Bryan Paul

Experienced Cybersecurity professional with proven vulnerability assessment, incident response, governance/compliance, consulting and project management skills.

Career Experience

Senior Cybersecurity Engineering Consultant– Beyond Mission Capable Solutions – June 2023– Present

· Provided cybersecurity consulting services to the Air Force and DoD, including risk assessments, security audits, and compliance evaluations.

· Advised senior leadership on cybersecurity strategies and initiatives to strengthen resilience against evolving cyber threats and ensure compliance with regulatory requirements.

· Conducted vulnerability assessments to identify and mitigate security vulnerabilities across IT infrastructure and systems.

· Developed and delivered cybersecurity training programs for personnel to enhance awareness and promote adherence to security best practices.

· Led the implementation of security controls and procedures in accordance with DoD cybersecurity standards and guidelines, such as Risk Management Framework (RMF) Secure Software Development Framework (SSDF) and NIST SP 800-53.

· Managed security incident response activities, including investigation, containment, and resolution of cybersecurity incidents, to minimize impact and prevent recurrence.

· Collaborated with cross-functional teams to integrate cybersecurity requirements into system development lifecycle (SDLC) processes and ensure secure configuration and deployment of IT assets.

· Contributed to the development and maintenance of security documentation, including system security plans (SSPs), security assessment reports (SARs), and security accreditation packages.

Adjunct Professor– New England College – May 2022– Present

As a Adjunct Professor my duties include:

• Engaging students to facilitate and achieve course learning outcomes;
• Grade work submitted by students and provide timely and substantive feedback;
• Teach from the approved curriculum in accordance with assigned schedules to ensure student satisfaction;
• Participate in college recruitment, retention, and employment initiatives by connecting with students, faculty, staff, and employers, and offering support as needed;
• Advise students in matters related to academics, attendance, and career interests.

Associate Director of Information Security Architecture & Engineering– ElevateBio – August 2022– June 2023

As the Associate Director of Information Security Architecture & Engineering

• Designed, implemented, and maintained security controls, platforms, and tools to support assurance processes and enhance overall security posture.
• Conducted regular security assessments and audits to identify vulnerabilities and gaps, implementing remediation plans to address findings.
• Worked collaboratively with engineering and penetration testing teams to integrate security best practices throughout the software development lifecycle.
• Design, build, configure, integrate, and operate information security tools & systems within the cloud information Security Infrastructure such as Crowdstrike, Automox, and NiFi.
• Create and maintain security standards, including cloud security standard in adherence to the NIST CSF (National Institute of Standards and Technology Cybersecurity Framework).
• Led cybersecurity technology projects and lifecycle management.
• Set up polices within monitoring tools to generate low, medium, and high-risk alerts to promptly manage risk and Data Loss Prevention (DLP) with Symantec, Proofpoint, 365 Defender, Qualys and Imperva.
• Recommend technology and technology revisions based on operational, legal and contractual requirements to meet international cyber security and data privacy GRC needs
• Perform reviews of emerging tools, architecture, and Policies for the organization.
• Collaborate with business units to ensure that security is represented in the Software Development Life Cycle (SDLC).
• Contribute to enterprise architecture governance, standards, and processes
• Evaluate, acquire, configure, and operate cloud and on-premise security tools
• Ensure that the configurations of cloud and on-premise systems are appropriate
• Collaborated with cross-functional teams to develop and implement security controls based on the MITRE ATT&CK framework.
• Developed and implemented a threat intelligence program based on the MITRE ATT&CK framework, providing visibility into potential cyber threats and enabling proactive threat mitigation.
• Design, implement and evolve the Information Security Infrastructure with the implementation of a cybersecurity Training Program, 3rd party application patching, and log data pipeline.
• Developed and maintained PowerShell scripts to automate tasks such as software deployment, user management, and backups.

Information Systems Security Manager– Draper Lab – May 2022 – August 2022

As the Information Systems Security Manager

· Research and recommend integrated security solutions for various operating systems including Windows 10, Red Hat 8, CentOS and Ubuntu.

· Ensured cyber security standards, directives, guidance and policies to classified computing environments were enforced.

· Investigate and resolved security incidents to including data spills, and data integrity incidents.

· Prepare and maintain security Assessment and Authorization documentation (e.g., IA Standard Operating Procedure (SOP), System Security Plan (SSP), Readiness Assessment Report (RAR), Security Controls Traceability Matrix (SCTM).

· Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.

· Conduct reviews and technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.

· Oversee and provide guidance to Information Systems Security Officers (ISSO) and System Administrators on day to day duties.

· Perform oversight of the development, implementation and evaluation of information security program for in compliance with the NIST 800-53 and Department of Defense Risk Management Framework (DoD RMF) controls.

· Perform Data Loss Prevention (DLP) using LogRhythm, Symantec and Network Access Control applications to monitor user activity on various endpoints.

· Created innovative Schrems II solutions leveraging unique security and privacy framework GRC methodologies

· Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.

· Conducted vulnerability assessments on systems, applications, and networks to identify vulnerabilities and potential threats with the use of tools like Tenable Nessus and DISA STIGS.

Cybersecurity Consultant– Sarepta Therapeutics – February 2020 – May 2022

As the Cybersecurity Consultant,

• Provide guidance to the Director of IT and CISO regarding the utilization of tools, technologies, policies, and procedures aimed at enhancing the organizations security posture.
• Continuously monitor, identify, and respond to threats based on risk, potential impact, and timeliness of events with the use of various tools such as Splunk (SIEM), Mimecast, Carbon Black, Knowbe4 etc.
• Manage and continuously updates effective vulnerability management program for devices across the network.

· Managed the design and delivery of an asset management system to include cmdb, patching framework, enterprise vulnerability management and reporting framework.

· Integrate/deploy security tools such as Rapid7, Carbon Black, and Mimecast to include new data/log sources, expanding network visibility and automation.

· Deliver reports, SOP’s and governance to support enhancement/change initiatives.

· Administer training, providing an overview of company cybersecurity policies and procedures.

· Designed, implemented, and managed Identity and Access Management (IAM) systems that ensure data privacy, security, and compliance.

· Conducted risk assessments to identify and mitigate security risks related to IDS/IPS systems and processes.

· Conducted security assessments and audits to identify and mitigate security risks in AWS environments.

· Monitored network traffic and system logs for signs of security incidents

Cybersecurity Engineer – Samsung Neurologica – January 2018 – February 2020.

As the Cybersecurity engineer for the organization, built the Cybersecurity infrastructure on the medical devices with the implementation security controls and policies.

· Involved in Cybersecurity Premarket approval ensuring risk analysis is performed on the medical devices, proper controls are in place to secure the medical devices, documentation of cyber related efforts are provided to the FDA and post market monitoring of vulnerabilities are planned/performed.

· Experience with securing and remediating cybersecurity vulnerabilities with medical devices such as Ultrasound, DR, and CT devices.

· Provide cross functional support across many teams in the organization including Sales, Marketing, R&D, Regulatory, Quality etc.

· Experience hardening, patching and remediating vulnerabilities associated with embedded operating systems for medical devices including Windows 10, Ubuntu, Windows 7 etc.

· Identifying and classifying cyber security vulnerabilities and creating mitigation plans with the R&D team, ensure plans are documented understood and track the results of the plan execution

· Implementing policies and procedures in order to ensure devices are compliant in accordance with the NIST 800-53, DOD/RMF controls, Health Insurance Portability and Accountability Act/Food and Drug Administration (HIPAA/FDA) regulations, and the UL 2900 standard.

· Developed the organizations Cybersecurity SOP, Manufacturer Disclosure Statement for Medical Device Security (MDS2) forms, Software Bill of Materials (SBOM) as well as various other product documentation in order to provide customers with an overview of the companies cybersecurity policies and procedures.

· Led Samsung cybersecurity incident response and support of escalations by implementing mitigation tactics such as patches, enabling/disabling services or configuration settings that could be used to resolve potential vulnerabilities on the systems.

· Collaborate with the Research and Development (R&D) team to ensure traceability between cybersecurity risks and controls are met prior to new product releases.

· Engage with customers, government agencies and other stakeholders to ensure compliance with cybersecurity requirements and define best practices through face to face meetings, conference calls, presentations etc.

· Collaborate with sales and marketing to integrate cybersecurity marketing strategies.

Cybersecurity Engineer – Raytheon – September 2016 – January 2018

• Performed vulnerability scans to assess the security posture of the Patriot tactical systems searching for flaws within registry settings, firewall settings and group polices. As well as ensuring the latest OS and 3rd party patches were installed.
• Performed OS/3rd party vulnerability assessment with the use of manual tools, assessing policies and registry settings.
• Developed SSP and Plan of Action and Milestones (POAM) to provide an overview of the system, its security requirements and the controls set in place.
• Responsible for ensuring classified systems meet NIST 800-53 and DOD/RMF controls to obtain/maintain Authority to Operate (ATO) status by collaborating with the software engineers and verifying that industry standard features such as data at rest encryption, whitelisting, AV solutions, account management policies are set in place.
• Developed network diagrams and hardware listing for the systems used illustrating network configuration.

Information Systems Security Officer- Raytheon- March 2014-September 2016

· Review weekly security logs on classified information systems investigating potential insider threat activity such as brute force attacks, account lockouts, overnight/off hour user activity, compromised passwords, unauthorized account management activities, and firewall activity.

· Review system configurations to ensure RMF controls are set in place in all systems by reviewing audit policies, registry settings, patches etc.

· Perform anti-virus definition updates, on a monthly basis in order to keep systems National Industrial Security Program Operating Manual/ Joint Air Force, Army, Navy (NISPOM/JAFAN) compliant.

· Perform inventory checks of hardware belonging to classified information systems to ensure all equipment attached to the classified systems are accounted for.

· Provide briefings to users ensuring they follow procedures set forth by the company while working in a classified environment.

Education

Malden High School Graduate Class of 2007

Salem State University – BS – Computer Science Graduate Class of 2012

Southern New Hampshire University – MBA Class of 2018

Comptia Security+ Certification September 2013

Comptia A+ Certification June 2012

InsightIDR Certified Specialist - Product Training September 2020