SERGE SAA-LAPNET
Silver Spring,MD
Summary
Cybersecurity professional with 8+ years of hands-on experience in steering risk management and compliance operations, aiming to streamline internal security functions to prepare organizations for compliance assessments, security assessments, and vulnerability management.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Data Security and Privacy Analyst (GRC Analyst)
Freddie Mac
05.2023 - Current
- Engaged as part of team of security and privacy consultants to address and rectify compliance issues concerning data protection and governance following audit
- Efficiently defined scope of sensitive data protection assessment associated with remediation action plan
- Engaged in interviews with organizational stakeholders to evaluate system configurations and processes related to compliance with data protection and classification requirements
- Systematically gathered evidence and artifacts to assess compliance for package closure submission
- Participated in reviewing and updating cybersecurity and data governance policies following resolution of action plan for remediation
- Implemented risk assessment for Data Loss Prevention, encompassing structured, unstructured, semi-structured data, and data repositories
- Led assessment of third-party vendor risk with focus on evaluating data protection and effectiveness of security controls
- Successfully harmonized Data Loss Prevention framework requirements with NIST 800-53, NIST CSF, and NIST Privacy Framework for compliance remediation
- Contributed to data risk assessments concerning storage locations containing sensitive data, data inventory, and data classification granularity
- Assessed efficacy of security controls related to Data Loss Prevention and Payment processes
- Developed security and privacy controls for data governance, classification, and loss prevention risk assessment
- Aligned security and privacy controls within the remediation plan while addressing POA&M requirements
- Clearly defined Data Loss Prevention requirements, and thresholds as integral part of robust cybersecurity program capacity-building initiative
- Generated process flow diagrams that pertain to identification and classification of data, intake process after data risk assessment in Data Loss Prevention (DLP), and collaborative efforts involving Enterprise Data Office, Cyber DLP team, Information Security team, and various business divisions.
Cybersecurity Consultant PCI-DSS
Baxter-Clewis Cybersecurity
01.2022 - 01.2023
- Participates in team of security consultants to provide clients with streamlined security control guidelines for meeting PCI DSS compliance for level 1 PCI DSS
- Implements intricate assessments of Windows and Linux Server configurations to verify and validate compliance with PCI DSS requirements
- Elaborates on efficient methodologies to rapidly identify non-compliant systems for client remediation time reduction
- Performed risk assessment of cardholder data environment to identify security gaps and vulnerabilities; hence implementing controls to mitigate vulnerabilities and reduce risks
- Part of a team that developed processes and procedures to help quickly identify non-compliant systems that also led to reduced remediation time for clients and minimized security threats to their Web Application Firewall
- Built security gap analysis and formulated remediation plan based on company narrative examination
- Review client’s security policies and documentation to ensure adherence to PCI DSS requirements and avoid organizational potential loss
- Accompanies clients in developing system configuration standards that mitigate security vulnerabilities and decrease system deployment time
- Mapping project analysis for client transitioning from PCI DSS 3.2.1 to PCI DSS 4.0
- Risk assessments for clients transitioning from Self-Assessment Questionnaire (SAQ) to complete audit related to PCI DSS compliance.
Health Information Application SME
Children’s School Services
01.2014 - 01.2023
- Enhance organizational information systems and implement information assurance and Cybersecurity risk management standards, maintaining confidentiality, integrity, and availability of health data
- Implemented expert solutions for information entered in system database and located processes in existing software, providing technical support to nurses within school system
- Aligned regular operations and activities with HIPAA and Information Assurance protocols
- Introduce and leverage best Cybersecurity program development methodologies and organize Cybersecurity awareness and training programs
- Ensure efficient healthcare management and safeguard company assets from identified vulnerabilities by installing applicable vendor-supplied critical security patches
- Guarantee compliance with HIPAA, and FERPA, guiding users and new hires on health management software.
Cybersecurity Analyst
University of Maryland Global Campus
01.2015 - 01.2017
- Generated technical reports and reviews for the senior management, including threats, vulnerabilities, and information assurance as requested, while obtaining final acceptance for all projects and exceeding customer satisfaction
- Supported Cybersecurity processes of security control implementation, testing, and validation along with corrective action plan analysis and enforcement, while evaluating policy, procedure, design, and plan formulations
- Drafted documents in compliance with the SDLC, including a statement of work, the concept of operations documents, and project management plans, identifying security controls related to the NIST SP 800-53 framework
- Determined the need for Encryption and Backup as a Service (BaaS) for data loss prevention
- Updated stakeholders in executive management positions and fellow technical staff on threats, vulnerabilities, and risk information, recommending solutions for technical and security challenges
- Integrated an Identity and Access Management (IAM) system and initiated a security training and awareness policy while enforcing an efficient risk management process in the system development lifecycle (SDLC) framework.
Education
Master of Science in Cybersecurity Management & Policy -
University of Maryland Global Campus
College Park, MD05.2020
Bachelor of Science in Cybersecurity -
University of Maryland Global Campus
College Park, MD05.2018
Associate of Science in Healthcare Administration -
Iowa Central Community College
Fort Dodge, IA05.2016
Skills
- Payment Card Industry Data Security Standard (PCI DSS)
- RMF (NIST 800-37)
- FISMA
- NIST SP 800-53
- NIST SP 800-66
- NIST 800-36
- NIST Privacy Framework
- ISO 27001
- ISO 27002
- GDPR
- SOX
- SOC-2
- COBIT
- Governance
- Risk Assessment
- Vulnerability Management
- Cybersecurity Policy Analysis
- Information Assurance
- Cybersecurity Maturity Model Certification (CMMC)
- HIPAA
- HITRUST CSF
- Vulnerability Scanners
- Tenable Nessus
- Alien Vault
- QualysGuard
- Wireshark
- IPS/IDS
- SIEM: Splunk, IBM QRadar
- Cisco Firewalls
- File Integrity Monitoring
- Tripwire
- Virtualization & Cloud
- AWS Cloud
- Configuring Microsoft Azure Instance Security
- VMware
- Security Strategy
- Cybersecurity Program Development
- Information Security Policy
- Risk Management
- Patching & Remediation Management
- Security Network Architecture
- Application Security
- Cryptography
- Cybersecurity Awareness and Training
- Technical Writing
Certification
- CompTIA Security+, 12/2020
- Certified Information Systems Auditor (CISA), In Progress
Timeline
Data Security and Privacy Analyst (GRC Analyst)
Freddie Mac
05.2023 - Current
Cybersecurity Consultant PCI-DSS
Baxter-Clewis Cybersecurity
01.2022 - 01.2023
Cybersecurity Analyst
University of Maryland Global Campus
01.2015 - 01.2017
Health Information Application SME
Children’s School Services
01.2014 - 01.2023
Master of Science in Cybersecurity Management & Policy -
University of Maryland Global Campus
Bachelor of Science in Cybersecurity -
University of Maryland Global Campus
Associate of Science in Healthcare Administration -
Iowa Central Community College
Similar Profiles
Aarthi MurugesanAarthi Murugesan
Product Manager at FREDDIE MACProduct Manager at FREDDIE MAC
Jarred FaustJarred Faust
Investments & Capital Markets Operations Associate at Freddie MacInvestments & Capital Markets Operations Associate at Freddie Mac
Mahendra ChoudharyMahendra Choudhary
Product Owner at Freddie MacProduct Owner at Freddie Mac
Durga Priya VanamDurga Priya Vanam
Big Data Engineer at Freddie MacBig Data Engineer at Freddie Mac
Alvin BeltranAlvin Beltran
Personal Banker at PNC BankPersonal Banker at PNC Bank