Profiles search
Joseph Skerly CISSP / CISM
Senior Security Analyst / Consultant
Phoenix, AZ, United States
Details
Experience:
• Performs NIST-800-53 and HIPAA risk assessments for large Arizona State Agency
• Develops and operationalizes Cyber-Security roadmaps for clients by authoring and transforming vulnerability and Patch Management, Risk Management, and Incident Response programs to help secure the organization
• Authors and operationalizes policies, procedures and processes for all aspects of cyber security
• Educates clients on mitigating threats, monitoring their environment, and establishing security priorities
Key Accomplishments
• Performed extensive NIST 800-53 Rev 5 Risk assessment for large State Agency
• Authored and delivered risk assessment presentations and risk register for senior leadership
• Performed HIPAA Risk Assessment and accompanying report to State Agency Leadership
2022 : Present
Candor
Senior Information Security Consultant
Provided V-CISO level professional services and leadership to clients
Performed Risk Assessments to help our clients meet SOC 2, CMMC, ISO 27001, NIST, FedRAMP and HIPAA compliance.
Develop and support creating repeatable, consistent infosec processes for our clients.
Authored and published policies, processes, and programs to support compliance needs for our clients.
2021 : 2022
Cosant
Senior Security Consultant
• Developed and managed new CGI SOC for managing 74 large corporate clients from healthcare, financial, and governmental sectors : provided world-wide, 24/7, Tier-1/2 support, incident response, and security expertise.
• Authored and published 54 different process documents to manage all aspects of the SOC including checklists, incident response programs, schedules, training documents, video sessions, and tool guides.
• Recruited, hired and trained initial team of four personnel to build out the SOC and prepare for 24/7 operations.
• Trained and developed additional 12 operations team members to perform as Tier-1 operators/incident handlers
• Built new-hire SOC training program covering all aspects of SOC systems and programs. Held over 50 training sessions for SOC personnel and our security engineering staff; enhanced capabilities of both teams.
• Worked extensively with security engineers to deploy SOAR (Security Orchestration, Automation and Response) system; created criteria for automation playbooks, processes, reports, dashboards and training for this system.
• Led team and guided deployment of Palo Alto Cortex end point system, Sentinel SIEM, and numerous other security systems.
Key Accomplishments
• Created and held ransomware incident response exercises with two CGI clients; enhanced security awareness.
• Assisted in numerous client specific audits; published and provided reports and process documents as needed to support HITRUST, SOC-1 Type 2, and NIST type audits.
2019 : 2021
CGI
Security Operations Center Manager
Designs, develops, and recommends integrated security solutions for agency information systems and projects.
Authors written policies, procedures, and standards to better define and heighten required security controls.
Performing comprehensive gap analysis in preparation for agency-wide PCI and IRS/FTI audits and evaluations.
Developing and implementing extensive Incident Response/SOC program and training for ADOT environment.
Analyzes security threats and events from SIEM/SOC reports/logs and provides actionable solutions.
Creating IT Security Compliance Program to meet regulatory and IT security needs.
2019 : 2019
Arizona Department of Transportation
Information Systems Security Consultant / Compliance Manager
• Created security roadmap, POAM, policy library and numerous security solutions for 20,000 endpoint environment in preparation for PCI, NY-DFS engagements
• Developed client support, vulnerability management and IT Security strategy for university-based Dark/Deep web threat intelligence firm
• Authored and published over 40 enterprise-wide Information Security policies and a security road map for their 3,000 endpoint Arizona State Agency
• Performed third-party audit preparation for medical billing firm/Developed and implemented required policy documents and processes to include incident response, disaster recovery and IT security operations
2017 : 2019
Nexustek
IT Security Analyst
• Develops and operationalizes Cyber-Security roadmaps for clients by authoring and transforming vulnerability and Patch Management, Risk Management, and Incident Response programs to help secure the organization
• Authors and operationalizes policies, procedures and processes for all aspects of cyber security
• Educates clients on mitigating threats, monitoring their environment, and establishing security priorities
Key Accomplishments
• Performed extensive NIST 800-53 Rev 5 Risk assessment for large State Agency
• Authored and delivered risk assessment presentations and risk register for senior leadership
• Performed HIPAA Risk Assessment and accompanying report to State Agency Leadership
2022 : Present
Candor
Senior Information Security Consultant
Provided V-CISO level professional services and leadership to clients
Performed Risk Assessments to help our clients meet SOC 2, CMMC, ISO 27001, NIST, FedRAMP and HIPAA compliance.
Develop and support creating repeatable, consistent infosec processes for our clients.
Authored and published policies, processes, and programs to support compliance needs for our clients.
2021 : 2022
Cosant
Senior Security Consultant
• Developed and managed new CGI SOC for managing 74 large corporate clients from healthcare, financial, and governmental sectors : provided world-wide, 24/7, Tier-1/2 support, incident response, and security expertise.
• Authored and published 54 different process documents to manage all aspects of the SOC including checklists, incident response programs, schedules, training documents, video sessions, and tool guides.
• Recruited, hired and trained initial team of four personnel to build out the SOC and prepare for 24/7 operations.
• Trained and developed additional 12 operations team members to perform as Tier-1 operators/incident handlers
• Built new-hire SOC training program covering all aspects of SOC systems and programs. Held over 50 training sessions for SOC personnel and our security engineering staff; enhanced capabilities of both teams.
• Worked extensively with security engineers to deploy SOAR (Security Orchestration, Automation and Response) system; created criteria for automation playbooks, processes, reports, dashboards and training for this system.
• Led team and guided deployment of Palo Alto Cortex end point system, Sentinel SIEM, and numerous other security systems.
Key Accomplishments
• Created and held ransomware incident response exercises with two CGI clients; enhanced security awareness.
• Assisted in numerous client specific audits; published and provided reports and process documents as needed to support HITRUST, SOC-1 Type 2, and NIST type audits.
2019 : 2021
CGI
Security Operations Center Manager
Designs, develops, and recommends integrated security solutions for agency information systems and projects.
Authors written policies, procedures, and standards to better define and heighten required security controls.
Performing comprehensive gap analysis in preparation for agency-wide PCI and IRS/FTI audits and evaluations.
Developing and implementing extensive Incident Response/SOC program and training for ADOT environment.
Analyzes security threats and events from SIEM/SOC reports/logs and provides actionable solutions.
Creating IT Security Compliance Program to meet regulatory and IT security needs.
2019 : 2019
Arizona Department of Transportation
Information Systems Security Consultant / Compliance Manager
• Created security roadmap, POAM, policy library and numerous security solutions for 20,000 endpoint environment in preparation for PCI, NY-DFS engagements
• Developed client support, vulnerability management and IT Security strategy for university-based Dark/Deep web threat intelligence firm
• Authored and published over 40 enterprise-wide Information Security policies and a security road map for their 3,000 endpoint Arizona State Agency
• Performed third-party audit preparation for medical billing firm/Developed and implemented required policy documents and processes to include incident response, disaster recovery and IT security operations
2017 : 2019
Nexustek
IT Security Analyst
Company:
Candor
About
Information Security Leader with more than 20 years of experience. Extensive experience implementing IT security strategies that are integrated into an overall IT strategic plan addressing current and emerging risks. Well-developed skills authoring Information Security policies and standards, and ensuring compliance with NIST, HIPAA, PCI, FTI, and SSA requirements. Dedicated leader with excellent communication skills and a proven track record of success overseeing vulnerability management, developing incident response plans, and creating overall IT security roadmaps. Exceptional management background; directed teams of more than 200 personnel in the completion of complex IT projects and administrated a $3 Million annual budget. Military veteran; served 25 years in the U.S. Air Force.
Profile Photo
