In the world of today’s constantly emerging technologies, I am eager to learn the different ways that tech and information can be utilized, hacked, and secured. Working in information security, my priority is ensuring the security of data and systems, and addressing risks and vulnerabilities for organizations and their assets.

With multiple years of experience in information technology, I have worked with many different technologies and systems. My primary proficiencies include endpoint detection and response, network and email firewall configuration, and identity/privileged access management (IAM/PAM). Additionally, I have experience with security risk assessments, vulnerability management, and mobile device management.

I am curious to learn as much about the information security landscape as I can. As technology becomes more prevalent in every sector of the world, the attack surface becomes greater. My responsibility is ensuring that organizations have their data secured and their risks minimized. My current tech interests include cloud computing (AWS), virtual reality, and generative AI.

I currently serve as an information security administrator in the greater Philadelphia and central New Jersey metropolitan area. For inquiries, please contact me at the link above or email christophermchong@gmail.com.

Projects

Cloud Cybersecurity Homelab

• Created an enterprise network environment using AWS VPCs, EC2 instances, and networking tools.
• Utilized Kali Linux tools (Metasploit, Nessus) on Amazon EC2 instances to simulate a penetration testing/attack environment as part of a red team.
• Utilized SIEM tools (Splunk Enterprise) on Ubuntu to monitor and gather data for compromised systems as part of a blue team.
• Created incident response plan based on NIST 800-61 Computer Security Incident Handling Guide.

Personal Portfolio Website

(The one that you're currently on!)

• Created website using HTML/CSS and Bootstrap frameworks to demonstrate professional technology and security achievements
• Deployed using Amazon Web Services web deployment tools for functionality and security
• AWS services utilized include S3, CloudFront, Route 53, and Certificate Manager
• Maintained version control for new updates to website using GitHub

Experience

Capital Health

IT Security Administrator (April 2022 - present)
Pennington, NJ | Lawrence Township, NJ

• Secure and manage network of 9,000+ endpoint devices, including 1,200+ servers and sensitive medical systems, from cyber threats and exploits.
• Reduce vulnerability of assets by 17% by using endpoint detection and response systems to uncover and eliminate malware, PUPs, and behavioral anomalies.
• Ensure system availability and Zero Trust security for network infrastructure supporting 10,000+ users through content filtering and firewall configuration.
• Secure and manage integrity of 250+ secrets and privileged accounts by leading configuration, deployment, and maintenance of privileged access management (PAM) to production systems.
• Reduce phishing and spam email count by 2,500+ by using email security protection and anti-phishing and SMiShing user education campaigns.
• Conduct incident response, investigation, and remediation of security events and issues by containing and recovering compromised systems, eradicating malicious threats, and patching zero-day vulnerabilities and CVEs, as part of a 24x7 on-call rotation.
• Ensure risk management and compliance by facilitating execution of third-party risk assessments and healthcare data standards compliance in accordance with industry-related regulations and standards.
• Collaborate with various staff to incorporate information security measures across 70+ hospital-wide projects.
• Lead development of weekly reporting program to display metrics of EDR device statistics using Python.

Decco Industries

Junior Security Administrator [contract] (July 2020 - April 2022)
Pennington, NJ

• Migrated, installed, and upgraded over 6,000 devices and servers to Carbon Black endpoint security systems, reducing vulnerability to cyber threats.
• Developed and enforced policies and procedures, increasing end user security awareness and reducing the risk of phishing attacks.
• Mitigated security threats and vulnerabilities to healthcare IT and network security.
• Analyzed user browsing habits and developed initiatives to increase security compliance and awareness for 12,000+ end users.

Education

The Pennsylvania State University

University Park, PA
Bachelor of Science in Security and Risk Analysis, Concentration in Information and Cyber Security (Completed December 2020)
Bachelor of Science in Information Sciences and Technology, Concentration in Design and Development (Completed May 2020)

Certifications

CompTIA Security+ (Obtained September 2022)
CompTIA Network+ (Obtained September 2021)

Skills

• Endpoint Detection and Response (EDR): CrowdStrike Falcon, Carbon Black Endpoint Standard, Trellix (McAfee) ePolicy Orchestrator, Microsoft Defender
• Identity/Privileged Access Management (IAM/PAM): Delinea Secret Server, Sailpoint IdentityIQ
• SIEM Tools: Splunk Enterprise, Wazuh
• Vulnerability Management: Tenable Nessus
• Network Security: Palo Alto Panorama, Cisco Umbrella, IDS/IPS configuration, Nmap
• Email Security: Barracuda Cloud Control, Cisco IronPort, Proofpoint
• Programming and Scripting: Python, Bash, HTML, CSS, JavaScript, Java
• Cloud Computing and Security: AWS (S3, EC2, IAM, CloudFront, VPC, Lambda, Route 53)
• Operating Systems:Windows, macOS, Ubuntu, Kali Linux
• Security Compliance and Frameworks: NIST CSF, NIST 800-53, HIPAA Security Rule
• Other: Git (version control)