Cedric Witherspoon, MBA
Education:
Masters of Cyber Security
Georgia Institute of Technology
2023 : 2025
Master of Business Administration - MBA
Accounting and Finance
Morgan State University - Graves School of Business & Management
2021 : 2022
Experience:
• Developed Cyber security policies that are associated with the upgrades to systems (e.g., Network devices, Servers etc.) to ensure secure data access.
• Implemented NIST Special Publication 800-37 and 800-53 guidelines to establish an effective Risk Management Framework (RMF) for the organizations’ information systems.
• Utilized Assured Compliance Assessment Solution (ACAS) to acknowledge, monitor and create appropriated security reports, and apply recommended IAVA to affected devices in the specified timeframe.
• Performed configuration management, vulnerability assessments, and vulnerability management assistance for systems and network. Network security improved by 50% and security posture strengthened.
• Analyzes and documents security risks, breaches, and other cyber security incidents and the damage they cause. Analysis resulted in improved security posture with vulnerabilities decreased by 60%.
• Develops and implements a network disaster recovery plan and oversees the monitoring of the computer networks for security issues.
• Conduct regular risk assessments and vulnerability assessments to identify potential security weaknesses and implement mitigation strategies.
• Collaborate with cross-functional teams to establish and enforce information security policies, standards, and procedures by way of Information Assurance Risk Management Framework (DIARMF) accreditation and documentation.
• Proactively managed and updated System Security Plans (SSPs) to ensure ongoing compliance with NIST SP 800-53 and FISMA.
2023 : Present
Akima Data Management
Information System Security Engineer
1.Deliver technical reports identifying malicious threat actors and their tactics using OpenVAS and Wireshark.
2.Conduct unintrusive vulnerability scans with Nessus vulnerability scanner on targeted IP addresses to identify possible threats on the network. 99% of potential threats were mitigated.
3.Use Nessus to implement vulnerability testing, threat analyses, and security checks to ensure security controls are functioning properly.
4.Security controls proved to be 100% effective using Security Onion (SIEM).
5.Automate daily security and vulnerability scans with Linux bash scripts.
6.Used PowerShell to update group policies and create group policy reports for CISO per the companies written security policies.
7.Audit passwords using “john the ripper” a Linux command line tool by inserting commonly used passwords to a wordlist on Linux O/S.
8.Create audit logs for CISO to develop strategy for developing user knowledge on password complexity policy.
9.Use Splunk to identify malicious activities to mitigate the impact of cyber-attacks and incidents.
Corroborate Splunk findings with pcap analysis, using Wireshark, to identify an incident as a true positive or a false positive.
10.Create Splunk Knowledge objects, such as dashboards, to assist with malware investigations. This allows analysts to visualize threat activity and increases proactivity.
11. Analyze new datasets, source types, and field values to improve response time to cyber incidents and attacks.
12. Use Splunk regex to extract field values to effectively investigate cyber incidents and malware attacks. This increased the value of the dataset by 100%.
13. Configure Splunk configuration files (inputs.conf) to ingest actionable data for Incident Responders and SOC Analysts.
14. Accurately use Splunk commands to query statistical counts of events to better visualize data sources.
15. Create Splunk dashboard to illustrate failed login attempts by users.
2021 :
O-Line Security
Information Security Analyst
1. Drafted technical documentation such as user manuals, release notes, and FAQs for software applications and IT products
2.Collaborated with developers and other subject matter experts to ensure accuracy and completeness of documentation
3. Managed documentation projects from start to finish, ensuring on-time delivery
4.Updated existing documentation to reflect changes in software applications and IT products
5.Researches, designs, and oversees installation and maintenance of technical systems campus-wide.
6.Ensures technology adequately supports instructional needs in learning spaces, implements web conferencing systems.
7.Diagnoses, evaluates, and performs repair of broken technology systems and equipment.
8.Maintains inventory of replacement parts to ensure quick turn-around regarding repairs.
9.Conducts research and analysis to identify areas of risk and make recommendations for improvement of technology.
10.Audits, coordinates, and provides support for instructional facilities and equipment; conducts semester preparation activities regarding instructional facilities, equipment and procedures.
11.Schedules routine computer upgrades and re-imaging in tech-enabled classrooms; refreshes systems as needed.
2022 : 2023
Notre Dame of Maryland University
Audio Visual Project Manager
1. Analyze SMB traffic for malicious activities and audit compliance status. 12% of the traffic was marked as vulnerable due to the version of SMB being used such as SMBv1.
2. Utilize Wireshark to validate and confirm credentials over local area network are encrypted. 95% of credentials were being encrypted via trusted protocols. To mitigate the remaining 5% multifactor authentication was advised.
3. Configure Suricata to detect and alert on potential DDOS attacks in order to increase server availability. Server availability was increased by 33%.
4. Managed users in Active Directory by creating user accounts, removing users, creating new user groups, password resets and adding new employees to the DOT domain which played a role in processes such as onboarding and off-boarding.
5. Successfully trains clients in Security Awareness for Phishing, Safe Web Browsing, Broken Authorization, IoT, and Identity Theft by using OpenVAS and outstanding vulnerabilities decreased by 25%.
6. Utilized security tools such as Angry Bird, Nmap, and Nessus to identify and assess unauthorized network ports usage which helped locate any rouge host within the network-this decreased exploitation by 50%
7. Followed up with customers and responding to emails promptly so customer issues could be rectified without interruption to workflow.
2020 : 2022
Disability Determiniation Svc
Specialist
1. Used active directory to managed customer service functions by diagnosing and solving computer-related problems while maintaining patience, professionalism, and courtesy. This made equipment accessible for adequate use by employees.
2. Troubleshooting and installed antivirus software (McAfee and Norton) which decreased malware attacks by 80 %
3. Trained new service desk technicians. (Customer service, policies, technology) with OpenVAS to improve team collaboration and increase vulnerability awareness.
4. Use Security Tools such as Angry Bird, and Nessus to identify and assess 85% of unauthorized network port usage.
5. Unauthorized network ports were ticketed using custom ticketing solutions, mitigated and/or triaged as requested by stakeholders.
6. Utilize Nmap to increase visibility by 35% in order to identify authorized and unauthorized services such as DNS services.
7. Use Wireshark to analyze network traffic between hosts running on the local network. 98% of the analyzed traffic was deemed normal activity. 2% was either abnormal or false positives from legitimate users using VPNs.
2018 : 2020
Department of Social Services
Specialist
Company: Akima Data Management
Years of Experience: 5
I am well-versed in industry standards such as NIST, ISO, and HIPAA. I have expertise in managing security incidents, conducting risk assessments, and implementing security controls to mitigate identified risks. I am committed to staying current with emerging technologies and industry trends, and I am dedicated to continuous learning and professional development in the field of cybersecurity. With my strong analytical and problem-solving skills, attention to detail, and passion for cybersecurity, I am confident that I would make a valuable contribution as an ISSO in any organization.
I have expertise in evaluating, assessing, and managing risks associated with information systems and networks. I am experienced in implementing and maintaining information security policies and procedures, conducting security assessments and audits, and ensuring compliance with industry standards and regulations.
My skills include conducting risk assessments, developing risk mitigation plans, implementing security controls, and monitoring and reporting on the effectiveness of security measures. I am proficient in using tools such as vulnerability scanners, intrusion detection systems, and security information and event management (SIEM) platforms.
In addition to my technical skills, I possess excellent communication and collaboration abilities. I work closely with cross-functional teams to ensure that all stakeholders are aware of the risks associated with their systems and networks. Conclusively, I am adept at collaborating with stakeholders to develop and implement effective risk management strategies.