Mark Gaad

• Accountable for the entire security of our cloud infrastructure, ensuring compliance with industry standards and employing advanced security measures and technologies.
• Strengthened our defense against cyber threats by implementing Defense in Depth, including Security Groups, NACLs, IAM policies, and encryption mechanisms.
• Utilized a suite of AWS services, including Security Hub, GuardDuty, CloudTrail, CloudWatch, and Cloudflare to continuously monitor applications and data, enhancing protection against web attacks and enabling swift response to security incidents.
• Applied Center for Internet Security (CIS) benchmarks to verify performance of ongoing security measures.
• Tailored AWS services to offer only essential capabilities, reducing potential attack surfaces by disabling or restricting unnecessary services, ports, and protocols.
• Proactively identified and addressed security weaknesses through vulnerability assessments on our web platform, guided by STRIDE threat modeling methodology.
• Established access control policies and WAF based on the principle of least privilege, defaulting to deny access and granting permissions solely to authorized users, systems, and processes.
• Implemented automated responses, such as AWS Lambda functions, to enforce a fail-secure posture during system failures or security incidents, ensuring timely mitigation and containment.
• Aligned our security practices with the NIST Cybersecurity Framework 2.0, establishing a robust cybersecurity program for our cloud environment to enhance resilience against evolving cyber threats.
• Designed and implemented comprehensive security measures to safeguard infrastructure, applications, and data, in adherence to industry standards and best practices.
• Streamlined logs collection by implementing SIEM Solutions to centralize data from various systems and applications to offer a unified view of an organization's IT environment to Detect, analyze, and respond to security threats.
• Collaborated with IT teams to integrate security measures into software development processes, enhancing overall application security.
• Successfully Thwarted Various Cyber Attacks with Average of 14,000 Monthly on Web Platform

Assigned to Client Globe Group

• Utilized Splunk and Google Workspace logs to monitor, detect, and respond to security incidents and alerts effectively.
• Conducted vulnerability management on systems and servers, ensuring a secure and up-to-date environment.
• Implemented robust security best practices and server hardening across All Globe Telecom's servers to proactively minimize the attack surface and prevent potential system breaches.
• Managed critical components such as Host-Level Firewalls, GPOs, Internal DNS, DHCP, and Mail Server to maintain a secure and well-functioning network infrastructure.
• Investigated and resolved email incidents, escalating complex issues to third-party vendors, when necessary, to ensure timely and effective resolution.
• Oversaw Google Workspace Security Policies, whitelisting approved applications, IP addresses, and Device Enrollments, enhancing security controls and access management.
• Managed the Identity and Access Management System and provide assistance in Various Projects to successfully integrate applications to enable Single Sign-On (SSO) and implemented role-based access control (RBAC) for streamlined access management.
• Contributed to Email Security Projects from Proof of Concepts (POCs) to full deployment in the production environment, bolstering the email security tools within Google Workspace.
• Participated in the Project Implementation of one of the critical component of Secure Access Service Edge (SASE) “Context-Aware Access" Email Security Policy and provided support post-transition to Operations, ensuring seamless functionality and security.

• Monitor and respond to security alerts detected in the Microsoft Endpoint Security System. Conduct thorough investigations, incident triage, and review of account logs to validate the legitimacy of detected activities. Take appropriate actions, such as removing permissions, deactivating accounts, resetting passwords when confirmed compromised, or closing incidents for false positives.
• Perform monthly maintenance patching on all company servers and promptly remediate zero-day vulnerabilities to maintain a secure IT environment.
• Build and manage a centralized logs repository server for efficient log analysis, forensic investigations, and audit reviews.
• Ensure that devices deployed by helpdesk engineers have security agents and are reporting to the EDR (Endpoint Detection and Response) system, actively managing the system.
• Manage and support various Microsoft 365 applications, including Outlook, Teams, and SharePoint, to facilitate efficient communication and collaboration within the organization.
• Oversee Active Directory (AD) administration, including users, computers, groups, GPOs, DNS, DHCP, and WSUS, ensuring smooth operations and security.
• Manage and enforce security control systems, including preventive measures such as password policies and 2FA (Two-Factor Authentication), as well as detective measures like card access systems, CCTV systems, and Microsoft Endpoint Solution System (Intune).
• Take charge of the Azure Firewall, creating rules to block malicious IPs and enhance network security.
• Handle the secure wiping of reported lost and stolen devices in Microsoft Endpoint to mitigate risks and prevent exposure of sensitive company data and systems.
• Extract active user and computer lists for monthly audit reviews, ensuring compliance with regulatory requirements.
• Provide valuable assistance to the Network Team in troubleshooting network-related issues.
• Take on a mentorship role, training and guiding junior team members within the administrative team.
• Actively participated in the migration from Google Workspace to Microsoft 365, contributing to the successful transition.
• Played a crucial role in the Grant Thornton Cybersecurity Compliance Review (GCCR) established by Grant Thornton International Ltd (GTIL), ensuring compliance and bolstering the organization's cybersecurity practices.

● Focused on safeguarding databases, user access management, data backups, and generating reports.

• Assisted with database migrations, ensuring smooth transitions between systems without loss of critical data.
• Developed custom scripts for automating routine tasks, increasing productivity and reducing manual workloads.

• Boosted end-user productivity through effective remote assistance using various tools such as TeamViewer, Remote Desktop, and VPN connections.
• Elevated end-user proficiency with company software through creation of easy-to-follow guides and tutorials.
• Improved team performance by collaborating with coworkers to share knowledge and develop best practices for issue resolution.
• Supported organizational growth by onboarding new employees with appropriate IT resources, training materials, and system access permissions.
• Supported security tools, user device patching, assisted users with cybersecurity issues, documented security incidents,.