Payam Hojjat
Education:
Doctor of Philosophy - PhD
Technology and Innovation Management - Specialization : Cybersecurity
Northcentral University
2020 : 2023
Master of Science - MS
Cyber Security and Information Insurance
Western Governors University
2017 : 2019
Bachelor's Degree
Management Information Systems, General
CSU Sacramento
2014 : 2016
Computer Systems Networking and Telecommunications
Sacramento City College
2012 : 2014
Associate's Degree
Math & Science, Business, Sociology
Folsom Lake College
2011 : 2014
Experience:
2023 : Present
California Department of Technology
Statewide Cybersecurity Risk & Governance Chief
Part-time professor for the Management Information Systems program at CSUS. Course content examines network security, ethical hacking, compliance and operational security, threats and vulnerabilities, application and data security, host security, access control and identity management, administration and governance, and cryptography.
2019 :
California State University-Sacramento
Adjunct University Professor
2020 : 2023
California Department of Technology
Statewide Incident Response Program Manager
Provide direction and security guidance for the California Department of Toxic Substances Control as the Chief Information Security Officer. Build and implement an information security strategy, road map, and program to align security controls, and enable users, business objectives, and services to DTSC’s core mission and values, while reducing organizational risk through digital safeguards and countermeasures. Integrate technology to modernize and streamline DTSC business processes while enforcing regulatory policies to ensure legislative and organizational compliance of the confidentiality, integrity, and availability of California State resources. Direct all aspects of security product life cycles, including but not limited to : requirements gathering, strategy, architecture, design, procurement, decision making, and communication. Reform security culture to increase cyber security resiliency, provide management responsibilities to infrastructure staff, collaborate with regulatory, emergency, and financial State agencies, and act as the Privacy Officer, Technology Recovery Coordinator, and information technology Risk Manager. Provide last level technical support for major security breaches.
2018 : 2020
California Department of Toxic Substances Control
Chief Information Security Officer
Lead Technical Security Architect/Tiger Team Lead :
Technical lead to securely design and architect enterprise wide projects, and ensure the compliance to CDCR's DOM, CDT’s SAM, ISO 27000 and NIST frameworks. Promote collaboration and facilitate meetings with different stakeholders on enterprise wide projects as CDCR's Tiger Team coordinator. Provide security guidance and risk mitigation techniques to business units and ensure the confidentiality, integrity, and availability of CDCR data. Develop network diagrams and enterprise firewall rules as necessary.
Red Teaming :
Audit the enterprise’s security posture through penetration testing and risk assessments, which provided a gap analysis to further create new policies and mitigate departmental vulnerabilities. Additionally, configured, administered, and tuned CDCR's vulnerability scanner and created policies scans to help assess and develop baseline images for DISA STIGs compliance.
Blue Teaming :
Help create CDCR’s Security Operations Center by drafting playbooks to streamline incident response during security breaches.
Conduct analysis and create triggers on suspicious activities utilizing our McAfee Suite (SIEM, ATD, ePO, DLP) and various online website auditing tools to create reports, timelines, and remediation processes to help upper management make data-driven decisions.
2016 : 2018
California Department of Corrections and Rehabilitation
Enterprise Security Architect
Company: California Department of Technology
Years of Experience: 19
Spoken Language: English, Farsi, French