Jason Soto

IT Security Professional | Information Security Manager | Security+ | CySA+ | CSAP | SSCP | Pentester



Experienced IT Security Professional with broad knowledge in Information Security, Ethical Hacking, Threat management, PCI DSS, SoC and more.

With threats becoming more and more sophisticated, it is vital that companies improve their security posture and their ability to respond quickly upon any security incident. I take pride in knowing i can help organizations accomplish this through my experience, continuous research and training. I try to maintain myself up-to-date with the industry trends and technologies to ensure companies don’t fall behind on this highly changing field and remain safe and in control.


My Experience

Roles & Responsibilities

Manager, Information Security and Compliance - UNICEF USA

July 2018 - Present

- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and policies
- Perform risk assessments and Security audits
- Initiate, develop, and maintain information security policies and procedures and ensure that the security strategies are being followed, to meet the organizational security goals and standards
- Conduct Research on emerging products, services and standards in support of Security Enhancement efforts
- Responsible for ensuring key in-scope PCI Applications and Systems stay compliant
- Ensure mitigation processes and appropriate risk control to security incidents as needed
- Keep abreast of information security issues and regulatory changes

Information Security Analyst - UNICEF USA

April 2016 - July 2018

- Responsible for day-to-day monitoring, scanning, response and reporting of internal security alerts
- Responsible for ensuring key in-scope PCI Systems stay compliant
- Support Information Security procedures to safeguard against leakage of confidential data and unauthorized access to Network Environment
- Provide initial analysis of SOC Feeds
- Run Security audits on Regular Basis
- Conduct Research on emerging products, services and standards in support of Security Enhancement efforts
- Ensure mitigation processes and appropriate risk control to security incidents as needed

Information Security Administrator - Contraloria General de la Republica Dominicana

June 2014 - Janurary 2016

- Develop, Implement and Maintain the Information Security Plan
- Ensure mitigation processes and appropriate risk control to security incidents as needed
- Responsible for the development, implementation and maintenance of Disaster Recovery Plan
- Coordinate Security Awareness Program
- Monitor the Security of Networks and Systems
- Coordinate recovery and incident response
- Keep informed of news related to security policies and best practices in government so that the current policy may be revised to address the weaknesses of current policies
- Perform Penetration testing on Regular Basis
- Linux/Unix System Admininistration

Linux System Administrator - Contraloria General de la Republica Dominicana

October 2012 - June 2014

- Linux Platform Administration and Maintenance
- Implement Monitoring and Alerting Systems
- Monitor Servers Performance
- Monitor Network Communications
- Optimize Linux Server Performance
- Arrange the repairs quickly to reduce downtime in case of failure
- Apache Web Service Administration
- Administer Security in Linux and Windows Environments
- Software and Patch Management
- Backup Policies
- Implement Intrusion Detection systems
- Citrix Platform Administration
- Windows Enviroment Administration
- Ensure Uptime fo critical Systems

Roaming Support & TroubleShooting/ Help Desk - Claro Dominicana

February 2003 - October 2012

- Tecnical Support of ADLS and Advanced Connectivity customers
- XDSL, Conectividad Virtual, VPN Troubleshooting
- Roaming Customers Troubleshooting
- Work with Global service providers to reduce solution times.
- GSM/CDMA Technologies
- Other Tasks




November 2018

Systems Security Certified Practitioner (SSCP) - ISC2

The vendor-neutral SSCP credential confirms deep technical knowledge and competency in implementing, monitoring, and administering IT Infrastructure in accordance with information security policies and requirements across the organization. The SSCP credential draws from a comprehensive, up-to-date global body of knowledge that ensures candidates have the right information security knowledge and skills to be successful in IT operational roles.


March 2018

security+ ce - comptia

Earners of the CompTIA Security+ certification have the knowledge and skills necessary to perform core security functions required of any cybersecurity role. CompTIA Security+ professionals know how to identify and address potential threats, attacks and vulnerabilities and they have established techniques in risk management, risk mitigation, threat management and intrusion detection.


September 2020


Earners of the CompTIA CySA+ certification have the skills, knowledge, and ability to address security analytics, intrusion detection and response. CompTIA CySA+ analysts have demonstrated the ability to perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization and the skills to secure and protect the systems.


September 2020

CompTIA Security Analytics Professional - CSAP

Earners of the CompTIA Security Analytics Professional (CSAP) are security analytics professional that have the ability to plan and carry out security measures to protect an organization’s computer networks and systems.

vmw CB.jpg

October 2018

VMware Carbon Black Cloud Endpoint Standard Associate Analyst

The VMware Carbon Black Cloud Endpoint Associate Analyst certification demonstrate proficiency in selected areas of product usage needed for day-to-day security configuration and system operations. Navigating CB Defense, deploying sensors, investigating possible threats and taking action to defend endpoints against attacks.

Getting Coffee

My Skills

As a lifelong learner, I’m constantly expanding my skill set through professional and personal experiences. Below you will find some of my key abilities, along with how these skills have led to success.


Information Security

- Network Security
- Data Security
- Communication Security
- Incident Detection and Response
- Security Analysis
- Risk Analysis




Linux Server Security Automation Script

JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little interaction from the user. Newly added script follows CIS Benchmark Guidance to establish a Secure configuration posture for Linux systems.


“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”

Stephane Nappo


Let’s Connect

  • Twitter
  • LinkedIn
Open Laptop