Thomas Foos

Experience

• 

  Schade Builder's Supply

  May 2008 - Aug 2009

  Warehouseman

  Managed entire warehouse from the first day of the job.Completed customer's orders and managed incoming deliveries.

• 

  German Mutual Insurance

  Dec 2010 - Feb 2011

  Network Security Analyst Intern

  • Completed 43 more hours than minimum required, total of 163 hours.• Worked directly under network security administrator monitoring company’s network.• Received training with tools such as Metasploit, Snort, Sophos, and for Intrusion detection/prevention.• Reviewed daily IPCop firewall logs as well as QualysGuard reports.• Used Sguil to monitor and to do deep packet inspection on incoming and outgoing packets.• Reviewed suspicious packets with Wireshark for malicious activity.• Created a simplified spreadsheet from the SANS 20 Critical Controls for easy use throughout the company.• Used Linux computers (Security Onion) for daily work. Show less

• 

  Style Crest, Inc.

  Jun 2011 - Sept 2012

  Order Puller/Warehouseman
• 

  Crowe Horwath LLP

  Aug 2012 - Dec 2016

  Senior Staff Technology Risk Consultant

  Thomas has demonstrated experience in IT Risk Management/Assessment, Sarbanes-Oxley (SOx) Compliance, FDICIA Compliance, IT General Controls, IT Strategy, Information Security Program Development/Testing, SOC 1/SOC2 reviews and Third Party (Vendor) Risk Management as well as presenting results and recommendations to line level managers and senior management.. Regulatory and compliance reviews, covering Gramm-Leach-Bliley Act and Sarbanes-Oxley requirements, in addition to performing audits of IS general and application control environments; assessing logical, physical and environmental controls within varying operational environments. Assisting in the review and enhancement of policies and procedures governing application access, information security, business continuity, vendor management and incident response. Technology experience covers both the application and the supporting infrastructure layers. Thomas has worked with various Operating Systems platform such as Windows (various versions), UNIX, IBM System i, and has exposure to different database management systems such as Oracle, and Microsoft SQL Server. Performed IT reviews of data centers, focusing on application controls and the following general control areas: Organization and Personnel (including segregation of duties), Computer Operations (including scheduling, data file utilities, file handling, and retention, etc.), Physical Security (including safeguarding assets and detection of physical threats), and Disaster Recovery Planning (including Hot-Site Agreements, review of the plans, and annual testing).Examinations, IS general controls reviews, security reviews, and other specialized reviews as well as presenting results and recommendations to line level managers and senior management. Show less

• 

  American Electric Power

  Dec 2016 - now

  Audit Engagement Manager