🌈 Hello World ✨

My name is Ash (she/they) and I am an Information Security Engineer and student pursuing a degree in Security and Development.

🏢 Experience

I am an information security professional with over 4 years of experience in managing and implementing the security program for a mid-size organization with a modern technology stack. Experience includes: hiring and leading a security team in an agile environment, compliance requirements for the private sector, creating policy and process documentation, cloud security (AWS primarily, with some Firebase and Azure), application security, vulnerability management, container security, and serverless security. I am proficient with security tools including WAF, SIEM, IDS, DLP, SSO, Email gateway, phishing testing, & scanning tools.

Current Position: Lead Information Security Engineer @ Brivo

• Assess systems and processes for risks, identify and recommend mitigation options, present options to stakeholders for approval, and design solutions for engineers including endpoint, application, cloud (AWS), Kubernetes, and serverless security projects
• Help push security left to the developers by providing developer training on security IDE tools and integrating security scan into build pipelines resulting in reducing application security vulnerabilities by 80% within first 6 months in the position
• Reviewed, selected, and deployed cloud and application security systems including WAF, SIEM, IDS, DLP, SSO, Email gateway, phishing testing, & scanning tools.
• Lead on-call rotation for security events using log analysis, updating firewall rules, providing hardening recommendations to system owners, providing reporting for management, and maintaining a 99.95% uptime SLA
• Update Information Security Management System (ISMS) documentation including about 50 policies and procedures and an annual security training program at least annually
• Lead efforts to deliver SOC 2 type II and new ISO27001 certification annually including remediating approximately 35 compliance gaps across the organization
• Work with HR, IT, and facilities to ensure physical security and safety of office locations including daily monitoring and responding to security alerts and quarterly access and physical security reviews

Assess security of 150 third-party vendors annually as part of supply chain risk management

• Identify security metrics, perform organization risk assessments, and lead executive level risk strategy meetings on a monthly basis

See more experience on my LinkedIn.

🏫 Education

• 🏆 I have achieved the Associate of (ISC)2, CompTIA Security+, and Cyber Security Analyst+ certifications. See my certifications on my Credly page.
• 🎓 I graduated with an Assoiciate's Degree in Cyber Security in 2020.
• 📚 I am working on my Bachelor's Degree in Software Development and Security, and expect to graduate in 2023. I am also studying for the AWS Certified Security - Specialty credential.