JASON SOTO
IT Security Professional | Information Security Manager | Security+ | CySA+ | CSAP | SSCP | MITRE ATT&CK Defender CTI, SOC | Pentester
BIO
Experienced IT Security Professional with broad knowledge in Information Security, Ethical Hacking, Threat management, PCI DSS, SoC and more.
With threats becoming more and more sophisticated, it is vital that companies improve their security posture and their ability to respond quickly upon any security incident. I take pride in knowing i can help organizations accomplish this through my experience, continuous research and training. I try to maintain myself up-to-date with the industry trends and technologies to ensure companies don’t fall behind on this highly changing field and remain safe and in control.
MY EXPERIENCE
Roles & Responsibilities
MANAGER, INFORMATION SECURITY AND COMPLIANCE - UNICEF USA
July 2018 - Present
- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and policies
- Perform risk assessments and Security audits
- Initiate, develop, and maintain information security policies and procedures and ensure that the security strategies are being followed, to meet the organizational security goals and standards
- Conduct Research on emerging products, services and standards in support of Security Enhancement efforts
- Responsible for ensuring key in-scope PCI Applications and Systems stay compliant
- Ensure mitigation processes and appropriate risk control to security incidents as needed
- Keep abreast of information security issues and regulatory changes
INFORMATION SECURITY ANALYST - UNICEF USA
April 2016 - July 2018
- Responsible for day-to-day monitoring, scanning, response and reporting of internal security alerts
- Responsible for ensuring key in-scope PCI Systems stay compliant
- Support Information Security procedures to safeguard against leakage of confidential data and unauthorized access to Network Environment
- Provide initial analysis of SOC Feeds
- Run Security audits on Regular Basis
- Conduct Research on emerging products, services and standards in support of Security Enhancement efforts
- Ensure mitigation processes and appropriate risk control to security incidents as needed
INFORMATION SECURITY ADMINISTRATOR - CONTRALORIA GENERAL DE LA REPUBLICA DOMINICANA
June 2014 - Janurary 2016
- Develop, Implement and Maintain the Information Security Plan
- Ensure mitigation processes and appropriate risk control to security incidents as needed
- Responsible for the development, implementation and maintenance of Disaster Recovery Plan
- Coordinate Security Awareness Program
- Monitor the Security of Networks and Systems
- Coordinate recovery and incident response
- Keep informed of news related to security policies and best practices in government so that the current policy may be revised to address the weaknesses of current policies
- Perform Penetration testing on Regular Basis
- Linux/Unix System Admininistration
LINUX SYSTEM ADMINISTRATOR - CONTRALORIA GENERAL DE LA REPUBLICA DOMINICANA
October 2012 - June 2014
- Linux Platform Administration and Maintenance
- Implement Monitoring and Alerting Systems
- Monitor Servers Performance
- Monitor Network Communications
- Optimize Linux Server Performance
- Arrange the repairs quickly to reduce downtime in case of failure
- Apache Web Service Administration
- Administer Security in Linux and Windows Environments
- Software and Patch Management
- Backup Policies
- Implement Intrusion Detection systems
- Citrix Platform Administration
- Windows Enviroment Administration
- Ensure Uptime fo critical Systems
ROAMING SUPPORT & TROUBLESHOOTING/ HELP DESK - CLARO DOMINICANA
February 2003 - October 2012
- Tecnical Support of ADLS and Advanced Connectivity customers
- XDSL, Conectividad Virtual, VPN Troubleshooting
- Roaming Customers Troubleshooting
- Work with Global service providers to reduce solution times.
- GSM/CDMA Technologies
- Other Tasks
CERTIFICATIONS
November 2018
SYSTEMS SECURITY CERTIFIED PRACTITIONER (SSCP) - ISC2
The vendor-neutral SSCP credential confirms deep technical knowledge and competency in implementing, monitoring, and administering IT Infrastructure in accordance with information security policies and requirements across the organization. The SSCP credential draws from a comprehensive, up-to-date global body of knowledge that ensures candidates have the right information security knowledge and skills to be successful in IT operational roles.
March 2018
SECURITY+ CE - COMPTIA
Earners of the CompTIA Security+ certification have the knowledge and skills necessary to perform core security functions required of any cybersecurity role. CompTIA Security+ professionals know how to identify and address potential threats, attacks and vulnerabilities and they have established techniques in risk management, risk mitigation, threat management and intrusion detection.
September 2020
CYSA+ CE - COMPTIA
Earners of the CompTIA CySA+ certification have the skills, knowledge, and ability to address security analytics, intrusion detection and response. CompTIA CySA+ analysts have demonstrated the ability to perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization and the skills to secure and protect the systems.
September 2020
COMPTIA SECURITY ANALYTICS PROFESSIONAL - CSAP
Earners of the CompTIA Security Analytics Professional (CSAP) are security analytics professional that have the ability to plan and carry out security measures to protect an organization’s computer networks and systems.
October 2018
VMWARE CARBON BLACK CLOUD ENDPOINT STANDARD ASSOCIATE ANALYST
The VMware Carbon Black Cloud Endpoint Associate Analyst certification demonstrate proficiency in selected areas of product usage needed for day-to-day security configuration and system operations. Navigating CB Defense, deploying sensors, investigating possible threats and taking action to defend endpoints against attacks.
April 2021
ATT&CK® CYBER THREAT INTELLIGENCE CERTIFICATION
ATT&CK Cyber Threat Intelligence Certification is an intermediate level program that affirms the ability to identify, develop, analyze, and apply ATT&CK-mapped intelligence
May 2021
ATT&CK® SECURITY OPERATIONS CENTER ASSESSMENTS CERTIFICATION
The ATT&CK SOC Assessments Certification affirms the ability to conduct Security Operations Center (SOC) assessments that are rapid, have low overhead, and are broad enough to help the SOC get on their feet with ATT&CK. The certification affirms the mastery at analyzing SOC technologies, like tools and data sources, savviness at interviewing and discussing ATT&CK with SOC personnel and recommend improvements based on the assessments’ results.
MY SKILLS
As a lifelong learner, I’m constantly expanding my skill set through professional and personal experiences. Below you will find some of my key abilities, along with how these skills have led to success.
INFORMATION SECURITY
- Network Security
- Data Security
- Communication Security
- Incident Detection and Response
- Security Analysis
- SIEM
- Risk Analysis
PROJECTS
JSHIELDER
Linux Server Security Automation Script
JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little interaction from the user. Newly added script follows CIS Benchmark Guidance to establish a Secure configuration posture for Linux systems.
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
Stephane Nappo
