Profiles search
Anthony Popolo
CISSP | Secret Security Clearance | Business Information Security Officer
Philadelphia, PA, United States
Details
Education:
Bachelor of Science in Information Systems
Information Systems and Technology
Drexel University
2010 : 2015
High School Diploma
Roman Catholic High School
2006 : 2010
Information Systems and Technology
Drexel University
2010 : 2015
High School Diploma
Roman Catholic High School
2006 : 2010
Experience:
2022 : Present
TD
Business Information Security Officer - Information Security Specialist
2021 : 2022
TD
Business Information Security Officer - Senior Information Security Analyst
Providing cyber security support functions for a test and evaluation environment serving as a security and compliance baseline for Naval Surface Warfare Center, Philadelphia Division (NSWC-PD) systems, including :
- Validating the implementation of security controls in accordance with the National Institute of
Standards and Technology’s (NIST) Risk Management Framework (RMF) by reviewing on a quarterly basis Information Assurance Vulnerability Management (IAVM) artifacts detailing the reporting and remediation of identified vulnerabilities, utilizing assessment and reporting utilities, such as eMASSter and Assured Compliance Assessment Solution (ACAS) from Tenable
- Auditing the accuracy of official IT asset inventories and network architecture/assessment boundary diagrams
- Participating in the configuration control board (CCB) activities by executing risk analysis on newly-implemented, -introduced, or changed configuration items (CI)
- Performing physical lab environment reviews against security technical implementation guides (STIG)
- Enforcing DoD and NSWC-PD policies, technical implementation plans (TIP), and security resource guides (SRG)
2020 : 2021
Life Cycle Engineering
Information Systems Security Engineer/Officer III
2020 : 2020
Life Cycle Engineering
Information Systems Security Engineer/Officer II
- Developed desk references specific to Comcast Cable, NBCUniversal, and Comcast-Spectacor, outlining information security considerations for on-boarding a third party
- Gauged the design of Dreamworks Animation and Information Technology control environment for securing proprietary content
- Assessed the websites for the USA, Syfy, and CNBC cable networks against the Open Web Application Security Project (OWASP) Top 10 Risks by utilizing the following vulnerability scanning utilities : Zed Attack Proxy (ZAP), Nikto, Nmap, Nessus
- Performed a social engineering exercise for the NBCUniversal Studios Hollywood theme park in an attempt to gain unauthorized access to ride and show back-of-house control systems
- Evaluated the operating effectiveness of the vulnerability and patch management program in place for the Dreamworks Animation and NBCUniversal Studios Japan environments, including reviewing anti-virus deployment, execution of vulnerability scanning, and patch management procedures and tool sets
- Executed wireless surveys of the NBCU and Telemundo New York and Miami television stations using the Aircrack-ng utility and reconciled the results against managed wireless networks to identify rouge wireless access points
- Audited E! Entertainment 's Amazon Web Services (AWS) environment, specifically confirmed the implementation of multi-factor authentication (MFA) and authentication keys and the disabling of network services within security groups per enterprise cloud standards
2015 : 2020
Comcast
Senior Information Security and Technology Auditor
TD
Business Information Security Officer - Information Security Specialist
2021 : 2022
TD
Business Information Security Officer - Senior Information Security Analyst
Providing cyber security support functions for a test and evaluation environment serving as a security and compliance baseline for Naval Surface Warfare Center, Philadelphia Division (NSWC-PD) systems, including :
- Validating the implementation of security controls in accordance with the National Institute of
Standards and Technology’s (NIST) Risk Management Framework (RMF) by reviewing on a quarterly basis Information Assurance Vulnerability Management (IAVM) artifacts detailing the reporting and remediation of identified vulnerabilities, utilizing assessment and reporting utilities, such as eMASSter and Assured Compliance Assessment Solution (ACAS) from Tenable
- Auditing the accuracy of official IT asset inventories and network architecture/assessment boundary diagrams
- Participating in the configuration control board (CCB) activities by executing risk analysis on newly-implemented, -introduced, or changed configuration items (CI)
- Performing physical lab environment reviews against security technical implementation guides (STIG)
- Enforcing DoD and NSWC-PD policies, technical implementation plans (TIP), and security resource guides (SRG)
2020 : 2021
Life Cycle Engineering
Information Systems Security Engineer/Officer III
2020 : 2020
Life Cycle Engineering
Information Systems Security Engineer/Officer II
- Developed desk references specific to Comcast Cable, NBCUniversal, and Comcast-Spectacor, outlining information security considerations for on-boarding a third party
- Gauged the design of Dreamworks Animation and Information Technology control environment for securing proprietary content
- Assessed the websites for the USA, Syfy, and CNBC cable networks against the Open Web Application Security Project (OWASP) Top 10 Risks by utilizing the following vulnerability scanning utilities : Zed Attack Proxy (ZAP), Nikto, Nmap, Nessus
- Performed a social engineering exercise for the NBCUniversal Studios Hollywood theme park in an attempt to gain unauthorized access to ride and show back-of-house control systems
- Evaluated the operating effectiveness of the vulnerability and patch management program in place for the Dreamworks Animation and NBCUniversal Studios Japan environments, including reviewing anti-virus deployment, execution of vulnerability scanning, and patch management procedures and tool sets
- Executed wireless surveys of the NBCU and Telemundo New York and Miami television stations using the Aircrack-ng utility and reconciled the results against managed wireless networks to identify rouge wireless access points
- Audited E! Entertainment 's Amazon Web Services (AWS) environment, specifically confirmed the implementation of multi-factor authentication (MFA) and authentication keys and the disabling of network services within security groups per enterprise cloud standards
2015 : 2020
Comcast
Senior Information Security and Technology Auditor
Company:
TD
Years of Experience:
18
Skills
Authentication, Bash, CentOS, Cloud Computing, Compliance, Computer Networking, Critical Thinking, CSS, Customer Service, Decision-Making, GNS3, Governance, HTML, Industrial Automation, Information Security, Internal Audit, IT Automation, JavaScript, Linux, Minute Taking, MySQL, Network Administration, Operating System Administration, Operating Systems, People Skills, Personal Development, PHP, PL/SQL, PLC Ladder Logic, PowerPoint, Project Management, Public Speaking, Python, Quality Assurance, Razors Edge, Red Hat Enterprise Linux (RHEL), Red Hat Linux, Relational Databases, Risk Management, Secure Shell (SSH), Servers, SQL, System Administration, Team Leadership, Technical Support, Virtualization, Windows, Windows 7, Windows 10, Windows Support
Profile Photo
