Ivonne Cedillo
Education:
Bachelor's degree
Computer and Information Sciences and Support Services
California State University-Sacramento
1997 : 2001
Project Management
California State University-Sacramento
2011 :
California State University-Sacramento
Experience:
Information Security Officer/Privacy Officer/Security Engineer
•SIRT
-Investigate, report, and respond to security and privacy incidents. Use Splunk, RedSeal, CrowdStrike,
Okta for Security incident response and investigation.
- Management of SOS’s CSIRT – Write SOS SIRT plan, execute tabletop exercises and document lessons learned.
•Technologies
- Splunk Cloud Administrator – Manage and configure data inputs, indexes, user accounts, perform
system upgrades, configure new system data collection and ingestion, management of three heavy
forwarders and one deployment server. Log correlation, monitor, analysis, investigation, and
resolution of systems’ alerts.
- Okta, CrowdStrike, RedSeal, Azure AWS, Office 365, Veracode, Tenable
•Security Governance
- Enforce data classification and minimum-security controls on new and existing systems according to
FIPS 199-200
- Submit contractual security procurement requirements for new enterprise systems or applications.
- Develop NIST 800-53 aligned policies, enforce compliance.
- Lead weekly IT Risk meetings – Identify security risks and vulnerabilities and potential threats and
recommend remediation based on industry best practices. Work with SOS staff to implement
security best practices that align SOS resources toward protecting information through
cybersecurity
measures.
•Security and Privacy Awareness
- Perform monthly security and privacy awareness training for new SOS users.
- Execute monthly KnowBe4 phishing campaigns, follow up with the users with the highest Risk Score
and enforce remedial training.
2019 : Present
California Secretary of State
Information Security Officer
Security Specialist
•Security Governance
- Data Loss Protection (DLP) - Technical program guidance and assure CDPH adheres to NIST 800-53 and SAM 5300 DLP standards.
- Security Incident SPOC for suspected or confirmed information security incidents. Intake incident reports, investigate and process incidents, prepare and file incident reports and corrective action plans using the Cal-CSIRS system and internal CDPH incident tracking and resolution processes.
•SIRT
- Lead, implement and manage a (CSIRT) Computer Security Incident Response Program and conduct tabletop exercises to measure State Agency’s readiness and responsiveness to cyber-attacks.
•Phishing
- Implement simulated phishing campaigns for 5000+ employees. Perform baseline phishing assessment and implement anti-phishing training to users.
2018 : 2019
California Department of Public Health
Information Security Specialist - Information Security Office
•Identity and Access Management and Data Security : Public Key Infrastructure (PKI)solution : Architect, deploy, support, and perform upgrades of a PKI VMWare environment. The PKI environment consisted of one Microsoft (MS 2012 R2 )root CA and two subordinate CAs for signing, managing, and issuing agency’s SSL server and user certificates. Architect, deploy and support MFA for VPN authentication. Configure VMware VMs for enrollment and renewal of one-time passcode tokens (soft and hard tokens). Architect upgrades of agency’s PKI hierarchy to support SHA256 algorithms. Architect Hardware Security Module (LunaSA) solutions for the safeguarding of certificate authorities, PKI and Gemalto servers’ cryptographic keys.
•Monitoring : Configure, monitor, and upgrade log management systems. Log correlation, monitor, analysis, investigation, and resolution of systems’ alerts. Enforce compliance of log collection requirements of Windows Servers, PKI Environments, Cisco Firewalls, McAfee ePO, BlueCoat Proxies.
•Incident Response : Management of EDD’s CSIRT -Write SIRT plan, execute ITD branch tabletop exercises and document lessons learned.
•Endpoint protection : Support Absolute Computrace operations for security, assurance, and recoverability of the agency’s laptop computing assets and departmental data. Support CheckPoint Full Disk encryption for agency’s laptops.
•Security Governance : Develop roadmaps which guided the agency to meet security compliance in policy and standards. Perform the security assessment of open source software requests and assure they don't represent a security threat to the enterprise. If requests are denied, present alternate solutions which adhere to the agency's information security policy. Submit hardware/software procurement evaluations for security solutions. Perform proof of concept of third party’s software/hardware, document evaluation criteria and make recommendations to upper management for enterprise security solutions.
2010 : 2017
Employment Development Department
Information Security Engineer
• First tier technical desktop support to EDD end-users and system administrators - computer software, intake, triage, resolution and administration of mainframe environments, client server environments, print server environments, messaging environments, network environments, telecommunications related technologies. Windows Server 2008 R2, MS Office, Windows 7, McAfee, Juniper VPN.
• Develop first tier endpoint support protocols and procedures.
2007 : 2009
Employment Development Department
Information Systems Analyst
• Joint Applications Development (JAD) - Develop, design, and recommend program application specifications, database schema, and other enhancements to automated systems.
• Ad Hoc reports - Develop Structured Query Language (SQL) reports. Assist end users in extracting data from INFORMIX databases for management reporting.
• Create Informix Databases in a UNIX platform.
• Systems accepting testing - Developing testing scenarios to ensure systems optimal automation performance and to achieve a fully functional information system.
2001 : 2007
Employment Development Department
Information Systems Analyst
Company: California Secretary of State
Years of Experience: 21