Youm Onosky
Laurel,MD
Summary
You have in front of you the right candidate that is an enthusiastic learner and curiosity seeker, focusing on what can be done rather than hindered by notions of what cannot be.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Cloud Security/Vulnerability Mgt
Warner Bros-Discovery
Herndon, VA
12.2020 - 07.2022
- Oversee security compliance procedures and provides automation where possible.
- Ensured accuracy in reporting security flaws.
- Utilized and maintained in-depth technical knowledge of existing and emerging technologies, including public cloud offerings from Amazon Web Services and Azure for the customer.
- Showed expertise by Proving my experience & understanding of security issues and their remediation with the ability to manually validate security findings and explain risk and impact.
- Worked with industry standard security testing tools in the likes of Acunetix, Checkmarx, SNYK, Veracode, StackRox, Qualys, Tenable Nessus, AWS Inspector etc.
- Worked and applied Knowledge of OWASP Top 10, SANS 25, OSSTMM, MITRE ATT&CK Framework.
- Ensured adherence to application security policies and procedures.
- Coordinated & Conducted Application Security Vulnerability Assessment& Penetration Testing using tools like Nessus, Qualys, AWS Inspector and third party engagements.
- Designed and implemented SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments.
- Ability to automate processes for security testing, escalating, and reporting through scripting and working with API’s.
- Analyzed and found security vulnerabilities in the product and reported it to the development team.
- Successfully reported security vulnerabilities that were fixed by the development team.
- Worked with the development team to create a process to find and fix security vulnerabilities.
- Helped the development team create a process to find and fix security vulnerabilities in a timely manner.
- Was able to find and report security vulnerabilities before they were exploited by hackers.
- Was able to find and report security vulnerabilities before they were exploited by other companies.
- Was able to find and report security vulnerabilities before they were exploited by the government.
- Was able to find and report security vulnerabilities before they were exploited by anyone.
- Helped the development team create a process to find and fix security vulnerabilities in a timely manner, which helped keep the product safe from hackers and other companies.
- Analyzed and found security vulnerabilities in the product, reported it to the development team, and helped the development team create a process to find and fix security vulnerabilities in a timely manner.
- Chaired the Cloud Security Working Group, which was responsible for developing the company’s cloud security strategy.
Cloud Security Engineer
American Airlines
Dallas, TX
11.2017 - 07.2020
- Configured, implemented, monitored, and supported network security software/systems that will help ensure compliance with CSA Cloud Controls Matrix in cloud environment
- Updated security tools for logging /monitoring, and growing coverage of existing tools
- Made recommendations to management on enhancements to existing and new security software or related tools.
- Assisted in evaluating, planning and implementation of new/existing security applications/tools that integrate with current toolsets.
- Helped implement and maintain next-generation enterprise protection tools malware detection technologies
- Ensured security standard methodologies are identified and integrated into all facets of projects including network, system designs/configuration, and implementations.
- Identified and recommended potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks.
- Partnered with various business units to enhance security policies/procedures
- Created and maintained data security documentation, policies, and procedures.
- Built a cloud security monitoring solution to capture suspicious events, security incidents, and breach events leveraging AWS GuardDuty and IBM Qradar for automated security alerting and support.
- Assisted the Cloud Architect with building and deploying new cloud infrastructure and systems.
- Deployed Security policies and assist with Security compliance objectives to comply with our security policies and audit frameworks.
- Assisted the Cloud Architect with building the new DR, QA, and other Security-centric cloud environments.
- Facilitated and worked with the Security team to manage Security vulnerabilities identified in cloud environments.
- Troubleshooted security, access, and connectivity issues within cloud environments.
- Cleaned up and maintained Identity and Access Management’s Role-based Access structure for new and existing users.
- Deployed policy as code to improve automation and scalability.
- Coffered with other teams to discuss Cloud Security’s involvement in new and existing technologies and maintain relationships with those teams.
- Kept abreast of information security issues and regulatory changes.
- Engaged in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Adequately produced security controls in line with industry standards and security frameworks to meet regulatory compliance needs (e.g. PCI-DSS, SWIFT, NIST, and ISO).
- Participated in Application Development (AppDev) and DevOps projects and initiatives to implement security controls and procedures into the development lifecycle (DevSecOps, SSDLC, CI/CD, etc.).
- Supported other cloud security activities across various cloud service provider technologies in the environment, to include security assessments, testing, and evaluations (e.g. Amazon AWS, Google Cloud Platform, IBM, and Oracle).
Cyber Security Analyst
Bank Of America
Plano, TX
02.2014 - 10.2017
- Managed security processes and tools, including data protection, identity & access management, risk and compliance, incident response.
- Performed audit and compliance for tools in accordance with CIS Benchmark Standards & Policies and Procedures of customer.
- Identified inherent risk, evaluated current risk state, to determine residual risk posture for tools
- Evaluated potential technology, confidentiality, and security risk with various stakeholder groups within the customer environment.
- Supported the Chief Privacy Officer, the Chief Information Security Officer, and Technology Division Privacy Leader in accomplishing their responsibilities as outlined in Information Security Policies, Privacy Standard, and Privacy and related Written Supervisory Procedures within the Org.
- Supported initiatives to educate technology functions on security and compliance requirements according to NIST 800-53 requirements.
- Coordinated periodic review and update of Information Security policies, standards, and control documentation.
- Assisted to develop risk remediation plans, gap and issue management, remediation validation, and Management/Leadership reporting plan.
- Communicated and worked closely with subject matter experts/leaders across the firm on cybersecurity controls design, observations/vulnerabilities, and regulatory requests.
- Wrote and executed advanced penetration tests and vulnerability assessments across a broad range of systems and environments.
- Analyzed data to identify trends and potential threats, developed mitigation plans, and created weekly reports on findings.
- Led a team of 5 analysts, mentored new team members, and was responsible for the overall security of the organization.
- Developed and implemented a new incident response plan that was successfully implemented and tested.
- Received commendations from management for superior work on several occasions.
- Helped to secure the organization against several serious attacks.
- Reduced the number of system vulnerabilities by 50%.
- Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
- Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
- Directed in-house cyber security auditing program to detect flaws and weaknesses in the systems.
- Participated in creation of device hardening techniques and protocols.
- Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
- Conducted security audits to identify vulnerabilities.
- Recommend improvements in security systems and procedures.
- Performed risk analyses to identify appropriate security countermeasures.
Education
Bachelor of Science - Computer And Farm Crops
Kampala International University
Kampala, UgandaCertificate of Completion - Cloud Security Architecture And Operations
The SANS Technology Institute
Orlando, FL04.2018
Skills
Data security, Qualys Cloud Platform, designing security controls, Nagios monitoring software, Symantec Endpoint Protection, Implementing security programs, Erecting firewalls, Good listening skills, Verbal and written communication, AWS Inspector, AWS Shield, GuardDuty, AWS WAF,AWS Secret Manager, Qualys, Nessus, OpenVAS, Symantec DLP
(IDS/IPS) SIEM (Splunk/Qradar) Palo Alto Networks, Firewalls & Log Analysis, SIEM Technology Rapid7 InsightCloudSec, Xpel, Trend Micro One, Elastic Beanstalk – Amazon Web Services (EC2, EBS, S3, IAM, AMI, VPC, VPC Peering, NACL, SG, Route53, Auto Scaling, ELB, SNS, CloudWatch and Cloud Formation) Dome9, Barracuda Guardian Security, F5, PostgreSQL, MySQL, DynamoDB Jenkins
Certification
- AWS Solutions Architect Professional - (In-View)
- AWS Certified Cloud Practitioner – Certified
- AWS Solutions Architect Associate – Certified
- AWS Developer Associate – Certified
- AWS security specialty - Certified
- Scrum Master - Certified
- ITIL Foundation - Certified
Timeline
Cloud Security/Vulnerability Mgt
Warner Bros-Discovery
12.2020 - 07.2022
Cloud Security Engineer
American Airlines
11.2017 - 07.2020
Cyber Security Analyst
Bank Of America
02.2014 - 10.2017
Bachelor of Science - Computer And Farm Crops
Kampala International University
Certificate of Completion - Cloud Security Architecture And Operations
The SANS Technology Institute
Similar Profiles
Andrew GourdieAndrew Gourdie
Sport Presenter - Newshub Live at 6 at Newshub/Warner Bros Discovery/Warner Bros DiscoverySport Presenter - Newshub Live at 6 at Newshub/Warner Bros Discovery/Warner Bros Discovery
ERIN R. (ROSA) MOODYERIN R. (ROSA) MOODY
NA at Warner Bros. Discovery, Warner BrosNA at Warner Bros. Discovery, Warner Bros
KEDAR WANIKEDAR WANI
Sr VMWare VDI Engineer at Warner Bros Discovery [WarnerMedia/Time Warner]Sr VMWare VDI Engineer at Warner Bros Discovery [WarnerMedia/Time Warner]
Aracelis GonzalezAracelis Gonzalez
Director, Client Support at Warner Bros. DiscoveryDirector, Client Support at Warner Bros. Discovery
Claudia CamposClaudia Campos
Leasing Consultant at Knott RealtyLeasing Consultant at Knott Realty