Cedric Witherspoon, MBA

Education: Masters of Cyber Security



Georgia Institute of Technology

2023 : 2025

Master of Business Administration - MBA

Accounting and Finance

Morgan State University - Graves School of Business & Management

2021 : 2022

Experience: • Developed Cyber security policies that are associated with the upgrades to systems (e.g., Network devices, Servers etc.) to ensure secure data access.

• Implemented NIST Special Publication 800-37 and 800-53 guidelines to establish an effective Risk Management Framework (RMF) for the organizations’ information systems.

• Utilized Assured Compliance Assessment Solution (ACAS) to acknowledge, monitor and create appropriated security reports, and apply recommended IAVA to affected devices in the specified timeframe.

• Performed configuration management, vulnerability assessments, and vulnerability management assistance for systems and network. Network security improved by 50% and security posture strengthened.

• Analyzes and documents security risks, breaches, and other cyber security incidents and the damage they cause. Analysis resulted in improved security posture with vulnerabilities decreased by 60%.

• Develops and implements a network disaster recovery plan and oversees the monitoring of the computer networks for security issues.

• Conduct regular risk assessments and vulnerability assessments to identify potential security weaknesses and implement mitigation strategies.

• Collaborate with cross-functional teams to establish and enforce information security policies, standards, and procedures by way of Information Assurance Risk Management Framework (DIARMF) accreditation and documentation.

• Proactively managed and updated System Security Plans (SSPs) to ensure ongoing compliance with NIST SP 800-53 and FISMA.

2023 : Present

Akima Data Management

Information System Security Engineer

1.Deliver technical reports identifying malicious threat actors and their tactics using OpenVAS and Wireshark.

2.Conduct unintrusive vulnerability scans with Nessus vulnerability scanner on targeted IP addresses to identify possible threats on the network. 99% of potential threats were mitigated.

3.Use Nessus to implement vulnerability testing, threat analyses, and security checks to ensure security controls are functioning properly.

4.Security controls proved to be 100% effective using Security Onion (SIEM).

5.Automate daily security and vulnerability scans with Linux bash scripts.

6.Used PowerShell to update group policies and create group policy reports for CISO per the companies written security policies.

7.Audit passwords using “john the ripper” a Linux command line tool by inserting commonly used passwords to a wordlist on Linux O/S.

8.Create audit logs for CISO to develop strategy for developing user knowledge on password complexity policy.

9.Use Splunk to identify malicious activities to mitigate the impact of cyber-attacks and incidents.

Corroborate Splunk findings with pcap analysis, using Wireshark, to identify an incident as a true positive or a false positive.

10.Create Splunk Knowledge objects, such as dashboards, to assist with malware investigations. This allows analysts to visualize threat activity and increases proactivity.

11. Analyze new datasets, source types, and field values to improve response time to cyber incidents and attacks.

12. Use Splunk regex to extract field values to effectively investigate cyber incidents and malware attacks. This increased the value of the dataset by 100%.

13. Configure Splunk configuration files (inputs.conf) to ingest actionable data for Incident Responders and SOC Analysts.

14. Accurately use Splunk commands to query statistical counts of events to better visualize data sources.

15. Create Splunk dashboard to illustrate failed login attempts by users.

2021 :

O-Line Security

Information Security Analyst

1. Drafted technical documentation such as user manuals, release notes, and FAQs for software applications and IT products

2.Collaborated with developers and other subject matter experts to ensure accuracy and completeness of documentation

3. Managed documentation projects from start to finish, ensuring on-time delivery

4.Updated existing documentation to reflect changes in software applications and IT products

5.Researches, designs, and oversees installation and maintenance of technical systems campus-wide.

6.Ensures technology adequately supports instructional needs in learning spaces, implements web conferencing systems.

7.Diagnoses, evaluates, and performs repair of broken technology systems and equipment.

8.Maintains inventory of replacement parts to ensure quick turn-around regarding repairs.

9.Conducts research and analysis to identify areas of risk and make recommendations for improvement of technology.

10.Audits, coordinates, and provides support for instructional facilities and equipment; conducts semester preparation activities regarding instructional facilities, equipment and procedures.

11.Schedules routine computer upgrades and re-imaging in tech-enabled classrooms; refreshes systems as needed.

2022 : 2023

Notre Dame of Maryland University

Audio Visual Project Manager

1. Analyze SMB traffic for malicious activities and audit compliance status. 12% of the traffic was marked as vulnerable due to the version of SMB being used such as SMBv1.

2. Utilize Wireshark to validate and confirm credentials over local area network are encrypted. 95% of credentials were being encrypted via trusted protocols. To mitigate the remaining 5% multifactor authentication was advised.

3. Configure Suricata to detect and alert on potential DDOS attacks in order to increase server availability. Server availability was increased by 33%.

4. Managed users in Active Directory by creating user accounts, removing users, creating new user groups, password resets and adding new employees to the DOT domain which played a role in processes such as onboarding and off-boarding.

5. Successfully trains clients in Security Awareness for Phishing, Safe Web Browsing, Broken Authorization, IoT, and Identity Theft by using OpenVAS and outstanding vulnerabilities decreased by 25%.

6. Utilized security tools such as Angry Bird, Nmap, and Nessus to identify and assess unauthorized network ports usage which helped locate any rouge host within the network-this decreased exploitation by 50%

7. Followed up with customers and responding to emails promptly so customer issues could be rectified without interruption to workflow.

2020 : 2022

Disability Determiniation Svc

Specialist

1. Used active directory to managed customer service functions by diagnosing and solving computer-related problems while maintaining patience, professionalism, and courtesy. This made equipment accessible for adequate use by employees.

2. Troubleshooting and installed antivirus software (McAfee and Norton) which decreased malware attacks by 80 %

3. Trained new service desk technicians. (Customer service, policies, technology) with OpenVAS to improve team collaboration and increase vulnerability awareness.

4. Use Security Tools such as Angry Bird, and Nessus to identify and assess 85% of unauthorized network port usage.

5. Unauthorized network ports were ticketed using custom ticketing solutions, mitigated and/or triaged as requested by stakeholders.

6. Utilize Nmap to increase visibility by 35% in order to identify authorized and unauthorized services such as DNS services.

7. Use Wireshark to analyze network traffic between hosts running on the local network. 98% of the analyzed traffic was deemed normal activity. 2% was either abnormal or false positives from legitimate users using VPNs.

2018 : 2020

Department of Social Services

Specialist

Company: Akima Data Management

Years of Experience: 5