Profiles search

Susan Ramsey

Cybersecurity and Risk Consultant - GWAPT, GDSA, GCIA, GCIH, GSEC, GMON, GCWN, GCPM, SSAP, GCCC, CEH, CPT
Boulder, CO, United States

Details

Education: Master of Science - MS

Information Security Engineering

SANS Technology Institute

2016 : 2022

Master of Science - MS

Computer Information Technology

Regis University

2001 : 2004

Certificate in Linux Administration



O'Reilly School of Technology

2013 : 2014

Master NLP Hypnotherapist and Life-Coach Certificate

Neurolinguistic Programming, Hypnosis, Life-coaching

Bennett/Stellar University

2012 : 2013

Bachelor of Arts (B.A.)

Anthropology

University of Colorado Boulder

1990 : 1993
Experience: Embracing the future of AI. Researching ML and data science models, relearning math, improving skills with python specific to ML/DS and use of LLM/GPT/NLP to solve complex problems in cybersecurity. Personal project to design a platform using LLM/GPT to provide SMB and SLED/NP, CISO/CxO with an evidence-based, data-driven risk management solution that incorporates real budget information, FAIR QRA, MITRE ATT&CK specificity for threat risk; NIST 800-53, CIS CSC, MITRE D3fend, aka ASD 8, continuous hardware/software/resource inventory and vulnerability assessment incorporating control efficacy, adding non-technical process controls rated based on metrics and practical test evaluations (purple team, tabletops) using time-based security response capability, for data-driven threat x vulnerability risk that is judged by impact and likelihood based on actual business requirements and continuous threat intel (actual exploitability, lateral movement and target scope). Platform will provide risk ratings, control deployment prioritization and timeframe. It's time to move beyond just do the baseline and static checklists.

2023 : Present

Freelance

Researcher in Machine Learning, Data Science and AI

Teaching Information Assurance with a emphasis on business-driven controls, process and risk management. Helping to build the next generation of cybersecurity professionals. Promoting diversity in the cybersecurity talent pool.

2023 :

Metropolitan State University of Denver

Adjunct Professor

Provide guidance for IT, OT, IOT, Cloud and DevOps security architecture. Assess and apply security controls per NIST CSF, CIS CSC, ISA 62443, HIPAA and PCI. Create foundation to achieve Zero Trust Architecture. Establish and improve metrics related to continuous threat/vulnerability detection and response, security awareness training and testing, cyber incident response (inc training and testing), and operational service catalog supporting Identify, Protect, Detect, Respond, Recover. Implement continuous improvement for all NIST/CIS controls. Create and complete the first iteration of an annual third party risk management (TPRM) process. Serve in various roles including management consulting, SME on a portfolio of cybersecurity related projects, architecture design POC and analyst operations.

2022 : 2023

Colorado Network Staffing

Contractor - Cybersecurity Architect

Contract SecDevOps. Integrate secure development practices into continuous delivery using cloud native technology. Build secure configurations using Infrastructure as Code. Ensure capabilities for event alerting and response are defined, established and developed in a way to enable automation in CI/CD and cyber incident response. Reference and implement OWASP, NIST, DISA, industry and platform SDLC guidelines. Track vulnerabilities, supply chain dependencies, configurations, exploits, TTPs, patches and mitigations. Ensure accuracy and auditability in FISMA attestations. Create supply chain security risk evaluations and SCRM (TRM) approvals for all software, libraries and plugins.

2022 : 2022

Guidehouse

Contractor - Cloud Security Engineer

Manage cybersecurity program utilizing NIST CSF and CIS Critical Security Controls. Map to ISA 62443, FERC, HIPAA and PCI audit specs and guidelines for critical infrastructure cyberdefense. Create system security plans, policies, procedures. Identify gaps, architect improvements and new solutions. Facilitate secure adoption of SaaS, IaaS, cloud automation. Create and improve IR plan and procedures, document steps for proactive threat hunting and handling compromises utilizing PICERL, MITRE ATT&CK, Cyber Killchain and NIST 800-61r2. Coordinate IR across organization. Manage employee awareness and training including custom content and annual incentives. Support SLAs for team service catalog including VPN, PAM/PIV, MFA, IDS, Web Proxy, EDR and SIEM. Handle break/fix tickets along with direct reports. Serve on 24x7 oncall rotation. Manage direct reports, facilitate staff success, identify training, set goals, nurture talent, promote team cooperation and communication. Serve as a technical SME on projects related to network segmentation, NAC, inventory, secure configuration and implementing ICS Purdue Model. Work closely with operational technology and physical security for coordinated risk management and incident response.

2019 : 2022

Denver Water

Manager of IT Security Operations and Architecture
Company: Freelance
Years of Experience: 10

Skills

Account Management, Agile Project Management, Cloud Computing, Compliance Management, Computer Security, Continuous Monitoring, CRM, Databases, Data Center, Disaster Recovery, EDR, Hypnotherapy, Information Security, Information Security Awareness, Jira Software, Linux, Management, Mentoring, Networking, Network Security, NIST CSF, Operating Systems, Palo Alto Networks, Penetration Testing, Program Management, Project Management, Red Canary, Risk Assessment, Risk Management, Security, Servers, Social Engineering, Solaris, Start-ups, Storage, Strategy, System Administration, System Deployment, Technical Support, Transformational Life Coaching, U.S. Federal Information Security Management Act (FISMA), Unix, Virtualization, VMware, VMware Infrastructure, vSphere, Windows Server, Zscaler Private Access, Zscaler Zero Trust Exchange, Microsoft SQL Server, SaaS, SAN, Apache, RedHat, Oracle, Integration, HP-UX, VMware ESX, Transformational Life, VMware vSphere, Red Hat Linux, Nessus, Metasploit, computer hardware

About

Creative problem solver, program manager, risk analyst, change agent.

Skilled at shaping technology, people and process in order to accomplish goals.

In the tribes of 'security as an enabler' and 'shifting left'.

Embracer of the 5 Why's, the 4 Agreements, but definitely not doing things just because we've always done them that way.

Interested in the human factor in complex systems, specifically in cybersecurity, but also beyond. Deception and gaming (hacking systems and fellow humans) are a continuation of behavior observed by evolutionary biologists in a long story about eukaryotes.

Avid reader. Follower of brilliant minds.