Jeannette Johnson

Providing security consulting services

Houston, TX, United States

Details

Education: BS

Information Technology

University of Phoenix

2005 : 2007

Associates of Science

Computer Service Technology

Sierra College

1997 : 2004

Experience: Provide security consulting services for clients in a professional role.

2023 : Present

Talent101

Information Security Consultant

Reports to CIO and responsible for organization-wide information security.

Analyzes threats, incidents, assesses risks, responds to risks.

Develops infosec strategy based on vulnerabilities, threats, risk, anticipated needs, technology trends, resources and budget.

Management of security on endpoints, email, internet, and network.

Reviews existing architecture, identifies gaps, recommends remediation or enhancements.

Manages compliance to HIPAA, CCPA and other state and federal regulations.

Performs vulnerability analysis and provides patching plans.

Provides Infosec education and training to enterprise

Use of a dozen security products including SIEM, network IDP/IPS,AMP, web filtering, email filtering, PAM, endpoint protections, scanners, patching systems, training, etc.

2015 : 2023

PCP

Information Security Manager

Developed and managed the information security program for the hospital. Reported to the CIO/CISO and was responsible for managing HIPAA compliance and overall information services security. Collaborated with all the technical and clinical informatics managers and several other department managers to implement organizational changes. Worked closely with IS and other staff, security consultants, and vendors to address risks and vulnerabilities. Provided services to Emergency and Corporate Compliance departments. Implemented projects and initiatives with IS supervisors, administrators, analysts, outside departments, and vendors.

2013 : 2015

Northern California Hospital

Information Security Analyst and Information Security Officer in Healthcare

Performed internal IT audits and reported detailed findings and actionable recommendations to Grand Jury and County Departments, rolled-up details for high-level presentations to management and to executive leadership. Managed technology projects including systems, applications, and networks for twelve county departments. Ensured security standards were adhered to and security requirements for projects were documented and met. Lead other PMs, train, and develop PM best practices. Worked on multi-department and state-wide automated systems, performed business systems analysis, business and technical requirements, developed solutions, and documented operational processes for systems. Created FSRs, RFPs, and SOWs. Negotiated cost and terms, and developed contracts with vendors. Prepared and administered large, complex program budgets; determined staffing and outsourcing needs. Managed major departments merge project.

2006 : 2013

Placer County

Sr Technology Analyst

As part of the oversight team, assessed project processes, risks, SDLC best practices, and documentation for the California Automated Child Support System project. Ensured repeatable comprehensive assessments for ongoing process improvements by creating resources such as reports and issues tracking and process checklists. Interfaced with management of FTB and Child Support Services to understand processes and recommend improvements. Maintained good working relationships. Identified a major project risk of a potential security failure during concurrent operations and another risk with the software vendor’s configuration control.

2005 : 2006

SAIC

QA Systems Analyst (audit/risk)

Company: Talent101

Years of Experience: 44

Skills Auditing, Business Analysis, CISSP, Complex Systems Analysis, Consulting, Cybersecurity, Enterprise Software, FSRs and RFPs, HIPAA, IBM Qradar SIEM Centrify Access Management IBM Maas360 Mobile security CISCO Firepower IPS, AMP and URL filtering CICSO Firepower network security Forcepoint Web security FireEye network security Carbon Black Protect and Response endpoint protection Cylance endpoint protection Trend Micro endpoint protection CISCO Umbrella DNS internet security; IBM BigFix Patch Management Office 365 security Proofpoint email protection Qualys Vulnerability Manager Phisme user training SANS user training Varonis DatAdvantage data security Wireshark, Incident Management, Incident Response, Information Security, Information Security Management, Information Technology, Infrastructure, Integration, IT Contracts, JavaScript, leadership, Management, Network and Telecom, Networking, Network Security, Operating systems, PMP, Powershell, Process Improvement, Project Management, Requirements Analysis, Risk Analysis, Security Architecture Design, Security Awareness, Security Controls, Security Incident Response, Security Information and Event Management (SIEM), Security Policies and Procedures, Security program, Security program development, Servers, Software and Database Development, Solution Architecture, SQL, Vulnerability, Vulnerability Assessment, Vulnerability Management, Windows Server, Program Management, IT Audits, Budgets, Disaster Recovery Planning, Field Engineering, Software Documentation, Databases, Software Development, MS Project, Technical Writing, IT Management, Microsoft SQL Server, SharePoint, SDLC, Visio, Team Leadership, Security Policies and, Disaster Recovery, Software and Database, Quality Assurance

About Jeannette has worked in Information Security full time 12 years (with experience dating back to 2004) and has more than 30 years in IT. She holds a BS in IT and CISSP certification. Previously held CISA and PMP. Knowledge of computer hardware, software and networking. Current responsibilities include monitoring events and logs to identify real threats, disrupt attacks, direct remediation, and document incidents; proactively hunting for threats and improve posture by researching threat actors, TTPs and assessing enterprise architecture, endpoint configurations, vulnerabilities, assisting IT in remediating issues, in short the whole range of Info Sec responsibilities. Recent accomplishments include building information security programs from the ground up including incident management, risk management, operations, vulnerability management, user training; implementing more than a dozen network, web, endpoint, email, identity, SIEM, and other products; performing risk assessments, managing multi-year remediation efforts, training IT staff; developing and documenting policies and procedures. Prior experience highlights include IT project management, software development, field engineering, QA systems analysis, technical writing, and engineering technician.