Profiles search

David O. Humphrey, MBA

Security Compliance Engineer | Army Veteran
Chicago, IL, United States

Details

Education: Master of Business Administration - MBA



Keller Graduate School of Management of DeVry University

2017 : 2019

Bachelor’s Degree

Business Administration and Management with concentration in Computer Information Systems

DeVry University

2015 : 2017
Experience: 2023 : Present

Forescout Technologies Inc.

Information Security Compliance Engineer

Reports to the CISO with the primary responsibility of managing the success of comprehensive security initiatives, specifically SOC 2 Type 2 audits, work with internal and external groups to ensure compliance of the program.

• Managed and lead the organization through a successful SOC 2 external audit using a validated independent auditor which resulted in the value add to the organizations customer sales pipeline, retaining market competitive advantage through leveraging validated security controls, and the closing of a deal with over $240,000 ARR

• Developed the organizations SOC 2 governance program which proactively governs operational tasks across the organization ensuring compliance of all SOC 2 control criteria; resulting in an expedited external audit process, increased chances of a successful external audit, and saving the organization $15,000 dollars for not having to hire a third party auditor to conduct a readiness assessment

• Managed and coordinated our annual internal, external, and application penetration test which is a compliance requirement to include identifying risk assessments

• Developed policy compliance program of about 28 information security policies which included creation of 4 new policies, development of a standard policy template which is structured in alignment with ISO 27001/2 standards, review and approval workflow process, and establishing policy control ownership across IT/Security disciplines

• Leveraged risk tools for the CIS 18 Critical Security Controls in order to provide stakeholders with a quantitative approach to measuring risk, gaps, and implementation progress towards control gap remediation

• Submit weekly, monthly, and quarterly reports to stakeholders showcasing value add of GRC projects, initiatives, macro threats to applicable sector, security reporting, and trends

• Assist the SOC team as L2 support with incident response triage to include the identification, containment, eradication, and recovery measures

2022 : 2023

Redwood Logistics

Security Governance Analyst

Responsible for continually assessing, managing, and mitigating corporate information security risk. Maintaining the confidentiality, integrity, and availability of client data. Mitigating risks by managing the ISMS in compliance of ISO

27001 : 2013. Assist IT support, management of IT operations, corporate IT infrastructure, and business continuity.

2021 : 2022

One North, a TEKsystems company

IT Security Analyst

2010 : 2022

Army National Guard

Human Resources Sergeant

2018 : 2021

Andersen

Information Technology Associate
Company: Forescout Technologies Inc.
Years of Experience: 14

Skills

Active Directory, Azure Active Directory, Complaince, Crowdstrike Falcon, Data Migration, Data Privacy, EDR, Endpoint Security, Evidence Collection, GRC, Identity & Access Management (IAM), Incident Response, Information Security, Information Security Management System (ISMS), Internal Audit, ISO 27001, Leadership, LogRhythm, Management, Microsoft Azure, Penetration Testing, Phishing, Policy Compliance, Powershell, Project Management, Python (Programming Language), Quantitative Risk Analysis, Rapid7, Risk Assessment, Risk Management, Security Audits, Security Information and Event Management (SIEM), Security Policy Development, SOC 2, Team Building, Teamwork, Threat & Vulnerability Management, Time Management, Vulnerability, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning

About

Experienced Cyber Security Professional and Army Veteran. Key compentacies include: Experience in Incident Response, Vulnerability Management, EDR, Qualitative and Quantitative Risk Assessments, Cyber Security Strategy, Governance Risk and Compliance (GRC), Enterprise Risk Management, (Vendor Risk Management), Regulatory Compliance, Internal and External Audit, and Change Management.



Possess the ability to apply strong strategic thinking for solving complex problems; adds qualitative and quantitative organizational value to include maintaining stakeholder relationships, both internal and external to an organization.



Strategic understanding of value add to an organization through a successful security risk and compliance program as it relates to customer retention, potential customers in sales pipeline, and ROI associated with mitigating risks from breaches through validated security controls.