United States
I am a security professional currently working as a Vendor RIsk Analyst and Security Liaison for the Office of Finance, Operations, and Administration within the University of California, Davis. I coordinate and support the unit's Vendor Risk Assessment program precluding procurement and advise staff about compliance requirements and guidelines set forth by the UC Security Policy and Information Security Office. I bridge communication gaps between technical and non-technical staff, manage risk for a diverse portfolio of third-party IT applications and services, and coordinate risk decisions with key stakeholders to support business needs. Prior to working for UC Davis, I was a Cybersecurity Analyst responsible for managing and responding to the organization’s SIEM tool, administering Cybersecurity Awareness training for 1600+ employees, and enforcing email security for a large manufacturing company. Before I began my career in IT and Cybersecurity, I was a business owner who operated a successful hair salon in Downtown Sacramento, led instructional training for KEVIN.MURPHY hair products, and maintained a full clientele. Firm believer of, ‘You can do everything you set your mind to.’
Under the direction of the Cybersecurity Director, I serve as an experienced IT Security Analyst, specializing in consulting and advising business departments to strengthen their security posture and manage third-party risk. Operating at the intersection of technology, risk management, procurement, and compliance, I provide strategic guidance to stakeholders in dynamic, high-stakes environments. I advise on the design, implementation, and optimization of security controls to ensure the confidentiality, integrity, and availability of critical systems and data. This includes secure system configurations and proactive risk mitigation strategies to protect UC data, networks, and systems. My expertise includes incident response and digital forensics, analyzing security events, uncovering root causes, assessing risks, and recommending tailored remediation strategies. I interpret security logs, evaluate breaches, and provide actionable insights for informed decision-making. As a Lean Six Sigma Green Belt, I drive process improvements within security programs, identifying inefficiencies, reducing operational risks, and optimizing workflows to enhance performance and resource management. Collaboration is key to my approach. I act as a trusted advisor to technical and non-technical stakeholders, translating complex security concepts into clear, actionable recommendations. Whether guiding teams through regulatory compliance, risk assessments, or third-party security best practices, I focus on building resilient programs and processes. Passionate about cybersecurity and continuous improvement, I thrive in environments that demand strategic thinking and adaptability. My goal is to anticipate and mitigate risks proactively, transforming cybersecurity from a reactive function into a strategic business enabler.
Under the direction of the Chief Information Security Officer (CISO) and Deputy CISO, I was an Information Security Analyst for the Information Education Technology (IET) unit within the Information Security Office (ISO). I served as a key liaison between technical and non-technical stakeholders, effectively bridging communication gaps to support university-wide Information Security initiatives. I conducted comprehensive vendor risk assessments of third-party suppliers, identifying potential security risks and providing strategic risk remediation recommendations to mitigate vulnerabilities. I supported the development and enhancement of Information Security systems, driving initiatives to strengthen the university’s security posture and ensure compliance with industry best practices and regulatory standards. I contributed to cross-functional projects aimed at improving risk management frameworks and safeguarding institutional data. I transitioned out of this role after securing an internal opportunity that aligned with my career goals.
Provided Tier 1 support for email security, Microsoft products (Teams, SharePoint, OneDrive), and SAP software. Developed step-by-step instructions for technical and non-technical users. Performed security risk assessments to ensure PII compliance with US Department of Labor standards. Prepared threat briefings, acted as a liaison across teams for vulnerability management, and ensured patch compliance. Managed and optimized SIEM tools, responded to intrusion detection alerts, and eradicated security threats. Served as a CIRT member, handling incident forensics, neutralizing malicious processes, and drafting company-wide security communications. Led email security efforts, removing malicious emails using KnowBe4 and Palo Alto Networks Wildfire. Created cybersecurity metrics reports for executive leadership, driving continuous improvement. Served as Scrum Master, managing sprints and deliverables for IT operations. Implemented a streamlined procurement process for print services and developed an exceptions policy to assess and document security risks for non-compliant requests.
• Carried out responsibilities for the growth, stability, and daily operations of the business. • Analyzed profit margins, cost of goods sold (COGS), and industry trends to design marketing strategies used to drive month-over-month increase of business revenue and customer acquisition. • Designed a budget strategy to reduce unnecessary business costs and increase return on investment (ROI).
• Provided a solution for reducing spam phone calls for executive leadership by thirty percent. • Supported the development of new processes and procedures for the Cybersecurity program including incident response, incident handling, intrusion detection, and daily operations. • Identified, organized, and audited Active Directory group policies (GPOs) to validate appropriate user access within organizational units (OUs). • Created and delivered cybersecurity awareness training to high-risk employees, which reduced the phishing click-rate by ten percent. • Assisted in security hardening projects for enterprise-wide applications and worked with management to enforce changes. • Published writer of cybersecurity articles for the company magazine distributed to all employees.