compliance with industry standards.
• Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
• Spearheaded bring your own device program, defining necessary security parameters and designing complementary security deployments.
• Monitored computer virus reports to determine when to update virus protection systems.
• Analyzed network traffic and system logs to detect malicious activities.
• Drafted security reports and metrics to track security performance and strategize improvements.
• Implemented security measures to reduce threats and damage related to cyber attacks.
• Educated and trained users on information security policies and procedures.
• Worked with business teams across company global organization to develop and execute the IT Risk Compliance and Risk Management program framework, extending processes as necessary to help businesses identify information risk and manage mitigation to an acceptable level.
• Worked with team members within the Risk and Compliance organization in assessing risk, developing appropriate controls, and advised on creation of action plans to address gaps.
• Organized and performed system risk and information security risk assessments and promoted best practices for risk management through effective risk control, monitoring, and improvement of risk management processes.
• Was part of managing information security incident response plan, policies, and procedures.
• Served as leader for several security-related initiatives including antivirus roll-out, problem management and the launch of a disaster recovery site and data leakage and loss prevention.
• I encouraged an environment where team members understand that the team succeeds or fails together.
• Initiated, participated in, and promoted activities to foster information security awareness within the organization.
• Expertly promoted continuous improvement and helped teams increase productivity and innovation. And was as part of a team that planned, maintained, and tested for BCP and Disaster Recovery.
• Presented quarterly updates to the Board of Directors on all information security matters.

• Assisted in the coordination of organization's IT systems to ensure that risk and security objectives are met.
• Worked with team members within the Risk and Compliance organization in assessing risk, developing appropriate controls, and advised on creation of action plans to address gaps.
• Conducted and performed system risk and information security risk assessments and ensured that risks were accurately mitigated.
• Was part of managing information security incident response plan, policies, and procedures.
• Monitored internal control systems to ensure that appropriate information access levels and security clearances are maintained.
• Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
• Part of the team that conducted phishing attack test to recognize phishing emails in working environment.