Patrick Hughes
Education:
Bachelor's Degree
Management Information Systems and Services
State University of New York Empire State College
2013 : 2019
English
The Ohio State University
1994 : 1999
Experience:
2022 : Present
Moody's Corporation
Senior Cybersecurity Engineer
2022 : 2022
Strategic Financial Solutions NY
Lead Information Security Engineer
-Matured security program across multiple vectors.
-Revamped and managed Splunk environment. Set up new log source ingestions (Cisco Umbrella, Meraki,
-Salesforce, Office365, Keeper, OneLogin, SentinelOne); created alerts and reports. Trained personnel in
Splunk use.
-Created and managed user security awareness programs. Implemented test phishing campaigns (quarterly
basis) and customer-facing security training; deployed Phish Alert button into users’ Outlook.
-Deployed MFA for +800 users in Office365 environment. Developed user documentation; worked with
infrastructure team on enforcement and audits.
-Follow trends in threat intelligence; remediate new and ongoing threats. Consult on deployment and use of endpoint AV solution.
-Developed IT security roadmap; aligned organizational goals.
2021 : 2022
Strategic Financial Solutions NY
Information Security Analyst
Expertly provide cyber security related project planning and execution support to the on-site program manager.
Perform technical cyber security related planning and effectiveness analyses for the active IT infrastructure design. Formulate and design cyber security related design specifications. Develop and deliver consistent, high quality cyber related services and products. Provide cyber security related quality assurance check on delivered services and products. Identify opportunities for improvement and makes constructive suggestions for change.
• Proficiently Upgraded and revamped existing Qradar platform that provided more actionable intelligence, including the creation of custom alerts and daily reports, custom dashboards, and training.
• Adeptly implemented Nessus Security Center and created a regular security scanning schedule for the server range that decreased vulnerability numbers by 20% and improved patching schedule from a 90 to a 60 day cycle.
• Upgraded Qradar hardware to allow for longer event retention as well as better performance.
• Executed internal phishing program utilizing Cofense's PhishMe, resulting in 20% increase in end-user phishing awareness.
2017 : 2021
Nuvance Health
Information Security Analyst
Supported a complex security architecture that includes, next generation firewalls, web filtering, network access control, vulnerability management, log monitoring, endpoint protection, and forensic analysis. Designed, implemented, and supported new security technologies. Proactively threat hunted and performed malware analysis. Created multiple ongoing reports and dashboards used for security monitoring.
• Partnered with the Infrastructure Team to install Carbon Black Response to 10K+ individual endpoints covering all machines in the organization, allowing for upgraded malicious detection processes based on hash values and isolate machines where required.
• Effectively created reporting and dashboards in Splunk analytics driven SIEM; decommissioned legacy Oradar platform.
• Implemented and administrated POC systems for security orchestration, to include Phantom, Demisto and Resilient.
• Created and maintained Cyber Security WIKI documenting multiple systems and general “how-to” documentation.
• Member of FSISAC and InfraGard for security knowledge sharing and action.
2016 : 2017
OppenheimerFunds
Cyber Security Engineer
Company: Moody's Corporation
Years of Experience: 26
Spoken Language: English
► Trusted partner, cross-functional analyst and excellent communicator producing exceptional results and maintaining strong, healthy relationships with management, customers and colleagues at all levels; excellent verbal and written communications. A professional that instills a positive working environment while directing and motivating diverse teams.
► Proven track record of implementing large scale and complex projects; armed with a solid background in operations, production, logistics, and infrastructure management.