Andrew Smith

Experience

• 

  Van Ausdall & Farrar

  Aug 1996 - Jan 1997

  Ricoh Major Account Representative

  Administrated and audited Ricoh’s high-profiled copier program. Investigated past involvement and billing for copier division services.

• 

  Indiana Department of Labor

  Nov 1997 - Feb 2005

  Facilitated the planning, procurement, installation, configuration, administration, and maintenance of the Department’s consolidated Microsoft NT domain along with the migration of client computers connected both directly and remotely to the network via Windows 98, 2000, and XP. Managed the Department’s data workflow through the development and maintenance of policies and procedures for ensuring data system integrity. Performed the duties as the primary purchasing administrator representing the Department in contract negotiations, request for proposals, and leasing agreements. Developed the Department’s Extranet website and administered the Internet website. Vis mindre Served as a liaison to bridge technical and information gaps between program divisions. Acted as a liaison between Federal OSHA and the Department to solve problems and communicate technically oriented material to non-technically oriented personnel. Conducted specific analysis and interpretation of statistical data in government information systems. Used techniques of frequency distribution, measures variability, statistical inferences, and hypothesis testing to aid in the analysis of data correlation. Vis mindre

  • Senior Systems Analyst

    Sept 2000 - Feb 2005

  • Administrative Analyst

    Jan 1999 - Sept 2000

  • Administrative Assistant

    Nov 1997 - Jan 1999
• 

  Walker Information

  Jan 2005 - Jan 2014

  Focusing on hardening internal technology resources through patch management, vulnerability scanning, and implementation of industry standard best practice solutions such as DISA-STIG, PCI, configuration management, and endpoint security. Developed an automated patch management process for Windows servers using a former product Tivoli Endpoint Management and our current product Dell Kace which included determining deployment schedule for both test and production systems, both workstations and servers. Incorporated organization’s external facing web applications into a daily or weekly PCI security scanMonitor daily and weekly scans for sites that do not meet stated security goals. Log scan failures into our issue management system and manage mitigation of vulnerability by making a network, operating system, or application change. Any of these three changes could result in working with the appropriate personnel to resolve said scan failure with our Network Operations, Application Development, or Networking teams. Report status of above steps in monthly security meeting with technology stakeholders. Evaluate industry standard best practices such as DISA-STIG, McAfeeSecure, and PCI standards to measure our progress with comparison organization assets. Report on progress to both internal and external stakeholders either via monthly security review meetings or security representation during new customer engagements (e.g. RFI/RFP process). Centrally control Windows settings via group policy that are consistent with ensuring that endpoints pass vulnerability scanning and industry standard benchmarks.Responsible for maintaining a living technology document which outlines Walker’s disaster recovery, continuity, security, and highly available technology methodologies and lead person for technology responses surrounding customer RFP’s for sales engagements. Vis mindre

  • Senior LAN Administrator

    Jan 2007 - Jan 2014

  • LAN Administrator

    Jan 2005 - Jan 2007
• 

  SmartIT (Staffing)

  Jan 2014 - Dec 2014

  Information Security Analyst

  Information Security Analyst at Sallie Mae Bank* Cybersecurity Technical Support* Cybersecurity Project Management* Security Architecture and Strategic Planning* Security Assessments, Risk Evaluations, and Compliance Support

• 

  Sallie Mae

  Jan 2015 - now

  * Focused on Cyber Incident Response & Hunting - Deployed a next gen Threat Analytics Platform (SIEM) - Data populated SIEM with log and sensor data * Threat Intelligence & Information Sharing - Ingested multiple intel streams into our SIEM - Actively participated on threat intel discussion feeds* Cybersecurity Technical Support * Cybersecurity Project Management - Deployed advanced network, email, and endpoint security monitoring solutions and integrated them with our SIEM. * Security Architecture and Strategic Planning* Compliance Support Vis mindre

  • Director, Security Engineering

    Nov 2018 - now

  • Cybersecurity Engineer

    Jan 2016 - Nov 2018

  • Senior Analyst, Cyber Security Operations

    Jan 2015 - Jan 2016