Robert Orozco

• Led a cybersecurity team of five, including two senior security analysts and three SOC analysts.
• Performed secure architecture design, threat modeling, and risk assessments for new application integrations and workflows.
• Coordinated annual penetration tests on our six core web applications, APIs, and both internal and external networks, working closely with penetration testers and stakeholders to ensure successful execution of all tests.
• Implemented Azure Sentinel SIEM while ensuring end-to-end encryption of log traffic at rest, in use, and in transit to maintain secure communication channels.
• Established a Security Operations Center (SOC) for Breville using Azure Sentinel by enabling data connector app integrations and enabling/ implementing custom analytic rules to ensure comprehensive threat detection and alerting for the company.
• Established Security Orchestration, Automation, and Response (SOAR) capabilities using Azure Sentinel logic apps to automate incident response tasks for flagged alerts, streamlining processes and enhancing operational efficiency.
• Implemented vulnerability assessment solutions for web applications, cloud environments, servers, and endpoints, utilizing tools like Tenable, Qualys, Defender for Endpoints & Servers powered by Microsoft Defender Vulnerability Management (MDVM), and Cloud Security Posture Management (CSPM).
• Implemented Microsoft Defender Extended Detection and Response (XDR) across all servers and endpoints, with tailored policies for specific sensitive systems.
• Developed and implemented comprehensive vulnerability management processes and procedures to effectively remediate security findings on web applications, servers, and endpoints.
• Conducted regular audits of IT infrastructure to ensure adherence to established cybersecurity policies and best practices.
• Maintained up-to-date knowledge of industry trends and threat landscape through ongoing research and professional development activities.
• Implemented secure by design security principles, theories and best practices for our global hybrid environment (Azure, AWS, On-Prem)
• Led initiatives to align company security practices with NIST CSF while also ensuring compliance with PCI-DSS, GDPR, CCPA, and EU regulations.
• Created logic apps in Azure to automate incident response activities, calling of APIs, and complex application integrations/workflows.
• Developed custom playbooks for automating responses to security alerts, including actions like running antivirus scans, creating tickets, sending emails, blocking users, enforcing MFA, revoking sessions and resetting passwords.
• Managed Identity and Access Management operations, including PIM, PAM, Azure Identity Protection, Identity Governance, and Entra ID.
• Implemented the KnowBe4 security awareness training platform, conducting quarterly phishing campaigns and annual compliance training for PCI-DSS, GDPR, CCPA, and OWASP for developers.
• Administered email security and data protection using the O365 Security & Compliance Center, managing DLP, anti-spam, and anti-phishing policies.
• Led and managed complex cross-functional programs

• Diagnose, troubleshoot, and resolve hardware, software, or other network security issues like Firewall changes, hardware modifications, Proxy changes, vulnerability management
• Collaborated with IT teams to ensure seamless integration of security measures into existing infrastructure.
• Conducted web application vulnerability remediation's for public government sites to ensure compliance
• Conducted internal audits to identify areas of improvement within the organization''s information security program.
• Conducted incident response operations using Splunk SIEM for network related security alerts
• Plan, organize, and develop policies and procedures for incident response and threat detection
• Conducted network vulnerability scans using the Retina Beyond Trust scanners and assisted in implementing Tenable.io vulnerability scanner to The Aerospace Corporation.
• Apply security best practices following NIST SP 800-53, ISO 27000, FedRAMP, CSF, etc.
• Conducted incident response for various types of alerts such as Malware detection, beaconing, system exploits, privilege escalation, IAM and more.
• Analyze email security appliance traffic to identify trends or sightings of malicious activity
• Monitor, maintain, and document daily SPAM/ Phishing emails sent in from end users.
• Conduct phishing campaigns and user training with the KnowBe4 platform.
• Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
• Created program to automate email deliver using Python programming language

• Planning, creating and implementing security best practices for all computer systems, networks, and data
• Conducted server, web application, and endpoint vulnerability scans using Qualys vulnerability scanner.
• Remediated vulnerabilities on 27 custom web applications for PIH Hospital, prioritizing issues based on severity to ensure robust security and hardening.
• Collaborated with developers to implement secure-by-design principles in newly created web applications.
• Remediate known vulnerabilities to IT systems by pushing out patches, hot fixes, or updates using SCCM
• Manage deployments and software/ hardware reviews
• Implement, monitor, and maintain anti-malware protection on over 1,000 systems
• Implemented technical and administrative controls to remain compliant with HIPPA, HITECH, PCI-DSS, and NIST best practice
• Create email rules and filters using Barracuda Email Security Gateway to reduce SPAM emails to users and created DLP filters for outbound traffic
• Implemented URL filtering policies using Palo Alto Firewalls to monitor and control how end users access the web over HTTP and HTTPS
• Monitor all logs on network using Solar Wind’s Log Event Manager (SIEM)
• Create and document information security policies, standards, procedures, and guidelines
• Review violations of security procedures and discuss procedures with violators to ensure violations are not repeated.

• Joint Networks Node (JNN) & Tactical Communication Node (TCN) chief; Training soldiers for upcoming deployments and various DoD communication missions
• Taught soldiers how to use security tools like NMAP, ACAS, WireShark, Splunk, Vsphere, Cloud Computing, SCCM, Active Directory, Firewall setup, Network Segmentation and network security fundamentals.
• Provide various services such as NIPRNET, SIPRNET, VOIP, RoIP, and communication on the move using Line of Sight (LOS), commercial services, and Satellite Communications (SATCOM) as backbone
• Experience in securely designing, configuring, and installing network equipment such as routers, switches, firewalls, and IDS/IPS systems.
• Experience with the installation/configuration of encryption devices to build P2P tunnels through LAN/WAN while rotating COMSEC keys each mission as security best practice for encrypted communications.
• Conducted monthly cyber security awareness training to new soldiers entering the unit and yearly brief for all soldiers as NCOIC for the unit.

• Direct team of 4 for daily department operations, analyzing workflow, establishing priorities, developing security standards, and setting timelines
• Accountable for operation, installation, and maintenance of computer, network, telecommunications switching systems valued over $20 Million
• Configured Cisco routers, switches, and IPS/IDS systems for SIPR and NIPRNET
• Appointed as custodian for the distribution and destruction of COMSEC firefly and PPK keys
• Implement and maintain antivirus clients and definitions on endpoints to assure all software is secure and up to date on over 600 systems and engage in incident response, disaster recovery, and business continuity activities
• Perform cybersecurity risk analysis of design requirements and risk management. Configure and define parameters for installation or testing of local area network (LAN), wide area network (WAN), TCP/IP, routing, switching, firewall, servers, controllers, multiplexers, or related networking equipment
• Configure, implement, and monitor network security solutions ranging from VPNs, VLANS, DNS, DHCP, 802.1X, Port Security, hardening techniques, security policies
• Secure implementation and maintenance of DoD Satellite and Communication Systems
• Maintain and administer security on computer networks and related computing environments including computer hardware, systems software, application software, and all configurations
• Administer System Center Configuration Manager (SCCM 2012) to create and configure specific device collections to push packets, updates, patches, and hot fixes to remediate vulnerabilities of outdated or vulnerable software on the network
• Conduct software and application vulnerability scanning on DoD network using the Assured Compliance Assessment Solution (ACAS) tool
• Reviewed logs and reports of suspicious activities on Splunk from the network firewalls, IDS/IPS systems, and other Computer systems for over 5,000 systems
• Support Incident Response activities and Request for Change documentation.

• 3.96 GPA
• Honor Roll

With a focus in Cybersecurity

• 4.0 GPA
• summa cum laude graduate