Profiles search
Derek Davis
Information Security Professional
Cincinnati, OH, United States
Details
Education:
Bachelor of Science (B.S.)
Information Technology
University of Cincinnati
2008 : 2013
Information Technology
University of Cincinnati
2008 : 2013
Experience:
Vulnerability Management, Cloud Attack Surface Reduction
---------------------------
Assists with reviewing and developing security solutions to advance the identification, management, tracking and reporting of vulnerabilities identified within all cloud environments;
Established and manages coordination with numerous cloud account owners and internal stakeholders regarding identified vulnerabilities and associated remediation efforts;
Developed and operationalized an automated solution that compiles large data sets consisting of thousands of records from various sources to reconcile individual assets to proper custodians, allowing for complete vulnerability assignment; and
Contributes to the development of processes, procedures, and metrics to support the continued improvement of the Vulnerability Management program.
2022 : Present
U.S. Bank
Principal Information Security Engineer
Insider Threat
---------------------------
Analyzes data derived from Information Security, H.R., Fraud, user-based computer monitoring, and other information sources in order to identify potential insider threat concerns across the entire user population (over 90,000 users), as well as, risks/gaps with policies, processes and technology;
Assists in developing, maintaining, and evolving the capability to data mine and efficiently analyze millions of log records to identify potential insider threat behaviors or indications of malicious/risky insider activity;
Collaborates with cross-functional teams across 12 business lines to appropriately mitigate the identified insider threat concerns or any risks/gaps with policies, processes and technology; and
Documents results of analyses to present to team members and senior executive leadership.
2019 : 2022
U.S. Bank
Information Security Analyst
Vulnerability Management, Attack Surface Reduction
---------------------------
Administered enterprise vulnerability and configuration assessment application;
Executed vulnerability scans of the organization’s workstation and server infrastructure, comprised of tens of thousands of endpoints;
Managed coordination and direction of vulnerability remediation across 25+ cross-functional patching and system support teams; and
Produced vulnerability metrics, distributed to senior executive leadership and patch/system support teams, to facilitate remediation efforts and outline associated risk.
2017 : 2019
Fifth Third Bank
Senior Information Security Engineer
IT & IS Audit
---------------------------
Led the audit team in documenting business and IT/IS management processes;
Developed audit scope/objectives and risk/control assessments;
Executed test strategies to assess effectiveness of internal controls and determine the adequacy of the organization's management of associated risks;
Reviewed audit work papers and provided coaching feedback to Staff Auditors; and
Documented audit findings/recommendations and distributed formal audit reports to senior executive leadership.
2015 : 2017
Fifth Third Bank
Senior IT Auditor & Staff IT Auditor
IT Infrastructure
---------------------------
Maintained the organization’s internal workstation, server and network infrastructure comprised of hundreds of systems, as well as, its customer hosted environments;
Administered various technologies, including Windows Servers/Workstations, Fibre/iSCSI SANs, VMware vSphere, Citrix NetScaler/XenApp and Commvault; and
Planned and managed numerous technical projects including hardware/software implementations and system maintenance/upgrades.
2014 : 2015
Unlimited Systems
System Administrator
---------------------------
Assists with reviewing and developing security solutions to advance the identification, management, tracking and reporting of vulnerabilities identified within all cloud environments;
Established and manages coordination with numerous cloud account owners and internal stakeholders regarding identified vulnerabilities and associated remediation efforts;
Developed and operationalized an automated solution that compiles large data sets consisting of thousands of records from various sources to reconcile individual assets to proper custodians, allowing for complete vulnerability assignment; and
Contributes to the development of processes, procedures, and metrics to support the continued improvement of the Vulnerability Management program.
2022 : Present
U.S. Bank
Principal Information Security Engineer
Insider Threat
---------------------------
Analyzes data derived from Information Security, H.R., Fraud, user-based computer monitoring, and other information sources in order to identify potential insider threat concerns across the entire user population (over 90,000 users), as well as, risks/gaps with policies, processes and technology;
Assists in developing, maintaining, and evolving the capability to data mine and efficiently analyze millions of log records to identify potential insider threat behaviors or indications of malicious/risky insider activity;
Collaborates with cross-functional teams across 12 business lines to appropriately mitigate the identified insider threat concerns or any risks/gaps with policies, processes and technology; and
Documents results of analyses to present to team members and senior executive leadership.
2019 : 2022
U.S. Bank
Information Security Analyst
Vulnerability Management, Attack Surface Reduction
---------------------------
Administered enterprise vulnerability and configuration assessment application;
Executed vulnerability scans of the organization’s workstation and server infrastructure, comprised of tens of thousands of endpoints;
Managed coordination and direction of vulnerability remediation across 25+ cross-functional patching and system support teams; and
Produced vulnerability metrics, distributed to senior executive leadership and patch/system support teams, to facilitate remediation efforts and outline associated risk.
2017 : 2019
Fifth Third Bank
Senior Information Security Engineer
IT & IS Audit
---------------------------
Led the audit team in documenting business and IT/IS management processes;
Developed audit scope/objectives and risk/control assessments;
Executed test strategies to assess effectiveness of internal controls and determine the adequacy of the organization's management of associated risks;
Reviewed audit work papers and provided coaching feedback to Staff Auditors; and
Documented audit findings/recommendations and distributed formal audit reports to senior executive leadership.
2015 : 2017
Fifth Third Bank
Senior IT Auditor & Staff IT Auditor
IT Infrastructure
---------------------------
Maintained the organization’s internal workstation, server and network infrastructure comprised of hundreds of systems, as well as, its customer hosted environments;
Administered various technologies, including Windows Servers/Workstations, Fibre/iSCSI SANs, VMware vSphere, Citrix NetScaler/XenApp and Commvault; and
Planned and managed numerous technical projects including hardware/software implementations and system maintenance/upgrades.
2014 : 2015
Unlimited Systems
System Administrator
Company:
U.S. Bank
Years of Experience:
12
Spoken Language:
English
Skills
Access, Analysis, Data Analysis, Databases, Data Warehousing, Microsoft Office, Microsoft SQL Server, Network Administration, Networking, Router Configuration, Servers, System Administration, VBA, VMware
About
Skilled technology and security professional with expertise in numerous areas including vulnerability management, insider threat, data loss prevention, risk/control and system administration. Proficient communicator, collaborative and analytical. Possesses the ability to quickly adapt to new processes, procedures and technologies and become a core contributor, while also working to drive positive operational impact. Continuous learner with multiple professional certifications.
Profile Photo
