Profiles search
Chris L.
Information Security Analyst @ State Farm | Vulnerability Management | Opinions are my own
Bloomington, IL, United States
Details
Experience:
Administrator and operations lead for EDR tool. Co-lead effort to implement and support solution further enhancing and maturing organization’s capabilities to respond to vulnerability threats on endpoint devices. Conduct annual PCI-DSS reviews for compliance and certification.
Collaborated with internal GRC and staff risk analysts to evaluate risk and mitigation. Provide leadership to 1 internal staff member and 2 external analysts. Partner with vendor and internal business partners (threat hunt, SOC, pentest) for support and troubleshooting on Windows, Linux (Centos, RHEL, Unbuntu) and AWS cloud platforms.
Actions required to support this platform include writing firewall rules, create, install and maintain certificates (ie. Azure AD SAML, SSL, Root and intermediate level certs), develop, maintain and deploy accounts via Active Directory. Configure and maintain role-based access controls (RBAC). Additional work on vendor linux OS for network, account and application updates.
2021 : Present
State Farm ®
Information Security Analyst
Conducted enterprise wide scans of endpoints to identify vulnerabilities with cloud based product. Analyzed scan data and reported findings to internal business partners. Apply threat intelligence, and analyze on premise and cloud based infrastructure vulnerabilities using scanning solutions. Deployed cloud agents on workstations and servers to increase asset network vulnerability scanning coverage. Deployed Cloud Agent in AWS AMIs to address vulnerabilities in cloud based instances.
Worked directly with business units to document evidence for false positive evaluations and approvals with triggered review cycles to meet regulatory obligations. Worked directly with scanning vendor on platform enhancements for cloud agent and vulnerability detection. Provided evidence for the viability of the scanning program to meet PCI, FDIC, New York cyber laws, enterprise security policy, control tests, and internal audits.
Mentor team members in vulnerability analysis, and triage. Developed and maintained documentation for procedures and process flow diagrams.
2020 : 2021
State Farm
Information Security Analyst
Conduct scans of target assets to identify vulnerabilities for business partners.
Analyzed scan data and report findings to customer. Conduct Enterprise wide scans for vulnerabilities and Payment Card Industry (PCI) compliance. Provide leadership and train new staff.
Reviewed data for all current product and emerging vulnerabilities and assign overall critical rating with GRC tool. Initiate Risk & Compliance activities as required based on vulnerabilities. Coordination with scan team for identified vulnerabilities and business partners. Utilization of standards documentation to map critical ratings to a patching time frame. Coordination of patch deployment activities in conjunction with product owners.
Serve as a subject matter expert for the security patch deployment processes, procedures and industry best-practices
2018 : 2020
State Farm ®
Information Security Analyst - External Agency
Security Dashboard Metrics Ownership – Enterprise Security Risk Management
Developed and implemented enterprise metrics program utilizing Tableau Data visualization software for governance and compliance reporting. This involved sourcing data from multiple disparate sources and databases.
Provided security agent coverage for Advanced Persistent Threat (APT) software, Data Loss Prevention software, Anti-Virus (AV) coverage and client health related metric data for over 100K endpoints.
Developed and provided process documentation for critical applications processes for Data Loss Protection, and Advanced Persistent Threat software.
Managed section change management processes in accordance with ITSM standards.
2017 : 2018
Caterpillar Inc.
Information Security Engineer
Architect, developed, configured and deployed EDR system for global APT advanced persistent threats system for over 100K endpoints. This included configuration of accounts, security for the associated devices, creation of firewall rules and configuring endpoint client software. Ongoing maintenance relative to coverage was conducted for workstation, servers and Domain Controllers.
Architect and deployed system to two disaster recovery (DR) environments in two states. Provided leadership on team for Change Management, communication to internal process partners.
Developed project management plan, providing integration with all related business partner areas, communications with worldwide IT managers for system deployment.
2015 : 2017
Caterpillar Inc.
Monitoring Infrastructure Services - Information Security Engineer
Collaborated with internal GRC and staff risk analysts to evaluate risk and mitigation. Provide leadership to 1 internal staff member and 2 external analysts. Partner with vendor and internal business partners (threat hunt, SOC, pentest) for support and troubleshooting on Windows, Linux (Centos, RHEL, Unbuntu) and AWS cloud platforms.
Actions required to support this platform include writing firewall rules, create, install and maintain certificates (ie. Azure AD SAML, SSL, Root and intermediate level certs), develop, maintain and deploy accounts via Active Directory. Configure and maintain role-based access controls (RBAC). Additional work on vendor linux OS for network, account and application updates.
2021 : Present
State Farm ®
Information Security Analyst
Conducted enterprise wide scans of endpoints to identify vulnerabilities with cloud based product. Analyzed scan data and reported findings to internal business partners. Apply threat intelligence, and analyze on premise and cloud based infrastructure vulnerabilities using scanning solutions. Deployed cloud agents on workstations and servers to increase asset network vulnerability scanning coverage. Deployed Cloud Agent in AWS AMIs to address vulnerabilities in cloud based instances.
Worked directly with business units to document evidence for false positive evaluations and approvals with triggered review cycles to meet regulatory obligations. Worked directly with scanning vendor on platform enhancements for cloud agent and vulnerability detection. Provided evidence for the viability of the scanning program to meet PCI, FDIC, New York cyber laws, enterprise security policy, control tests, and internal audits.
Mentor team members in vulnerability analysis, and triage. Developed and maintained documentation for procedures and process flow diagrams.
2020 : 2021
State Farm
Information Security Analyst
Conduct scans of target assets to identify vulnerabilities for business partners.
Analyzed scan data and report findings to customer. Conduct Enterprise wide scans for vulnerabilities and Payment Card Industry (PCI) compliance. Provide leadership and train new staff.
Reviewed data for all current product and emerging vulnerabilities and assign overall critical rating with GRC tool. Initiate Risk & Compliance activities as required based on vulnerabilities. Coordination with scan team for identified vulnerabilities and business partners. Utilization of standards documentation to map critical ratings to a patching time frame. Coordination of patch deployment activities in conjunction with product owners.
Serve as a subject matter expert for the security patch deployment processes, procedures and industry best-practices
2018 : 2020
State Farm ®
Information Security Analyst - External Agency
Security Dashboard Metrics Ownership – Enterprise Security Risk Management
Developed and implemented enterprise metrics program utilizing Tableau Data visualization software for governance and compliance reporting. This involved sourcing data from multiple disparate sources and databases.
Provided security agent coverage for Advanced Persistent Threat (APT) software, Data Loss Prevention software, Anti-Virus (AV) coverage and client health related metric data for over 100K endpoints.
Developed and provided process documentation for critical applications processes for Data Loss Protection, and Advanced Persistent Threat software.
Managed section change management processes in accordance with ITSM standards.
2017 : 2018
Caterpillar Inc.
Information Security Engineer
Architect, developed, configured and deployed EDR system for global APT advanced persistent threats system for over 100K endpoints. This included configuration of accounts, security for the associated devices, creation of firewall rules and configuring endpoint client software. Ongoing maintenance relative to coverage was conducted for workstation, servers and Domain Controllers.
Architect and deployed system to two disaster recovery (DR) environments in two states. Provided leadership on team for Change Management, communication to internal process partners.
Developed project management plan, providing integration with all related business partner areas, communications with worldwide IT managers for system deployment.
2015 : 2017
Caterpillar Inc.
Monitoring Infrastructure Services - Information Security Engineer
Company:
State Farm ®
Spoken Language:
English
About
With over 10 years of experience in information security and management, I am passionate about helping organizations protect their data and assets from cyber threats. I currently work as an Information Security Analyst at State Farm, one of the largest insurance companies in the US, where I co-lead the effort to implement and support an Endpoint Detection and Response (EDR) tool that enhances and matures the organization's capabilities to respond to vulnerability threats on endpoint devices.
In addition to EDR, I collaborate with internal Governance, Risk, and Compliance (GRC) and staff risk analysts to evaluate risk and mitigation, and provide leadership to one internal staff member and two external analysts. I partner with vendors and internal business partners (threat hunt, SOC, pentest) for support and troubleshooting on Windows, Linux, and AWS cloud platforms. I have a DMAIC 6 Sigma Green Belt certification and a strong background in project management, operations management, and team leadership. I am also a U.S. Army veteran and an amateur radio operator with a general license issued by the FCC.
Profile Photo
