Details
Skills
5+ Experience with software vulnerability management in a large, regulated environment.
2.. Exceptional knowledge of IT support and customer service best practices.
3. Strong knowledge of Windows, Office 365, remote access, and desktop support.
4. Experience with Power BI, data analytics, ServiceNow, remote support tools, and virtual desktops.
5. Strong experience with SCCM, Intune, vulnerability scanning tools.
About
I have over five years of full-time professional cybersecurity experience within large
Government of Canada environments, including the Department of National Defence (DND)
and Shared Services Canada (SSC). My responsibilities focused on enterprise security
architecture, governance, risk management, identity transformation, and operational
security within hybrid and cloud modernization initiatives.
I exercised independent professional judgment in evaluating risk, defining security
requirements, reviewing architectures, and validating control implementation.
Domain 1 – Security & Risk Management
Performed formal risk assessments identifying threats, vulnerabilities, impact, and
mitigation strategies.
Defined and enforced security governance artifacts aligned with Government of Canada
directives and ISO/NIST-based control frameworks.
Presented risk findings to senior stakeholders and documented risk treatment decisions
consistent with organizational risk tolerance.
Domain 2 – Asset Security
Defined data classification and protection requirements for sensitive government
information.
Ensured encryption, access controls, and handling requirements were embedded into
enterprise and cloud architectures.
Domain 3 – Security Architecture & Engineering
Designed and governed secure enterprise and solution architectures using structured
methodologies (TOGAF, DNDAF).
Integrated security-by-design principles into infrastructure, identity, cloud, and
application designs.
Evaluated architectural risk and approved security control implementation prior to
deployment.
Domain 4 – Communication & Network Security
Reviewed and validated secure network segmentation, encryption standards, and cloud
connectivity designs.
Ensured communication pathways and boundary protections met confidentiality,
integrity, and availability requirements.
Domain 5 – Identity & Access Management (IAM)
Defined role-based access control (RBAC) models and authentication standards for
large enterprise user populations.
Validated identity lifecycle processes and enforced least privilege and segregation-of-
duties principles.
Domain 6 – Security Assessment & Testing
Conducted security control reviews and architecture compliance assessments to
validate control effectiveness.
Documented findings and required remediation where gaps were identified.
Domain 7 – Security Operations
Supported incident response planning, logging and monitoring requirements, and
business continuity design validation.
Ensured operational security processes aligned with secure configuration and change
management standards.
Domain 8 – Software Development Security
Ensured security requirements were integrated into the system development lifecycle
(SDLC).
Reviewed application designs for secure authentication, authorization, and data
protection prior to production deployment.
Experience Statement
My experience exceeds the five-year CISSP requirement and demonstrates depth across
multiple domains of the CISSP Common Body of Knowledge. I performed senior-level
security responsibilities requiring independent judgment in risk determination,
architecture governance, and security control validation within large-scale government
enterprise environments.
Profile Photo
