Payam Hojjat

California Statewide Cybersecurity Risk & Governance Chief & Cybersecurity University Professor. M.S. CISSP

Folsom, CA, United States

Details

Education: Doctor of Philosophy - PhD

Technology and Innovation Management - Specialization : Cybersecurity

Northcentral University

2020 : 2023

Master of Science - MS

Cyber Security and Information Insurance

Western Governors University

2017 : 2019

Bachelor's Degree

Management Information Systems, General

CSU Sacramento

2014 : 2016

Computer Systems Networking and Telecommunications

Sacramento City College

2012 : 2014

Associate's Degree

Math & Science, Business, Sociology

Folsom Lake College

2011 : 2014

Experience: 2023 : Present

California Department of Technology

Statewide Cybersecurity Risk & Governance Chief

Part-time professor for the Management Information Systems program at CSUS. Course content examines network security, ethical hacking, compliance and operational security, threats and vulnerabilities, application and data security, host security, access control and identity management, administration and governance, and cryptography.

2019 :

California State University-Sacramento

Adjunct University Professor

2020 : 2023

California Department of Technology

Statewide Incident Response Program Manager

Provide direction and security guidance for the California Department of Toxic Substances Control as the Chief Information Security Officer. Build and implement an information security strategy, road map, and program to align security controls, and enable users, business objectives, and services to DTSC’s core mission and values, while reducing organizational risk through digital safeguards and countermeasures. Integrate technology to modernize and streamline DTSC business processes while enforcing regulatory policies to ensure legislative and organizational compliance of the confidentiality, integrity, and availability of California State resources. Direct all aspects of security product life cycles, including but not limited to : requirements gathering, strategy, architecture, design, procurement, decision making, and communication. Reform security culture to increase cyber security resiliency, provide management responsibilities to infrastructure staff, collaborate with regulatory, emergency, and financial State agencies, and act as the Privacy Officer, Technology Recovery Coordinator, and information technology Risk Manager. Provide last level technical support for major security breaches.

2018 : 2020

California Department of Toxic Substances Control

Chief Information Security Officer

Lead Technical Security Architect/Tiger Team Lead :

Technical lead to securely design and architect enterprise wide projects, and ensure the compliance to CDCR's DOM, CDT’s SAM, ISO 27000 and NIST frameworks. Promote collaboration and facilitate meetings with different stakeholders on enterprise wide projects as CDCR's Tiger Team coordinator. Provide security guidance and risk mitigation techniques to business units and ensure the confidentiality, integrity, and availability of CDCR data. Develop network diagrams and enterprise firewall rules as necessary.

Red Teaming :

Audit the enterprise’s security posture through penetration testing and risk assessments, which provided a gap analysis to further create new policies and mitigate departmental vulnerabilities. Additionally, configured, administered, and tuned CDCR's vulnerability scanner and created policies scans to help assess and develop baseline images for DISA STIGs compliance.

Blue Teaming :

Help create CDCR’s Security Operations Center by drafting playbooks to streamline incident response during security breaches.

Conduct analysis and create triggers on suspicious activities utilizing our McAfee Suite (SIEM, ATD, ePO, DLP) and various online website auditing tools to create reports, timelines, and remediation processes to help upper management make data-driven decisions.

2016 : 2018

California Department of Corrections and Rehabilitation

Enterprise Security Architect

Company: California Department of Technology

Years of Experience: 19

Spoken Language: English, Farsi, French

Skills Access Control Management, active directory, Business Intelligence, Computer and Network Forensics, Computer Network Operations, Crowdstrike Falcon, Data Mining, Diligent, Discipline, enterprise network security, Enterprise Risk Management, Hyper-V, Identity & Access Management (IAM), Industrial Control System Security, information security awareness, Information Security Management, JavaScript, Leadership, Linux, Log Analysis, Mainframe, Malware Analysis, Metasploit, Networking, Office 365 Administration, Penetration Testing, Persistence, Physical Security Assessment, powershell, public speaking, Python, R, root cause analysis, SCADA, SDLC, security architecture design, Security Incident Response, Security Information and Event Management (SIEM), security policy development, SQL, Syslog, Threat & Vulnerability Management, Time Management, Varonis, Virtual Private Network (VPN), web application security, Web Application Security Assessment, Windows Server, Wireless Security, z/OS, Help Desk Support, Computer Network, Information Technology, Cisco IOS, Wireless Networking, Cisco Technologies, LAN Switching, Router and Switch, TCP/IP, IPv6, SNMP, Netflow, LAN-WAN, Wireshark, Access Lists, Virtualization, Java, Socket.io, SharePoint, C, HTML, VBA, Relational Databases, Microsoft SQL Server, Microsoft Servers, Statistical Data, Self-confidence, Strategic Planning, Positive Energy, Friendly Personality, Teamwork, Helping Others Succeed, Open Minded, Energetic Self-Starter, Consistency, Organization, Loyal, Cisco VoIP, Router and Switch Configuration, JCL, SQL DB2, MySQL, SQL Server Management Studio, Big Data Analytics, Statistical Data Analysis, Data Structures, SAP, IBM Mainframe, CA-Top Secret, IBM Explorer for z/OS, Green Screen, bluecoat proxies, mcafee antivirus, rapid7, cybersquatting, network security implementation

About Seek Discomfort.